Before banks were widespread, people would hide their savings in nooks and crannies around the house—pots and jars, holes in the ground, or shoeboxes under the bed. But while your grandma who lived through the great depression might still be stashing cash under the mattress, most of the world has moved on from this practice.
But with cryptocurrency, a new generation has joined the ranks of distrusting pensioners in using the digital equivalent of this crude form of custody.
Cold storage, which is often sold as the most secure method of securing virtual wealth, has become the most widespread method of keeping private keys safe from hackers. But while this method of storage might seem more cypherpunk than hiding money under the mattress, it relies on the same basic principle—the less accessible the wealth is, the more secure it is.
The mattress stashing method of crypto custody
From personal USB keys to military bunkers in the Swiss Alps, there are many variants of cold storage, but they all rely on a similar method of “air gapping”, or taking private keys completely offline.
Though this does bring about the promise of being your own bank—free of the fees and censorious control of a greedy intermediary—it also introduces a bunch of problems to the storage process:
Lack of connectivity
Burying funds to make them inaccessible, whether it is under the ground or just disconnected from the internet, is a double-edged sword because it creates a time delay when those funds eventually need to be retrieved. While this might be annoying for a pirate digging out his buried treasure chest, in the fast-moving world of cryptocurrency it can be disastrous—leading traders to miss out on time sensitive opportunities, making day-to-day transactions take longer than necessary, and adding costs from the underlying assets network.
Lack of versatility
After the bitcoin white paper was released, competitors rapidly emerged, with new chains vying for users and seeking to fill different niches in the growing ecosystem. In total, there are now over 2231 tokens and cryptocurrencies listed on CoinMarketCap.
But cold storage systems have struggled to keep up. The majority of hard wallets accommodate just a few different cryptocurrencies, so users are forced to use several different wallets to store funds—just like having to keep different bank cards in separate physical wallets, or having to open a different web browser for each website you visit.
While having multiple separate wallets might seem smart from a security perspective, the process of remembering (or storing) multiple private keys often requires superhuman intelligence—or you might end up playing into the hacker's hands and storing your keys along with details of each wallet in a simple list.
Find out how Qredo solves the problem of private key storage in our white paper.
Lack of access to on chain governance
Several cryptocurrencies—like Stellar and Tezos—offer opportunities for participating in on-chain governance by voting, or helping to secure the network through ‘staking’. As cryptocurrency evolves and the dominant use case shifts from speculation to utility, we could expect these governance and security networks to carry more weight.
But, those with funds held in cold storage are often unable to participate, losing out on these potential democratic or financial benefits.
Reliance on vulnerable hardware
Buying a personal USB hardware wallet can cost you from $50 to $200, but they don't last forever. The typical HSM (Hardware Security Module), has a limited lifespan, (called “Mean Time to Failure”) and in those years of use, you too must prevent yourself from making any critical errors.
According to research by Chainalysis, 4 million bitcoin—or around 19 percent of the total supply—has been sent into the black hole by simple mistakes, which as Satoshi famously said, could be thought of as "donations" because they “only make everyone else's coins worth slightly more."
If you manage to avoid making any mistakes, which can be as simple as a single wrong digit in the public key, then you must also ensure that arrangements are made for the even of your death. An estimated 0.7 percent of crypto holders are thought to die every year, and these funds can easily be lost forever unless inheritance rights have been carefully arranged beforehand.
To avoid such complications, many choose to store cryptocurrency on exchanges—but most platforms also rely on cold storage to secure private keys, creating additional third party risks.
Not your keys, not your bitcoin
While cold storage can be a nuisance for individuals, on an exchange scale it's downright treacherous, representing a complete transfer of ownership. As Andreas Antonopoulous coined: "Not your keys, not your bitcoins".
Under exchange custody, crypto assets are often commingled in a large cold storage wallet, which might as well be decorated with a big red target for hackers.
More than $1 billion was stolen from exchanges by hackers in 2018, and 2019 looks set to be another record year with $356 million already stolen in the first three months.
Although the exact methodology of hacks is often not revealed by exchanges, the majority of these funds will have been lifted from cold storage, where the greater percentage of user's funds are kept for the relative security benefits over hot wallets.
Aside from hackers, funds held in custodial cold storage wallets are also at the mercy of the wallet owners—exchange operators. Whether through fraud, human error, or unexpected death, the private keys securing these funds can be instantly lost.
The story of QuadrigaCX makes this point clear. After the owner of Canada's largest crypto exchange suddenly died on his travels in India, It transpired that he was the only person with access to the encrypted keys needed to access the $153 million of assets held by the exchange, meaning 115,000 customers were left out of pocket.
And while this might be an isolated incident, the odds of such events occurring are not low.
As exchanges discover when attempting to get insurance, the statistical probability of hacks, frauds, and loss of funds is so high that underwriters are known to charge more than five times what businesses in the legacy financial system might pay to protect against loss or theft.
Ultimately, both individuals and exchanges using cold storage are confronted with the same problem—the centralized storage of private keys—which cannot be overcome in the current paradigm.