If you care about crypto adoption, ‘not your keys, not your coins’ is a disaster
We should be doing more to make “not your keys, not your coins” a description of the bad old days rather than a prescription for the future
Francesko221/Shutterstock modified by Blockworks
Crypto scams represent a crisis, and if we move out of a bear market and into a bull market, the scams will come roaring back.
Even though the Chainalysis 2023 Crypto Crime Report showed that revenue from crypto scams in 2022 dropped from 2021, this by no means signifies that we’ve turned a corner and that current efforts to make scamming unprofitable are working.
To put that report in context, you have to consider that the price of bitcoin dropped from a high of almost $69,000 in 2021 to a low of less than $16,000 in 2022. The number of scams could have quadrupled in 2022, and the value of those scams would remain less than in 2021. Additionally, many people burned by scams in 2021 have likely left the crypto industry, at least until the next boom. As a final note, when crypto prices are falling, it is much more difficult for scammers to convince their marks that they are making fantastic returns.
Plus, even though losses in 2022 were less than in 2021, let’s not miss the overall shape of the curve: The FTC reported that losses to crypto scams in 2021 were 60 times larger than in 2018.
There’s no doubt that the increasing value and market interest in crypto has made taking advantage of the industry a lucrative opportunity for cybercriminals. But don’t make the mistake of dismissing crypto scam victims as stupid: These scams are sophisticated, and the scammers have perfected their game through trial and error. New tools like OpenAI and other LLMs will also make scammers’ pitches more convincing and credible.
Instead, the blame behind the scams lies in the widely perpetuated idea that crypto users should be the only ones in charge of their own money.
‘Not your keys, not your coins’ is just not right
“Not your keys, not your coins” (NYKNYC) is a slogan attributed to Andreas Antonopoulos that has been used to dissuade token holders from storing their bitcoin in custodial exchanges. In the first 10 years of Bitcoin’s existence, many exchanges (like Mt Gox and Coincheck) were hacked out of business — at that time, it did genuinely seem like a security risk to use a crypto exchange.
However, the NYKNYC motto has now taken on a larger significance, essentially suggesting that one of the foundational values of crypto is that individuals should be solely responsible for the security of their tokens.
It’s this broader interpretation that I find increasingly irrelevant, especially because:
- Exchanges have dramatically improved their security;
- Insurance products are playing a larger role in securing exchange wallets;
- Many of the largest recent hacks have actually been against smart contracts and DeFi platforms where individuals were using self-custody wallets
When the “not your keys” advice is wielded against scam victims, it’s particularly ridiculous. These are people who willingly sent tokens to scammers: whether they sent tokens from custodial accounts or non-custodial wallets is moot.
If you really believe that individuals should be solely responsible for their crypto, ask yourself these questions:
- Have you personally audited the source code of the open-source self-custody wallets that you use? Or do you just rely on the idea that someone else has audited it?
- Have you personally audited the open-source smart contracts which power the decentralized exchanges that you frequent? Or do you just rely on the idea that someone else has?
- Have you even researched whether the wallets you use are open vs. closed source, or decided not to use a closed-source wallet because you can’t audit it?
What is to be done?
The ever-increasing sophistication of scammers is a challenge for local law enforcement, who do not have the training or the funding to investigate cryptocurrency crimes properly — especially as crypto scams largely happen outside the system of legal protections and regulated financial institutions that work to safeguard customers.
Read more from our opinion section: Without privacy, DAO governance fails
And tracing the global network of the criminals behind fraud poses significant challenges for both law enforcement and investigators alike. As a result, they are often unlikely to pursue the case because they do not clearly understand the actual crime or have a real-world entity to pursue.
But while most of the loudest responses to this crisis call for investing in education, we must face the reality that educating people about the risks isn’t cutting it. In other words, education only protects the most sophisticated investors. The people we really need to protect and offer support to are those victims whose instinct to trust kicks in before their instinct to be skeptical does.
The industry either needs to come up with ways to slow the spread of scams and hacks or they can expect regulators to get involved with poorly thought-out solutions. Politicians, legislators and regulators already advocate that crypto is synonymous with fraud, and their responses to date have involved restricting crypto. The answer isn’t to clamp down, but to find ways to ensure that the least sophisticated users are protected.
Whether we like it or not, the foundational tools that we use in crypto require trust — trust that other people have done their job correctly.
If we want to bring a billion users into crypto, every player in the industry has to acknowledge that we should be doing more to make “not your keys, not your coins” a description of the bad old days rather than a prescription for the future.
Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.
