As we discussed on Twitter a few weeks ago, the collapse of FTX and resulting market action prompted large net outflows from centralized exchanges, as many users shifted their funds to personal wallets, also commonly referred to as “unhosted wallets.” We found that while the trend wasn’t as pronounced as some suggested and likely did not signal a mass exodus from centralized exchanges (CEXes), more users were opting for self-custody and turning to DeFi protocols to carry out activities like trading, lending, and borrowing.
Increased flows from CEXes to personal wallets are almost always one consequence of extreme market volatility or price declines, but what separated this latest instance from previous ones was that this time, institutional money led the charge. Whether they be individuals with large holdings, crypto native investors, or traditional finance players, analysis of transaction sizes suggests these large holders are leading the way now in movements of funds from centralized services to personal wallets. This brings up new questions of how the industry can best equip institutional investors to custody their own cryptocurrency and use DeFi safely. We’ll examine these questions in more detail below, and also clear up some misconceptions around safety and illicit activity in personal wallets.
Users usually move crypto from CEXes to personal wallets when the market is turbulent, including new institutional users
The chart below shows the seven-day moving average of total value withdrawn from CEXes to personal wallets. As you’ll notice, every major spike coincides with a period of market volatility and asset price declines, often with a single identifiable cause.
The movement of funds from a CEX to a personal wallet can mean many things. Many would suggest that it signals users are worried about their CEX’s solvency and are moving their funds to a personal wallet they control directly to ensure they don’t lose access to their funds. This is probably true in many cases. In others, users may only be moving the funds to a personal wallet to then move them to another CEX, or to a DeFi protocol — both of these options would enable them to continue trading or carry out other transactions, such as contributing to a lending pool. Regardless of the specific motivations, the behavior holds true: Most spikes in CEX-to-personal-wallet flows are sparked by market volatility.
But what has changed is the makeup of the users leading these crisis-driven withdrawals to personal wallets. Check out the table below, where we show what percentage of each CEX-to-personal-wallet sending spike called out in the graph above was made up of institutional-sized transfers (above $100,000).
| Day of spike peak | Likely spike cause | Percent of CEX-personal wallet spike attributed to institutional (>$100K) transfers |
| 11/10/2022 | FTX collapse | 68% |
| 6/13/2022 | Celsius collapse | 69% |
| 5/12/2022 | UST collapse | 77% |
| 12/9/21 | Crypto prices falls from November peak | 61% |
| 5/20/2021 | Crypto prices fall over 50% soon after announcement of China’s ban on mining | 65% |
| 1/21/2021 | Crypto prices fall, $150 billion in market cap wiped out overnight. | 52% |
| 07/29/2019 | Price volatility | 20% |
| 12/20/2017 | Major price decline following late 2017 bull run | 34% |
The trend isn’t perfectly linear, but overall, institutional funds have made up a bigger share of movements from centralized exchanges to personal wallets over time. We can see from the chart below that this is true for CEX-to-personal-wallet flows generally, and not just at times of elevated activity or volatile market conditions.
Overall, as institutional adoption has risen, these investors have taken on a more and more prominent role in the movement of funds from CEXes to personal wallets.
This also begs the question of what institutional investors do with the funds they move from CEXes to personal wallets. Again, many of them are likely just holding the funds there, or transporting them to a new CEX. On-chain data also suggests many are using the funds to interact with DeFi protocols, which typically allow users to connect via personal wallets and carry out many of the same financial functions a centralized cryptocurrency service would — trade, invest, borrow, lend — without the user ever having to give up custody of their funds.
Note: The values above for crypto moving to DeFi protocols excludes transactions in which the source is another DeFi protocol or smart contract, including MEV bots.
As we see above, DeFi protocols have also historically seen surges in transaction volume in the same time periods of increased CEX-to-personal-wallet flows we discuss above, suggesting a significant portion of those funds withdrawn to personal wallets are soon after used for DeFi transactions. Given the growing role of institutional money in these large-scale withdrawal events, we can conclude that institutional investors are playing a key role in the migration of funds from the CeFi to DeFi ecosystem.
