Discover our guide on the why and how of self-custody of cryptocurrencies. Learn about the different ways to secure your cryptocurrency and take full control of your finances! This is an article we publish in collaboration with Perpetual protocol and that it is very topical due to the misfortune that occurred with the FTX exchange.
Why guard your cryptocurrencies yourself?
Although there is no such thing as perfect security, taking custody of your crypto assets ensures you remove dependency on third-party services and avoid many of the associated risks. While some types of users may find it convenient to store their assets in an online wallet, there are some major downsides:
- If there is a breach in their security, they can be hacked
- Potential for internal theft and embezzlement of your cryptocurrencies by the platform
- Potential for seizure by governments
A long list of centralized entities have lost or stolen customer funds, including Mt. Gox, Bitfinex, QuadrigaCX, and most recently FTX, highlighting the importance of self-custody. Time and time again, cryptocurrency holders have learned the hard way that centralized entities and custodial services are not always safe. The answer: become your own custodian.
With self-managed storage, you have more control over your assets. The other side of the coin is that it is completely up to you to make sure they are safe. In the following sections, some self-storage options are discussed and the advantages and disadvantages of each method are described. But first we want to discuss some misconceptions about self-custody. The list below describes some common criticisms and a response to each:
Criticism 1: “Self-care is too difficult”
Answer: Self-custody can be tedious, yes, but it's not that hard. Anyone can do it, it just requires a little attention and time. Everyone has different security needs, so you must decide how much resources, time, and effort you want to invest.
Obviously, the most secure configurations will require more resources. Follow your preferred method and practice several times with a small amount. After a little practice, you'll become familiar with self-care and discover that it's actually not that hard.
Criticism 2: "I need a lawyer for self-custody"
Answer: You should first focus on the technical aspects of custody, then you can get advice from a legal point of view. Lawyers aren't really necessary until you get to the estate planning portion of your legacy to your heirs, and even then, you have other options.
Criticism 3: “My cryptocurrencies are not worth much”
Answer: Cryptocurrency markets are very volatile. whatWho knows how much your assets will be worth a year from now, two or many years in the future? It is better to start now and prepare for the future, so that if the market does rally, you can rest easy knowing that your positions are safe and sound.
Criticism 4: “Greater risk of theft”
Answer: When protecting their seed words, many users worry that it may be insecure. However, you should separate your recovery phrase, passwords, and secret recovery plans to reduce the risk of theft and avoid storing them on an electronic device. More people have lost cryptocurrency from not backing up their coins, forgetting their password, or because their computer crashed than through hacking or theft.
How to self-guard your cryptocurrencies
Now that we know why we should value self-custody, let's look at how you can become your own custodian.
The first step to self-care is withdraw any assets you own from centralized exchanges and services to a wallet you control. In the following sections, we'll describe various ways to store your assets and provide an assessment for each method, from the simplest methods to the most complicated techniques.
The importance of free and open source software
The easiest way to safeguard your assets is withdraw your funds to an open source hot wallet. While they are more prone to malware and other attacks, active wallets are very convenient and you can reduce the risk you face by only using open source wallets. Some examples are MetaMask and WallETH.
With free and open source software, you are more certain that the wallet will not do anything unexpected and will store your assets safely. In contrast, closed source software does not go through peer review and the code is hidden, which means the wallet could do something malicious.
In general terms, it is safer to keep your funds in “cold wallets” (for example, hardware wallets), where your private keys are stored on a device that not connected to the internet. Unlike cold wallets, hot wallets like MetaMask need to be installed on your device and connected to the internet. Although they are more convenient, there are many potential attack vectors for hot wallets since they are connected to the Internet and typically live on computers that are used daily for work or play.
Smart contract wallets
Smart contract wallets require a unique setup process and come in 2 forms: multi-signature wallets y social recovery wallets.
Multi-signature wallets
Multi-signature wallets differ from standard single-signature wallets in that require a minimum number of people to approve a transaction. For example, in a 2-of-3 multi-signature scheme, at least 2 different parties with the keys must agree to a transaction before it can be sent to the blockchain. Even if one of the keys is compromised, your funds will be safe. However, if n keys are compromised in an n-of-M multi-signature configuration, then your funds will be at risk.
A popular multi-signature wallet is Gnosis Safe, which can be used by both individuals and organizations. For individuals, the challenge lies in finding two other parties that hold the other keys. One possible configuration is to spread two keys across different devices and have another key with a relative, spouse or close friend.
As with other types of wallets, a secret recovery phrase is provided that can restore the account to another device.
Social Recovery Portfolios
Social recovery wallets like Silver and Loopring have some advantages compared to other types of wallets in terms of security, where this method of storing your crypto assets provides a good mix of ease of use and security. Unlike multi-signature wallets, no need to worry about securing a secret recovery phrase, which makes it more convenient for the user.
