Go from 0 to 100 in your OpSec knowledge with our guide covering the why and how of self custody. Learn about the different ways of securing your cryptocurrency holdings and become fully in control of your finances!

Outline

• Why Self Custody?

• How to Self Custody

  • The Importance of Free and Open Source Software

  • Smart Contract Wallets

  • Hardware Wallets

  • Creating Your Own Hardware Wallet

  • The Glacier Protocol: Taking Paranoia to the Max

  • Inventive Ways of Securing Secret Recovery Phrases

• Self Custody: More Than Protecting Your Crypto-assets

• Summary

Why Self Custody?

Although there’s no such thing as perfect security, taking custody of your crypto-assets ensures you eliminate reliance on third party services and avoid many of the associated risks. While it’s more convenient to store your assets on an exchange or online wallet, there are some major downsides:

• If there’s a flaw in their security, they can get hacked

• Potential for internal theft and embezzlement

• Potential for seizure by governments

A long list of centralized entities have lost or stolen customer funds, including Mt. Gox, Bitfinex, QuadrigaCX and more recently FTX, highlighting the importance of self custody. Time and time again, cryptocurrency holders have learned the hard way that centralized entities and custodial services are not always safe. The answer: become your own custodian. 

With self-managed storage, you have more control over your assets. The flip side is that it is entirely down to you to make sure they are secure. In the following sections, some self-storage options are discussed, outlining the advantages and disadvantages of each method. But first we want to discuss some misconceptions about self custody. The list below outlines some common critiques and a response for each: 

• Critique 1: “Self custody is too difficult”

Response: Self custody can be tedious, yes, but it’s not that difficult. Anyone can do it, it just requires some focus and time. Everyone has different needs for security, so you have to decide the amount of resources, time and effort you want to put in. 

Obviously, more secure setups will take up more resources. Go through your preferred method and practice a few times with a small amount. After some practice, you’ll become familiar with self-custody and find out it’s actually not that hard. 

• Critique 2: “I need a lawyer to self custody”

Response: You should first focus on the technical aspects of custody, then later on you can get advice from a legal standpoint. Lawyers are not really necessary until you get to the estate planning part of your self custody journey–and even then, you have other options. 

• Critique 3: “My crypto holdings aren’t worth a lot”

Response: Cryptocurrency markets are highly volatile. Who knows what your holdings will be worth in a year, two years or many years into the future? It’s best to start now and prepare for the future, so if the market pulls off a comeback, you can rest easy knowing that your holdings are safe and sound. 

• Critique 4: “Increased risk of theft”

Response: When writing down your secret recovery phrase or recovery plan, people worry that it may be insecure. However, you should separate your secret recovery phrase, passwords and recovery plans to reduce the risk of theft and avoid storing it on an electronic device. More people have lost cryptocurrencies from not backing up their coins, forgetting their password or because their computer perished, than from hacks or theft.

How to Self Custody

Now we know why we shouldn’t be put off self-custody, let’s look at how you can become your own custodian. 

The first step for self custody is to withdraw any assets you own from centralized exchanges and services to a wallet you control. In the following sections, we’ll outline several ways to store your assets and provide an evaluation for each method, starting from the simpler methods to more complicated techniques. 

The Importance of Free and Open Source Software

The easiest way to custody your assets is to withdraw your funds to an open source hot wallet. While more prone to malware and other attacks, hot wallets are very convenient and you can reduce the risk you face by only using fully open source wallets. Some examples are MetaMask and WallETH. 

With free and open source software, you have greater certainty that the wallet will not do anything unexpected and will store your assets safely. In contrast, closed source software doesn’t go through peer review and the code is hidden away, meaning that the wallet might do something malicious. 

Generally speaking, it’s safer to hold your funds in ‘cold wallets’ (e.g., hardware wallets), where your private keys are stored on a device that’s not connected to the internet. In contrast to cold wallets, hot wallets like MetaMask must be installed on your device and are connected to the internet. Even though they are more convenient, there are a lot of potential attack vectors for hot wallets since they are connected to the internet and typically live on computers used daily for work or fun. 

