How to keep your crypto safe, and some answers to your FAQs
Key concepts you need to understand, risks, and more.
Welcome to another edition of Crypto Explained.
We are on the mission of making crypto easy for everyone. If you’d like to learn more about the world of crypto, don’t forget to subscribe to receive this Newsletter directly in your email!
If there is one thing this year has taught us over and over again is the importance of self-custody.
Nobody will argue with this after the massive FTX fiasco. It is not the first one, and unfortunately, it won’t be the last one either.
Sadly, the most affected are always the retail investor who did not know better and decided to “trust” these centralized companies with their services to invest in cryptocurrencies.
We cannot prevent these bad actors to continue to do their shady stuff, but we can control how we protect our hard-earned crypto. And this is exactly what I’ll be explaining to you today.
Recapping: what you need to know…
Let’s start with a recap of two sets of key concepts you need to understand when it comes to storing crypto.
First, all wallets are composed of 2 keys:
Public Key: you can think of it as your bank account number which you will share with people if you are expecting them to transfer money to you. Similarly, in crypto, this is the piece of information you share for the same purpose.
Example of a public key: 1DSsgJdB2AnWaFNgSbv4MZC2m71116JafG
Private Key: if we continue with the bank analogy, the private key is like the password/pin to access your account to manage/transfer your money. This is something you should always keep “private” as its name suggests, and never share with people because if you do, then well… they have access to your assets.
Example of a private key: E9873D79C6D87DC0FB6A5778633389F4453213303DA61F20BD67FC233AA33262
Second, you need to understand the concept of Custodial vs Non-Custodial:
Custodial means there is a third party that takes “custody” of your crypto. By definition, if a wallet is custodial, the company that is providing such a wallet owns your public and private keys, so they have full access and control over your crypto. If one day they wanted to, or if their network is attacked, then your crypto might be at risk.
On the other hand, if a wallet is Non-Custodial, then it means that you are the only person that has complete ownership of what’s stored there. You will be 100% in control of your crypto, which means you are responsible for keeping your private key and seed phrase safe, and therefore, have a higher responsibility as well.
So if there is one thing you need to take away from the above, is that the Private Key is a piece of cryptographic data that is critical to the safety of your crypto because it allows whoever has access to it, to sign transactions from a wallet to send/withdraw crypto.
Custody tells you who controls the private key.
Let me double down on this just in case it is still unclear…
Why is it risky to keep your crypto in a centralized exchange, or any other third-party custodial wallet?
When you use a centralized exchange, you are entrusting the exchange with the private keys, which means when you want to send crypto, what you are actually doing is asking the exchange to send that on your behalf.
Why? because they are in control of the keys, not you. Therefore their permission is required to do so. Your right to ownership is nothing more than a number in their excel sheet, just like a bank account.
No matter how legitimate you think an entity is, you can never 100% trust them. History, and unfortunately very recent history, keeps reminding us of this over and over again.
This is where the famous “not your keys not your coins” come from.
Only by holding your own key, you can make sure you actually own the crypto assets. Otherwise, you are at the mercy of whoever you entrusted.
If you made it this far, I hope it is clear to you what risks you are exposed to depending on how you are storing your crypto.
The good news is, you can actually prevent this to happen to you. Yes, it entails a couple of extra steps, but if you ask me, these are lovely steps I’m happy to invest time in to make sure my crypto is well protected.
If you agree with me, then this second part is intended to focus a bit more on understanding the difference in self-custodial wallets, and zooming in on some of the typical questions I see around hardware wallets.
Let’s dive into it!
FAQs Part 1 - Self Custodial Wallets
We kept talking about Private Keys in the first part of this article, but now we’ll move on to highlighting the importance of Seed Phrase, so let me get this out of the way…
- What is the difference between Private Key and Seed Phrase?
Wallets can have different accounts, and each will have a different private key, which is used to sign transactions.
Now, the seed phrase is one and only for each wallet, and is used to recover and restore all the accounts, and therefore all the Private Keys in it
.
In this way, the Seed Phrase is more powerful than the Private Key, so you definitely want to keep your Seed Phrase safe.
Unlike a Private Key which is a string of random numbers and letters, the Seed Phrase is typically composed of 12 to 24 random words.
Example of a seed phrase: hotel obvious agent lecture gadget evil jealous keen fragile before damp clarify
- When we speak of self-custodial wallets, what is the difference between a cold wallet and a hot wallet?
The difference lies in the level of security.
In a nutshell, “hot wallets” are those connected to the Internet. It can be a software wallet, a browser wallet, or a mobile wallet.
Now, when you use a hot wallet, say a software wallet, you are storing your private keys on your PC. This means they are only as secure as your PC is. If someone hacks it or installs malware, or you got some virus, then you can consider your private keys compromised.
So even though it is a self-custodial wallet, because it is connected to the Internet, then by definition it is exposed to the risks this environment contains.
