Topic: Not your key not your wallet (Read 538 times)

I often said in my username and Pizza

To have full control over your fund, you need to use a trustworthy open source non-custodial wallet, but you don't have to run your own full node.
With running a full node, you can help the network be more decentralized, validate transactions and protect your privacy, but that's not required if your only concern is having full control over your fund.

Yet another reason to completely avoid using centralized exchanges. Just a few days ago, Kracken was subpoenaed by the IRS to surrender all information about their users who purchased $20,000 worth of bitcoin in any given year within a certain timeframe and this trend will absolutely continue.

The only way we can really combat this is to use non-KYC platforms, use open-source wallets, and run your own node.

Stay sovereign out there, plebs.

This thread is just a warning to different users - certainly this is a case that could change the mind set of many exchange centralized users to withdraw their funds from the exchange to their non-custodial wallet.

The OP has stated that he wouldn't be completing KYC just to withdraw his funds from the exchange - that's because it's not worth that much. But for what the OP has experienced with his Coinbase account this is great for all beginners - so they just need to be sure that a non-custodial wallet is a good wallet to store their assets in long term.

There are two red flags here for me, firstly you left your funds on an exchange that's a big red flag and then you are using a centralized exchange that requires you to set up KYC process with is definitely going to be a process of you giving out sensitive information to them.

Well it's a personal decision, if you are okay giving out those information you can go ahead and give it to them also you can consider the amount you have on the exchange and then be able to make up your mind about leaving it or going ahead with the kyc requirements.

From all indications it's undeniable that OP has an idea that KYC is part of the necessary requirements in completing is registration with said Cex. There are simple two ways to this, if you're someone that's not comfortable with handing out your data through KYC to any exchange then stay away from centralized exchanges and make use of those DEx that are known for their NO KYC requirements from their customers like AgoraDesk.com

Basically, the not your keys not your coin movement should be majorly newbies to be aware of. Because they are just coming into the system and are prone to scammers and in that case, they would need the knowledge to help them stand tall hence the slogan was invented and so far the awareness has been very strong and not only are the newbies aware but have since taken the steps too to making it effective in their own activities too.

Your keys, your bitcoin. Noy your keys, not your bitcoin. I think that at this point, the only people who would not get this are those who are new to cryptocurrency. However, there are still oldies who do not adhere to this simple rule because they are inherently lazy even when it comes to their own accumulated wealth. You just can't expect them to adopt bitcoin and expect them to take on the responsibility of securing their personal wealth by themselves on a cold paper wallet and storing that wallet somewhere. They prefer the easy and risky way of letting centralized exchanges do it for them.

Your fund remain secured with us, that is a big fat lie.

That's so funny, it was what how I trusted my Bitcoin and other to free wallet some years back and I learned the hard way, this is so funny, I am not surprised that people still believe in such a statement, whenever I read such online I always laugh.

You know what's best for yourself, entrusting money to even your own family and friends brings forth betrays and you entrusting your assets in the hands of people who you've never even meet for once is the craziest of all, if FTX hasn't changed the way people look and judge centralized exchanges then people will never wake up.

Not only Coinbase but also any centralized exchange wallets and every custodial wallets should be avoided for the best security of users funds. Then what should we do ?
We have only way to use non custodial open source wallets like Electrum, Mycelium, Bitpay and Alpha Wallet.

Then where to do trading? Okay you may choose centralized exchanges but you should keep your assets how much you can afford to lose to a exchange wallet or a custodial wallet. You also should choose a popular and trusted exchange but not a shadow exchange. It's even better to withdraw funds after successful trading. We should not store a huge funds to any custodial wallet or a exchange wallet.

As a day trader, you are definitely required to do KYC every time you deposit assets on a centralized exchange and most of us already know that it is very risky to use a centralized exchange to store assets there. Still quite lucky when exchanges try to warn you to withdraw assets as not all exchanges notify in advance. If you think KYC will create a crime then don't do it and choose another source of wallet which is much safer to store your assets and if you are one of the day traders who are actively trading then scale your assets every time you make a profit and keep some of the assets you have on a centralized exchange for trading needs only.

It is very inconvenient to send back and forth the assets we have each time we want to trade from a more secure wallet to an exchange and preferably when your desired trade target amount has been reached, send it to a much more secure wallet. The rest can be kept on the exchange for further trading needs. But it must be remembered, the exchange is not a safe place to store assets, but a place for short-term trading as an effort we can make to facilitate trading.

Right because even in the mentioned trust wallet I am aware that some of the coins there can still be frozen by the authority if the need be,  and if you own private keys and wallet address,  you are still a step away from total freedom and control but at least for as far as you operate within the limit you will be secure enough to do normal transactions and also decentralized but not free because the authority can still seize the assets.