Social recovery wallets work with a single signing key that can authorize transactions, as well as three or more gatekeepers that can change the signing key. The idea here is to appoint your spouse, family members, or anyone else who has earned your trust as guardians, so that, in case you lose access to your walletMost of these guardians can change the signing key so you can regain access to your funds. Guardians can also block a wallet or approve an untrusted transaction.
For someone to compromise your wallet, most guardians would have to coordinate without your knowledge. Coordination between keepers is more difficult than exploiting a wallet protected by an individual, since the keepers first have to figure out who the other keepers are, and then agree to team up to steal their funds.
In addition to provide a solution to lose access to your wallet, smart contract wallets can also protect you against theft with vaults. A vault can be created for any smart contract wallet, where transactions with untrusted addresses require approval from guardians, while for trusted addresses you have specified, you can interact with them without being signed off by guardians .
[highlighted] You can learn more about social recovery wallets at this post from the co-founder of Ethereum, Vitalik Buterin, who recommends them as a viable alternative to hardware wallets, paper wallets, and multi-signature wallets.[/highlighted]While it inhabits a good gap between usability and security, there are still some downsides to social recovery wallets: what if you don't have anyone suitable who can take on the role of gatekeeper? What happens if there is a social engineering attack against your tutors, tricking them into changing the signing key? To address these shortcomings, a sovereign social recovery mechanism is described in ethresear.ch, although it has not yet been implemented in any wallet.
hardware wallets
One of the first pieces of advice you are likely to hear from cryptocurrency advocates is buy a hardware wallet and store your funds there. These devices, popularized by companies like KeepKey, Ledger and Trezor, provide great security by keeping your keys offline in a “cold wallet”.
The following diagram illustrates how hardware wallets work, which are hardened, dedicated devices for generating and storing private keys that will never leave the device.
Here is a rough summary of how hardware wallets execute cryptocurrency transactions:
- The transaction message is prepared by the client software, which then is sent to the hardware wallet.
- After the wallet owner confirms the details of the transaction (such as the amount, recipient address, and blockchain fee) displayed on the screen of the hardware wallet device, the wallet signs the transaction with a non-removable private key.
- La signed transaction is returned to client software and is sent to the blockchain for confirmation.
Because the private key never leaves the device and the device has extremely limited functionality—even if your computer is compromised with malware, a thief can't gain access to your funds.
If this method of securing your coins is right for you, then the next question is "doWhat hardware wallet should I buy?». The following table shows the security features and practices of the most popular hardware wallets on the market:
While KeepKey and Trezor use holographic stickers to prevent supply chain attacks, Ledger does not. Holographic stickers can be replaced by an adversary with sufficient resources, so Ledger claims this does not add security to the device itself. Another important difference is that Trezor products are the only ones that are open source in firmware, client software and hardware.
Another distinction between Ledgers and other hardware wallets is that the former is designed to be an openable device. While this feature exposes unsuspecting users to potential supply chain attacks, you should always verify that the Ledger hardware wallet PCB has not been tampered with by comparing your device to images provided online, to verify that no additional components have been connected. which could lead to an exploit.
In the next section, we provide a summary of the main risks for hardware wallets that all users should be aware of.
Hardware Wallet Risks
One thing to keep in mind: when using a hardware wallet to secure your funds, accept the assumption that it is a reliable piece of computing.
The main risks of hardware wallets relate to theft, interception, human error, and physical security.
- Theft: even if you own a hardware wallet, you still you need to protect the device. It's not good to just leave it somewhere that isn't secure, as there have been vulnerabilities in the past that would require an attacker to have physical access to the device. For example, Kraken Security Labs found a flaw in Trezor hardware wallets where an attacker could extract the seed with just 15 minutes of physical access to the device. Other similar undiscovered vulnerabilities may exist that require physical access and are worth considering when deciding if a hardware wallet is right for you.
- interception: Another potential risk is the interception of your device, also known as supply chain attack. In the past, unsophisticated attacks have been carried out via eBay, where the secret recovery phrase was already filled in on the card that comes with the Ledger. Once the buyer transferred funds to that Ledger, he effectively sent money to the unauthorized seller of the hardware device. The conclusion of this is always buy hardware wallets in the official store, directly from the manufacturer. Supply chain attacks may become more sophisticated in the future, so this potential vulnerability is worth knowing if you are going to use hardware wallets. For example, Ledger devices can be physically tampered with, meaning the screen is vulnerable and there's no way to tell what's going on behind the screen. For example, a malware writer could change their genuine address to something else in the background to display an address that isn't really yours, and you would have no way of knowing.
