The Securities and Exchange Commission (SEC) has published a new investor bulletin titled "Crypto Asset Custody Basics" to inform investors about how cryptocurrencies are stored and accessed.
The bulletin prepared by the SEC's Office of Investor Education and Advocacy addresses fundamental concepts and critical questions regarding how individual investors can securely hold their cryptocurrencies.
According to the SEC, crypto asset "custody" refers to how and where crypto assets are stored and how they are accessed. Investors generally access crypto assets through devices or software known as "crypto wallets." However, crypto wallets store not the assets themselves but the private keys that provide access to these assets.
The bulletin defines crypto assets as assets produced and transferred on blockchain or similar distributed ledger technologies, including tokens, digital assets, virtual currencies, and coins. The SEC points out that each crypto asset may have different features, advantages, and risks.
When a crypto wallet is created, two primary keys are generated. The private key is a secret code that authorizes transactions and is considered a kind of password for the wallet. Losing this key can result in the permanent loss of access to crypto assets. The public key serves as an identifier similar to an email address, allowing others to send crypto assets to the wallet. The SEC states that these two keys together prove ownership of crypto assets.
The bulletin classifies crypto wallets into two categories: "hot wallets" that are connected to the internet and "cold wallets" that are not. While hot wallets provide ease of use, they can be more vulnerable to cyber attacks. Cold wallets, on the other hand, are considered more secure against cyber threats because they are not connected to the internet, but there is a risk of completely losing crypto assets if they are physically lost, stolen, or damaged. The SEC also emphasizes that investors must be extremely careful in storing their recovery phrases, known as seed phrases.
The SEC emphasizes that it is critical for investors to decide whether to keep their crypto assets under their own control or to entrust them to a third party. In their own custody method, investors maintain full control, but they are also fully responsible for the security of the private keys. In third-party custody services, the keys to crypto assets are managed by exchanges or professional custody organizations. With this method, the investor's access to their assets can be at risk if the relevant organization is hacked, ceases operations, or goes bankrupt.
The bulletin states that when selecting a third-party custody service, investors should thoroughly research the organization's history, regulatory status, security measures, insurance conditions, and fees. It is also suggested that investors request clear and concise information regarding practices where some custody organizations may use customer assets as collateral or hold assets belonging to different clients together.
The SEC states that in its general security recommendations for the protection of crypto assets, private keys and recovery phrases should never be shared, the amounts of crypto assets should be kept confidential, caution should be exercised against phishing scams, and strong passwords along with multi-factor authentication methods should be used.
The commission reminds that the crypto asset ecosystem is still in a development phase, emphasizing that investors should carefully evaluate the balance of security, cost, and responsibility when choosing their custody methods.
Stay tuned for new developments.
