Casa Blog - Bitcoin Security Made Easy

Being your own bank

Bitcoin has long offered the promise of being your own bank, though this comes with great responsibility and a high learning curve in order to do it well.

There are numerous threats to one’s bitcoin; protecting against them all can be time-consuming and is out of reach for the average person (if they don’t know about Casa, of course.) As such, many who buy bitcoin will simply leave it on the exchange where they acquired it, assuming that this exchange offers the same protections as their bank or brokerage account.

Many people use bitcoin custodians for convenience. Some reasons may be:

  • Outsourcing security to professionals and having someone to blame if anything goes wrong
  • Ability to easily access liquidity and swap assets
  • Ability to easily access traditional banking system for fiat transfers
  • Ability to earn interest
  • Ability to easily insure assets

At the same time, government regulations require that many companies and funds do not self-custody their bitcoin, but use “qualified custodians” instead. While I find these regulations to be outdated with respect to digital bearer assets, the reality is that they exist and institutions must follow them.

Big bitcoin banks

The end result is that a sizable portion of the total bitcoin money supply is held by custody services. How much? We can’t know exactly, but we can determine some reasonable estimates on lower and upper bounds.

We already know that at least 4% of all bitcoin is held in corporate treasuries. More is undoubtedly held by:

  • Exchanges
  • Trading services like Robinhood / Revolut / PayPal
  • Hedge funds
  • Venture funds
  • Pension funds
  • Family offices
  • University endowments
  • Sovereign wealth funds
  • Lenders like BlockFi / Genesis Capital (known to have over $1B each)
  • Wrapped bitcoin custodians

Other than exchanges, I’d expect the vast majority of the above entities are using third party custodians due to regulatory requirements or their own policies.

How many of these custodians can we track down? It is possible to use various heuristics to associate bitcoin transactions and addresses together in order to identify the single entity that is controlling them. These heuristics are probabilistic and can’t guarantee 100% accuracy.

Coinmetrics tracks 9 large exchanges and shows their aggregate bitcoin balances to be around 1.2M BTC at time of writing.

Glassnode tracks 14 exchanges and shows their aggregate balance to be about 2.5M BTC at time of writing.

Chainalysis, on the other hand, tries to track pretty much everybody’s balance, though they don’t share their specific metrics publicly.

(Virtual Asset Service Providers are custodial services.)

According to Chainalysis, as of October 2019 roughly 60% of bitcoin that was not lost was held by a licensed custodial service. That would put 8.5M BTC in the hands of custodians. This is a lot higher than the 2.5M BTC in exchanges tracked by Glassnode. I reached out to get more clarification from Chainalysis about this figure:

"The 8.5 million bitcoin is an upper bound estimate. At a lower bound, exchanges hold about 2.2 million bitcoin, at an upper bound they hold about 5.1 million bitcoin (including their custody businesses). Non-exchange VASPs account for the rest, particularly hosted wallets and custodians.

Exchanges are easy to identify and the top 20 exchanges account for most of the activity. You get to 2 million if you tag the best known cold wallets of the main exchanges. But tagging non-exchange VASPs, such as hosted wallets and custodians, is harder. They don't publicly reveal addresses of their cold wallets unless you are a customer.

A related issue is that a sweep of funds from a deposit address into storage can often look like a withdrawal, especially for the most recent blocks. This is why most analytics providers think that exchange inflows and outflows are often almost equal, and why it looks like exchange balances are declining. I think they are declining at the moment, but not as much as other people think."

The only other type of custody that is somewhat easy to track is tokenized bitcoin on ethereum, since you can query the ethereum blockchain to determine the supply. At time of writing that comes to around 120,000 BTC.

As for all of the other possible entities / investment funds that may be holding bitcoin with a custodian, it’s quite hard for us to know about them unless they publicly announce what they are doing.

While it’s hard to pinpoint, anywhere from 20% - 60% of all circulating bitcoin are held with third-party custodians. Thus it appears quite reasonable that 40% of all bitcoin may be held by a small number of custodians. The higher this number becomes, the more concerning it is with regard to economic fork attacks, though in terms of seizure and theft risk, any double digit percentage is concerning. For reference, MTGOX was thought to hold 850,000 BTC out of ~8M in circulation - when it ceased operating the shock to the ecosystem was massive.

Why does it matter?

The reason that bitcoin works is because power is highly distributed throughout the system. When power starts becoming too concentrated, the likelihood of coordination occurring in order to benefit those wielding power increases. This is simple politics; we have already seen it attempted in bitcoin via the New York Agreement.

One particular concern I have with custodial businesses is that their revenue is often directly tied to the amount of bitcoin they have under custody. As such, they are incentivized to control as much bitcoin as possible. It is to be expected that custodians will then seek to incentivize as many bitcoin owners as possible to store their funds with them. This is a tragedy of the commons situation that is creating perverse incentives.

