This article explores the importance of protecting your cryptocurrency investment with ‘private key’ access. Without it, you don’t actually control that cryptocurrency and you can’t prove that you are its true ‘owner’.
Crypto, cryptocurrencies, NFTs, blockchain – exciting, enticing and fast becoming a favorite source of investment.
However, buyer beware! Are you really the real ‘owner’ of your cryptocurrency?
Whether you’re a full-fledged cryptocurrency investor or just thinking about dabbling in the world – this article explores the importance of protecting your cryptocurrency investment with ‘private key’ access. Without it, you don’t actually control that cryptocurrency and you can’t prove that you are its true ‘owner’.
It’s no secret…
The facts and figures speak for themselves. Crypto is huge and impossible to ignore. Currently, in mid-2022, there are more than 18,000 cryptocurrencies in circulation. So it should come as no surprise to anyone that a recent report (Capgemini’s World Wealth 2022 Report) found that 71% of high net worth individuals surveyed have invested in digital assets… and that cryptocurrencies are their ‘favorite’ digital asset investment.
In the crypto world when someone ‘buys’ a cryptocurrency what they are actually doing is buying an allocation of ‘digital units’ of that cryptocurrency which is recorded in a digital ledger that shows all allocations for that cryptocurrency (that ledger is an add-only ledger known as the ‘blockchain’). The ledger stores this allocation of digital units by a unique identifier called a ‘public address’ (a unique alphanumeric string). The cryptocurrency ledger is openly available for inspection and examination by anyone at any time – indeed, anyone is free to skim through the ledger and see details of transfers of ‘digital units’ to and from public addresses and balances against public addresses.
Each public address is derived from a unique ‘private key’ (again, a unique alphanumeric string) created by the person who wanted to ‘hold’ the cryptocurrency at that address (this private key is usually created in the most random way possible so that no one else can hit). This relationship between a private key and its corresponding public address is fundamental—it’s a one-to-one relationship—and only that particular private key can be used to control any cryptocurrency recorded against the corresponding public address on the blockchain. It is not possible to transfer any balance held at a public address without having a special private key for that public address – if one attempted to do so then the transfer request would be rejected and the ledger would continue to show that the balance remains at that public address address.
Golden Rule #1 – The Key
One of the golden rules in the crypto world is to ensure that as the true owner of the cryptocurrency you have access to the appropriate private key. Without that private key, you have no real control over the cryptocurrency that resides at the corresponding public address – since you can’t do anything directly on the blockchain with that cryptocurrency yourself, eg transfer or ‘sell’ it. When the private key to a public address is lost or forgotten, it effectively means that you’ve lost the cryptocurrency that resides at the corresponding public address – you can still see the balance of the cryptocurrency at that address (by looking at the blockchain), but that’s literally all it can do without the private keys…just look at the balance. That’s why access to the private key (by storing it yourself) is the only way to have ultimate control over the cryptocurrency. (In the crypto world, when a person stores their own private key, this is known as using a ‘self-custodial’ or ‘non-custodial’ wallet for their private key.)
Golden Rule #2 – The Secret
Another golden rule is to make sure that no one else knows or has access to your private key – it should be kept secret. If someone else knows or has access to your private key, that’s all they need to take full control of the cryptocurrency residing at the corresponding public address – and you can’t stop them from transferring the cryptocurrency to another public address (which would have a different corresponding private a key you don’t know or don’t have access to).
Not your keys, not your crypto
Now, and here’s the point, when someone says they bought some cryptocurrency, but they don’t store or have access to the private key of the corresponding public address, then they don’t actually have direct control over that cryptocurrency.
Most likely, that person bought that cryptocurrency through a third-party exchange or platform – and that exchange/platform stores the corresponding private key, not that person (known in the crypto world as a ‘custodial wallet’). The customer therefore relies heavily on that exchange/platform to keep the private key secret and secure. This is of course not the same as storing the private key yourself as you do not directly control the respective cryptocurrency – that exchange/platform does.
There have been quite a few cases where third-party attackers have obtained private keys (using cybersecurity loopholes or other means) and transferred cryptocurrencies from public addresses without any permission. In recent times, there have been several cases where those in possession of the private keys corresponding to their customers’ cryptocurrency purchases have remortgaged, commingled, loaned, transferred, or simply spent those customers’ cryptocurrencies.
Yes, by looking at the ledger ‘stolen’ cryptocurrency can be traced back to its final location (its final public address), but (a) one needs to know the public address where the cryptocurrency was before it was stolen, (b) it is difficult to get the cryptocurrency back , (c) if it is returned, how much is it worth now? and (d) most exchange/platform terms and conditions attempt to remove buyers’ ownership rights over the purchased cryptocurrency (which would put them in the position of an unsecured creditor).
If someone asks you what the crypto community phrase “not your keys, not your crypto” means, well, now you know.