Smart Contract Wallets

Smart contract wallets require a one-time setup process and come in 2 forms: multi-signature wallets and social recovery wallets.

Multi-signature Wallets

Multi-signature wallets differ from standard, single signature wallets in that they require a minimum number of people to approve a transaction. For example, in a 2-of-3 multi-signature scheme, at least 2 different parties with the keys have to agree on a transaction before it can be sent to the blockchain. Even if one of the keys is compromised, your funds will be safe. However, if n keys are compromised in an n-of-M multi-signature setup, then your funds will be at risk. 

One popular multi-signature wallet is Gnosis Safe, which can be used by individuals and organizations alike. For individuals, the challenge lies in finding two other parties to hold the other keys. One possible setup is to spread two keys across different devices and have another key with a family member, spouse or close friend. 

As with other types of wallets, a secret recovery phrase is provided which can restore the account on another device. 

Social Recovery Wallets

Social recovery wallets like Argent and Loopring have some advantages as compared to other types of wallets in terms of security, where this method of storing your crypto-assets provides a nice mix of useability and security. Unlike multi-signature wallets, there’s no need to worry about securing a secret recovery phrase, which makes it more convenient for the user. 

Social recovery wallets work with a single signing key that can authorize transactions, as well as three or more guardians that can change the signing key. The idea here is to designate your spouse, family members or anyone else who has earned your trust as guardians, so that in the event you lose access to your wallet, a majority of these guardians can change the signing key so you can regain access to your funds. Guardians can also lock a wallet or approve an untrusted transaction. 

For someone to compromise your wallet, a majority of guardians would have to collude together without your knowledge. Coordination between guardians is more difficult than exploiting a wallet protected by an individual, since the guardians first have to find out who the other guardians are and then agree to come together to steal your funds. 

As well as providing a solution for losing access to your wallet, smart contract wallets can also protect you from theft with vaults. A vault can be created for any smart contract wallet, where transacting with untrusted addresses requires the guardians’ approval, while for trusted addresses that you have specified, you can interact with them without guardians signing off on it. 

You can learn more about social recovery wallets in this post by Ethereum co-founder Vitalik Buterin, who recommends them as a viable alternative to hardware wallets, paper wallets and multi-signature wallets. 

While inhabiting a nice space between useability and security, there are still some downsides to social recovery wallets: what if you don’t have anyone suitable that can take on the role of the guardians? What if there’s a social engineering attack against your guardians, tricking them into changing the signing key? To address these shortcomings, a sovereign social recovery mechanism is outlined on ethresear.ch, although it has not been implemented in any wallets yet. 

Hardware Wallets

One of the first pieces of advice you’ll likely hear from cryptocurrency advocates is to purchase a hardware wallet and store your funds there. These devices, popularized by companies such as KeepKey, Ledger and Trezor, provide strong security by keeping your keys offline in a ‘cold wallet’.

The diagram below illustrates how hardware wallets work, which are dedicated, hardened devices for generating and storing private keys that will never leave the device. 

*Diagram amended from https://arxiv.org/pdf/2108.14004.pdf *

Here’s a rough outline of how hardware wallets execute cryptocurrency transactions: 

• The transaction message is prepared by the client software, which is then sent to the hardware wallet. 

• After the wallet owner confirms the transaction details (such as the amount, recipient address and blockchain fee) shown on the hardware wallet device’s screen, the wallet signs the transaction with a non-extractable private key. 

• The signed transaction is delivered back to the client software and sent to the blockchain to be confirmed. 

Because the private key never leaves the device and the device has extremely limited functionality, even if your computer is compromised with malware, an adversary cannot gain access to your funds. 

If this method of securing your coins is right for you, then the next question is “Which hardware wallet should I buy?”. The table below shows the features and security practices of the most popular hardware wallets on the market: 

*Source: https://dl.acm.org/doi/pdf/10.1145/3464967.3488588. PCB: Printed Circuit Board, MCU: Microcontroller Unit. *

While KeepKey and Trezor both use holographic stickers to prevent supply chain attacks, Ledger doesn’t. Holographic stickers can be replaced by an adversary with enough resources, so Ledger claims that this doesn’t add any security to the device itself. Another major difference is that Trezor’s products are the only ones that are open source across the firmware, client software and hardware. 

