0/ When a centralized exchange fails, users lose access to all their tokens.
The solution? SELF-CUSTODY
Let's discuss
- What is self-custody
- Cryptographic underpinnings
- What first time self-custodians need to know
🧵 Let’s dive in! 👇
web3edge.io
The solution? SELF-CUSTODY
Let's discuss
- What is self-custody
- Cryptographic underpinnings
- What first time self-custodians need to know
🧵 Let’s dive in! 👇
web3edge.io
1/ Centralized Exchanges (CEXs) are not transaprent
Public blockchains allow for transparency of on-chain activities, but CEXs connect the off-chain world with the on-chain world
The off-chain side of activities are a black box
Users must TRUST that CEXs operate in good faith
Public blockchains allow for transparency of on-chain activities, but CEXs connect the off-chain world with the on-chain world
The off-chain side of activities are a black box
Users must TRUST that CEXs operate in good faith
2/ But the idea behind the decentralized movement is to have a system based on cryptographic proofs, not trust.
Bitcoin was designed to be "an electronic payment system based on cryptographic proof instead of trust" (Bitcoin Whitepaper, 2008)
Bitcoin was designed to be "an electronic payment system based on cryptographic proof instead of trust" (Bitcoin Whitepaper, 2008)
3/ How do these concepts (decentralized network vs. centralized exchange) reconcile?
The CEX will create private-public keypair for every network on which you hold tokens and acts as a centralized gateway for users to easily access tokens on these networks and trade them.
The CEX will create private-public keypair for every network on which you hold tokens and acts as a centralized gateway for users to easily access tokens on these networks and trade them.
4/ A private key is essentially a master password, which is used to generate the public key and address.
When a CEX holds your keys, they act as a custodion for your coins.
But: "not your keys, not your coins".
Self-custody means the user takes responsibility for their keys.
When a CEX holds your keys, they act as a custodion for your coins.
But: "not your keys, not your coins".
Self-custody means the user takes responsibility for their keys.
5/ Let's take a quick detour and look at the cryptography behind private/public keypairs, also known as "asymmetric cryptography".
Asymmetric crytography relies on something called "one-way functions".
This means computation in one way is easy, but the reverse is extremely hard
Asymmetric crytography relies on something called "one-way functions".
This means computation in one way is easy, but the reverse is extremely hard
6/ Example:
Pick two numbers to be a private key: 5 and 16
Public key is the result of 5 * 16 = 80
If an attacker wants to find the private key, they need to bruteforce every combination that returns 80 (8*10; 5*16; 4*20; 2*40 etc.)
With BIG numbers, this can take a LONG time.
Pick two numbers to be a private key: 5 and 16
Public key is the result of 5 * 16 = 80
If an attacker wants to find the private key, they need to bruteforce every combination that returns 80 (8*10; 5*16; 4*20; 2*40 etc.)
With BIG numbers, this can take a LONG time.
7/ This is the basic idea behind asymmetric cryptography, but with more complex math.
I've included links to the RSA and ElGamal encryption algorithms as well as the Digital Signature Algorithm (DSA) in my full piece for those interested:
web3edge.io
I've included links to the RSA and ElGamal encryption algorithms as well as the Digital Signature Algorithm (DSA) in my full piece for those interested:
web3edge.io
8/ Asymmetric encryption enables some interesting functionality:
Secret messages (private communication)
Verify sender authenticity with signatures (e.g., sign transactions)
Secret messages (private communication)
Verify sender authenticity with signatures (e.g., sign transactions)
9/ SECRET MESSAGES
A sender can encrypt a secret message by using the recipients public key, and the recipient can decrypt the message with their private key.
Due to the one-way function, this is cryptographically secure.
A sender can encrypt a secret message by using the recipients public key, and the recipient can decrypt the message with their private key.
Due to the one-way function, this is cryptographically secure.
10/ DIGITAL SIGNATURES
A sender can use their private key to create a unique digital signature for message. When the message is sent, the recipient can verify that the signature did indeed originate from the sender.
This is used to sign transactions.
A sender can use their private key to create a unique digital signature for message. When the message is sent, the recipient can verify that the signature did indeed originate from the sender.
This is used to sign transactions.
11/ Private keys essentially serve as proof that whoever holds them has control over an address.
The holder of private keys can sign transactions to move funds in and out of an address.
The holder of private keys can sign transactions to move funds in and out of an address.
12/ Phrased differently: whoever holds the private keys has custody over the funds in an address.
A CEX acts as a custodian for users funds, or more specifically, a users private keys that provide access to their funds.
This is what "not your keys, not your coins" means.
A CEX acts as a custodian for users funds, or more specifically, a users private keys that provide access to their funds.
This is what "not your keys, not your coins" means.
