In the last few years, cryptocurrencies have gone from being a niche technology to something far more mainstream. Big brands have experimented with NFTs, Web3 Play2Earn gaming has become more well-known and it’s become easier than ever to add coins and tokens to your savings portfolio thanks to centralized exchanges such as Binance and Coinbase. Even mainstream “TradFi” companies such as Revolut offer the option to buy cryptocurrencies. However, that convenience comes at a price.
Centralized Exchanges and Custodial Wallets
When you buy coins or tokens on a centralized exchange, those tokens are held in the exchange’s wallet. This means you have to trust that the exchange:
- has the coins they claim they do,
- will allow you to withdraw those coins when you want them,
- is storing your holdings securely and won’t get hacked.
Those risks aren’t just limited to CeFi (Centralized Finance) companies, either. If you’re dealing with DeFi (Decentralized Finance) smart contracts that require you to lock up funds for any length of time, there’s the risk of the contract being hacked by a malicious third party.
One look at Web3IsGoingGreat, our own blog on The Role of Cover Protocols in Mitigating Risks, is enough to show that custodial risk is too great to ignore. The recent high-profile collapses of platforms and exchanges such as Celsius and FTX highlight how important it is for long-term investors to take ownership of their crypto.
Self-Custody for Your Crypto
While it makes sense for day traders to keep their cryptocurrencies on the exchanges they use for trading, if you plan to hold a currency for a long time, it’s worth considering self-custody options. The cryptocurrency community has a saying — Not Your Keys, Not Your Crypto (NYKNYC).
Cryptocurrencies use a combination of public keys (shared) and private keys (only the owner of the currency knows). If you are not in possession of the private keys for the wallet in which the coins/tokens are stored, then those assets are not yours — at least in the sense that you cannot access them.
Self-custody begins with withdrawing the assets from the exchange and holding them in a wallet for which you have the the keys. Those wallets can be:
Hot wallets are incredibly convenient, but that convenience brings some security risks. Metamask is a browser extension that makes it easy to use DApps and Web3 services and manage multiple tokens and assets all in one place. Electrum is a desktop application that gives you instant access to your Bitcoin. Some other hot wallets run on your mobile phone. What all of these things have in common is that all you need is access to the device and your wallet password, and you can transact using that wallet.
If you’re running a hot wallet and the device gets hacked, and the attacker gains access to the wallet’s keys, you could lose all funds in the wallet. To combat that risk, many people use cold wallets for long-term storage.
Cold wallets are devices that store the keys offline. It’s possible to configure Electrum to work in this way, but most cold wallets are physical devices that look a lot like USB memory sticks. For example, Ledger and Trezor offer apps to view and manage your wallet. However, you can’t send cryptocurrencies from the wallet without “signing” the transaction using the physical device. This adds an extra layer of security at the cost of convenience. If you’re away from home and want to sell some Ethereum or send some Chainlink to a friend, you can’t do so if you aren’t carrying your hardware wallet.
It’s possible to purchase a Ledger Nano S for around $100. If your cryptocurrency holdings are worth more than a couple of hundred US dollars and you plan on keeping them for a long time, it’s well worth making that purchase for peace of mind.
Securing Your Cryptocurrency Wallets
Most modern cryptocurrency wallets use a recovery phrase (typically 12–24 words) rather than a collection of random letters and numbers. If you lose your wallet, you can recover it by entering that phrase into any hardware or software wallet that supports the same standard.
In addition to the recovery phrase, some wallets may use an “extra word” for added security and a password to unlock the wallet. When you go through the wallet creation process, note these details. If you forget them, there’s a risk you could lose access to the wallet.
Always keep in mind that anyone who knows the recovery phrase can create a copy of your wallet. Follow these golden rules when storing your coins and transacting with cryptocurrencies:
- Keep the wallet and recovery details separate, ideally out of public view.
- Do not re-use passwords for exchanges or wallets on other services.
- Never store your keys/recovery phrase online or on a computer connected to the internet.
- Never enter your wallet’s recovery details into a website, or share them with a third party, even if that third party claims to be from “Trezor Support”.
- If you have the luxury of doing so, keep a spare computer that isn’t used for day-to-day browsing to manage your cryptocurrencies.
- Do not install untrusted applications on your computer.
- Do not connect your Metamask wallet to a website or DApp unless you can trust it.
- When sending cryptocurrencies from your wallet, always verify the address you’re sending it to by checking several characters at the beginning and end of the address. Don’t just trust the address you paste from your clipboard.
- If your cryptocurrency holdings are large enough to make it worthwhile, test your wallet recovery procedure by attempting to recover your hardware wallet to a backup wallet while the first wallet is still working.
- Never reuse addresses. Most modern wallets automatically generate new addresses for each deposit request. Take advantage of this feature.
Some hardware wallet manufacturers offer steel plates to stamp your recovery phrase onto. The idea of these plates is to create a backup of your keys that will last a lifetime. Ink fades, and notepads can be mistakenly discarded. They’re also likely to be destroyed if you experience a fire, flood, or another disaster. Steel plates will survive such events, so if the worst happens, you’d still be able to recover your cryptocurrency and get back on your feet.
If you take a systematic approach to protect your self-custodied cryptocurrencies and invest in protection against custodial risk, you’ll be prepared for any eventuality.
All Comments