Storing Bitcoin should be simple. A Bitcoin wallet can be generated from a list of 12 or 24 pseudo-random words (the “mnemonic recovery phrase”). With some wallets, the same words will generate a valid wallet for most existing cryptocurrencies. This word list can be written on paper and placed in a safe (known as “cold storage”), or simply memorized. No other equipment is needed to receive Bitcoin transactions.
For an individual, the simplicity of recovering one’s Bitcoins from a phrase is one of the key advantages of Bitcoin over traditional currencies. When combined with another aspect of cryptocurrencies, however, it presents a challenge: Bitcoin transactions are irreversible.
If the phrase is obtained by a malicious actor, the value of the wallet can be instantly, irreversibly, and anonymously stolen.
This becomes a much more difficult problem when control over a wallet must be shared by multiple individuals. Every individual with the power to make a transaction can commit an unauthorized transfer for the full value of the wallet, either intentionally or by mistake. The possibility of unauthorized transfers grows exponentially with the number of individuals who need to access it. If any of the people in control of the wallet is either malicious or fails to follow proper security practices, then the security of the funds is only as good as the weakest link.
Fortunately, a number of solutions has emerged for this problem, and the rest of this memo discusses their benefits and costs.
Custodial versus non-custodial wallet services
There are two types of online Bitcoin wallet services:
Custodial wallet service:
Note: “cryptographic” authority means that a passphrase must be entered as an input to authorize a transaction. This is distinguished from procedural authority, where a person or software determines whether to permit a transaction based on
A custodial service holds Bitcoin on behalf of the user, and has cryptographic control over all assets. It is able to unilaterally make transfers without user authorizations. Reputable custodial services implement technical, procedural, and sometimes legal measures to ensure that all transactions must be authorized by the client. Still, there is ultimately no cryptographic block to keep them from confiscating customer funds. Virtually all Bitcoin exchanges and “Bitcoin custody” services are custodial.
Advantages of Custodial Services:
The advantage of such a service is that it can implement various procedural and technical means to authorize transactions. Furthermore, even if the customer loses his credentials, it is possible for the service to issue new credentials by verifying a customer’s real-world identity.
Downsides of Custodial Services:
The disadvantage of such a service is that internal or external malicious actors are able to make unauthorized transactions. Therefore, using such a service requires some trust in the technical expertise and good faith of the service. Furthermore, if the service ceases operation, the assets may be lost.
Non-custodial (self-custody) wallet services:
A non-custodial service creates a separate wallet for each customer and does not have the cryptographic means to make unilateral transactions. This means that the customer must type in his password (or use some other hardware-based method) to authorize transactions. Virtually all proper “Bitcoin wallet” services are non-custodial. Hardware storage devices with a web-based interface such as the Trezor and Ledger are also non-custodial.
Advantages of Self-Custody:
The advantage of such a service is that it is trustless – the customer does not need to trust in the exchange’s software or its employees, as long as the password-generation process is technically sound. Typically, online wallets provide independent emergency recovery means that permit asset recovery even if the service ceases to exist.
Downsides of Self-Custody:
The disadvantage of such services is that if the customer forgets the password and/or seed to his wallet (or loses the hardware used to gain access), the funds are irretrievably lost. Typically, self-custody requires a higher level of technical expertise and custodial services. Implementing a process that requires multiple signatures to authorize actions is also more complicated with self-custody.
The emerging market for Bitcoin custody services:
A number of vendors have recently emerged to provide “custody” options for Bitcoin. These organizations provide software and services for institutions which aims to dramatically increase the security of crypto assets over self-custodyy.” The most reputable of these services charge significant fees: for example, Coinbase Custody has a minimum deposit of $10 million, a $100,000 setup fee and a 10 basis point per month storage fee. BitGo Custody, iBit, Gemini Segregated Custody, and Kingdom Trust charge similarly high fees. It may seem strange BitGo or Coinbase offer free storage for individuals while charging significant fees for institutions.
There are three reasons why custody services charge high fees for institutions:
- Bitcoin storage, in general, requires strong technical expertise, and a custody vendor must pay for technology and expertise to ensure high levels of safety for their paying customers. Even a single theft can destroy the reputation and bankrupt a custody vendor.
- Institutional customers usually require a multi-signature non-cryptographic process to authorize transactions. This process must be non-cryptographic because the authority to conduct transactions derives from legal authority (as owner, or employee for example) rather than the possession of cryptographic keys. If cryptographic keys were lost, or an employee or shareholder deceased, the custodian must conduct a formal process to authenticate the legal authority of the replacement. Such “real-world” authorization requires legal review and due diligence and is therefore relatively expensive.
- The market for cryptocurrencies is extremely new and dynamic. Because risks of cryptocurrency storage are not well established, insurance rates are high or not obtainable. Therefore, custodians offset the risk by charging higher fees.