The Truth About CEXs.

Everyone who ventures into crypto probably hears the mantra at least once: “Not your keys, not your crypto.” But what does this mean?

Isn’t the blockchain famous for allowing users to keep their digital tokens private? If so, how is it possible that you don’t own the keys to your treasure chest?

Let me explain in 2 minutes.

You see, your crypto and digital tokens do not actually “reside” in your wallet the same way you store dollar bills in a physical purse. A blockchain wallet is more like a metaphor for a physical keychain.

Blockchain transactions are recorded in the form of a public ledger system. If you sent a token to me, there would be no physical transfer. The blockchain simply records the fact that you sent me those tokens.

The balance of tokens linked to your wallet address would be reduced by the amount of tokens sent (plus gas fees).

It’s similar to how your bank records a debit transaction when you swipe your card at a store. The same thing happens on the other end, except it takes the form of a credit transaction.

When you sign a transaction in your wallet, you are sending data, which tells the blockchain that the message is originating from an authentic source. The message is converted into a hash. This will be encrypted with your private key address, creating a valid signature.

This is the heart of the issue. Anyone with access to your private key can sign transactions that affect tokens linked to the corresponding public key address. ANYONE.

Your seed phrase is a combination of words that lets wallet software derive your public key addresses and associated private keys. This is why users are strongly advised to keep their seed phrase secure and well backed up.

Cryptocurrency exchanges are super convenient. They helped the industry grow by making it easy for users to swap tokens. Today, there are many ways to make money through speculative trading in crypto markets, thanks to the useful machinery of crypto exchanges.

Centralized exchanges (CEXs) are popular because they act as fiat on-ramps. Users can easily purchase digital tokens with regular money.

They also have a large trading volume, which provides enough liquidity for swaps. Since they take on the role of a middleman, they are similar to traditional stock exchanges.

In order to use a CEX, users must make a deposit of tokens into an “exchange wallet.” The exchange gains significant control over the tokens through functional custody of the keys. This security issue has caused unsuspecting users serious financial losses.

But the implications don’t end there. Withdrawals can be paused arbitrarily, leaving your assets stuck in limbo. Users have even had their tokens converted into other assets without their permission.

Currently, blockchain regulation is hazy. Using a CEX could mean that you effectively transfer ownership of assets to service providers. If the company were to go bankrupt, the law could deny you a legitimate claim to your assets.

A huge part of the appeal of cryptocurrency is the pseudonymous nature of transactions. You can deal freely without any of the real-world identifiers that are ingrained in our modern economic system. Personal IDs, bank account details, etc. are not required by the blockchain.

This all changes when you use a CEX. Crime prevention and law enforcement standards require users to comply with KYC (know-your-customer) guidelines. This means that your exchange wallet is usually linked to your real-life identity.

This is not a deal-breaker, but it raises concerns about censorship and privacy. The adoption of blockchain technology was partly fueled by outrage at the abuse of user data by corporate giants. CEXs have multimillion-dollar interests that could easily be swayed by governments.

OK, so we’ve defined the problem. What’s the solution?

DECENTRALIZED EXCHANGES

Also known as DEXs, they are the best alternative for traders who wish to keep full control over their tokens. Unlike CEXs, which provide the liquidity for swaps, DEXs use liquidity pools and smart contracts to enable trade.

Basically, users of a DEX trade with other users in a Peer-to-Peer (P2P) system. This eliminates the need to deposit tokens in an exchange wallet since there is no need for a middleman.

Unfortunately, DEXs are not user-friendly. Since DEXs are not controlled by any central authority, anyone can list a token. This could lead to confusion where users trade the wrong token by mistake.

It is always safer to do extensive research and only trade through a verified contract address. They can also be vulnerable to smart contract breaches which could lead to costly hacks.

NON-CUSTODIAL WALLETS

The blockchain is unique because it offers the only financial system where assets can be held autonomously. You can only store so much cash in a mattress or a safe before running out of space. Plus, the risk of loss is high.

Self-custody of your digital tokens enables safe storage while they appreciate in value. You can retain access from anywhere in the world. Most importantly, there are no middlemen or censorship concerns.

So how does it work? What makes a blockchain wallet truly non-custodial?

The simple test is whether the process of storage and retrieval is trustless. Ask this question: Are the private keys entrusted, to any degree, to a third party at any point? If the answer is no, then the wallet is non-custodial.

Some popular examples are Trust Wallet, Metamask, and Phantom.

COLD WALLETS

These take the idea of self-custody a step further by offering improved security features. A cold wallet is virtually offline. This safeguards your private keys against malware and phishing attacks.

Cold wallets usually take the form of USB-compatible hardware. Users can connect them with trusted dApps only when necessary. Ledger, Trezor, and Ellipal are great examples of hardware wallets.

Another common form of a cold wallet is a paper wallet. This is simply a physical backup of a seed phrase on paper. It is commonly recommended for users of software wallets.

The major flaw of paper wallets is their lack of durability. Hardware wallets are highly recommended in this category.

A WORD OF CAUTION

You are now fully aware of the risks of keeping your valuable shekels on a CEX. But it would be irresponsible to end this letter without showing you the bigger picture.

With great power comes great responsibility. When you choose to hold your tokens in a non-custodial wallet, you assume the duty to keep them safe. There is no insurance coverage for lost private keys!

Always have multiple backups of your seed phrase. NEVER click on links or download files shared by strangers.

I recommend a transaction simulator like Pocket Universe if you use software wallets. This will tell you the result of a transaction before you sign it. It’s a lifesaver.

Another handy tool is Revoke.cash. It helps you revoke permissions if you sign a malicious transaction by mistake. Ultimately, prevention is the best defense. Stay safe!