Cryptocurrency mistake that has cost people billions
During every Bitcoin mania cycle, a new group of people learn the hard way that leaving your cryptocurrency on an exchange or trusting an online platform to hold it is extremely risky.
“Not your keys, not your crypto,” the mantra goes.
Meaning that if you don’t exclusively hold the private key to the wallet in which your cryptocurrency is stored, then they are not really yours.
Blockchain technology and the cryptocurrencies that run on them are built on public-key cryptography.
This uses pairs of keys generated using complex mathematical problems that are easy to compute one way but effectively impossible to reverse.
In other words, given a public key, it is impossible to derive its corresponding private key.
This is a critical feature because messages encrypted with someone’s public key can only be decrypted with the private key, and vice versa.
Within the context of a blockchain, a private key grants full control over a crypto wallet.
The significance of “not your keys, not your crypto” is perhaps best illustrated with examples.
In 2014, the world’s biggest Bitcoin exchange, Mt. Gox, shut down after falling victim to a hack.
It had suffered an attack three years earlier that crashed the Bitcoin price to $0.01, but Mt. Gox and the exchange rate quickly recovered.
By November 2013, Bitcoin peaked at R16,400 before stabilising at around R10,000 per token — until February 2014
Following the hack, Bitcoin crashed, hitting a low of around R1,900 in January 2015.
The Mt. Gox saga is only resolving now — over ten years after the hack was discovered.
In 2017, it emerged that cryptocurrency exchange BTC-e had been set up to launder the money stolen from Mt. Gox.
U.S. authorities pursued the Russian national who operated the exchange and seized the remaining funds. In 2023, they charged two Russians with the hack.
Users who had any crypto or fiat currency on BTC-e lost their money.
This year, some people who lost money in Mt. Gox are being reimbursed a portion of what was stolen.
Another high-profile example is the Canadian bitcoin exchange QuadrigaCX, which collapsed in January 2019 after the apparent death of its cofounder and CEO, Gerald Cotten.
During the last Bitcoin boom and bust phase between 2019 and 2022, people lost billions due to exchanges and yield account providers going bankrupt.
Most notable was the collapse of FTX, which was the third-largest cryptocurrency exchange by volume at the time and had over one million users.
Bittrex, another major exchange, also filed for bankruptcy after the U.S. Securities and Exchange Commission charged it with running an unregistered exchange.
Other platforms that failed, and which were heavily promoted by influencers during the boom, were BlockFi and Celsius.
These services effectively acted as cryptocurrency custodians, promising customers yields by lending out their deposits — a kind of crypto savings account.
Crypto brokerage Genesis is another famous example, as it provided similar interest-generating services to crypto platforms like Gemini and Luno.
Thankfully for Luno customers, the company took steps to ensure its customers didn’t lose any money due to Genesis’ bankruptcy.
Gemini customers were not so lucky. Until very recently, those who had used its Gemini Earn savings account had lost access to their funds.
Earlier this year, Gemini announced that its customers would get all their deposited crypto back, but not the interest they were promised.
While South African crypto asset providers weathered the fallout from these bankruptcies, one of the country’s oldest exchanges, Ice3x, folded in April 2021.
This was at the height of the last Bitcoin boom and unrelated to the collapse that started later that year.
Regardless, anyone who had funds on Ice3x when it went under is currently out of pocket and will have to file a claim with the liquidators if they hope to get anything back.
Cryptocurrency self-custody is no silver bullet, though.
Transferring your tokens off a third-party platform and into a hardware or self-hosted wallet means taking over the risk of securing it.
Those risks include losing access to your private keys without having a backup, or inadvertently handing over control of your wallet to a cybercriminal.
One extreme example was an early adopter of Bitcoin we interviewed in 2021 who had lost access to his cryptocurrency that had been stored in a software wallet on an old computer.
The person had mined 20 bitcoins around thirteen or fourteen years ago and deleted his wallet backups and a text file containing his password after losing interest.
When Bitcoin’s price surged to $1,000, he tried to recover the wallet to no avail.
Those bitcoins would be worth around R24 million today.
Blockchain research firm Chainalysis estimated in 2021 that roughly 20% of all bitcoins were lost or stuck in accounts that could not be moved.