- Aristotle Mannan
Do You Hold What You HODL? A Primer on Crypto Wallets
Among crypto’s most faithful, “hold on for dear life” (or “HODL”) has emerged as a rallying cry to remain steadfast during periods of market volatility. This has been especially pertinent amidst the ongoing “crypto winter,” where the total market capitalization of cryptocurrencies has fallen 60% off of all-time highs. Unbeknownst to even the most diehard “HODLers,” however, the ability to hold onto digital assets may at times depend on the nature of the underlying wallet used for storage.
In the 14 years since the pseudonymous Satoshi Nakamoto mined the first Bitcoin, over 50 million Americans – or roughly 20% of the adult population – now own cryptocurrencies. Unfortunately, the rapid growth of crypto has also coincided with significant token losses, to the tune of several hundred billion dollars, as a result of hackers, misplaced credentials and a flurry of institutional bankruptcies. Of the more than 8,300 crypto-related complaints filed with the Consumer Financial Protection Bureau (“CFPB”) between 2018 to 2022, the majority arose out of theft by bad actors or the inability to consistently access crypto wallets. With so much cryptocurrency purchased by retail investors who may not have experience with crypto itself, ensuring security and accessibility is a critical element of blockchain for social good.
Today, 80% of crypto consumers rely on “hot” wallets – that remain continuously synced with the internet – to store their digital assets. While this allows for easier access to tokens and engagement with decentralized applications (“dApps”) on a blockchain, hackers primarily leverage internet connectivity to infiltrate wallets. In 2022, a record-breaking year for crypto hacking, $3.8 billion was stolen over the course of approximately 200 separate incidents.
With nearly 23,000 varieties of cryptocurrencies currently trading across exchanges, yet limited interoperability across the multitude of blockchain protocols, new wallets are continuously released into the market. Although the CryptoCurrency Certification Consortium (“C4”) first established the Cryptocurrency Security Standard (“CCSS”) in 2014, there is currently no regulatory framework to enforce adherence to existing security best practices. Accordingly, the proliferation of crypto companies over the past several years has far outpaced the ability to monitor CCSS compliance. Undercapitalized crypto start-ups are less likely to have the resources to conduct formal security audits and have thus become attractive targets for hackers.
To mitigate exposure to hacks, many in the crypto community have opted to entirely disconnect their assets from the internet through storage in “cold” wallets. Whereas hot wallets are generally mobile and web-based applications, cold storage safeguards a user’s private key – which is needed to authorize transactions – on a physical device. In spite of the security benefits, particularly for larger quantities of tokens, the upfront costs to procure cold wallet hardware and the added steps to transfer assets may present barriers for crypto’s newcomers. This is evidenced by the fact that just one third of consumers store their cryptocurrencies on cold wallets.
Irrespective of whether a wallet is connected to the internet or not (“hot” or “cold”), there is an additional bifurcation based on management of the wallet’s private key. In a non-custodial wallet, the user fully owns access to their private key and thereby maintains complete control of their funds. Moreover, the user is also solely responsible for retaining the seed phrase – a set of words randomly generated during the wallet’s creation – which serves to restore access to a wallet.
When a user loses their seed phrase, there is no mechanism to recover access to a non-custodial wallet or any of its stored assets. Should the seed phrase end up in the wrong hands, however, a bad actor could unlock the wallet and take ownership of its private key. These are among the reasons why those onboarding into crypto may opt for a custodial wallet, where a trusted third party controls both the seed phrase and private key. Here, too, consumers have encountered threats to their holdings based on the “trust” placed in third party custodians.
The onset of crypto winter has pushed a number of companies into bankruptcy, many of which held customer assets in custodial wallets. Under the United States Bankruptcy Code, cryptocurrencies in custodial wallets – which are controlled by the debtor and could be construed as property of the estate – may potentially be restricted from consumers seeking to retrieve their funds. In the event that the debtor is granted ownership of the assets, consumers could risk becoming unsecured creditors with a lower liquidation preference and less likelihood of recouping lost funds. Again, clearer guidelines are needed from regulators to protect consumer funds in custodial wallets and prevent them from becoming the property of debtors in bankruptcy proceedings.
Given the forecasted trajectory for crypto adoption, which parallels that of the early internet, it is expected that the user base will grow drastically in the coming years. To realize its potential, the industry must continue to deter hackers, educate new users on best practices for security credentials and adopt clearer guidelines that prevent debtors from taking ownership of custodial assets during bankruptcy proceedings. Such measures are critical to ensure that consumers can safely hold what they HODL.