We can not underestimate the role exchange plays in our daily life most especially in the e-commerce sectors where people trade one commodity to the other in the form of coins and other NFTs,  exchange plays a vital role that we can not ignore its importance.

Noo! I didn't meant to say that I have no money so I could not use Electrum, I said I have less money so I do not give that much importance to security features of Electrum wallet. And I do know electron has Software wallet, I just meant to say why I should bother more while I have not that much money which needs that much security. 

I also checked on Googleplaystore and I was also referring to these 500k download which are lower, just take an example and think of me as newbie (which I was at that time) if I had to select from different option in download wallet or any other app I always selects the one having more download because I have this mentality that more download means more security and longevity of the app.

Question!

Did you get a similar email couple of months ago? because around that time coinbase actually sent account closure notices to loads of people due to "not meeting their updated standards" however some accounts were limited to send-only for off-boarding. I suspect it was because they had funds on their account hence I'm wondering if this could be an extension of that where send-only accounts finally gets disabled.

Ofc, there's also a good chance the case I mentioned does not apply to you. According from your post, the funds locked ain't worth anything and during that time, people who received the same closure notice but had dust-to-none on their CB wallet had their account disabled right away.

This is one of the good discussions about how to verify Eletrum: https://bitcointalksearch.org/topic/guide-how-to-safely-download-and-verify-electrum-guide-5240594
Electrum is not a hardware wallet that you have to buy with money, it is a software wallet that you can use by just downloading it, whether you have money or not, you have to take your security seriously. Use Electrum as a hot wallet if you think your funds are so small, but if it isn't small, use Electrum for offline storage in an airgapped computer.
I don't know where you checked for the number of downloads, but on Google Playstore it has 500k+ downloads, but it ordinarily should be 0, those 500k+ people downloaded it in the wrong way, the only place to download Electrum safely should from their official website.

Dear Despair, that's what I said that not everyone is a programmer, and if some are programmers they did not give thought to auditing the code because they are trusting others just like you mentioned that warnings for atomic wallets are already shared but still people are using it just like trust wallet, you gave me warning not to use it because it is the close source and we should avoid to use it but unfortunately, I am using it for a small transaction. And i didn't mean to compare Atomic Wallet with Electrum because i do know it has the difference between Earth and Sky. But my intentions were to share the ideology that no one really checks the code. But i do understand the point you trying to teach me here and thanks for that and it would be a great help if you could refer me to the discussion that I have bolded in your reply.

OK dear hosseinimr93, I get it, no doubt it is better to use open-source wallets instead of closed ones, and even if we do not know the programming we could at least read the reviews of others about Electrum's code. Idk as I mentioned before I never used it. Why? because I do not have that much money and never give a thought about deep security because i have less money so I give less importance to security but I think to keep up to date I have to test it out at once. But back in time when I was referred to use it but after checking the number of downloads of Electrum are very low I thought this app must be a new one or do not have that much traffic and if traffic is low it means it has lesser features and securities but unfortunately, I have less knowledge at that time but still, I am learning and i do know the difference of close source and open source wallets from like 1 year maybe but still do not give any that much importance because I still do not have that much money, (hehe).

When I receive such emails like this, I must be very careful even if it is from the official account of such platform like the Coinbase. To verify, I usually go to their official site and reach out to their customer service or in their official socials to see if the email is legit or not.

But yes in centralized wallets, we do not have the full custody of the assets that we are holding there. They can freeze or hold your assets there for certain reasons rather than just having the full control of your hard earned money.

Much better you store them in a hardware wallet if you can afford. Non custodial wallets like Metamask and Trust Wallet can do but they are hot wallets in which they’re created online and the hackers can simply find ways to siphon your funds if you are not careful.

Not your keys, not your wallet, not your coins.

In fairness to Coinbase, you're given enough time to withdraw your coins. That's almost 90 days. But I wonder what the platform refers to when it says "accounts that no longer meet our updated standards." What standards in particular? Why does it have to be disabled? Is it not possible to update the account to meet such updated standards?

Are you aware of what this refers to? Or are you also confused about what it means?

I'm asking this because centralized exchanges have this penchant to be unclear or confusing in their communication that they leave their users hanging. For example, they inform a user that his/her account is locked because they detected suspicious activities. Or they suddenly require you to submit or resubmit KYC to prove that you're the owner because they observe something unusual in your account.

Coinbase sent this email to inactive accounts so don't get surprised about this since this is normally happen to any wallets if you leave it without having any transaction happened for years.