Another distinction between Ledgers and other hardware wallets is that the former is designed to be an openable device. While this feature opens up unsuspected users to potential supply chain attacks, you should always verify the printed circuit board of Ledger’s hardware wallet hasn’t been tampered with by comparing your device with the pictures provided online, to check that no additional components have been attached that could lead to an exploit.

In the following section, we provide an outline of the major risks for hardware wallets that all users should be aware of. 

Hardware Wallet Risks

One thing to keep in mind: by using a hardware wallet to secure your funds you’re accepting the assumption that it is a piece of trusted computing. 

The main risks with hardware wallets relate to theft, interception, human error and physical security. 

• Theft: Even if you own a hardware wallet, you still need to protect the device. It’s no good just leaving it somewhere that’s unsafe, since there have been exploits in the past where an attacker is required to have physical access to the device. 

For example, Kraken Security Labs found a flaw in Trezor’s hardware wallets where an attacker could extract the seed with just 15 minutes of physical access to the device. Other similar, undiscovered vulnerabilities that require physical access may exist and it’s worth keeping in mind when deciding whether a hardware wallet is right for you. 

• Interception: Another potential risk is interception of your device, also known as a supply chain attack. Unsophisticated attacks have been performed in the past through eBay, where the secret recovery phrase was already filled out on the card that comes with the Ledger. Once the buyer transferred funds to that Ledger, they effectively sent money to the unauthorized seller of the hardware device. The takeaway from this is to always buy hardware wallets from the official store, directly from the manufacturer. 

https://twitter.com/fluffypony/status/949640461941080064

Supply chain attacks may become more sophisticated in the future, so it’s worth being aware of this potential vulnerability if you’re going to use hardware wallets. For example, Ledger devices can be physically tampered with, which means the screen is vulnerable, and there’s no way of knowing what’s happening behind the screen. For example, a malware writer could swap out your genuine address for another in the background to display an address that’s not really yours, and you’d have no way of knowing. 

• Human error: Even software projects like Bitcoin or Ethereum that have a high number of contributors have still fallen victim to human error and a thorough peer review is required to catch these problems. For devices like hardware wallets, which are often closed source and only have a small group of people working on them, then that’s an additional risk to consider, which is less of a concern for open source software wallets.

An example of human error and how it can affect hardware wallet users: in August 2018, an update was pushed to the Ledger Wallet Ethereum Chrome app, which replaced every ETH recipient address with a fixed one. If you’d have sent money to that address, it would have been lost or stolen. 

Human error on part of the hardware wallet user is another factor to consider, although not unique to hardware wallets. For example, the EthClipper attack leverages the insight that many hardware wallet users will only check the several characters at the beginning and end of an address to verify its authenticity (rather than the entire address itself). 

When using any wallet, always verify the full address, pay attention to the capitalization of letters and type the recipient’s address out rather than copying and pasting to prevent attacks similar to EthClipper. 

• Physical security: You have to get your hardware wallet delivered somewhere, and it’s best to avoid using your own address if possible. Instead, you can get the device sent to your place of work, a mailbox or forwarding address to avoid exposing your home address. 

Data breaches can happen, and companies producing hardware wallets are no exception. For example, in July 2020, Ledger customers' names and addresses were exposed through a data breach, opening up the potential for $5 wrench attacks, where an adversary literally tortures you for your password, private key, etc. As you may have guessed, good cybersecurity practices aren’t the only consideration when thinking about self custody: physical security is another aspect that cannot be ignored. 

Source: xkcd

Creating Your Own Hardware Wallet

If you don’t want to put trust in hardware wallet companies or make yourself a target of a supply chain attack, an alternative route is to create your own wallet with consumer hardware.

Instead of buying a specialized device, you can use off-the-shelf commodity hardware to run open source software to secure your coins. Since software is more easily and thoroughly audited, you can use an old mobile device, Raspberry Pi or purchase a second hand computer with cash to make yourself less vulnerable. Also, supply chain attacks are harder to perform if you choose to follow this method. 

