If you're questioning whether you "missed bitcoin", the answer is simple. No, you haven't.

It can be hard to remember how early it all still is, considering how long many have been following it, the gains early adopters have seen, and how easy it is (relatively so) to get started these days.

I'm watching The Hobbit and Lord of the Rings movies for the first time (the physical therapy for my recent injury is a lot of treadmill and elliptical work). As I was writing the above paragraphs the comparison came to me... you might think of Middle Earth as a tame place if you start in the Shire and stay within it's bounds. Same with Crypto if you are buying Bitcoin or Ethereum on well-trusted brands like Coinbase, Robinhood, or Cash App.

Outside of these other trusted providers though... YMMV.

Many people don't know enough about what it means to store coins on an exchange; and what the alternatives are to keep their crypto safe

A friend shared the news from Turkey, and suggested that many people don't know enough about what it means to keep your coins on an exchange. That it's not about understanding the tech. He suggested I may be able to provide some clarity to help beginners broadly understand their choices, and how they impact their security.

I'm going to try.

In fact, coincidentally, I saw the following tweet from a friend:

I suspect Chris' sentiment is popular relative to mine. And if you read the comments in to his tweet, you'll see that some agree and that agreement causes them to think the "whole thing" is a scam. Others echo "truisms" that while true, are often wrong (for the masses).

Do you want to take advice about risk from someone who doesn't think being 250' deep, alone, inside a shipwreck, in close to freezing water risky?

Of course, my opinion on the risk might be skewed by my perception of managing risk. It took a few years, but my wife finally understands why I don't consider being 250' underwater, inside a shipwreck, in close-to freezing water, alone risky. Similarly, I don't think my wife paid attention to what I was doing with crypto for the first five years or so.

What's Happening in Turkey

A crypto exchange founder ran off with funds that his customers entrusted to him.

Unfortunately, this is not an uncommon happening in the crypto space (and why it's taken so long for legacy financial comapanies to adapt; a lot of the infrastructure they need around regulatory issues and custody issues is simply not available).

Here's another incident from the weekend that turned out to be benign. Exchange FTX was down for users. The CEO was on twitter explaining. There was a DDOS attack. Which means there was a denial of service attack against the exchange, specifically against the APIs... so everything was OK, except for access to the exchange by front-end tools which means no trading or wallet functionality. (Caveat, I didn't read about this in detail so I'm not sure exactly what was up or down, I'm just inferring a few things from this tweet to keep it simple.)

And another popular wallet hacked just five days after the DDOS against FTX's API:

When this sort of thing happens to you, you freak out until it's resolved. That's why it's nice to have someone who can help you navigate the resolution process. In this space, where companies are growing very quickly, support can be overwhelmed in these cases too – meaning, all you'll hear is silence. That makes it worse.

There have also been rumors that Turkey will ban crypto, though they've recently said that they won't ban it. They will regulate bitcoin and do so soon.

Of course, maybe it wasn't the founder that ran away with the customers' money after-all. Maybe it was a state seizure? Or an opportunistic seizure to capitalize on a crooked founder?

The Risks

There are two risks we can learn from this story.

Outside of the Shire, it's hard to know who to trust. There are enough examples to remind everyone that not everyone should be trusted.

The second is the risk of regulators coming and doing something harmful to crypto owners.

I think also, there's a third risk that comes up for people any time other risks present themselves – the risk of loss of coins. The cryptospace is complicated, tech-heavy, and the news often talks about people losing their money by forgetting their "password".

The low grade depression of risk

This last risk reminds me of something I read about: "low-grade depression". It's depression, but not as a big thing. Just a low-grade background hum present in one's life. It might not always be noticeable, but it magnifies depressing events in those who have a low grade depression in the background.

Risk of loss is like low-grade depression. It's always present in the background. Maybe you don't notice it. Then some other risk presents itself and your overall fear of loss magnifies the current experience.

Humans and their money

On top of these three risks, think about human behavior.

Most people are conservative when it comes to money. There's also a ton of fear of the crypto space. The two things combined don't serve people who might otherwise be able to take advantage of the opportunity digital money presents.

In fact, if you wonder why people would buy into a bitcoin fund from a legacy bank, the conservativeness/fear is why. There's no intrinsic value if you simply look at the underlying cryptocurrencies. In fact, that's the whole point (everyone can become their own bank by holding crypto and using Decentralized Finance aka DeFi).

You have to understand behavior. To know that people want someone to help them manage the complexity. But, this is a tangent to my point about what's happening in Turkey and what beginners can learn from it.

Super High Level Primer

The cryptography (that's the crypto-part of cryptocurrency) used is one that employs key pairs, private and public keys to encrypt and decrypt information (money). Your private key is the "powerful one" and should be kept secret. Your public key is something you can/should share, and that people would use to decrypt information you send them. The two keys work in tandem. Here's a good primer on private and public keys.

It's common for fraudsters to try to trick people into sharing their private keys by asking for keys in general and knowing that in a large population some are sure to make a mistake and share the wrong key. Again, if you think it's not early, think again. There's so much opportunity in this space to help non-rocket-scientists participate.

