As the fallout from the FTX collapse continues, the crypto industry is reckoning with a major lack of trust and transparency. It is telling that the industry has become so used to major hacks and collapses that the downfall of one of the largest cryptocurrency exchanges in the world, while surprising to many, doesn’t seem out of character to industry veterans.
Consumers have been burned so many times that the phrase “not your keys, not your coins" is now widely used to advise individuals not to leave tokens on exchanges or other services where the keys are controlled by a centralized entity. Despite this guidance, and tens of billions of dollars being lost to hacks and fraud, investors continue to use centralized exchanges to store funds.
A recent survey found that almost 76% of crypto users store some of their funds on an exchange1. Statistics from blockchain analysis firm Chainalysis indicate that the amount of Bitcoin and Ether held on exchanges at any given time is typically 8 to 12% of the total circulating supply2 – and this does not include assets held by institutions through services like Coinbase Custody, which are typically held in separate wallets provisioned on behalf of the institution.
Disclosures from Coinbase3 and Binance4 reveal those firms alone provide custody for almost 20% of the entire cryptocurrency market cap (a figure that may surprise some given how the industry champions decentralization), highlighting that both retail and institutional consumers are herding their crypto to a relatively small number of ‘trusted’ custody providers.
Certainly, the fall of FTX is a sobering reminder that a lack of accountability and recourse for users should be a real concern for users of crypto exchanges and service providers, which lie outside the governance framework(s) of the traditional financial system. Yet the reality is that few firms possess both the technical maturity and the necessary compliance measures to store crypto securely.
Blockchain-based digital assets, cryptocurrencies included, rely on complex cryptographic keys and algorithms for security. Safely storing keys in a manner that still allows their owners to access and use them with minimal friction presents a daunting technological challenge, especially given widely varying degrees of customer tech savviness – typical consumers do not have access to the air-gapped devices or other hardware that are recommended when setting up and storing keys.
Custody of digital assets has accordingly fallen into an ‘unhappy valley’ where technical complexity limits its accessibility for non-fintech companies, while regulatory ambiguity has prompted many large institutions to adopt a wait and see approach.
If there is a silver lining to the lightspeed vaporization of FTX, it is the expectation of significant new regulation that will provide overdue clarity and consumer protections. Lawmakers have been quick to highlight the ambiguity of current guidelines and the need for new rules that align the crypto industry with traditional finance5. .
Crypto service providers should expect a tightening of rules that prevent the commingling of customer funds and more stringent risk management requirements. It is also likely that amendments relating to Know Your Customer (KYC) and anti-money laundering (AML) will be added to assuage the more crypto-skeptical lawmakers in Congress. In the time it will take for crypto native companies to build out compliance and risk management systems to meet these new rules, financial institutions have an opportunity to seize market share by expanding their own offerings to provide custody services to customers holding crypto or other digital assets.
While cryptocurrency adoption is still heralded in some quarters as a straight replacement for the legacy banking ecosystem, in truth most crypto holders would embrace the same degree of access and the protections that come with modern bank accounts. It is worth noting that a recent study from bitcoin company NYDIG found that over 70% of bitcoin holders would switch from their primary bank to one that offered bitcoin services in addition to regular banking products6.
Last year NYDIG announced partnerships with over 300 banks to offer Bitcoin services7, mostly community and smaller regional banks. At the same time, industry heavy-hitters Fidelity Digital Assets8 and BNY Mellon9 have also launched digital asset custody platforms. Additionally, JP Morgan has nodded towards a potential crypto solution by launching a digital lounge in the blockchain-based metaverse Decentraland10 and filing trademarks for a digital asset wallet app11.
The availability of new technologies like Multi-Party Computation, which allow cryptographic operations to be conducted in a more secure and resilient fashion, is also reducing the friction for institutions entering the space. While the cost of such tools puts them beyond the reach of individual retail customers, institutions can capitalize on their economies of scale and investments in cybersecurity to build compelling services on top of these technologies that address customers’ concerns over the safety of their assets.
A key consideration for institutions that choose to go down this path is deciding which assets to support, as each requires careful due diligence and an evaluation of associated risks versus demand for the solution. By focusing on blue chip assets, firms can satiate their customers’ thirst for digital asset services while educating them about the risks. Coinbase used this strategy to gain market share and establish trust among early adopters by supporting only a limited number of assets, namely Bitcoin and Ethereum.
However, classifying and determining the risk of digital assets can be extremely tricky. With its almost $10 billion market cap, long list of VC backers and array of celebrity endorsements, FTX and its FTT token once appeared a secure mainstream bet. Institutions need an evaluation framework that focuses on the technical fundamentals and application of the asset instead of the hype.
Protecting consumers from the types of fraud and mismanagement seen at FTX also requires integrating digital asset services with risk management and compliance controls. Despite the lofty promises, crypto has proven not to be a truly ‘trustless’ system – though it has made it difficult to figure out who to trust. The immaturity of the crypto industry clearly requires institutions who interact with it to conduct even more thorough due diligence that includes unbiased perspectives from subject matter experts.
FTX has certainly highlighted all too clearly the perils associated with exchanges operating offshore in lax regulatory environments, and will have reminded consumers of the benefits of more conservative institutions with mature risk management practices. It has also called into serious question the ‘move fast and break things’ mantra popularized by Mark Zuckerberg and subsequently embraced by many a fintech entrepreneur. As the technical barriers to providing digital asset services continue to lower, the ability to balance investment with conscientious decision making will be a key differentiator. The crypto space needs mature institutions that consumers can trust to act as the adults in the room, and established financial institutions with an appetite for innovation are ideally positioned to fill this void.