 But if you think there's misconception happen as you are actively using coinbase maybe you need to reach their support to have a clarification to the email they sent to you and also so that they can verify that you are still using their service. If you have doubts and doesn't trust their platform anymore because if this reason better leave it and find an alternative that can fits you well.

You can't trust electrum, because you can't read the code yourself. I understand you, but what change does it make if the wallet is not SPV and you run your own full node?
Can you read bitcoin core's code and know how the keys are generated? How can you be sure that there is no vulnerability in bitcoin core?

We trust bitcoin core, because it's open source and the code has been reviewed by many people.

It's true not all Bitcoin holders are programmers, but there have been many discussions about the source in Electrum and no one find there's a harmful code that would steal your coins. But it's too naive for you to trust one person statement and claim if not running full node your wallet is not belong to yours, that guy already put a disclaimer.

And you brought the Atomic wallet case here, many users already pointed out to not use Atomic wallet since few years ago. Comparing Electrum and Atomic wallet isn't apple to apple, you need to compare Eletcrum with other open source, non custodial and SPV wallet like Bluewallet.

Although OP didn't say anything new, telling his case, but a reminder that your funds, being on the account of centralized services, no longer actually belong to you and you have practically lost control over them, will never be superfluous. Sometimes, people don't know about "not your keys- not your coins" is, or they forget about it.

Changing conditions is already in the order of things and for sure, these changes will be against your interests. This must be taken into account and be prepared. Better yet, avoid centralized services like coinbase unless absolutely necessary.

Yeah, I get it. Despite the fact that it's been over two to three years now since I used my Coinbase account, I did receive that mail as well. No active crypto users that don't have the habit of always checking their mail, and Coinbase has passed on the information across all their customers, any user that doesn't frequently visit their email would have their self-blame if they still had their asset on that CEX. Although I don't feel much concern about users of this forum because it has always been said times without number for every cryptocurrency user to avoid storing their coins on the centralized exchange.

Any wallet we are using and we don't have access to the secret phrases then we should know that we are taking a very big risk and quick decision need to be taken. There are people that had lost a lot for money on exchanges because they don't have access to the secret phrase to lock there funds so that external hackers will not have access to it. We need to have access to our wallet secret phrase and keep it in a safe place to prevent our account from been locked, or blocked. If we keep saving our funds on exchanges then we are making a big mistake that could make us lose our funds.

I am not a programmer not a blockchain developer then how can I trust Electrum if I can not even understand the code. I never tried Electrum yet and I know that I lack enthusiasm in trying new things but it is my personal thing so I am trying to manage it.

But, how can a non-programmer can trust the code is alternation free of Electrum wallet? Let's say you will suggest to me some other people (they most likely be programmers) so that I could read their reviews about Electrum but in the end, I am also trusting those people whom I never met who are also human. In the end, only one way remains there if we are not ready to put our trust in any other person in the crypto, which is to learn programming ourselves maybe to some extent that we could understand that the code does not contain anything harmful but I do know that that's not an easy task to do. (I know how I might be sounding here).

But most of the people didn't give a thought to checking the wallet which they use by thinking it is open source so there must be someone tracking the codes in here. Do you have any recommendations to verify it?

Not some, but all custodial wallets won't give you any seed phrase and they will hold the keys to your coins, if you want to spend or withdraw your coins you must have to go through the custodial service provider.
If you have the keys and the seed phrase, the wallet and the coins are yours, but do not use trust wallet and other closed source wallets even if they give you your keys, that's because they are closed source and you have to trust them without being able to verify their code or anything about the wallet.

Before you use an exchange you should carefully read the terms of service. Your account will be disabled because you failed to provide the complete KYC so you don't have to blame them. If you want to continue with them provide your details, if not allow them to close the account. But some exchanges keep on changing their terms of service, I don't blame them sometimes because the government keeps pushing them to get more personal information from customers. But it will be ideal for these exchanges to inform their customers about the change of some policies instead of secretly changing the ToS.

Centralized KYC exchanges are like a necessary evil for all traders no matter how was may disdain them due to previous ugly circumstances surrounding their operation and how it has affected their users. That's why it's so important to always give in time to read through the T& C's of any exchange we're to make use of so we can have a good idea of what we're dealing with.

OP failed to complete his KYC and not the fault of the exchange as op knew from the start that KYC is part of the registration process and an allusion that used by Cex to trap their customers money at any opportunity. Let's always do well to do the needed to avoid losing our coins to these avoidable situations not to always transferring the blames to Cex all the time.

If you use a trustworthy open-source wallet like electrum, that's not possible. In electrum, you sign your transactions locally. You are the only one who has access to the private keys and you never send them to third parties.


