It wasn’t long after the wheels fell off at FTX that the I-told-you-sos began. On November 11, the crypto exchange filed for bankruptcy, and billions of dollars worth of customers’ crypto was missing. How was this possible? Because FTX wasn’t just a place to trade tokens, it was where users stored them too.
Weather-beaten veterans of the crypto industry will tell you that, in allowing a third-party to store coins on their behalf, the victims of the FTX collapse made a fatal mistake. “Not your keys, not your coins,” they like to say. They advocate instead for a system called self-custody, whereby people manage their own private crypto wallets, secured by secret alphanumeric keys.
The message is now filtering through. One person with funds trapped in FTX, who asked to remain anonymous to preserve his financial privacy, says he now stores crypto in either a personal wallet or interest-bearing peer-to-peer contract. Another, who requested anonymity for the same reason, says he now keeps tokens on exchanges for only an hour at a time for trading and otherwise stores them himself. “Fuck Sam,” he says, referring to FTX CEO Sam Bankman-Fried. “But I should have managed my risk too.”
Companies that supply devices for self-custody are profiting from the mayhem in the industry, including Ledger, one of the largest makers of hardware wallets. November, the month of the FTX collapse, became the most successful in the company’s history, according to its CEO, Pascal Gauthier. Between June 2022 and February 2023, amid the crypto turmoil, the firm sold 1 million units, having sold only 5 million in the previous eight years combined. Data from blockchain analytics firm Chainalysis shows that the collapse of FTX, Celsius, and other large crypto businesses corresponded in 2022 with sharp spikes in the travel of funds away from exchanges, into personal wallets. As did the sector’s banking crisis in March.
The problem with storing crypto in a personal wallet, though, is that there’s no margin for error: Misplace the private key and 12-word recovery phrase and the crypto inside is lost forever. Famously, a British man suffered this fate when he mistakenly discarded a hard drive in 2013 that held the credentials for a wallet containing 7,500 bitcoin, worth $220 million at today’s prices. Estimates suggest that roughly 20 percent of all bitcoin, worth tens of billions of dollars, has been lost this way.
“There is a significant user-experience problem in crypto—and a lot of that has to do with self-custody and key management,” says Hugh Brooks, director of security operations at blockchain security firm CertiK. FTX may have made storing crypto with an exchange “less appetizing,” he says, but “for the average user, self-custody is a much greater risk.”
Beyond storing wallet credentials in email messages, digital notepads, and other insecure locations, Brooks explains, people are prone to forgetting where they put their recovery phrase—a simple human error, easily made. But the consequences of basic mistakes like this are “amped up exponentially” when crypto is involved, he says. In a worst-case scenario, life savings can be lost.