The winter holiday season might have just rolled to a close, but Bitcoin supporters had another curious tradition to carry out. Tuesday they celebrated a unique, annual, grassroots holiday known as "Proof of Keys," started in 2019 by Bitcoin entrepreneur Trace Meyer.
In an experience that roughly mirrors a bank run, the community uses this day to encourage fellow Bitcoiners to pull their Bitcoin off of exchanges and other third-party services so that they can gain full ownership of their assets. The date was specifically chosen since it's the date of Bitcoin's "genesis block," the first Bitcoin block ever mined, back in 2009.
The philosophy of the day is simple: Many people leave their Bitcoin (and other cryptocurrencies) on exchanges. But by doing so, they're not taking full control of their funds. Instead, they’re trusting the exchange.
"Not your keys, not your coins," as the common refrain across the industry goes. (Or sometimes "not your keys, not your cheese.")
As the recent FTX calamity showed, third parties can't always be trusted. FTX lost billions of dollars of users’ cryptocurrency—and users of the exchange don't know if they'll ever get their money back.
"Everyone should take advantage of the most important Bitcoin property, the capacity of self-custody! [January] 3rd became a 'Bitcoin holiday' when we remember together this important effort," said Coinkite CEO and co-founder Rodolfo Novak in an email to Decrypt.
He added that "self custody has become so easy, that no one has an excuse now," pointing to hardware wallets (like his company's COLDCARD), as a secure way to self-store funds without the need for an exchange or other third party.
To self-custody or not to self-custody
A "bank run" conjures up the thought of the Great Depression, where many worried people lined up at their bank to withdraw their funds, concerned that their bank wasn't solvent.
Proof of Keys wasn't nearly as dramatic. But it's a similar idea. Browsing Twitter, a number of users claimed to have withdrawn their funds from exchanges or to have setup new hardware wallets to secure their coins.
Hardware startup Foundation, self-custody startup Casa, and others hosted Twitter Spaces throwing out tips on how to get started with self-custodying funds in the most secure manner. A key recommendation was to store funds on a hardware wallet disconnected from the internet so that it can’t be remotely hacked.
But most of the discussion revolved around what users shouldn’t do. Novak warned against storing seed phrases in the cloud. Unchained VP of Business Development Justine Harper said that “user error” and “overcomplicating things” were two of the main reasons she saw people lose funds via self-custody.
For example, a user might read something on Twitter about a more complicated self-custody mechanism, but it would be too complicated of a setup for them, the user would mess something up, and lose their money.
Such an example is a reminder of the risks of self-custodying funds. Namely, losing the Bitcoin keys (which essentially function as a password) means losing the Bitcoin, forever. Just before the Proof of Keys "holiday," veteran Bitcoin Core developer Luke Dashjr reported on Twitter that he lost millions of dollars worth of Bitcoin in a hack.
PSA: My PGP key is compromised, and at least many of my bitcoins stolen. I have no idea how. Help please. #Bitcoin
— @LukeDashjr@BitcoinHackers.org on Mastodon (@LukeDashjr) January 1, 2023
Some argued that if a longstanding Bitcoin developer Dashjr can't even successfully self-custody his Bitcoin, then the average Joe has no hope.
Dashjr has yet to fully explain how he was securing his Bitcoin. But from what he has shared, Dashjr might not have had the best setup. His funds might have been in a hot wallet connected to the internet. This is discouraged by security experts across the industry.
As former Bitcoin Core contributor and maintainer Jonas Schnelli put it, "Over-engineering and a paranoid-complexity-levels may lead to vulnerabilities. KISS your keys," invoking the acronym for "Keep It Simple, Stupid.”
It goes to show the importance of using standard-wide best-practices of Bitcoin securely. For those who want to participate, Decrypt has a high-level guide explaining how to move funds to self-custody. In short, the industry standard has become storing funds on hardware wallets, since they are detached from the internet and can't be hacked remotely.