cryptocurrency

If You Buy Cryptocurrency, Who Controls It?

By Collin Connors, ERMProtect IT Security Consultant

Cryptocurrency exchanges are fighting hard to push for mainstream adoption of cryptocurrency. Between Superbowl ads, stadium names, and other marketing techniques, many crypto exchanges have become household names. With this growing adoption of cryptocurrency, it is likely that you know somebody who says they own cryptocurrency. However, when it comes to the blockchain the concept of ownership is not as straightforward as one might believe.

Unlike traditional currency, owning cryptocurrency such as Bitcoin is more complicated. Rather than owning a Bitcoin in the traditional sense, addresses are given permission through the blockchain to spend some amount of cryptocurrency.

Seed Phrases Unlock Crypto

For example, if Alice pays Bob 1 Bitcoin what is really happening on the blockchain is Alice is transferring her permission to spend 1 Bitcoin to Bob. Remember, in a cryptocurrency, we cannot directly send funds between people but rather we send funds to addresses. This means that the “owner” of a cryptocurrency is anyone who controls the address. And, to control an address, you must know the seed phrase - a 12-word password that is unique for each address.

Most cryptocurrency investors do not know the seed phrase for their addresses. When you buy cryptocurrency from exchanges such as Coinbase or Kraken, they hold all the cryptocurrency for you. The exchanges do not tell you the seed phrase for the address where your cryptocurrency is stored, but rather they manage the storage of the cryptocurrency on their end.

Exchanges Can Exercise Control

The control exchanges have over cryptocurrency has many real-world consequences.

The biggest consequence is that exchanges can prevent users from accessing their cryptocurrency. This has been used around the world as a mechanism to enforce financial regulations on cryptocurrency. For example, the U.S. government was able to freeze funds when the hackers involved in the Colonel Pipeline ransomware attack moved their money into an exchange.

Likewise, users must rely on the exchange’s security to keep their funds safe. There have been many cases of exchanges being hacked and their private keys being stolen. This means that investors who had cryptocurrency at these exchanges lost everything despite the investors taking all available security measures.

Private Wallets More Anonymous

To avoid using an exchange, users can use a private wallet. These are wallets that are entirely in the control of the user.

Private wallets can either be software wallets, which are actively online and connected to the blockchain network, or hardware wallets, which are devices that can be unplugged and stored offline. There are also decentralized exchanges that have no central entity managing them. In a decentralized exchange, users have more control over their cryptocurrencies.

Remember, whoever knows the seed phrase to an address controls the cryptocurrency. As cryptocurrencies continue to grow, this is an important concept to understand.

Get a curated briefing of the week's biggest cyber news every Friday.

Stop Phishing Attacks with ERMProtect's Security Awareness Training

Turn your employees into a human firewall with our innovative Security Awareness Training.

Our e-learning modules take the boring out of security training.

Intelligence and Insights

pci dss in the cloud

How to Achieve PCI Compliance in the Cloud as Security Controls Evolve

The integration of cloud services with PCI DSS compliance is particularly crucial for enterprises that handle sensitive payment card information …
Digital Forensics Investigation

What Are the 5 Stages of a Digital Forensics Investigation?

In this article, we delve deeply into the five stages of a digital forensics investigation and provide tips on how to select the right digital forensics company …
Comprehensive Guide to Penetration Testing

A Comprehensive Guide to Penetration Testing – Types, Methods, Benefits and Best Practices

This penetration testing guide explains the different types of penetration testing, their benefits, and their purpose …