- Human error: even software projects like Bitcoin or Ethereum that have a large number of contributors have been victims of human error and a thorough peer review is required to detect these problems. For devices like hardware wallets, which are often closed source and only have a small group of people working on them, then that's an additional risk to consider, which is less of a concern for open source software wallets. An example of human error and how it can affect hardware wallet users: In August 2018, an update was pushed to the Ledger Wallet Ethereum Chrome app, which replaced each ETH recipient address with a fixed one. If you had sent money to that address, it would have been lost or stolen. Human error on the part of the hardware wallet user is another factor to consider, though not unique to hardware wallets. For example, the EthClipper attack takes advantage of the idea that many hardware wallet users will only check the various characters at the beginning and end of an address to verify its authenticity (rather than the entire address).
When using any wallet, always check the full address, pay attention to capital letters, and type the recipient's address instead of copy-pasting to avoid EthClipper-like attacks.
- Physical security- You should receive your hardware wallet somewhere, and it's better avoid using your own address if possible. Instead, you can have your device shipped to your workplace, mailbox, or forwarding address to avoid exposing your home address.
Data breaches can happen, and companies that produce hardware wallets are no exception. For example, in July 2020, the names and addresses of Ledger customers were exposed through a data breach, opening the possibility of $5 wrench attacks, where an adversary literally torture him to get his password, private key, etc. As you may have guessed, good cybersecurity practices are not the only consideration when thinking about self-custody: physical security is another aspect that cannot be ignored.
Creating your own hardware wallet
If you don't want to trust hardware wallet companies or become the target of a supply chain attack, an alternative route is create your own wallet with consumer hardware.
Instead of buying a specialized device, you can use standard hardware to run open source software to secure your coins. Since software is more easily and thoroughly audited, you can use an old mobile device, Raspberry Pi, or buy a second-hand computer with cash to make yourself less vulnerable. Also, supply chain attacks are more difficult to carry out if you choose to follow this method.
For example, you could take an old Android phone, factory reset it, replace the operating system with something like CalyxOS, and install a wallet like AirGap to create a cold storage device. Having a Ledger or Trezor lying around or in your possession screams “cryptocurrency holder” while an old mobile phone or laptop does not, making theft less of an issue.
While this technique is not very convenient for most users, you can provide better security if you're concerned about closed-source hardware, supply chain attacks, or relying on hardware wallet manufacturers.
The Glacier Protocol: taking paranoia to the max
The Glacier Protocol is a method designed by Bitcoin and security professionals that take the paranoia to the max, securing your assets in a way that does not require you to trust any other person or entity. While the protocol is aimed at Bitcoin holders, it can also be slightly modified to store Ethereum and other tokens in cold storage using paper wallets.
Securing your assets using this protocol is the digital equivalent of bury some cash somewhere in Antarctica. Due to the strong focus on security over convenience, you should only use this protocol when you want to store $100,000 or more in value and are planning to HODLing for a long time.
The process is long and tedious, it is estimated that it will take around 8 hours to complete it, as detailed in this 93-page step-by-step guide. It's also not cheap compared to other self-care methods. The equipment required to follow the protocol it will cost more than $600, which will involve the purchase of two separate factory-sealed computers, four factory-sealed USB sticks, casino dice, and a Faraday bag, among other items.
The idea here is quarantine computers, removing your wireless cards so they're never connected to the Internet, and using them in conjunction with casino-grade dice to reliably create private keys within a vacuum to mitigate a variety of attacks. After going through this process, you will get a set of paper information packets, one for each private key needed for the multi-signature withdrawal policy.
Shortcut versions of the protocol with lower security guarantees are also explained on the website, with an option involving using existing hardware you own and following the same process, similar to what we described in the section above on how to create your own hardware wallet.
Ingenious ways to secure your secret recovery phrase
All wallets (with the exception of social recovery wallets) require that make a backup of your secret recovery phrase so you can restore account balances on any other device. Type the secret recovery phrase, keep it private and keep it in a safe place, where the last part is the difficult aspect of self-custody. However, hardware wallet manufacturers ask users to write their secret recovery phrase on a card or paper.
The problem here is that in the event of a fire, flood, or natural disaster, that paper may not survive. You can keep it in a safe, but a better way to save your secret recovery phrase is engrave it on a metal so that it can withstand a fire or flood. A useful product that does this for you is CryptoSteel.
Also, your password and recovery phrase together are a single point of failure, since if someone exposes them, you could lose your funds. You might also consider split your secret recovery phrase and store the parts in different locations. However, your private key could be compromised if an adversary had access to half of your secret recovery phrase.
A better technique for storing secret recovery phrases would be Shamir's Secret Sharing, which is supported by a handful of wallets like the Trezor Model T. The secret recovery phrase can be split into up to 16 shares (each with a sequence of 20 words), you can then set a threshold needed to get your funds back.
Self-custody is not just about protecting your crypto
Self-custody is more than just protecting your assets. Another important part also involves How will you transfer the assets in the event of your death?This is known as estate planning.
Without a will or trust, how will you decide who gets what? The inheritance of your crypto assets depends on a detailed, documented and tested plan; we may cover it another day.
