Can crypto scale and still retain its commitment to individuals holding their own keys? Increasingly it seems like the answer is "no." As blockchain security firm CertiK pointed out in a recent report, nearly half of the $503 million lost in crypto security breaches this past quarter involved private key compromises.
To be fair, this statistic is likely skewed by a few high profile instances. Namely, the $112.5 million hack of Ripple co-founder and executive chair Chris Larsen's personal XRP wallets in January.
There were fewer total key compromises (26 incidents) than rug pulls (34 incidents), though if counting phishing scams (83 incidents) — which is definitely a matter of users maintaining control over their coins — key management incidents account for a hefty majority of losses in Q1 2024.
Of course, this is nothing new: people have been losing access to their "wallet.dat files" since the days of yore when Bitcoiners were able to mine BTC on their desktops. One poor soul has for years been fighting for permission to excavate a landfill in the U.K. after mistakenly tossing out a hard drive with 7,500 bitcoins.
People lose access to their keys in attacks like SIM swaps and social engineering exploits; by forgetting their seed or pass phrases; sometimes hardware simply fails, be it hard drives or cold wallets; or things can be wiped in a natural disaster like a fire or flood, and yes, sometimes boating accidents happen.
The point is, key management is an unsolved problem in crypto. This is why, as crypto has scaled to more and more users, there have been more and more custodial solutions that replace the challenges of proper key management — which is dangerous and difficult — with the familiar security solutions of using passwords to log into third party services.
"There's an overwhelming demand in the Bitcoin community that we must scale, we must scale, we must scale," Craig Raw, founder of bitcoin desktop wallet Sparrow, said in a panel discussion at Adopting Bitcoin Arnhem 2024.
A video recording of a four minute clip featuring Raw from the event has recently been making the rounds on Crypto Twitter in part because Raw convincingly lays out the tension between getting blockchains — specifically Bitcoin — into the hands of hundreds of millions of users and the challenges of maintaining decentralization.
"We have given up a lot of things in Bitcoin because of this demand to scale. And I'm just going to throw it out there that I don't necessarily think scaling is the be all and end all of everything that we should be thinking about," he said.
Notably, the only way for crypto to remain censorship-resistant is for people to maintain their own keys. There is an old idea in the Bitcoin community that "Uncle Jims" could run nodes for smaller groups of less technically-inclined people, an idea that has been increasingly diminished, Raw said.
"It used to be like no debates around the fact that that's not your keys, not your coins. I'm seeing erosion in that term," Raw said. "If you ask people today, what 'Uncle Jim' means, it's the guy who custodies bitcoin on behalf of the family unit. You see the difference between those two things?"
Gleb Zykov, chief technology officer of a HashEx Blockchain Security, noted in his company's own report of Q1 hacks that "if anything, every incident shows the continuous and sophisticated nature of threats facing this industry," suggesting the risks of self-custody will only get harder.
I don't have all the answers here, whether it's possible to maintain the precepts of decentralization while also encouraging mass adoption. And neither, apparently, does Raw: "If you start to drop your ideals, you start to lose those things that make bitcoin unique."
It depends then on what you value.
Read the article online...
– D.K.
@danielgkuhn
daniel@coindesk.com