I no longer remember all the details of how this key stuff works (and don't need to in order to participate in the crypto economy). I did some cryptography in university and again at TIBCO. That's approaching 30 years ago. Side note: had I found cryptography earlier in my studies, I totally would have gone deeper. It was a math I really enjoyed.

I wanted to mention this about keys because it impacts the risks above.

When you buy cryptocurrency, you can do so at places like Coinbase without the complexity of private/public key setup. Without the need for a "seed phrase" which is what sets up your keys (and recovers them if lost). Because Coinbase acts as a custodian and manages the complexity for you.

However, you get this benefit at the expense of trust in the company you're working with. If you trust the wrong company, you're screwed. Because crypto is often transparent you can see where your money goes, but you can't regain control over it because there's no central authority that can do that for you (except this case with a clear explanation here of the rollback that wasn't a rollback).

If you have full control over your keys and seed phrase, you have the risk of losing them but no one can take your crypto. If you don't have full control, many believe it's not really your crypto. In which case you might have heard the phrase:

Not your keys, not your crypto

What Should You Do?

I'm trying to keep this high level. And, frankly, not really qualified to write a deep thesis on this topic without doing the research (I'm qualified enough to do the research, if I chose to; I hope that helps you understand how much I think I know).

Balanced risk

If you buy your crypto from a well established brand, even if you don't own your keys, you'll probably be OK. Companies like Coinbase, Robinhood, or the Cash App... these companies have a lot to lose and are too big to disappear. They'll be able to support you, and it's nice to have big friends watching your back.

Purists don't like this. They believe "not your keys, not your crypto". While I belive this to some extent, I think the real-world dictates a more practical solution at this moment in time as stated very nicely in Otis' tweet:

I use Celsius, which falls into this balanced category. It's commonly called CeFi as compared to DeFi. CeFi, centralized finance, uses decentralized technology but in a way that's controlled by the organization. DeFi, decentralized finance, uses decentralized technology without anyone in control but the technology. Of course, these definitions are approximate to get the point across. One could write a thesis on the implications of these two acronyms.

Celsius and similar companies are like crypto banks (not in the regulated sense), in that there's a company there to help me if I run into problems. I like the way that makes me feel.

One of the downsides of this approach is that you're still beholden to institutions. Celsius says "do good, then do well"... but Google said "don't be evil" and look where that got us!

Seriously though, you might think you're working with a trusted brand and end up like these BlockFi customers who can't move money on the weekend. There's a good reason why people want DeFI and to be in control of their money. Taking this approach doesn't get you there.

Or you might work with a very trusted brand, that has only implemented basic functionality. Like Robinhood who let you buy certain cryptocurrencies, but they're locked into Robinhood. This makes me wonder if you're buying the crypto as you would if you were buying on an exchange, or an IOU that Robinhood is putting in your account?

In fact, Robinhood responded to Mark Cuban's tweet saying they're working on it. Again, this is about trust in institutions. If Mark wants something, it can happen. If David wants something, I have to find a new provider.

Buy on exchanges but move coins to a personal wallet

There are many reasons to use decentralized exchanges. One reason would be fees. Coinbase is expensive. It's possible to save a lot of fees if you know what you're doing. It's also only possible to buy coins (like Celsius' CEL token) on these sorts of exchanges.

If you do use an exchange, move your coins to a wallet you own (I like Argent a lot) once you are able to transfer your coins. It may take some time for you to be able to transfer coins because money movement is slow, so sometimes your coins are locked until the money (FIAT) you used to purchase your coins has moved through the system.

Leaving coins on exchanges is the risk when it comes to someone walking away with your money.

Argent the wallet is a good choice because the have a goal of being simple and secure. I believe they're way ahead of everyone else when it comes to simplicity and security, and on top of that they have other really interesting capabilities that go beyond the scope of this post. It's enough to say that if DeFi becomes your monetary system, Argent enables you to become your bank.

If DeFi becomes your monetary system, Argent enables you to become your own bank.

Had you used that exchange in Turkey, moved your coins to Argent, you wouldn't have been impacted by whatever craziness is going on over there.

Move your coins into cold storage

Cold storage is the process of moving your coins to a wallet that doesn't touch the internet. The trade is convenience for security.

I just wanted to point out the option to do this, but don't really have anything more to say because relative to the loss that customers in Turkey experienced. Had coins been moved off the exchanges as I just discussed - whether to a software wallet or into cold storage - the loss would have been avoided.

Here's more about cold storage on a site that has a ton of very high level, well written, beginners content.

I want to point out one more company doing some interesting things in the long-term coin storage space. Casa. This is the company I'd use if it were an issue I was facing. In fact, I was a customer for a bit. They have great people, a relevant product, and anyone that is new to crypto and is in the "not your keys, not your crypto" camp should be working with Casa.

Disclosure

If I had more time, I'd have written this more carefully.

I wrote this post because a friend of mine suggested I could do so with a unique point of view. While I aim to make sure I'm not wrong anywhere... there are definitely things above that I'm glossing over and know better, that I'm glossing over and don't know better, and that I'm missing completely.

This post is already 2,300 words though. There's so much that can be written for regular humans about what's happening. I hope to write more.

And with that, let me leave you with one last important point.

This, broadly speaking, is the future of money. You need to learn more about it. One way to do that is to subscribe here, and I'll share the journey I take my kids on as I educate them.