Securing Six Figures+ Worth of Crypto
Spend enough time in web3 and you will inevitably accumulate some amount of wealth. Every token you have, every interaction and transaction you do ends up producing value back to you one way or another. Sadly such value generation also attracts bad actors who are looking at your own holdings and trying to snatch them away from you. The standard advice for beginners is to set up a hardware wallet, backup your keys, verify which website or extensions to use. This is good enough up until you reach another order of magnitude of wealth, in which you will want to take it up a notch.
The main goal of this essay will be to provide a foundation for people to build atop. We will focus on creating a simple, highly efficient, and secure setup designed to hold a considerable amount of value for the next 10 to 50 years. be it in ETH, Bitcoin, Nodle Cash, or others.
Day to day operations: “Hot” Wallet
Most of us will interact with web3 products with one single wallet, often a simple account on Metamask. However, attacks against metamask and similar wallets or browsers have been gaining traction recently, for instance, there were numerous examples of people having their extension hijacked by a malicious attacker in the last few months. The idea of the hot wallet is to only hold limited amounts of crypto and to use it only for day-to-day operations, such as swapping some coins, bidding on NFTs, interactions with DAOs, or deploying new smart contracts. Most people will also import it on their other devices such as their phones via an application like Rainbow, Metamask mobile, or Zerion.
The hot wallet also acts as the central point of your web3 identity, for instance, you may have an ENS name (kept in cold storage, more on that later) that resolves to your hot wallet’s address. This is also the address you commonly share with your friends or on socials.
In the case of the hot wallet, you will find a few schools of thought, many people like to keep it as a simple metamask style account, or use a wallet like Argent. In my case, I have chosen to turn my Ledger Nano X into a hot wallet. The reasoning here is that the wallet itself is kept offline, so it is harder to hijack or steal, yet it is rather convenient (as convenient as using a Ledger is…) to plug it into my laptop or use it with my phone via Bluetooth.
Long term storage: “Cold” Wallet
You will have noted that we recommend using a “hot” wallet only for day-to-day operations. When it comes to tokens that one intends to keep for a longer period of time, at least a few weeks or a month, the standard recommendation is to acquire a hardware wallet like a Ledger or Trezor and deposit the tokens there. Think of the cold wallet as your bank or savings account, you keep enough to do day-to-day expenses in your checking account and move the rest to the savings account. The hot/cold wallet relationship works exactly the same!
However, it is important to highlight that you should never, under any circumstances, use it to interact with any decentralized apps or give permission for an app to spend any tokens there. Indeed, whenever you give permission to another app or smart contract to access your tokens, you expose yourself to the risk of it being hacked and the hacker using this permission to take your funds away without having you to further authorize the transfer. Thus, the standard rule of thumb is to restrict cold wallet usage to the only transfer of tokens when in doubt.
In my own case, the cold wallet is also where I’d keep long-term NFT holdings or the core components of my web3 identity, such as my ENS names. I have chosen a Ledger Nano S Plus as my cold storage solution of choice. It has superior hardware to the more common Ledger Nano S and is made by Ledger, which is currently the best Hardware Wallet manufacturer on the market, despite a sub-par UX. Since we want that setup to be valid for the next 50 years (at least) it is important to pick a provider that will not disappear in 5 years and who has extraordinary hardware and crypto support.
But… why not a multi-signature wallet?!
Some fellow crypto nerds may have been considering the use of a multi-signature wallet for cold storage. While this is something that was considered during the writing of the present essay, I ultimately decided against its use, indeed most multi-signature wallets are implemented in the form of one or many smart contracts, which, as was proven in the past, presents additional risks. On top of that, we have no guarantee that most solutions would still exist or even work in the next 50 years. Moreover, it could make it tricky to claim airdrops which could sometime be allocated to your cold wallet (for instance, if you were keeping your Uniswap V1 liquidity positions in cold storage).
One-shot testing, high-risk environments: Burner Wallets
In some cases, you may want to create an ephemeral wallet that is not your hot wallet. For instance, you might be testing a new web3 product that you do not necessarily trust, or you might be setting up a temporary wallet for a conference. Enter the concept of burner wallets, which are a fancy way to refer to a wallet you would create for a short period of time before moving the assets to another wallet (for instance, cold storage) and destroying the private key or seed words.
About backups
Obviously, this essay would not be complete without thinking about wallet backups. Indeed, if we are going to hold and grow our crypto for the next 10 to 50 years we better have at least a few backups. Considering the sizeable value we have to take care of, I would suggest using a product like a cryptosteel to save the mnemonics of both the hot and cold wallet. The reasoning here is that metal will better withstand the test of time when compared to paper. It would also be wise to store the cold wallet backup in a bank vault, eventually with the use of tamper-evident seals or a secret passphrase (so that you do not have to trust your bankers).
Some people might be tempted to use Shamir Secret Sharing in order to break their backups into smaller shards and store them in different locations. Given the lack of maturity of such solutions at the time of writing, the exposed risk of loss, and the fact that no implementation has been standardized yet, we are recommending against it. Remember that whatever we implement needs to be here and work in the exact same way in at least 50 years!
A note on custodial wallets and exchanges
You will note that custodial solutions like Coinbase Vault or Ledger Vault were not even once considered in this essay. This is because they are generally cost-prohibitive, involve more third parties, and don’t seem to be well suited for personal, long-term asset holding. Such solutions are generally geared towards businesses with a need for compliance, advanced features such as payment limits for team members or multiple signatures, as well as at least 7 to 8 figures of assets to take care of. On top of that, you’d need to trust a third party, which would actually increase your risk exposure.
