This is an opinion editorial by Kudzai Kutukwa, a passionate financial inclusion advocate who was recognized by Fast Company magazine as one of South Africa’s top-20 young entrepreneurs under 30.
The release of the Bitcoin white paper in 2009 after the 2008 financial crisis was one the most significant events of the 21st century. For the first time ever, a trustless, peer-to-peer monetary system for the digital age that was independent of intermediaries and central banks was now a reality.
Initially, Bitcoin was dismissed as a passing fad and a worthless Ponzi scheme, but 13 years later, no one is laughing at Bitcoin anymore. In fact, it’s now being ruthlessly attacked in multiple ways. These attacks have included 2021’s ban of Chinese bitcoin miners by the Chinese government; the continual denial of a spot Bitcoin exchange-traded fund by the U.S. Securities and Exchange Commission (SEC); the framing of Bitcoin as an environmental hazard (which later prompted the EU to consider banning proof-of-work mining); and, most recently, the EU’s attack on “unhosted wallets.” The latter is not just an attempt at the regulatory capture of Bitcoin, but it’s also an attack on your financial privacy. You can think of it as the 21st-century version of Executive Order 6102.
Financial regulators around the world have been slowly turning up the heat and cracking down on the use of unhosted wallets, but before we proceed any further, we need to address the elephant in the room, which is the term “unhosted wallet.” What on Earth is an unhosted wallet anyway? It’s simply a noncustodial wallet (aka self-custody wallet) where the user owns the private keys and is 100% in control of their money as opposed to handing it over to a third party for “safekeeping.” A simple example of an unhosted wallet would be your physical wallet or purse which isn’t tied to any financial institution, holds as much cash as you want to put into it and is 100% under your control. What makes this term even more bizarre and dangerous is that it implies that our personal financial data has to be “hosted” on someone else’s server. The implication being that self-custody is dangerous, suspicious and wrong.
Introducing the term “unhosted wallet” is a subtle but effective attack meant to maintain the role of “trusted third parties” that Bitcoin was created to replace. It makes absolutely no sense for a permissionless and trustless system to require the green light from gatekeepers before it can be accessed.
Der Gigi expressed this idea perfectly when he said, “The discussion shouldn’t be about ‘hosting’ in the first place. It should be about control. Who can access your funds? Who can freeze your account? Who is the master, and who is the slave? Just like ‘the cloud is someone else’s computer,’ a ‘hosted wallet’ is someone else’s wallet.”
There is no Bitcoin without self-custody, just IOUs from centralized exchanges. This is why “not your keys, not your coins” is more than just a catchphrase, but a reminder to remain financially sovereign.
Since Bitcoin is censorship resistant and cannot be effectively banned, the choke points that are now being exploited are the on-ramps and off-ramps into and out of the cash system. Given the fact that the average person is likely to acquire bitcoin from a centralized exchange, know your customer rules are then put into play with the intention of attaching a government ID and physical address to a “Bitcoin address.” The end goal being a state where every transaction is tied to an identity that leaves an audit trail for the authorities, through which they can easily conduct financial surveillance and exert control like they already do in the fiat system. Furthermore, your personal data is at risk from data leaks and hackers should the exchange get compromised, as is usually the case with centralized databases. A recent example of this would be the breaching of the Shanghai Police Department’s database that resulted in the theft of one billion people’s personal data. Your bitcoin and personal safety are at risk should this happen to a centralized exchange where you have a hosted wallet. This is why the use of misnomers such as “unhosted wallet” should be seen for what it is: regulatory capture.
This attack was switched into gear in October 2021, when the Financial Action Task Force (FATF), in their “Updated Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers,” specified that transactions between unhosted wallets pose specific money laundering and terrorist financing risks and that, under certain situations, some transactions between unhosted wallets fall under the travel rule. In March 2022, regulators in Canada, Japan and Singapore mandated that centralized exchanges should collect personal data, such as names and physical addresses of owners of unhosted wallets that receive or send bitcoin or other cryptocurrencies to the customers of these exchanges. These requirements were implemented in Canada soon after the government had frozen bank accounts and even “hosted wallets” of the truckers who were protesting against COVID-19 mandates. Similar rules to those implemented by Canada, Japan and Singapore went into effect in the Netherlands on June 27, 2022.
