Self-Custody: How To Avoid Losing Your Funds

Magellan Security
3 min readDec 27, 2022

--

As the year comes to a close, crypto will look back at 2022 as a year where the industry was flipped on its head. Over $100 billion dollars will have been washed from this industry due to negligent practices and poor risk management. With 2023 quickly approaching, here are some best practices to consider when participating in the crypto ecosystem.

  1. Buying a hardware wallet is the best zero-to-one method in protecting your assets. Unless you stake your funds to compound your rewards, there is no real reason to leave your assets in the hands of an exchange or third party provider. Most importantly, please make sure you buy a wallet directly from the supplier and not a third party (i.e. Amazon). Many wallets have been known to be compromised if not bought directly from the vendor themselves.
  2. Storing your private keys and seed phrases on a physical medium is the only way to ensure attackers can never compromise your wallet. Backing up your keys or seed phrases to SaaS services leaves you vulnerable to losing your funds should the third party provider be breached (i.e. lastpass).
  3. Checking that you’re engaging with a safe domain is a crucial way of protecting yourself in the Web3 space. Attackers will frequently spoof exchanges and domains to get you to send your funds to bad actors. Tools like Wallet Guard run checks against the domain you’re interacting with to ensure it is indeed safe.
  4. Revoking Third-Party integrations in your wallet is the most important way to ensure your wallet isn’t abused. When using Metamask, you grant access to third-party applications when making trades (i.e. Uniswap, 1inch, etc.). After using them, please make sure you revoke access to ensure that transactions can’t be prompted to you without approval.
  5. Check that your wallet provider is up to date with the latest version and patches. This follows security best practices followed by the government and financial institutions. Wallet Guard will also check to determine what version your wallet is running to ensure its up-to-date.
  6. Sharding your keys is a great way to ensure that there is no single point of failure when accessing critical funds. Most exchanges and funds do this with their wallet infrastructure to avoid any type of collusion or misuse of private keys.
  7. Never leave your funds on an exchange. If there is one thing we learned this year, it’s to always make sure that you own your keys. The old adage, “Not your keys, not your crypto” still rings true.

Curious to know what products we suggest? Here is a list of products we can vouch for to better protect yourself:

  • Ledgerthe French based company is the biggest hardware provider and is releasing a new wallet in spring 2023. Ledger supports more currencies and integrations than any wallet provider in the market place.
  • Ngravealthough the Belgian based company has tagged a steep cost (€400+) to their wallet, they support formal verification methods (EAL 7 certified OS), making it secure by default. This air gapped wallet also integrated biometric features to limit fraud and abuse.
  • Arculusthe US based wallet provider focuses on ease of use. While they don’t support as many currencies as other wallets, their product is easy to use and one of the most secure on the market.
  • SafePalthe Singaporean wallet maker built an air gapped wallet that relies on pairing with your phone for all transactions. This wallet is the most affordable of hardware wallets ($50) and is easy to use.
  • Capsulethe capsule is a great way to back up your keys to make sure they can survive an type of environment.
  • Cassettethe original cryptosteel, the cassette is easy to use and store anywhere.
  • Wallet Guard — this plugin integrated with many vetted security tools to check every smart contract and domain you authenticate to with your wallet.
  • Web3 AntiVirus — this newcomer is focused on making sure that you integrate with secure smart contracts, running analysis on your transactions before they are approved.

--

--

Magellan Security

Security, reliability and cloud infrastructure advising for Web3 and SaaS startups.