How to take custody of your crypto keys
Dear Bankless Nation,
Not your keys, not your… stop us if you’ve heard this one before.
The FTX liquidation has been max pain for plenty of crypto holders who should have known better.
But there are also so many newbies sadly learning the hard way that central exchanges aren’t where you want your tokens sitting.
To own your future, take control of your keys.
This week, William digs into how crypto holders can protect themselves. He also lays out some tips for the crypto veterans among us.
Even if your hardware wallet is safely tucked away, there’s always more you can do to stave off disaster.
- Bankless team
“Not your keys, not your crypto” is a phrase popularized by Bitcoin and open blockchain expert Andreas Antonopoulos. The maxim refers to how if you entrust your crypto public-private key combo to someone else, say a centralized exchange, then you ultimately don’t control what should otherwise be your crypto.
Never has this “Not your keys” dictate been more important than in the wake of the massive FTX collapse, as most people and projects that stored their funds on the centralized exchange (CEX) now stand to lose everything they had on the platform amid the FTX mega-theft blowout.
As such, for this tactic let’s double back on Bankless fundamentals and walk you through how you can resolutely self-custody your own keys so that you and only you can decide what to do with your hard-earned crypto.
- Goal: Learn how to custody your own keys
- Skill: Beginner
- Effort: 1 hour
- ROI: Minimum viable self-security for your digital assets
Taking control of your own keys
Only move crypto to a CEX when you need to actively trade or cash out funds, and when you do cash out, immediately withdraw your money to your bank account. Never store your funds on a CEX indefinitely because these are custodial platforms, and you know what that means: not your keys, not your crypto.
The good news? When you’re not trading, you can personally store and guarantee your digital assets in non-custodial fashion with a hardware wallet.
By non-custodial, I mean a wallet that you personally generate and thus that only you control. And by hardware wallet, I mean a device-based crypto wallet that you have to physically engage to confirm transactions, meaning others can’t transact with your funds on your behalf.
KISS, Ledger style
“Keep it simple stupid,” or KISS, is a military engineering principle that, simply put, asserts solid easy-to-use tech should be what wins out with regard to practicality.
In the context of crypto, I think the KISS approach is, at least at a bare minimum, to own a Ledger Nano S series hardware wallet. Ledger recently shifted to the optimized Nano S Plus model, but everything henceforth in this post is the same for regular Nano S and Nano S Plus users.
Why are Ledger Nano devices a fit for the KISS principle, then? Because these devices are pretty affordable (the newer Nano S Plus goes for $79 per unit), they’re user-friendly, and most importantly they can last you for the long haul.
For instance, I got into crypto in the spring of 2017 and got my first Ledger Nano S a couple of months later. I use the same Nano S I bought back in 2017 to sign transactions with my main wallet today, so my device is still going strong five years on. A newer Nano S Plus should last you just as long and perhaps much longer.
Setting up your Ledger
Hardware wallets like Ledger devices make it easy to generate your own public and private keys, i.e. your own crypto accounts.
Once you’ve acquired your first Ledger, you can unbox the device, at which point you will have:
- A hardware wallet device
- A USB cable for computer connections
- An instructions leaflet
- 3 recovery sheets for your recovery phrase a.k.a. main password
- A keychain strap
Next up, you will:
- Install the Ledger Live app
- Use Ledger Live to Set Up New Device
- Initialize your device and set up your wallet PIN code
- Use your recovery sheets to record multiple copies of your recovery phrase, which you can use to restore your wallet later if necessary
- Confirm your recovery phrase by scrolling through and confirming the given prompts
- Connect and unlock your device to confirm it’s genuine
- Install your desired apps, like Bitcoin accounts, Ethereum accounts, etc. Now you’re ready to proceed!
For MetaMask users, see this Ledger article on how to protect your browser wallet with a Ledger device.
Saving your recovery phrase for good
With great power comes great responsibility.
For instance, let’s say you’re an ETH, SOL, and USDC holder who traded on FTX but always promptly moved your funds to your own hardware wallet.
When FTX got wiped out, you would’ve personally controlled all of your own money in your own non-custodial wallet, so you wouldn’t have lost anything directly in the collapse.
The possible downside of self-custody, though? The buck stops with you.
In other words, if you decide to self-custody your funds with your hardware wallet, your crypto is only as safe as your underlying recovery phrase security system.
Unimaginable betrayals happen. Unfathomable natural disasters happen. As such, you need to make sure that you preserve your Ledger recovery sheets in a way that’s beyond resolute.
For instance, you don’t want to keep all your sheets in one spot, like all in your own house, so you may want to preserve backups in a bank deposit box or in a weather-proof box at your most trusted family member’s house for redundancy.
Floods can happen. Wildfires can happen. So on and so forth. Ensuring your recovery passes are safely stored in at least a couple of durable and trustworthy places can make all the difference if worst comes to worst. If you want to go the extra mile, consider getting a Cryptosteel Capsule to ultra defend your Ledger’s recovery phrase.
Going above and beyond with a multisig
You know what’s better than one Ledger hardware wallet?
Three Ledger hardware wallets!
That’s because if you have three Ledgers you can create a resilient “minimum viable” multisignature crypto vault via Safe (formerly Gnosis Safe) that will require at least 2 of 3 signatures from any of your three main wallets to confirm any transaction.
The benefit of this approach? Even in the extreme cases of someone putting you under physical duress or digitally phishing your wallet, they still couldn’t commandeer your crypto because they’d lack the additional wallet signature to sign a 2/3 multisig transaction. In other words, definitely your keys, definitely your crypto.
If you want to take your crypto self-custody game to the next level, here’s how you can set up a Safe in minutes:
- Go to gnosis-safe.io/app/welcome and connect a wallet
- Click the +Create a new Safe button
- In the ensuing UI select your desired deployment chain — e.g. Ethereum, though over 10 other networks are currently supported
- Title your Safe, e.g. “My Vault,” and then add your other desired signing addresses to configure how many accounts you need to confirm transactions, e.g. 2 out of 3 addresses
- Review all your Safe’s details to make sure everything looks correct, then press the Create button and wait for your transaction to confirm!
Safety first, then teamwork
Crypto is one of the most exciting new domains for human exploration and experimentation in the 21st century.
To make the most of this incredible cultural and financial movement, though, you have to survive.
That said, if survival is your goal in crypto, then taking control of your keys is your first fundamental step forward, and using a Ledger hardware wallet or a multisig of Ledger wallets are your best bets to do that in straightforward and affordable fashion. It’s all about taking control of your own keys to take control of your own future!