Not to be outdone in this statist overreach, the European parliament reached a provisional agreement on their cryptocurrency bill, dubbed “Markets in Crypto-Assets (MiCA),” which aims to regulate and place “unhosted wallets” under financial surveillance. According to a statement released by the parliament in a press release:
“Transfers of crypto-assets will be traced and identified to prevent money laundering, terrorist financing, and other crimes, says the new legislation agreed on Wednesday. … The rules would also cover transactions from so-called un-hosted wallets (a crypto-asset wallet address that is in the custody of a private user) when they interact with hosted wallets managed by CASPs [Crypto Asset Service Providers].”
Ernest Urtasun, a member of the European Parliament, posted a celebratory thread on Twitter outlining some of the key aspects of the bill that “will put an end to the wild west of unregulated crypto.” According to one of the tweets in this thread, the new regulations will mandate centralized exchanges to unmask the identity of the owner of an unhosted wallet before “large” amounts of crypto are sent to them — by large, they mean €1,000 or more. In a subsequent statement, he hailed the new regulations as being the right remedy for fighting money laundering and reducing fraud.
The irony of the matter is despite their “good intentions” in seeking to curb money laundering, an estimated 2–5% of global GDP ($1.7 trillion to $4.2 trillion) is laundered globally, mostly via the traditional banking system according to the UNODC. More money is laundered annually through the banking system than the entire market cap ($1 trillion at the time of publication) of all cryptocurrencies combined. It gets worse: The impact of anti-money laundering laws (AML) on criminal financing is 0.05% — meaning criminals have a 99.95% success rate in laundering money — and compliance costs exceed the value of confiscated illicit funds a hundred times over. Real criminals get a free pass while financial institutions and the average law-abiding citizen are penalized. According to the Journal of Financial Crime, AML laws are totally ineffective in stopping the flow of ill-gotten gains. Between 2010 and 2014, a paltry 1.1% of criminal profits were seized in the EU, according to a report by Europol. No wonder AML laws have been dubbed the most ineffective anti-crime measures anywhere! Yet, the bigger problem seems to be unhosted wallets and the “wild west of unregulated crypto.” Talk about misplaced priorities.
Despite the obvious failures of AML in the traditional financial system, lawmakers and regulators still insist on targeting unhosted wallets with burdensome and impractical regulations. Not only will MiCA stifle innovation within the EU, it’s also going to result in capital flight to more Bitcoin-friendly jurisdictions like El Salvador. One would be forgiven for speculating that laws like MiCA are a slow creep toward the outright ban of self-custody wallets and are forerunners that will pave the way for the introduction of central bank digital currencies (CBDCs): a more Orwellian form of money. The architecture of hosted wallets and that of CBDCs are similar in that they are both centralized, they are subject to financial surveillance, and they are under the control of a third party.
In a world where digital payments are the rule and not the exception, it is critical to have payment systems and tools that are sufficiently decentralized and efficient in order to maintain the protection of privacy. The importance of having financial privacy was summarized perfectly in Eric Hughes’ “Cypherpunk Manifesto”:
“Privacy is necessary for an open society in the electronic age. Privacy is not secrecy. A private matter is something one doesn't want the whole world to know, but a secret matter is something one doesn't want anybody to know. Privacy is the power to selectively reveal oneself to the world … Therefore, privacy in an open society requires anonymous transaction systems. Until now, cash has been the primary such system. An anonymous transaction system is not a secret transaction system. An anonymous system empowers individuals to reveal their identity when desired and only when desired; this is the essence of privacy.”
These words still ring true today. Once your identity is paired to a wallet, your privacy is compromised and it becomes easier to track all your on-chain transactions forever. If you don’t control how much you can have or where you can store it, you don’t own your money. Whoever controls your money controls you. Centralized financial systems — of which hosted wallets are a part — are every authoritarian’s dream and are designed to grant the power of financial omniscience to the state. Bitcoin was designed to empower the individual through the separation of money and state. Self-custody wallets are integral in preserving that.
This is a guest post by Kudzai Kutukwa. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc. or Bitcoin Magazine.