For instance, you could use an old Android mobile, factory reset it, replace the operating system with something like CalyxOS and install a wallet such as AirGap to create a cold storage device. Having a Ledger or Trezor lying around or in your possession screams “cryptocurrency holder”, while an old mobile phone or laptop doesn’t, making theft less of a problem. 

While this technique is not very convenient for most users, it can provide better security if you’re worried about closed source hardware, supply chain attacks or trusting hardware wallet manufacturers. 

The Glacier Protocol: Taking Paranoia to the Max

The Glacier Protocol is a method designed by Bitcoin and security professionals that takes paranoia to the max, securing your assets in a way that doesn’t require you to place trust in any other person or entity. While the protocol is aimed at Bitcoin holders, it can also be slightly modified to put Ethereum and other tokens into cold storage using paper wallets. 

Securing your assets using the Glacier protocol is the digital equivalent of burying some cash somewhere in Antarctica. Because of the heavy focus on security over convenience, you should only use this protocol when you want to store $100,000 or more in value and you’re planning on HODLing over very long time horizons. 

The process is long and tedious, estimated to take around 8 hours to complete, as detailed by this step-by-step 93-page guide. It’s also not cheap compared to other self custody methods. The equipment required to follow the protocol will cost over $600, involving the purchase of two separate factory-sealed computers, four factory-sealed USBs, casino-grade dice and a Faraday bag, among other items. 

The idea here is to quarantine the computers, remove their wireless cards so that they are never connected to the internet and use them in conjunction with casino-grade dice to create private keys in a trustless way within a vacuum to mitigate a variety of attacks. After going through this process you’ll end up with a set of paper information packets, one for each private key needed for the multisignature withdrawal policy.

Shortcut versions of the protocol with lower security guarantees are also explained on the website, with one option involving the use of existing hardware you own and following the same process, similar to what we described in the creating your own hardware wallet section above.

Inventive Ways of Securing Your Secret Recovery Phrase

All wallets (with the exception of social recovery wallets) require you to back up your secret recovery phrase so you can restore the account balances on any other device. Write down the secret recovery phrase, keep it private and store it somewhere safe, where the last part is the difficult aspect of self custody. However, hardware wallet manufacturers prompt users to write their secret recovery phrase on a piece of card or paper.  

The problem here is that in the event of a fire, flood or natural disaster, that piece of paper isn’t likely to survive. You could store it in a safe, but a better way of storing your secret recovery phrase is by engraving it into a metal so that it can withstand a fire or a flood. One useful product that does this for you is CryptoSteel, or consider a more DIY approach.  

Also, your password and recovery phrase taken together are a single point of failure, as if these are exposed to anyone, then you might lose your funds. You could also consider splitting up your secret recovery phrase and storing the parts in different locations. However, your private key could be brute forced if an adversary had access to half of your secret recovery phrase. 

A better technique for storing secret recovery phrases would be Shamir’s Secret Sharing, which is supported by a handful of wallets like Trezor’s Model T. The secret recovery phrase can be split into up to 16 shares (each with a sequence of 20 words), then you can set a threshold that is needed to recover your funds. 

Self Custody is Not Just About Protecting Your Crypto

Self custody is more than just protecting your assets. Another important part of it also involves how you’re going to pass on the assets in the event you pass away, which is known as estate planning. 

Without a will or trust, how will you decide who gets what? Inheritance of your crypto-assets depends on a detailed, documented and tested plan–we may cover this another day. 

Summary

Hopefully, by now you have a deeper understanding of security practices and you can assess which method of self custody is right for you. As the industry grows and matures, self custody should become even easier over time, but that doesn’t mean self custody is out of your reach today.  

Self-custody doesn’t just require you to think about cybersecurity, it also means assessing your physical security and estate plan because you don’t want to go to all that trouble to secure your coins just to find you or your family has lost access to them. 

When deciding which method you want to use, remember that there’s a trade-off between convenience and security. With something like the Glacier protocol, it’s very secure but not that convenient. On the other hand, storing your assets on a browser wallet like MetaMask or on an open source app on your mobile phone is more convenient but not as secure as other self custody options (although it’s still more secure than holding your coins with a third party!).

Links

• Website

• Twitter

• Discord

• Youtube