The SEC’s Office of Investor Education and Assistance issued a bulletin warning retail investors about crypto asset custody risks.
Summary
- The SEC warned that losing a private key means permanent loss of crypto assets.
- Investors must choose between self-custody wallets or third-party crypto custodians.
- The SEC cautioned that custodian hacks, failures, or misuse can lock users out.
The guidance covers how investors can store and access digital assets through crypto wallets, which hold private keys rather than the assets themselves.
The bulletin distinguishes between hot wallets connected to the internet and cold wallets stored on physical devices.
The SEC emphasized that investors must choose between managing their own wallets or relying on third-party custodians.
Private keys function like passwords with no recovery option
The SEC explained that crypto wallets generate two types of keys. Private keys function as randomly generated alphanumeric passcodes that authorize transactions.
“Once created, a private key cannot be changed or replaced. If you lose your private key, you permanently lose access to the crypto assets in your wallet,” the bulletin stated.
Public keys verify transactions and allow others to send assets to a wallet but cannot authorize spending. “A public key is like the e-mail address to your crypto wallet,” the SEC wrote.
Many wallets generate seed phrases that restore access if private keys are lost or devices are damaged. The SEC warned investors to “store your seed phrase in a secure place and do not share it with anyone.”
Third-party crypto custodians carry different risk profile
For third-party custody, the SEC urged investors to research custodian backgrounds through internet searches for complaints and regulatory status.
Investors should verify what crypto assets each custodian allows and whether they provide insurance for loss or theft.
The bulletin warned that custodians may engage in rehypothecation, using deposited crypto assets as collateral for lending or other purposes. Some custodians commingle assets rather than holding them individually for customers.
“If the third-party custodian is hacked, shuts down, or goes bankrupt, you may lose access to your crypto assets,” the SEC stated.
Investors should ask about physical and cyber security protocols and whether the custodian sells customer data to third parties.
The SEC also highlighted fee structures, including annual asset-based fees, transaction costs, asset transfer fees, and account setup and closure charges.
he guidance arrives as multiple crypto exchanges and custodians have failed, leaving customers unable to access their holdings.