Atomicwallet is close-source and we don't know how it generates the keys. Whenever you use a close-source wallet like Atomicwallet, everything is possible.

You may lose your fund if there's a vulnerability in the wallet. If you use a trustworthy open-source wallet like electrum, you can be sure there is no vulnerability. Electrum being a SPV wallet doesn't mean it's not secure. It's open-source and there is nothing hidden from users.  

You may lose your fund if your device gets compromised. If your device is compromised, it no longer matters you were using an open-source wallet or not and it no longer matters whether you were running a full node or not.

i read a topic yesterday, which have the same security concerns about the SPV and full node wallet. i would like to mention it here, but let me quote other members too because they had also made the same statements.
And Yamane_Keto also does not agreed with my statementFirst of all, let me tell you i was born confident, and i do have 100% confidence to say that SPV and the full node don't provide the same privacy and security features. Let me tell you all, that, I came to this statement due to this topic.Maybe, I took the context of OP's post wrong here, but let me repeat it. I meant to say, SPV wallets do provide us with the key phrase, but what if the services behind that any SPV wallets got attacked and started to misbehave which could lose you money even if you have the seed phrase. Take an example of the latest hack on Atomic Wallet which caused a loss of around $35 million dollars. The point here is, if we do not own the wallet, then how can we be so sure and satisfied with that wallet amid the difference of open and close source? Because we own nothing they are also software made by some third parties. (maybe i am wrong here).

But full node wallets, are not made by any third parties because you configure the inbound and outbound network securities here. and also own the wallet too. (have you ever heard the hack of full node wallets? if yes, then what is the ratio here.)

Are you agree with me?   because it's an encouraging point for me because others didn't agreed with my point, but your positive reply had increase my confidence about which Yamane_Keto had raised questions.

This is one of the disadvantage of using a centralized exchange to store your coins,they can come up one day and change their ToS and your funds will become trapped in their exchange. OP and  newbies make sure that you read the ToS of any exchange or platform that involves deposit and withdrawal of funds so that you don't get your funds stuck in it due to  ignorance. I hope those users that have their funds in coinbase will have access to transfer their funds to a noncustodial wallet for safety. Our privacy and total control over our funds matters a lot.

Truly, holding your assets on Centralized exchange is not worth the risk. Holding it there is just like you pouring water into the basket. You have no access to the private key only them, you are not in charge of your assets only them, they trade and make profit from your assets and you do not share the profit with them, when they get hacked, you suffer the loss and they do not because they have external storage safe for their assets which you know nothing about and in all, you are being charged fee for trading, withdrawal as well. So with all these do you think in the right sense it is advisable to keep holding your assets with CEX?

OP it is nice you received such mail and i commend them for that as it is amongst what they should be doing to keep customers abreast ahead of time to get them engaged as well.

Lastly, it is advisable to make such you scale through any kyc you have done with any exchange before moving your asset to the exchange so as not to be told the story that touches the hearth.

It's a good warning not just for the newbies but those that have been here for quite a while. It doesn't matter whether you trust or not the exchange you're using and where your funds deposited at.

The fact that they can change their TOS anytime is what's also worrying for users that trusting their huge funds on them. In your case, as you've said that it is not that much and nothing to worry about.

But we can sense that if the amount is quite high and this has happened to you or to anyone, that's stressing. So for those that has plans for long term holding, do not do it on an exchange.

I did know about their previous ToS till they changed it, at that time (before I knew about the dangers of Kyc) I wanted use it to store my coins since I won't be able to withdraw without Kyc because at that time I couldn't get the required documents for the Kyc (till now though) but the fact is I never expected them to change their ToS good thing I don't have any coin of high value there.
This is not about their privacy only but the fact that the exchange can change their ToS which may be unfavorable to some customers

Yes but I have done alot of dumb things, thinking Kyc was secured where as they are alot of dangers surrounding it. I recommend this post for anyone who wants to know about the dangers of Kyc Why KYC is extremely dangerous – and useless

Thanks though but this is from them, I do get emails frequently for though.

Let me start by making a little slight mistake on your topic that it's not your keys not your coins, anyone has the right to claim using any wallet he decided to choose and that wallet turns to be your own preferred choice even though the coins were not stored in the wallet, they were stored on the blockchain and the kind of wallet we use gives us access to having the unblocking keys required to decode the encoded coins we are having stored on the blockchain, some custodial wallet will not give you access to those keys and when such happens, it's not your keys not your coins.

