At least $1 billion in customer funds have gone missing since the collapse of FTX, with millions more locked up in exchanges that have frozen withdrawals while they consider bankruptcy. If you’ve been hesitant to explore self-custody — the practice of managing the private key for your crypto wallet — now might be the ideal time to switch over.
Self-custody can feel daunting. But we’ve got you! By the end of this guide, you should be able to get started with a self-custodial wallet and avoid some common pitfalls.
A self-custody crypto wallet is one where the user manages their own private key (password), signs their own transactions and owns their own assets.
A custodial wallet, on the other hand, is where a centralized company manages a customer’s usernames and passwords, while also holding onto their funds in a general pool of customer assets.
Most crypto exchanges offer a custodial wallet option that, at the very least, can serve as an easy onramp option for newcomers buying their first crypto. However, once you accrue a certain amount of crypto in your custodial wallet, you might find yourself wanting to move it off the centralized platform and into a self-custody wallet.
The popular exchange Coinbase, for example, offers both a custodial wallet and a self-custody wallet. If you use the default wallet on the Coinbase exchange, your crypto is part of Coinbase’s custodial asset pool, and you can access your funds by entering in your username and password. If you forget the password to your custodial wallet account, Coinbase can send you a reset link so that you don’t get locked out forever.
But if you want a decentralized option, you can sign up for a self-custody Coinbase Wallet, which requires you to write down a locally generated seed phrase and manage your password yourself.
Some of the most commonly cited reasons why people self-custody include:
Read More: WTF Is… A DApp
Despite the benefits of self-custody, it doesn’t always make sense. For one thing, the user experience (UX) can be frustrating and full of friction points.
“Most people are getting wrecked because it’s really annoying and difficult to self-custody,” says Jasmine Xu, head of product for Bitski, an NFT wallet and DApp company. Self-custody is therefore most successful when someone cares strongly enough about their assets that they do it correctly.
A differing perspective is that “everyone should probably self-custody at least a little,” says Knifefight, author of the Something Interesting newsletter. “You don't want to wait until you have no choice before you start practicing and learning.”
In general, self-custody makes sense when:
Meanwhile, self-custody doesn’t make sense when:
To get started with self-custody, you’ll need a strategy, something crypto investors call making a “mental model.”
“A good crypto [custody] solution is one where no single thing can go wrong and leave you bankrupt,” advises Knifefight.
Most crypto veterans therefore maintain multiple self-custody wallets for different use cases — starting with the most at-risk uses to the most secure. (Note: These are not product recommendations, but rather a summary of tools often mentioned in the space.)
A hot wallet is connected to the internet via an app, browser or browser extension and is used to execute daily activity, including signing transactions on chain. While hot wallets are convenient, they are also more susceptible to scams. They are sort of like the “front line” defense and therefore most likely to get hacked or sign a malicious transaction. Most people maintain multiple hot wallets — usually at least one for low-trust transactions (e.g. minting NFT projects, transacting with strangers and executing trades or flips) and another for medium-trust transactions (e.g. transacting on trusted marketplaces like OpenSea).
Let's break those different use cases down:
A vault wallet is where you keep your more valuable assets. You want your vault wallet to be separate from the wallet you use to sign daily transactions so that it’s less at risk of being hacked.
Many people choose to use a hardware wallet for their vault, compared to mobile or browser-based wallets. Hardware wallets generate public and private keys, and then sign transactions. Your private key never has to be entered onto the internet, keeping your assets safer.
You’ll also hear the term “cold storage”, meaning keeping your private keys as far away from the internet as possible. In practice, your cold storage wallet and your vault wallet are likely used for similar types of assets, but your cold storage might be the wallet you access the least throughout the year. Many folks use the phrase “cold storage” to refer to private keys that aren’t used often, or they use the term synonymously with a hardware wallet. However, some people go as far as to insist on options like the Glacier Protocol, a self-managed storage protocol for large amounts of bitcoin ($100,000+) that’s said to be highly secure.
Multi-signature (multi-sig) wallets are good option for companies, families, organizations or groups of people. Multi-sig wallets require multiple private keys to sign a transaction. Some companies are developing services to assist with self-custody like multi-signature wallets with backups in the case of key loss. “You can change the forms of self-custody or who is self-custodying (e.g. Bitski does key custody but not asset custody),” Xu notes.
A seed phrase is a 12-to-25-word phrase that can be used to recreate your wallet’s private keys if you ever lose your password or even lose the physical hardware or software (e.g. you lose your phone, you drop your laptop, or you misplace your hardware wallet). When setting up a hot or vault wallet, you’ll want to create redundant backup storage methods for your seed phrase.
Most people recommend never taking a photo of your seed phrase, but others say storing your seed phrase in the cloud is a reasonable risk for wallets you don’t keep high-value assets in.
When backing up a high-value wallet, some people engrave their seed phrases onto multiple metal plates which they keep in geographically diverse safes. There are a ton of different companies to choose from, but I’ve seen people use Crypto Steel, Seedplate, and Billfodl.
The most important step towards self-custody is taking the first step. Start small, get familiar, and then optimize:
To close us out, self-custody veterans have some words of wisdom to share:
Remember it’s not free to move assets between wallets. Keep your eye on transaction fees to avoid surprises.
Last, be sure to isolate your high-value assets when signing transactions. Say you keep all your awesome women and non-binary-led NFTs in a vault, but you want to claim a drop from one of the projects. Rather than signing from your vault wallet, transfer the relevant NFT to an empty hot wallet, sign the transaction, and then return your NFT to your vault.
Don’t forget: The BFF community is here to help answer questions. You can also reach out to me at @femmedecentral on Twitter, or join my newsletter that’s a build-in-the-open chronicle of building a new crypto custody solution.
Laura Holmes is a former Google Product Lead who likes to build things from zero to one. She recently decided to go all-in on crypto and is working on building something new in the custody space.
This article and all the information in it does not constitute financial advice. If you don’t want to invest money or time in Web3, you don’t have to. As always: Do your own research.