Guest blog: I’ve got the key; I’ve got the secret – unlocking cryptocurrency control
Guest blog by Prakash Kera, lead partner of Fintech at Shoosmiths
This article explores the importance of protecting your cryptocurrency investment by having access to the ‘private key’. Without it, you are not really in control of that cryptocurrency and can’t prove you are the true ‘owner’ of it
Crypto, cryptocurrencies, NFTs, blockchain – exciting, enticing, and quickly becoming a favoured source of investment.
However, buyer beware! Are you really the true ‘owner’ of your cryptocurrency?
Whether you are a fully-fledged investor in crypto or just considering a frolic into that world – this article explores the importance of protecting your cryptocurrency investment by having access to the ‘private key’. Without it, you are not really in control of that cryptocurrency and can’t prove you are the true ‘owner’ of it.
It’s no secret…
The facts and figures speak for themselves. Crypto is huge, and it’s impossible to ignore. Currently, in mid-2022, there are well over 18,000 cryptocurrencies in circulation. It shouldn’t come as a surprise to anyone then that a recent report (Capgemini’s World Wealth 2022 report) found that 71% of the high-net-worth-individuals surveyed had invested in digital assets… and that cryptocurrencies are their ‘favourite’ digital asset investment.
In the crypto world when one ‘buys’ a cryptocurrency what one is really doing is buying an allocation of ‘digital units’ of that cryptocurrency which is recorded in a digital ledger showing all allocations for that cryptocurrency (that ledger is an append-only ledger known as a ‘blockchain’). The ledger stores that allocation of digital units against a unique identifier called a ‘public address’ (a unique alphanumeric string). A cryptocurrency’s ledger is openly available for review and interrogation by anyone at any time – indeed, anyone can freely skim the ledger and see the details of the transfers of ‘digital units’ to and from public addresses and the balances against public addresses.
Each public address is derived from a unique ‘private key’ (again, a unique alphanumeric string) that was created by the person who wanted to ‘hold’ cryptocurrency at that address (that private key is usually created in the most random way possible so that no-one else can guess it). This relationship between a private key and its corresponding public address is fundamental – it’s a one-to-one relationship – and only that specific private key can be used to control any of the cryptocurrency recorded against the corresponding public address in the blockchain. It is not possible to transfer away any balance held at a public address without having the specific private key for that public address – if one tried to do this then the transfer request would be rejected, and the ledger would continue to show that the balance remains at that public address.
Golden rule #1 – the key
One of the golden rules in the crypto world is to make sure that as the true owner of cryptocurrency you have access to the corresponding private key. Without that private key you don’t have any real control over the cryptocurrency held at the corresponding public address – as you can’t, yourself, do anything directly on the blockchain with that cryptocurrency e.g. transfer or 'sell' it. When a private key for a public address is lost or forgotten that effectively means you’ve lost the cryptocurrency held at the corresponding public address – you can still see the cryptocurrency balance at that address (by looking at the blockchain) but that’s literally all you can do without the private key... just look at the balance. That’s why having access to the private key (by storing it yourself) is the only way for you to have ultimate control of the cryptocurrency. (In the crypto world, when a person stores their own private key this is known as them using a ‘self-custody’ or ‘non-custodial’ wallet for their private key.)
Golden rule #2 – the secret
The other golden rule is to make sure that no one else knows or has access to your private key – it should be kept secret. If someone else knows or has access to your private key then that is all they need to fully control the cryptocurrency held at the corresponding public address – and you can’t stop them from transferring the cryptocurrency to a different public address (which would have a different corresponding private key that you don’t know or have access to).
Not your keys, not your crypto
Now, and here’s the point, when someone says they’ve bought some cryptocurrency but doesn’t store or have access to the private key to the corresponding public address then they don’t really have any direct control over that cryptocurrency.
It’s most likely that the person bought that cryptocurrency using a third party exchange or platform – and it’s that exchange / platform that is storing the corresponding private key, not that person (in the crypto world this is known as a ‘custodial wallet’). The purchaser is therefore heavily relying on that exchange / platform to keep the private key secret and secure. This is, of course, not the same as storing the private key yourself as you don’t directly control the corresponding cryptocurrency – that exchange / platform does.
There have been a fair number of instances where third party bad actors have obtained private keys (using loopholes in cyber security or other means) and have transferred away cryptocurrency from public addresses without any permission. More recently, there have been a number of instances where those holding the private keys corresponding to their customers’ cryptocurrency purchases have re-hypothecated, commingled, loaned, transferred, or simply spent those customers’ cryptocurrency.
Yes, by looking at the ledger the ‘stolen’ cryptocurrency may be traced to its eventual location (its ultimate public address), but (a) one would need to know the public address that the cryptocurrency was being held at before it was taken, (b) it is difficult to have the cryptocurrency returned, (c) if it is returned, how much is it now worth? and (d) most exchange / platform terms of business attempt to remove proprietary rights of customers over the purchased cryptocurrency (which would put them in the position of an unsecured creditor).
If anyone asks you what the crypto community phrase “not your keys, not your crypto” means, well, now you know.
Latest News from
Announcing techUK’s Future of Compute Campaign Week04/10/2022 15:25:00
Between 28 November – 2 December techUK will be hosting our Future of Compute week, dedicated to envisioning how the UK can become a leader in compute.
Be part of techUK’s local government’s Innovators Network04/10/2022 13:10:00
In May 2022 in collaboration with the Local Public Services Committee, techUK published a report making the case for enhanced digital innovation adoption across the UK’s local public services to improve citizens’ lives.
New ITU leadership team in place03/10/2022 14:05:00
Member states of the International Telecommunication Union (ITU) have elected Doreen Bogdan-Martin of the US as the organisation’s next secretary-general.
Join us for techUK’s Local Digital Capital Week 202230/09/2022 16:25:00
From 24 October to 28 October, we are highlighting the contributions made by the UK tech sector to improve the local and regional tech scene, playing a vital role in the levelling up agenda through innovation and engagement.
UK Government to review EU Retained law by 2023 through new Parliamentary Bill30/09/2022 14:38:00
The UK Government has announced the introduction of the Retained EU Law (Revocation and Reform) Bill to review EU legislation that still exists in the UK legal system.
EU Liability Directive on AI30/09/2022 11:25:00
The European Commission recently (28 September 2022) released its legislative proposal on AI liability, alongside a revised Product Liability Directive (PLD), aiming to bring the EU’s liability regime into the digital age.
New Retained EU Law Bill creates uncertainty for UK businesses29/09/2022 16:25:00
The UK Government has announced the introduction of a new Bill aimed at removing the retained EU legislation that exists in the UK legal system.
Report by The King’s Fund: “Interoperability is more than technology”29/09/2022 14:43:00
The King’s Fund’s latest report, Interoperability is more than technology: The role of culture and leadership in joined-up care, examines the long-standing challenges in overcoming silos and the culture issues that must be addressed.
Breaking down McKinsey's Report: Why digital trust truly matters29/09/2022 11:25:00
A recent McKinsey report has shared key findings relating to why digital trust matters for organisations.
Interoperability: the key to unlocking NHS data challenges28/09/2022 16:25:00
Integrated Care Systems (ICSs) are an essential ingredient of the NHS Long Term Plan, with England now served by 42 ICSs as of July 2022. The need to ensure that data flows readily and securely between central and regional organisations is vital.