Custodial Wallet

A common practice for many cryptocurrency users, especially those new to the space or who trade frequently, is to keep their assets on a centralized exchange (CEX) like Coinbase or Binance. This practice is known as using a custodial wallet, which is fundamentally different from a non-custodial wallet (like a hardware or software wallet).

Understanding Custodial Wallets 🔑

When you hold your cryptocurrency on a centralized exchange, you are not in direct control of your private keys. The exchange holds the keys on your behalf, acting as a custodian—much like a bank holds the cash in your savings account. You have an account with a login and a password, and the exchange's database keeps a record of how much crypto you own. This arrangement is built on a foundation of trust: you are trusting the exchange to keep your funds secure.

Dangers of Keeping Assets on an Exchange ⚠️

While a custodial wallet is convenient, it introduces significant risks that are not present with self-custody.

• Exchange Hacks: This is arguably the biggest risk. Centralized exchanges are attractive targets for hackers because they hold massive amounts of user funds in one place. Despite robust security measures, exchanges can be compromised. If a hacker successfully breaches the exchange's security, your assets are at risk of being stolen, and there is no guarantee you will be reimbursed.
• "Not Your Keys, Not Your Crypto": This is a popular and critical mantra in the crypto world. Because the exchange controls your private keys, you don't truly "own" your crypto in the same way you do with a non-custodial wallet. Your access to your funds is contingent on the exchange's ability to operate. If the exchange goes bankrupt, becomes insolvent, or is shut down by a regulator, you may lose access to your assets. The collapse of major exchanges like FTX in 2022 serves as a stark reminder of this danger.
• Freezing of Funds: An exchange has the power to freeze your account and funds at any time, for any reason. This can happen due to a regulatory request, suspicious activity flagged by their system, or a technical issue. This lack of full control can be a significant problem if you need to access your funds urgently.
• Censorship and Government Regulation: Since CEXs are centralized companies, they must comply with the laws and regulations of the jurisdictions they operate in. This can include Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations, which require you to provide personal information. In some cases, governments can pressure exchanges to restrict or freeze access to certain individuals or groups.
• Internal Mismanagement or Fraud: As a centralized entity, the exchange is run by a management team. If this team engages in poor financial practices, takes on excessive risk, or commits outright fraud, it can lead to the loss of user funds.

Best Practices for Exchange Use ✅

Despite the risks, centralized exchanges are a necessary entry point for many users and are essential for trading. Here are some best practices for using them responsibly:

• Only Store What You Need for Trading: Think of your exchange account as a checking account for your day-to-day transactions and trading activities. It is not a savings account for long-term storage. Only keep the amount of crypto on the exchange that you are actively trading.
• Transfer Large Holdings to a Non-Custodial Wallet: For your long-term, cold storage holdings, it is highly recommended to move them to a hardware or software wallet where you control the private keys.
• Enable Two-Factor Authentication (2FA): Always enable 2FA on your exchange account. Use an authenticator app (like Google Authenticator or Authy) rather than SMS-based 2FA, as SIM-swapping attacks are a known vulnerability.
• Use a Strong, Unique Password: Use a unique and complex password for your exchange account that is not used anywhere else.
• Beware of Phishing: Be extremely cautious of emails, messages, or websites that claim to be from the exchange. Always verify the official URL and never enter your login credentials or other sensitive information on a site you have not verified as legitimate.

While convenient, keeping all your assets on an exchange is a risky practice. The most secure strategy is to use a custodial wallet for what you need to trade and a non-custodial wallet for the rest.

Need help recovering your custodial wallet? contact us today, hello@rescu.fyi.