Don't Mess This Up
You're early to Bitcoin. All you have to do now is hold on & avoid these pitfalls.
By some immeasurable coincidence of circumstances and fate, you are here, right now, early to Bitcoin. Maybe we are completely wrong. And yet, I’m still waiting to encounter a well-informed critic. Anyone who studies Bitcoin earnestly long enough to understand it becomes bullish on it.
Yet, incredibly, most of the world has not yet caught on. Quality information and thoughtful analysis about Bitcoin remains surprisingly fringe. For example, this niche newsletter reaches 7,000 inboxes — in other words, one in a million people on Earth. But somehow, you have found your way into that slim group. To do so required some combination of curiosity, work, openness to ideas, and a proactive curation of your information sources. That’s rare. And that’s why you found your way to Bitcoin and to this newsletter.
What I’m really trying to say is: take a moment to appreciate yourself. You have some unique mix of qualities that allowed you to find Bitcoin early. As a result, you have frontrun Wall Street, corporations, nation states, and most of the world’s millionaires. You are early to the investing megatrend of the 21st century — the emergence of the dominant store-of-value asset for the digital age.
Now all you have to do is not mess this up.
How could that happen? Well, different approaches to Bitcoin have different pitfalls to be wary of:
Trading & Leverage
There’s no way around it, trading is a losing proposition. Unless you are an experienced Wall Street trader who cut his teeth in the most savage and cutthroat markets in the world, you are fodder for those who did. When the sharks sit down to play poker, they want the novices to feel like they belong and have a chance. But of course it’s a charade — a novice trader and his money will soon be parted.
Leverage only accelerates the timeline. As Charlie Munger famously said, “there’s only three ways that a smart person can go broke: Ladies, Leverage, and Liquor.”
The reason that trading & leverage are particularly dangerous is that these methods introduce a high probability of total loss. You don’t play Russian Roulette with your life, so don’t play Russian Roulette with the most important asset of the 21st century.
We all start here. Because when you’re new to Bitcoin, you simply don’t know enough to do anything else. The first step that anyone takes in Bitcoin is to convert dollars into a small slice of Bitcoin. At that point, the job is done — you own some Bitcoin and it lives right there on Coinbase.
The tricky part is that it’s easy to get complacent. As you continue to learn more about Bitcoin, you become vaguely aware of some of the pitfalls of leaving your coins on an exchange. But, it has worked out for you so far… and it’s not super clear what the best alternative is, so you stick with the status quo: do nothing.
Like a turkey feeling pretty confident in October.
And yet, the 15-year history of Bitcoin is littered with disastrous examples of hacks, insolvencies, and fraud. Nobody with their coins on Mt. Gox expected a catastrophic hack would result in all of their funds being irrevocably lost. Few users expected that Prime Trust, a Qualified Custodian company, might mismanage keys and lose user funds. And it’s easy to forget that the ~$10B fraud of FTX was quite recently the gleaming paragon of crypto exchanges — even gracing the umpires’ uniforms in the 2022 World Series.
Beyond the risk of corporate disaster, there is a less-visible risk with third-party custody: being hacked personally. If you leave your Bitcoin on an exchange, the exchange can do everything right and maintain proper security for your coins and you could still get hacked.
The most common kind of hack is a phishing attack. Usually these are laughably easy to spot and dismiss, but occasionally they are quite ingenious. An email lands in your inbox and looks exactly like the emails you typically get from your Bitcoin exchange. It says you have received a message, please login to your account here. But if you click the link it offers, you will be routed to a fake login page that looks exactly like the one you’re accustomed to. If you enter in your username and password, you have given your credentials to attackers who will use them to login to the real website and withdraw your funds to a Bitcoin address that they control.
In this way, the biggest risk with third-party custody is that users are lulled into a false sense of security (“Coinbase has my coins”) and are vulnerable to hackers impersonating them to collect those coins. It happens every single day.
The simple reality is that all of the above concerns can be solved by a golden rule: do not give a third-party unilateral control of your Bitcoin. For Bitcoin’s 15-year history, those who engaged in self-custody avoided the minefield of risks presented above. However, what is often not talked about is that self-custody comes with its own risks as well.