13/ CEXs are responsible to keep your private keys safe, but with self-custody the user is responsible of keeping their keys safe
An analogy to TradFi:
When you hold cash, you are the custodian of your cash.
When you deposit cash to a bank, they are the custodian of your funds.
An analogy to TradFi:
When you hold cash, you are the custodian of your cash.
When you deposit cash to a bank, they are the custodian of your funds.
14/ If a CEX fails, users could lose access to all their funds held with the CEX.
With self-custody, the user is responsible for keeping their private keys and/or seed phrase safe.
If a user loses their private key/seed phrase, they will PERMANENTLY LOSE ACCESS TO THEIR FUNDS.
With self-custody, the user is responsible for keeping their private keys and/or seed phrase safe.
If a user loses their private key/seed phrase, they will PERMANENTLY LOSE ACCESS TO THEIR FUNDS.
15/ Essentially, users need to ask themselves: do I trust myself more than a CEX to keep my private keys/seed phrase safe?
If the answer is yes, then…
If the answer is yes, then…
16/ There are a few more things to be aware of before stepping into self-custody:
- Users have to create accounts for each network their assets are on
- Trading assets is more complex
- Liquidity will likely be less concentrated vs a CEX
- Users have to create accounts for each network their assets are on
- Trading assets is more complex
- Liquidity will likely be less concentrated vs a CEX
17/ CEXs hide the complexity of Web3 ecosystems, but are in custody of users' private keys.
With self-custody, users are in full control of their private keys and their funds, but they need to understand how Web3 ecosystems work and pick a wallet that meets their needs.
With self-custody, users are in full control of their private keys and their funds, but they need to understand how Web3 ecosystems work and pick a wallet that meets their needs.
18/ Generally speaking there are two primary kinds of wallets:
- Cold wallets (e.g., Ledger)
- Hot wallets (e.g., Metamask)
There is a security/convenience tradeoffs between both wallet types. Users will have to decide for themselves which suits them best.
- Cold wallets (e.g., Ledger)
- Hot wallets (e.g., Metamask)
There is a security/convenience tradeoffs between both wallet types. Users will have to decide for themselves which suits them best.
19/ When withdrawing assets from a CEX to a self-custody wallet, users need to:
- Understand which networks their tokens are on (e.g., Bitcoin, Ethereum, Polkadot)
- Know the asset type (Native asset, ERC20, PSP22)
- Find a wallet that supports the network and asset type
- Understand which networks their tokens are on (e.g., Bitcoin, Ethereum, Polkadot)
- Know the asset type (Native asset, ERC20, PSP22)
- Find a wallet that supports the network and asset type
20/ Here are a few links with wallets for the Bitcoin, Ethereum and Polkadot networks:
Bitcoin: bitcoin.org
Ethereum: ethereum.org
Polkadot: wiki.polkadot.network
Other networks will have other wallet lists.
Bitcoin: bitcoin.org
Ethereum: ethereum.org
Polkadot: wiki.polkadot.network
Other networks will have other wallet lists.
22/ For @Ledger Hardware wallets, @Wpeaster at @BanklessHQ put out a great piece detailing how to set them up step-by-step.
newsletter.banklesshq.com
newsletter.banklesshq.com
23/ Here's a great tutorial by @MoralisAcademy about how to set up a browser-based @MetaMask wallet:
academy.moralis.io
Other browser-based wallets will follow similar steps.
academy.moralis.io
Other browser-based wallets will follow similar steps.
24/ And why is it important to understand the asset type?
Because projects may issue their tokens to different networks using different token standards.
For example, the @CrustNetwork token $CRU exists as:
1) Crust native token
2) Ethereum ERC-20 token
3) Elrond EDST token
Because projects may issue their tokens to different networks using different token standards.
For example, the @CrustNetwork token $CRU exists as:
1) Crust native token
2) Ethereum ERC-20 token
3) Elrond EDST token
25/ When withdrawing from a CEX, users need to make sure the network & asset type the CEX uses and the network & asset type your wallet uses match.
Otherwise you may risk permanently losing your funds.
Here's an example of the Binance withdrawal screen (source: @BinanceAcademy)
Otherwise you may risk permanently losing your funds.
Here's an example of the Binance withdrawal screen (source: @BinanceAcademy)
26/ Ultimately, self-custody means taking ownership of & responsibility for your keys, and learning how Web3 works.
There is a learning curve involved, and it may not be for everybody.
But, "not your keys, not your coins".
Who do you trust more, a CEX or yourself?
There is a learning curve involved, and it may not be for everybody.
But, "not your keys, not your coins".
Who do you trust more, a CEX or yourself?
27/ If you enjoyed this thread, please consider giving the first tweet in this thread a like and a retweet.
Thank you for reading! 🙏
Thank you for reading! 🙏
Loading suggestions...