Institutional investment demands enterprise-grade safety and security in personal wallets and DeFi
In summary, growing institutional adoption of cryptocurrency means that the common pattern of funds moving out of centralized services and into personal wallets and DeFi in response to market volatility is now being led by deep-pocketed institutional investors. How can the cryptocurrency industry support institutional investors in this activity and help them self-custody safely and effectively?
First, let’s clear up a few misconceptions. Many believe that personal wallets represent significant risk of illicit activity, likely due to the fact that at a technical level, their ability to transact can’t be hampered by any third party. Some lawmakers and regulators have cited this risk as reason to impose heightened compliance rules on transactions involving personal wallets. However, personal wallet activity can be tracked on the blockchain, and the data shows that they actually exhibit low exposure to illicit activity.
From 2020 to the present, less than 1% of all funds moving to personal wallets have come from addresses associated with illicit activity. In fact, as we see below, the majority of transaction volume involving personal wallets involves funds moving to or leaving from a centralized exchange.
This is important to note because nearly all of the large centralized exchanges require KYC checks for users upon sign-up. If a suspicious personal wallet has transacted with one or more addresses at a centralized exchange, law enforcement could subpoena the exchange and learn who controls the account(s) at the exchange interacting with the personal wallet, allowing them to unmask the owner of the personal wallet itself. Similarly, if a cybercriminal sends cryptocurrency to a personal wallet, they would eventually need to send it to an exchange if they wanted to convert it into cash. In that case, the investigator could simply keep an eye on the funds until that happens — even if the cybercriminal first sent the funds to other personal wallets as an intermediary step, the investigator could trace those movements until the funds eventually hit an exchange.
So, now that we’ve established that usage of personal wallets doesn’t present a significant crime risk, we need to ask ourselves how personal wallets can better serve their growing user base of institutional investors, and allow them to pursue their desired investment strategies without compromising their funds. A few ideas include:
- Support for more blockchains so that investors can access as many assets as possible from one wallet product
- Transaction previews that allow users to see exactly what will happen if they execute a specific transaction, sign a contract, or connect to a protocol
- Better private key management processes and tools
- Integrated compliance tools
- Faster transaction speeds
Ultimately, self-custody solutions will likely vary by institution, but these are a few ideas of features that could help them transact more efficiently and safely.
DeFi security is another area that needs to improve in order to meet the needs of institutional investors. In 2022, the vast majority of funds stolen in hacks were taken from DeFi protocols specifically, representing billions of dollars in lost value.
DeFi can unlock untold value for institutional investors, but they’re unlikely to get involved if the funds they deposit with protocols are at great risk of being stolen, or if the assets they hold can be devalued in a flash loan attack. DeFi protocols should seek to improve security through initiatives like smart contract auditing, bug bounties, frequent penetration testing, and more.
Improving self-custody for institutions is a must
Ultimately personal wallet providers and DeFi protocol operators should be encouraged by the data we’ve shared in this blog. Institutional investors aren’t just coming to crypto generally — they’re increasingly interested in the specific self-custody solutions and services the industry can offer. The next step to capitalizing on that interest is to improve the usability, security, and compliance components of your tools to meet institutional investors’ needs.
This website contains links to third-party sites that are not under the control of Chainalysis, Inc. or its affiliates (collectively “Chainalysis”). Access to such information does not imply association with, endorsement of, approval of, or recommendation by Chainalysis of the site or its operators, and Chainalysis is not responsible for the products, services, or other content hosted therein.
This material is for informational purposes only, and is not intended to provide legal, tax, financial, or investment advice. Recipients should consult their own advisors before making these types of decisions. Chainalysis has no responsibility or liability for any decision made or any other acts or omissions in connection with Recipient’s use of this material.
Chainalysis does not guarantee or warrant the accuracy, completeness, timeliness, suitability or validity of the information in this report and will not be responsible for any claim attributable to errors, omissions, or other inaccuracies of any part of such material.