For example, I expect the price of custody will continue to drop and even go negative as more custodians start offering interest on deposits. A rational person may conclude that the (difficult to quantify) counterparty risk makes it worth trusting a custodian to increase their bitcoin position. This may further concentrate control of bitcoin keys into fewer hands.

Hasu wrote an excellent article about how the custodial banking layer creates systemic risk for bitcoin; one of the main points was that if something goes wrong and people want to exit to the safety of self-custody, the on-chain throughput limits mean that it’s infeasible for a mass exit to happen quickly. Another point was that custodians will be more capable of paying very high transaction fees to make settlement transactions between each other, thus pricing out the average user from making on-chain transactions.

If too many coins are held in too few hands, the systemic risk of a coordinated attack rises. Such an attack could result from a variety of stressors, such as:

Political attack: expect that initial attacks will demand more onerous disclosure requirements from exchanges, more draconian rules around AML/KYC, and so on. Eventually, pressure from regulators and nation states results in custodians censoring transactions and seizing funds.

Economic attack: the custodians coordinate a fork (hard or soft) and change the rules for bitcoin they accept. Any contentious fork results in a chain split, at which point each side vies for economic superiority by selling off the branch of the fork they don’t support. This could be made more devious by custodians selling off the fork branch they want to see die off.

Every bitcoin that is held by an institution is a bitcoin that has had its security weakened by being subjected to bureaucratic and political decision-making. “Not your keys, not your bitcoin” rings true because when you have to ask someone for permission to transact, you are no longer in a position to resist censorship. Bitcoin owners must not trust third parties to act in their best interest!

Is systemic risk actually worth worrying about? It’s more of a risk than most people think. Sovereign debt crises and currency failures often go hand in hand with times of high inflation, as billionaire hedge fund manager Ray Dalio pointed out in his latest post, “The Changing Value of Money.” In recent sovereign debt crises, such as in Lebanon today or in Cyprus in 2013, assets have been both frozen and seized, not to mention lost outright in bank failures. Earlier this year, the FDIC reminded U.S. citizens in a creepy video that it’s perfectly safe to keep your cash in the bank...

Education as a solution

We must continue to educate users of the risks inherent to trusted third parties for the simple fact that these risks are invisible to many investors.

When users learned that BitMEX was being targeted by US regulators, they withdrew half of the bitcoins from the platform. This is because many users finally realized the counterparty risk to which their funds were exposed.

We need people to understand that every custodian faces the same risk of being targeted by nation states. Sure, being compliant with regulators decreases the risk of being targeted sooner rather than later. But there is no escape from their scrutiny, nor is there any guarantee that nation states won’t change the rules for custodians in the future. The only rules that are resistant to being changed are those of the bitcoin protocol, and their robustness is reliant upon as many users as possible individually resisting controversial rule changes.

When bitcoin custodians encounter problems, the failure tends to be immediate and catastrophic rather than slow degradation. Take the most recent example - one week prior to publishing this article, OKEx stopped allowing withdrawals. They remain disabled.

"One of our private key holders is currently cooperating with a public security bureau in investigations where required. We have been out of touch with the concerned private key holder.  As such, the associated authorization could not be completed.  Pursuant to 8.1 Service Change and Interruption of the Terms of Service, OKEx may change the Service and/or may also interrupt, suspend or terminate the service at any time with or without prior notice."

Hasu’s article mentioned on-chain throughput as a chokepoint, but if your bitcoin custodian suffers from any sort of failure then on-chain throughput is likely a non-issue. You probably won’t have time to run for the exits to the safety of self-custody.

Technical solutions

We must continue building second layer solutions that enable custodians to settle with each other off the base layer and thus free up more space for people to exit to self-custody.

This chart is from a Chainalysis report on fund flow between enterprises in 2015.

We have reason to believe that around half of all on-chain transactions occur between large custodians. Much of this volume is highly redundant, with the same custodians sending funds back and forth and not even knowing it - because they are just sending to random addresses. Layer 2 solutions such as Lightning Network and sidechains will allow for much of this volume to be removed from the bitcoin blockchain. This will help alleviate the “high settlement fee” scenario that Hasu brought up.

We must also continue to scale bitcoin’s ability to provide users with trustless transactions. This may require innovation and creative cryptographic constructions that enable us to continue down the same path of doing more with less on-chain data.

Perhaps most importantly, we need to make self-custody safe and simple. This is our focus at Casa.

Be your own bank!

Being your own bank doesn’t need to be difficult or scary. It’s also the only way to benefit from the strongest security model bitcoin has to offer. By holding your own keys you not only empower yourself, you strengthen the entire ecosystem against systemic risks. If you need help taking the step into self custody, or improving your current setup, we’re here to help.