Using a centralised exchange for reasons other the above mentioned could be doingvit wrong and I say this with particular stress on storage.
Even staking itself could be another means in which, you indirectly use an exchange for storage purposes. By staking, you are locking a coin on the exchange and providing liquidity for that coin and in a way, your leaving that coin there which translates to indirect storage.

You might forgive his misconception, am sure he meant it differently,
Not your keys, not your coin.

Right. OP can still use coinbase non-custodial wallet, but even their non-custodial wallet should be avoided. It's worth mentioning that coinbase non-custodial wallet is close-source and there is no way to know how the keys are generated and whether they have access to the keys or not.

As a trader and someone who loves holding currencies in the exchange site you are always advisable to do your kyc completely before start storing coin inside because they may change their term of operation which would likely affects your funds and to pass the kyc.
We all know that centralized exchange are very risky to leave our funds inside due to numerous drama of hack, breakdown or bankruptcy, the best is to look for reliable wallet and store your fund nowadays the crypto exchange and wallet are not that friendly so we have to be very careful while chosen wallets or exchange.

The good part is that, Coinbase sent you a reminder to notify you on their operation because sometimes most of the exchange do not notify their customers before closure or any change of service operations.

There is a difference between your Coinbase account and Coinbase wallet. If you read the email details, you can still use the wallet and not the account.

wait WHATTT Where did you get the confidence to say this? SPV wallets are the same as full-node wallets, but they are lightweight that store block headers and Merkle roots, which are primarily intended to rapidly increase Bitcoin adoption due to the difficulty for anyone to manage a full node and synchronize it periodically. The privacy that a full node provides you is higher.


As long as you have access to the private key, you can broadcast a new transaction even if the wallet in which you generated the private key stops working.

This is wrong.
If you use a SPV wallet, you don't need to download the blockchain and get the required data a server that is running a full node. This has nothing to do with security of your keys.
As mentioned by Helena Yu, the purpose of running a full node is helping the network and having more privacy.

Take note that for generating a secure bitcoin private key and address, you don't need internet connection at all, let alone running a full node and downloading the blockchain.

It's completely wrong to say having a key must run a full node!

Running full node mean you help the decentralization and you take a part, it could increase your privacy too. But using SPV wallets don't mean your wallet are get controlled with the central server or someone else. Either SPV or full node, your wallet has a same security.

I mean, that's a different topic.

What's the reason someone create a fake email when it's just remind to withdraw his funds on CEX and not ask him to click anything or send to specific Bitcoin address?

Don't instantly trust what you receive in your email.

Scammers can send you phishing emails. Visibly, you will see their email address is like from Coinbase but it is not.

Punycode and how to protect yourself from Homograph Phishing attacks?

If you receive such emails, please check and confirm that information from Coinbase website, Twitter.

I get the fact that this thread is to warn newbies about the danger of using centralise system and also how they put their privacy at risk by completing KYC process. But I couldn't help but wonder if you ever took your time to go through the ToS of the exchange before you made deposit? because it's clearly stated that all users are required to complete their identity verification before they can perform some certain activity and the fact that you didn't read the Terms also shows a wrong use of online services.

To all newbies and those who still have the habit of not read the Terms of Service of any online let this be an example to you of the danger that you put yourself. Yeah, I am aware of the fact that ToS are too long but you should use some keyword search like "identity, withdraw, VPN, KYC, fees, etc" to read the most important part before you start using that service.

Back to the Op, Since you mentioned that you created this account before you became a member of bitcointalk and now a preacher of the importance of using non-custodial wallet, do well to also practice it.

Even if you use any of the SPV wallets which provide you private keys and seed phrases, none wallet is yours until you create your own full node wallet.

The point is, these exchanges are just time-to-time sources for performing transactional activities like making trades, joining some launch pads, performing staking, etc. As we all know exchanges are full of different ways to make you profit and loss too. And of course with a wallet too which provides you no key.

But do you really think, having a key to your wallet means wallet is yours? Then I own a trust wallet, metamask, and any other wallet you guys prefer to use. None of them is ours and none of them we own.

The only wallet we could own and even the key phrase is full node wallet but of course, not everyone could make one. So I know the limitations also.

Moral of the story: these types of centralized exchanges at least try their full to save the money of customers so they even mail you. I am not in favor of Cexs but only of some factors.g

Coinbase sent this to my email to inform me that I have till September 25th before my account is disabled and I should withdraw my funds before then but the fact is that I have not completed my KYC and so I won't be able to withdraw my funds there. Good thing what I have there doesn't really worth anything. Even if I want to do kyc I still can't because getting my documents would be really tasking for me.
This is among the reason we should be cautious of Centralise exchange because they can choose to change their terms and conditions which may be unfavourable to us.
Ps : I already have this account before I joined this Forum