At a glance
By Rachel Williamson
Crypto investors have lost millions in recent cryptocurrency collapses because, to the surprise of some investors, they never actually owned the assets they had purchased.
As more investors buy into different digital assets, confusion over ownership puts investor funds at risk and causes headaches for accountants and business advisers.
What is a crypto wallet?
Most investors who have held cryptocurrency have probably interacted with a crypto wallet. Despite its name, a crypto wallet doesn’t actually store an investor’s cryptocurrency holdings.
To safeguard crypto investments, it is essential for investors to conduct due diligence on the safest type of wallet for storing the private keys associated with their digital assets.
Crypto wallets can be broadly categorised into two major types: custodial and non-custodial wallets. The type of wallet matters, because it can have an impact on ownership status, the security of private keys used to initiate transactions, and the regulation that applies.
Custodial wallets are typically web-based and are often used by first-time investors because they are easy to use for beginners. They are typically provided by cryptocurrency exchanges. Examples of popular custodial wallet providers include Binance, Coinbase, Kraken and FreeWallet.
“Over time, custodial wallets – that is, third parties managing a user’s private keys on their behalf – have become more prevalent,” says Henrik Andersson, co-founder and chief investment officer of digital assets fund Apollo Crypto.
Investors have less responsibility to take on with a custodial wallet. They can also typically change their password if they lose access to their account.
Custodial wallet users rely on their wallet owner’s cybersecurity measures to prevent theft and hacking. If those measures are not robust enough, hackers can break in and steal millions of dollars’ worth of assets.
“Regulators worldwide are grappling with how to approach the regulation of these centralised exchange custodial wallets because they are prime targets for hackers,” says Andersson.
The major difference between a custodial and non-custodial wallet is who holds the private key needed to access an investor’s crypto assets.
Not your key, not your crypto
Most crypto exchanges operate with custodial wallets and manage the private keys of investors. However, it’s important to note that the holder of the private key is typically the only verifiable owner of the assets controlled by the corresponding wallet.
The “big reveal” is always in the terms and conditions, says insolvency expert Kristen Beadle CPA.
“In some instances, the purchasers may not be recognised as the asset holder by the exchange holding the crypto asset. Nor may the asset be held in trust on behalf of the purchaser,” she says.
“Additionally, the exchange may inhibit the holder’s ability to move their crypto investment between wallets, or even within their own wallet.”
Terms and conditions spell out the investor’s right to the asset they have paid for, says Beadle. This includes the amount of trading permitted or, in the case of insolvency, how the asset is treated if the exchange goes out of business.
In terms of managing funds, it’s important for the crypto exchange on which the custodial wallet is held to properly “segregate” its funds.
Proper segregation means that an exchange keeps its operational funds separate to customer funds. This helps to ensure that investors’ digital assets are not directly affected if the exchange encounters financial difficulty.
If a crypto exchange collapses, but has properly segregated customer wallets, it can potentially minimise customer losses.
Without proper segregation, there is a greater risk that investor funds held on the exchange through a custodial wallet could be tied up in liquidation.
Further, because custodial wallet holders do not directly own their assets, they could face challenges in proving their ownership and accessing their funds in the event of a collapse.
In February 2023, after a string of crypto collapses – such as FTX, Voyager Digital, Celsius Network, BlockFi and Genesis Global Capital – the US Securities and Exchange Commission proposed a rule to force crypto platforms to properly segregate customer assets.
“In Australia, the recent insolvency of crypto exchange FTX caught purchasers by surprise,” says Beadle.
“According to the terms and conditions, what investors thought were crypto asset investments were actually creditors in external administration. This left many people out of pocket.”
Non-custodial wallets allow the customer to control their own private keys.
“Self-custody – that is, having pure ownership over one’s private keys – is a core foundation of crypto assets,” Andersson says.
As the risks of custodial wallets become more apparent, the list of non-custodial wallet options is growing. Non-custodial wallets come in two main types – software and hardware wallets.
Multisignature (MultiSig) wallets are software wallets that add a layer of security by requiring more than one private key to authorise a transaction.
Multi-party computation (MPC) wallets are software wallets that offer the next generation of private key security by distributing a key in pieces across three or more devices.
A hardware wallet stores a user’s private keys on a secure device that is not connected to the internet. Being offline provides extra layers of protection against hacking attempts and malware.
With a non-custodial wallet, more advanced functions are available to investors, and it is easy to create new wallets. However, advanced functions typically require more technical knowledge, which first-time investors may not have.
Controlling their own keys also puts the cybersecurity responsibility on investors, Andersson adds.
“If users lose their private keys, or fall victim to phishing scams, their cryptocurrencies could be lost forever.”
Crypto hygiene is one way for investors to protect their wallets, no matter their type.
Good hygiene practices include keeping wallet software up-to-date, installing the latest verified security patches and being cautious of phishing attempts and malware.
Many wallets generate a 12-word mnemonic phrase as a back-up. This should be kept securely and privately, preferably offline.
Investors should also back up their wallets regularly and store the back-up securely offline to mitigate the risk of data loss.
Headaches for accountants
While crypto investors grapple with cybersecurity issues, the challenge for their accountants is to determine custody and ownership.
“I imagine this is a surprise for most investors in cryptocurrency and begs the question as to how advisers are recording crypto investments on behalf of their clients in financial statements,” says Beadle.
“There currently is no accounting standard specific to cryptocurrency. Preparers of financial statements need to assess whether the asset is inventory or an intangible asset, under the relevant accounting standards.”
With global crypto laws and regulators playing catch-up, crypto investors and business advisers are left to fill in the gaps as best they can.