Security is paramount in the world of digital currencies,
Unlike traditional banking systems, cryptocurrencies let you maintain full control over you assets. This is often referred to as "self-custody."
A common way of practicing self-custody is through a hardware wallet.
You may have heard of the brands Ledger or Trezor, which manufacture some of the most popular hardware wallets in the market.
Here's an in-depth look at safely using a hardware and exploring some best practices for self-custody.
Understanding Self-Custody
Self-custody refers to the practice of holding and managing your own private keys. These keys grant ownership and control over your cryptocurrency holdings.
You essentially become your own bank!
By taking control of your assets through self-custody, you remove the need for intermediaries such as centralized exchanges like Coinbase, thereby reducing their associated risks and vulnerabilities.
However, this is money we're talking about, and when it comes to money, you need to make sure you thoroughly understand self-custody and set things up properly.
Understand Your Hardware Wallet
Your crypto assets are on the block chains, not on your physical device. The only thing stored on the device is your seed phrase.
A seed phrase, depending on the device, is usuallly composed of 12, 18, or 24 words. Seed phrases are a mnemonic representation of a cryptocurrency wallet's Master Private Key.
A mnemonic representation is like a memory aid. Think of it as a shortcut to help you remember something complicated. In the world of cryptocurrencies, instead of trying to remember a very long and confusing set of numbers and letters (which is your private key), a mnemonic turns that into a list of common words. This list of words, often called a "seed phrase," is much easier to write down and remember, and it acts like a special password to access your digital money.
This Master Private Key will give the holder full control over the digital assets within the wallet. As long as you have your 24-word recovery phrase, you can restore your assets on a new device.
Hardware wallets are usually very durable, but if one malfunctions, your assets are safe on the blockchain. You simply access them with a new device using the 24-word recovery phrase.
Handling Your Seed Phrase
When you unwrapped set up a new hardware wallet, you'll be asked if you want to generate a seed phrase.
You'll only get one chance to write it down and it's imperative to store this seed phrase in a safe, offline location to prevent unauthorized access and potential loss.
Losing or exposing your seed phrase to risk could result in irreversible loss of your digital assets. Take note of the following tips:
- Store your seed phrase securely, preferably hammered onto durable materials like steel or titanium. Never keep a digital record of your seed phrase.
Wait.. what? Engraving or hammering the seed phrase onto materials known for their durability and resistance to corrosion, such as steel or titanium, stores it in a way that withstands the test of time and elements!
It's vital to safeguard your seed phrase and not reveal it to anyone you don't trust. From my interactions with various online communities, the main way people lose their crypto is because they didn't secure their seed phrase or some bad actor fooled them into giving it away. I've not personally seen a credible case otherwise.
For added security, use the additional passphrase feature (if offered by your device). This creates a nested account that requires both the seed phrase and additional word - the passphrase.
If you do go down the route of additional passphrase, do not store the passphrase with the seedphrase. Record both down on separate sheets of paper/metal sheet.
*Storing your passphrase digitally, ie. somewhere on your computer, is generally fine.. providing your seedphrase if offline, on paper or on metal. For ultimate security, store both offline.
Your have to keep your seed phrase safe. If your device breaks after few years, you can just buy another one and back up your crypto using the seed phrase.
It's technically possible to create your own mnemonic seed phrase, but it's not recommended. Humans are notoriously bad at generating true randomness. We often have biases and patterns, even subconsciously. This can result in a seed phrase that is less random and potentially more susceptible to brute-force attacks.
Optimal Usage Practices:
Before making large transactions, test with a small amount.
If your hardware wallet offers it, set a good, non-trivial, PIN for accessing the device. Typically, after a set number of incorrect attempts (usually 3!), the device resets and you'd need to reinsert your seed phrase.
Only download associated software from trustworthy sources. Check and double check the link your on.
Exercise Caution signing smart contracts with your device. Given their ability to execute transactions automatically on the blockchain, it's crucial to interact only with contracts that have been verified and audited for security. Engaging with high-risk contracts is a frequent concern, steer clear of such activities. A high-risk contract, in the context of cryptocurrencies and blockchain, refers to a smart contract that has not been thoroughly audited, has known vulnerabilities, or is developed by unverified or anonymous team.
An example of a high-risk contract in the realm of cryptocurrencies and blockchain could be a newly launched Decentralized Finance (DeFi) platform offering unusually high returns on investments through a farming or staking pool. This contract promises significantly higher yields compared to the market average, creating an enticing incentive for potential investors. I wouldn't bother!
- Don't store all of your assets on one single device Think about using multiple hardware wallets to diversify and mitigate risks. Remember that old adage: Don't put all your eggs in one basket.
2. Scam Awareness
Never enter your seed phrase anywhere other than on the device itself. If you’re ever asked for your seed on anything besides the device itself, it's a scam.
Malicious third-party apps or extensions might manipulate the recipient address. Always verify details on your device before confirming a transaction.
A reliable hardware wallet will never ask you to input your seed phrase during regular operations like sending or receiving funds. The only time you should ever need to enter your seed phrase is if you're restoring your wallet on a new device. If your hardware wallet (or scam software pretending to interface with it) asks for your seed phrase outside of this scenario, it's a massive red flag and could be indicative of a scam or phishing attempt.
Your Master Private Key never leaves the device, therefore, connecting to a third-party app like MetaMask should be generally safe, provide it's the real one and not a phishing link! This will allow you to create and manage Ledger-protected accounts via third-party applications.
Phishing is a type of cyber scam where attackers masquerade as a trustworthy entity to deceive individuals into providing sensitive information, such as login credentials, financial information, or personal details.
In a phishing attempt, the scammer sends a message that appears to be from a legitimate source, such as a well known crypto exchange or influencer. It's usually some kind of free cryptocurrency offer or fake air drop. This action might involve clicking on a link, which leads to a fake website that closely resembles the real one. You'll typically be asked to input sensitive information, such as your seed phrase - which you'll hand over on a silver platter. Sometimes, they'll ask you to send a small amount of crypto to "verify your address" or to "unlock free 10ETH giveaway" but receive nothing in return. Don't buy it.
- Be cautious with Chrome extensions or third-party apps when using your Ledger. They may potentially manipulate the wallet address you're sending to, so always remember to verify the address on the Ledger device itself. These extensions or apps cannot access your private keys on the Ledger, so always ensure you're confirming transactions directly on your device.
6. Discretion is Vital:
Avoid disclosing your crypto holdings. Financial privacy can prevent potential threats and many have been robbed and scammed for showing off too much. Indeed, many rappers and singers lost their lives for that very reason!
Store your device inconspicuously. While it's PIN-protected, possession still hints at crypto ownership. Don't wear it on a necklace around your neck!
Remember: "What you got of best in your life, keep it private." - displaying wealth can attract undue attention.