If you are knowledgeable and thoughtful, self-custody delivers vastly superior protection when compared with third-party custody. But it is not easy and it is never perfect.
The most obvious risk with self-custody is what’s known as the $5 wrench attack. You can have perfect digital security, but if an attacker can physically force you to access your Bitcoin through the threat of violence, it’s all for naught. Uncomfortably, these stories are not as uncommon as one would like.
My own self-custody arrangement leverages best practices in key generation and combines it with a comically complex system of digital and physical safeguards across time and space. I am confident I have solved for the wrench attack, but in doing so, I have introduced an unhappy risk that my family will not be able to access my self-custody arrangement if I was hit by a bus tomorrow.
This raises the primary theme of risk with regard to self-custody: the possibility of too much security.
If you had $240M in Bitcoin, you’d be living on cloud nine, right? How about $500M in Bitcoin? Well, there are two gentlemen in this exact situation who are very much not having a good time. The first locked $240M in Bitcoin on a USB drive that will automatically wipe itself if an incorrect password is entered on 10 consecutive attempts. Naturally, he lost the password and now has just one attempt left. The second man left seven thousand Bitcoin on a hard drive that he absent-mindedly threw away amid a stack of papers. He has been petitioning his local government for nearly a decade for permission to excavate the giant landfill where it may lay, in who knows what condition. Both stories offer exquisite Schadenfreude for non-holders of Bitcoin (which is why they have graced the pages of these major publications), but uneasy worry for any Bitcoin holder currently engaged in self-custody.
Even if you avoid the obvious errors of these self-custody cautionary tales (e.g., forgetting password, throwing away private keys), there are less obvious considerations to ponder. For example, do you have the technical familiarity to avoid accidental user error when operating a hardware wallet? One of our investors and early clients at Onramp had a vivid wakeup call. His wife walked in on him panicking over a flashing red screen on a hardware wallet. With brusque clarity she challenged, “what are you even doing putting money on these little plastic devices?”
And that is the reality of self-custody. To date, it has been the better option versus third-party custody. And if you are technically proficient and knowledgeable about Bitcoin, self-custody is the best custody option. However, it does have its downsides and risks. Just saying that is surprisingly controversial in the Bitcoin community.
What you can do
The best thing you can do is invest time and energy into learning about multisig self-custody and familiarizing yourself with how to set it up with best practices. Unfortunately, this is a considerable learning curve even for a tech savvy person.
The other solid option is to consider multi-institution custody. I have to admit, I am biased here — I have spent the last couple of years helping to build Onramp, the Bitcoin industry’s leading multi-institution custody solution.
What is multi-institution custody? With multi-institution custody, a multisig vault is created for you. This vault is controlled by three private keys, each held by a different company. In this way, no single company has unilateral control of the vault. Instead, the end user retains control because only they have the authority to direct the keyholding entities. While no solution is perfect, I believe that multi-institution custody is the best option for ~80% of people.
Part of what is so exciting to me about multi-institution multisig custody is that it solves two big worries that I have had personally, and many other Bitcoiners must also share.
First, occasionally a fear pops up in my mind (often late at night): is my self-custodied Bitcoin safe? Have I done everything right? There’s no way to ever fully know. For the last few years, having all my eggs in the self-custody basket gave me some heartburn. Now that I have my coins split between self-custody and multi-institution custody, I sleep much better.
Second, because of my efforts to render a $5 wrench attack impossible, I have created a non-zero risk that my family will not know how to access and handle my self-custodied Bitcoin in the event of my death. Luckily, multi-institution custody solves this worry for me, and I’m not the only one. Many of our earliest clients at Onramp were individuals seeking a custody model that protected their families — in life (by making a $5 wrench attack impossible) and in death (by ensuring a seamless transition to heirs). As a result, we leaned into solving that pain point by building inheritance planning directly into the Onramp client experience with Onramp Heritage.
You’ve come a long way on your Bitcoin journey. Don’t mess this up now.
Avoid trading & leverage.
Shake off the complacency of leaving coins on an exchange.
Take self-custody if you can.
Consider multi-institution custody to diversify your Bitcoin custody and sleep better at night. (And if you’re interested to learn more about Onramp’s multi-institution custody offering, get in touch here or go ahead and schedule a consultation.)