Public and Private Keys

Custody is one of the key risks in digital assets. Cryptography is used to encrypt secure transactions using public keys and private keys. Each user of a blockchain will disclose their public key whenever receiving value. It is safe to share your public key, as it is similar to an email address as a unique destination for others to send information or value. In order to send value from an address, the user’s private key is used to verify that the asset may be removed from the account. This is similar to an email password but designed to be much more secure. Due to the size of the hash and the complexity of the cryptography, there is no evidence that a brute force methodical guessing or hacking system has been able to compromise private keys. There is evidence that cyberattacks have successfully stolen private keys and digital asset values after breaking into PCs or cryptocurrency exchanges (such as Mt. Gox) which may not have been well defended by secure passwords and careful users. That is, the bitcoin blockchain itself has not been hacked, but users have lost value from their bitcoin wallets through insecure storage at the user or exchange level.

The safest way to secure your digital assets from theft is through the use of a hardware wallet. In this truly decentralized process, the user downloads the digital assets into a piece of computer hardware, such as a USB key, and keeps the hardware in a secure location that is not accessible through the Internet. If the user’s private keys are nowhere on their phone, computer, or any Internet-accessible location, there is no chance that a hacker can find those private keys and take value from the user’s account. Some users will keep the USB drive in a safe deposit box, with perhaps a paper copy of the private key (separate from the public key or USB drive) in another bank or safe location. While this is the safest way to secure digital assets from theft, users with hardware wallets are trusting themselves with the physical custody of those digital assets. If the USB key is lost due to fire or flood, if the user dies or becomes incapacitated without disclosing the private key to their family, or if the private key is simply lost or forgotten, there is no way to recover the value. When the goal is to remove centralized counterparties from the financial system, there is no password recovery help desk or reset process.

Many users will trust the custody of their digital assets to a centralized exchange, such as Gemini, Coinbase, or Binance. In these centralized exchanges, users can exchange fiat currency for cryptocurrencies and digital assets as well as exchange one digital asset for another. Exchanges may perform many services for crypto users that are familiar with traditional banks or brokerage firms, such as custody of assets, ability to process trades, deposits, and withdrawals, KYC/AML controls name beneficiaries, and reset passwords. While this may be convenient, it also introduces custody risk, as the exchange stores your private keys.

There’s a famous saying: "Not your keys, not your crypto." If anyone else, including a centralized exchange, has access to your private keys, you are not 100% guaranteed to fully control the value in your account.