Not Your Keys, Not Your Crypto

Since the implosion of Terra and LUNA several months ago, we’ve seen a stream of rough news stories that essentially boil down to: “users deposited their crypto with a centralized 3rd party, who then deposited it with Terra, who then lost everything, and now the centralized 3rd party can’t pay back their users and will declare bankruptcy. Users lose everything.”

In the wake of these headlines, you’ve probably seen many social media users saying “not your keys, not your coins” and lambasting these centralized service providers and/or the users that used them. In this post, we’d like to take a look at the community response to these recent incidents, and see if we can figure out a better solution than the same tired advice that gets parroted around.

What does “not your keys, not your crypto” mean?

Not your keys; not your crypto (NYKNYC) means that any time you do not have control over the private keys of the wallet holding your crypto, you do not actually own your crypto. In simpler terms, it means that trusting any 3rd party (e.g. exchange or platform) to hold your crypto for you is more or less equivalent to giving away your crypto. This is because whoever controls the private keys to a wallet has full control over the assets in it, and custodial 3rd parties may disallow withdrawals or even use your crypto to pay off their debts in the event of bankruptcy.

The phrase was originally popularized by Andreas Antonopoulos in 2016 specifically as “not your keys; not your Bitcoin” and has since been adopted by the wider crypto ecosystem.

Why “not your keys, not your crypto” isn’t always helpful

Every time an exchange or centralized service provider is hacked, crypto purists emerge from the woodwork to say “not your keys; not your crypto!”

While we generally agree with the sentiment, shouting this after a hack is less than helpful, to put it mildly.

Yes, crypto was created explicitly to get around the need for trusting a centralized entity. Yes, users need to be more diligent about not trusting others with their crypto. And yes, many folks get greedy and turn a blind eye to obvious red flags and skimp on proper due diligence.

You can say these users deserve what they get, but every time users get burned with a Celsius or Quadriga or Mt. Gox situation, the community as a whole is set back. These are real people losing real money who may never return to the ecosystem.

What if, instead of reactively saying “I told you so,” we proactively tried to eliminate bad actors that prey on gullible investors? Like it or not, centralized service providers do play a much-needed role in the broader crypto ecosystem.

In an ideal world, we’d all generate our private keys on an offline computer, memorize it with an advanced mnemonic device, and store a single backup on a slip of paper in an underground bomb shelter. 

The problem is that security and ease of access are tradeoffs; the more secure something is, the harder it is to access. In order for crypto to see true widespread adoption, we must strike a balance between security and ease of use so that less tech-savvy users can also participate. 

The Adoption Bell Curve

If we think of crypto adoption as a bell curve, we’re still somewhere in the “early majority” phase of the curve. We’re well past the early adopter phase, but still have a long ways to go for true large-scale adoption.

In order to reach those remaining potential users, we need simple, trusted 3rd party solutions that can abstract away some of the technical complexity behind crypto. Hardware wallets are one way this is made easier for users, but the technical barrier to entry is still too high for most users. 

Put another way: do you trust your grandparents to properly manage their private keys? 

Throughout 2021 we saw numerous social media posts about users who quickly onboarded friends and family to crypto via Celsius, and how easy it was for non-technical users to access the benefits of crypto. Unfortunately, since there were no rules about what Celsius can or cannot do with user deposits, we know how that all played out for users…

Regulation might be a better solution?

We understand that many folks in this space are wary of regulators and any kind of government intervention. And in a perfect world, if everyone could follow “not your keys not your coins” there would be a lot fewer headlines about stolen crypto and lost funds. But in a practical world, we need some kind of middle ground that helps prevent these situations before they reach critical mass.

Every time a centralized entity blows up and thousands of users lose money, you can bet that it catches the eye of regulators from every possible jurisdiction. It’s better for everyone involved if we can prevent them from happening in the first place.

For example, the recent Lummis-Gillibrand Responsible Financial Innovation Act included provisions that would:

• Place restrictions and protections on what custodial service providers can do with your deposited coins
• Protect user funds in the event of bankruptcy from the service provider
• More stringent disclosures on risks of using centralized services

It’s not a perfect piece of legislation, but we need to use opportunities like this to open a dialogue and tell legislators what works and what doesn’t. If you’re concerned about legislators getting crypto regulation wrong, then you need to get involved in the political process and tell your state reps, federal reps, and regulatory bodies what you’d like to see. 

Fight For Positive Crypto Regulation

We’ve made it easy to get involved in crypto regulation and help shape the future of this space. Our legislative advocacy portal makes it easy to: