A History of Betrayal: Custody Failures in Crypto

March 20, 2024

Twice the nascent crypto market has plunged into freezing winter off the back of a major exchange collapse. People have lost billions. And not just degenerate traders or investors who could stomach the losses, but regular folk intrigued by the new wave of digital assets discovered their life savings had evaporated. Crypto, since inception, has been plagued by hacks, scams, and loss of funds as people struggled to get to grips with this new era of financial self-sovereignty and what owning your own coins actually means. Custody is everything.

Waking Up to What Custody Means

It wasn’t people’s fault. Although seasoned cypherpunk veterans may feel a touch of schadenfreude watching FOMO-gripped lemmings hurl their disposable (and sometimes not so disposable) income chasing 10x or 100x gains off unproven pie-in-the-sky projects, only to find their money vanish, there should be more sympathy.

Crypto is a truly radical proposition. It returns us fundamentally to the age of gold and silver, a pre-Medici era where your wealth is no longer entrusted to a third party or represented through promissory notes issued by institutions, but held by you, on your person. It’s about custody and ownership of not just your wealth, but your identity, your data, and your access. The private key held in your mind, on a piece of paper, on a USB or engraved in metal plates is you having complete self-authorship and sovereignty over your wealth and what it’s used for.

Why Custody Makes Crypto Valuable

This is why crypto first gained popularity amongst anarchists and doomsday preppers, it’s why it’s used as a narrative against the banking system and its perpetual failures, and it’s why Bitcoin has gone from being valued at under a dollar to, at time of writing, $66,700 in the space of just over a decade. It’s why all the exchanges and the liquidity pools and the NFT markets exist. It is, to be blunt, the point. You have the key, you own the crypto. You own your wealth, money and your status - and no institution validates and permits your activity. And - if you self-custody correctly - it would take the lifetime of the universe to ever take that away from you.

Why Users Surrender Custody Too Easily

Unless you give it to an exchange. Unless you put it in a vulnerable smart contract - or really any smart contract. Unless you ever sign a permission that lets someone else or something else take custody of it. Unless you send it to anyone else, for any reason, at any time - on-chain or off-chain.

This is, amazingly, still a growing understanding among mainstream crypto investors, collectors and sometimes even enthusiasts. Often these groups see crypto as shiny silly highly volatile tech stocks. Which, if you look at their presentation and interaction on the major CEXs, they kind of act like. If you surveyed the majority of retail crypto investors about whether they owned the crypto they had on exchanges (before the FTX collapse happened), they would have said yes. You may think, post-FTX, everyone would understand - and that has been a massive trend in exchange outflows moving crypto into self-storage.

Five Massive Custody Failures in Crypto

Yet to think the problem is over is naive. This has happened before, and people still do it. Here are five major failures of custody in crypto that led to users getting burnt:

  1. Mt Gox
    A seminal moment in crypto history. In 2011, Mt Gox was the largest crypto exchange, responsible for 70% of trade volume until it was hacked. Mt. Gox lost 750,000 bitcoin, with the coins taken directly from the company's hot wallet. The hack sparked widespread panic in the markets that crypto was plagued with more risks than it was worth, and the first major crypto winter began.

  1. Coincheck
    Japanese exchange Coincheck lost $534 million storing customer and market maker funds in a hot wallet, not a cold one. Even larger than Mt Gox (though nowhere near as destabilising for the market as a whole), the hack highlighted further failures of process by major exchange operators, even those operating judiciously to financial legislation.

  1. Bitmart
    Just under $200 million was lost by Bitmart when the centralised exchange was hacked after a private key was stolen. Worryingly, it took hours to spot the problem, with user’s funds being silently drained without the exchange’s knowledge before it was spotted by a security firm.

  1. FTX
    FTX’s failure killed the mania of 2021 dead in its tracks. Sam-Bankman Fried, who had only recently appeared on the cover of TIME magazine, and who was being feted by politicians, celebrities, and the mainstream media as a whole, turned out to be a League of Legends playing fraud who ransacked just about every penny in FTX to collateralize terrible losses being made by partner firms. Creditors are still waiting to recover their assets.
  1. Poly Network
    It’s not just centralised exchanges that can have custody issues, but also smart contracts. Poly Network, a decentralised finance platform where users could provide collateral for loans, suffered a hack where the attackers made off with $600 million. Depositing your crypto in a smart contract, remember, is giving up custody of a sort. The difference of course with protocols is the contract itself can’t work against you. You can see what it does. It can, though, be hacked. It’s exceedingly rare, and 99% of the time requires incompetence or malfeasance by the project’s developers, but it happens.

    This is just the tip of a worryingly large iceberg. It doesn’t refer to the countless smaller exchanges that have suffered or gone bankrupt, letting customers lose everything. It is the endless series of smart contract hacks. Many of these crypto services were not trying to do anything wrong (some, of course, were). It’s just they were bad at looking after other people’s money - just like banks are.

Why Custody Is So Important

Crypto held on an exchange is nothing but casino chips given to the punter, who’ve already left their real money at the door. Sometimes, all customer funds are held in one giant wallet, a slush fund for the exchange to carry out its operations, in the hope perhaps that not too many people come knocking for their money at once. It’s like giving your money to a completely unregulated bank operating in an entirely novel and still dangerous market. It’s trusting that someone else will handle your money better than you can, and not steal it for the privilege.

Yet surely these big companies, these large operators, surely there is some recourse if everything goes wrong? Tell that to Mt Gox users after the place got robbed, tell that to FTX creditors - who wait in line for their $2000 behind celebrity spokespeople. Tell that to any of the thousands of people who thought their crypto was safe anywhere but in their own wallet. Custody is everything. Financial self-sovereignty is what crypto is about. That and the utility derived from that self-sovereignty through decentralised systems. Giving it up means surrendering the purpose of it. Don’t do it.

Maroon Lets You Keep Your Keys

And remember, with Maroon, you don’t have to. Maroon’s exchange lets users keep native control of their keys and their crypto while using an off-chain order match ending engine to provide a fluid UI and fast paced throughput traders demand - all while being fully regulated, with all users’ crypto insured. Maroon is laying the foundation for a more mature crypto industry that is ready for adoption through its provision of facilities for CEX-like trading without ever taking ownership of customer funds. After the FTX debacle, and the history of custody failures in crypto, it’s time to start sticking with crypto’s founding principles when investing.

Latest Posts