The U.S. Securities and Exchange Commission (SEC) recently published official cryptocurrency guidance . It states that the key to cryptocurrency custody lies in how and where investors manage their private keys; once the private key or seed phrase is lost, control of the assets is permanently lost. Cryptocurrencies carry varying risks due to differences in design and blockchain technology. Wallets are mainly divided into hot wallets and cold wallets: the former are connected to the internet and convenient to operate but vulnerable to attacks, while the latter are offline, more secure but at risk of loss or damage.
Definition of Crypto Asset Custody: How and Where Cryptocurrency is Stored
The SEC defines crypto asset custody as how and where investors store and access their crypto assets. Investors typically access their assets through so-called crypto wallets, but the wallets themselves do not store the assets; instead, they hold the private keys used to control the assets. Once the private keys are lost, investors permanently lose access to the crypto assets within the wallet.
Crypto assets encompass tokens, digital assets, virtual currencies, and cryptocurrencies. The SEC emphasizes that their design differs significantly from the underlying blockchain technology, resulting in different risks and characteristics. Each crypto wallet generates a set of private and public keys upon creation: the private key acts like a password, used to authorize transactions; the public key is similar to an email address, allowing others to transfer funds to the wallet, but cannot be used to access assets.
Cold wallets are offline, while hot wallets are more convenient.
The SEC classifies cryptocurrency wallets into hot wallets and cold wallets:
- Hot wallets connect to the internet, making them more convenient to use, but they are also more vulnerable to cyberattacks. (Examples include: MetaMask, OKX Wallet, Bitget Wallet, and Binanace Wallet.)
- Cold wallets are mostly physical devices or paper wallets that are not connected to the internet. They offer relatively high security but may be at risk of loss, damage, or theft. (Author's note: Examples include OneKey and CoolWallet.)
The SEC specifically reminded investors to safeguard seed phrase, as these are crucial for recovering wallets and assets; their leakage is tantamount to the loss of assets.
( What is a cold wallet? How does it work? The most complete cold wallet guide )
SEC Reminder: Asset Custodians Need to Assess the Background of the Providers
Regarding custody options, investors can choose self-custody or third-party custody. Self-custody means that investors have complete control over their private keys and must bear all security responsibilities; if the wallet or private key is stolen, lost, or hacked, the assets may be unrecoverable. The SEC recommends that investors assess their technical capabilities, risk tolerance, and the costs and fees of hot or cold wallets before deciding whether to adopt self-custody.
Third-party custody involves crypto exchage or professional custodians managing private keys on behalf of investors. The SEC warns that investors may still face the risk of being unable to withdraw their assets if the custodian is hacked, goes bankrupt, or ceases operations. Therefore, investors should carefully investigate the background, regulatory status, supported crypto assets, and insurance coverage of third-party custodians before choosing one.
The SEC offers five safety recommendations for cryptocurrency investments.
The announcement also reminded investors to pay attention to whether the custodian institution uses client assets for rehypothecation or commingling management, and whether such actions require the client's consent; and to confirm the privacy policy, whether the data has been resold to third parties, and all fees involved in the account, including management fees, transaction fees, and transfer fees.
Finally, the SEC offered several general security recommendations, including:
- Choose your custodian carefully
- Never share your private key or seed phrase.
- Do not disclose information about your own cryptocurrency holdings
- Preventing phishing scams
- Enable strong passwords and multi-factor authentication for all encrypted accounts.
The SEC emphasized that, given the continued high volatility in the crypto asset market and the ongoing evolution of regulations, investors' understanding of custody risks will be the first line of defense in protecting their assets.
This article, "SEC Cryptocurrency Security Guidelines: What's the Difference Between Hot Wallets and Cold Wallets? How to Store Private Keys?", originally appeared on ABMedia, a ABMedia .