Cold wallets, on the other hand, are generally considered more secure because they are not connected to the Internet, and therefore not exposed to these potential issues that exist in the online world.
These are what we normally call Hardware Wallets. It is a device that looks like a USB stick, and it is essentially stripped down to the bare minimum features by design to reduce any unnecessary risks.
The sole purpose is to keep your magic seed phrase on a device offline that is not directly connected to the internet.
So unlike an actual wallet that we use to put in our cash, your crypto is not actually stored in these hardware wallets. What is stored in these devices is the key to controlling the crypto.
- So where is crypto stored?
Crypto is always stored in the blockchain. It is not stored in some computer, and it’s not in a wallet. The only difference is where we store the keys that give us access to our crypto.
If you have your crypto on an exchange, they have the keys to control your crypto. if you have your keys in a self-custody wallet, then you have the keys that control the crypto.
Hence, when you transfer your crypto around, you’d think that you are transferring crypto from A to B. But really, the crypto is in the same spot on a blockchain, what really happens is that you are transferring your keys from one device to another device.
FAQs Part 2 - Demystifying Hardware Wallets
People tend to have a lot of concerns about Hardware Wallets, myself included.
So let me go through few of the most frequently asked questions to demystify some of the concerns.
- What happens if I forget my password?
As long as you have your seed phrase, you can use it to restore your wallet and accounts in it, and then reset your password altogether.
- What happens if I lose my hardware wallet or if it’s destroyed?
Let’s remind ourselves that it will not destroy your crypto, as the wallet doesn’t store any crypto at all. It is only storing the keys to access your crypto assets, so following this in mind, you can get another wallet and recover your accounts by using your existing seed phrase.
- What if my hardware wallet is stolen?
Fortunately, when you want to confirm any transactions, there is an additional step required by the device, which is your pin password. Whenever you want to sign for a transaction, you need to confirm your pin code, so even though your device has been stolen, as long as the person doesn’t have your pin code, it would not be enough to get his/her hands on your crypto.
Having said this, it is still highly recommended that you quickly take action and move your keys out to another wallet.
- What happens if the company/manufacturer of the hardware device goes out of business?
The majority of wallets use the BIP39 standard. BIP stands for Bitcoin Improvement Proposal, and this is the standard that allows us to see the seed phrase in the existing format of either 12 or 24 words.
This means that the seed phrase technology most hardware wallets use today is the same, and therefore compatible among themselves, so if X company goes out of business, you can recover your crypto by using another company’s wallet, restoring your wallet by, you guessed it, using your seed phrase.
Now this means you should choose a wallet that supports BIP39. And this is applicable to not just hardware wallets, but also hot wallets too.
…………………………………….
So far so good?
Well, at this point you might have observed a pattern, which is all of our problems can be solved by using the Seed Phrase.
So here comes the million-dollar question…
What happens if I forget my seed phrase?
Well, this is universal to all types of self-custodial wallets. No matter what, if you lose/forget your seed phrase, and any of the above scenarios happen, you will not be able to restore your wallet and therefore won’t have access to your crypto.
This is why it is absolutely critical to find a way to store your magic Seed Phrase in a secure and private manner that works for you.
You’ll one day be thankful for having taken this precautionary step.
Hardware wallets sound great now. But is there any risks?
Aside from the main risk of losing and/or forgetting your seed phrase, here goes some precautionary advises:
Beware of tampering: to avoid this, all reputable hardware manufacturers use a special holographic sticker to prove the wallet was never opened. If you receive a hardware wallet and the sticker isn’t intact, don’t use it.
Buy straight from the manufacturer.
Your seed phrase should be configured randomly during the setup of the device - if you receive the device with any preconfigured seed phrase, then consider it as a high risk.
Protect your device via PIN: most devices require a pin number to sign transactions, so make sure this is set up to add an extra layer of protection to your hardware wallet!
Final Thoughts
Let’s remind ourselves that the whole point of crypto is to provide a trustless alternative enabled by blockchain and cryptographic technology, so we don’t need to be at the mercy of big corporations and entrust our hard-earned money and assets to a handful of decision-makers we don’t even know.
However, somewhere along the way, many companies have been built to make it easier to gain access to crypto. And here we are, “trusting” again.
Now, this can happen to anyone, it is not just a newbie thing. A lot of experienced investors, VCs, and high-net-worth individuals, all make this same mistake.
Sometimes, it is a conscious choice. But many other times, we simply don’t know the risks we are exposing ourselves to.
Don’t get me wrong, I don’t think a project is necessarily bad just because it is centralized or custodial. But given that we can’t 100% trust these companies to honor their commitment, and if we are just going to hold on to our crypto, then we might as well store it somewhere safe.
Some things need to only happen once to really wreck us. Considering the potential downside, it is totally worth spending a few minutes understanding these key concepts, how wallets work, and what risks there are, in order to make an informed decision about how to keep your crypto safe.
Hope you don’t procrastinate on this one!
Thanks for making it this far! Make sure to like, subscribe and share, so more people can find us!