The two cardinal rules of Cryptocurrency are the law of the public key and the law of the private key.
The Cardinal Rules of Cryptocurrency
There are only two cardinal rules of cryptocurrency that arise directly from public key cryptography. As you probably know, modern cryptography is based on paired keys, a public key and a private key.
The First Law: The Law of the Public Key
Because of the blockchain, public keys (and incidentally wallet addresses) should be verified before sending. Due to the principle of immutability and the lack of a trusted intermediary, there’s no way to contest or reverse a transaction once it’s been made.
Written in the simplest terms possible, the law reads like this:
Do not send any cryptocurrencies to the wrong address or you will have lost your money.
This means that one of the most common attacks in Cryptocurrency is the phishing attack — when done directly against an individual, this is known as “Spear Phishing”.
Nerdy note (you can skip this paragraph if you are a beginner): Just to be technically clear, a Bitcoin address (for example) is not identical to a public key, but a cryptographic “hash” of your public key. This means for example that you can generate a very large number of addresses that all represent the same public key, and this provides a measure of protection for your anonymity. But from the perspective of sending money, you should treat a bitcoin address similarly. We use the name “the law of the public key” not because we are confused, but because the public and private keys are atomic to public key cryptography and the address is derived from the public key.
This image shows the relationship:
source: Mastering Bitcoin by Andreas Antonopolus. If you havent read this book you should! it is awesome, please buy the book and support a truly great guy.
The Second Law: The Law of the Private Key
The second law is simply that the owner of the private key is the owner of the wallet and all the funds therein.
In some ways this is one of the biggest flaws in custodial exchanges, which is at the end of the day the largest spectacular hacks in human history such as MtGOX and Coincheck are based on exceedingly simple principles. A custodial exchange typically secures its private key using some combination of obscurity and secure procedures. The problem is that in order to access the funds, some person or persons needs access to the key.
Whoever has access to the key can be compromised, and either an inside job can be executed or the key can be stolen. In either case, the money entrusted to the custodial exchange is gone.
Stated simply, the law reads like this:
The owner of the private key owns the cryptocurrencies. If you don’t know who that is, it isn’t you.
What does the second law mean with respect to custodial exchanges including almost all of the popular exchanges in the world? It means that their customers have NO STANDING on ANY blockchain with respect to their assets.
Stated another way, if you don’t control your own private keys, you don’t own any cryptocurrencies.