How to Custody Crypto
With the fall of FTX, custody is top of mind. Here's how to do it right for you.
It would be an understatement to say it’s been a bad week for the crypto industry. The incredibly unethical actions of FTX, Alameda Research, and Sam Bankman-Fried have resulted in an estimated tens of billions in market losses (as of writing) and thousands of retail traders have lost millions in personal funds. The aftershocks haven’t stopped reverberating through the industry yet, as additional exchanges and firms fall. My sincerest condolences to those swept up in the madness.
Many in the industry are advocating the importance of self-custody — the practice of owning your own cryptocurrency keys. The “not your keys, not your coin” adage has been revisited often. But advocating for self-custody isn’t as simple as it sounds.
I wrote up this “how to” so you can understand the implications of various custody routes and how to store crypto in a way that aligns with your risk model. But let me say: It should be a lot easier than this. Follow along at runningtowards.xyz to watch my evolving thoughts on a better world of crypto custody.
The Basics of Owning Cryptocurrency
To own a cryptocurrency asset, you or someone you trust are taking custody of your cryptocurrency wallet by storing your private key (your private key is a series of letters and numbers that uniquely prove that you control access to your wallet).
There are several different ways to own a cryptocurrency. Here are the most common methods:
3rd party custody via crypto bank and/or exchange - You don’t actually have a wallet. Instead, a company has a pooled wallet that owns the cryptocurrency, and you own an IOU. You trust the company (and the government where that company operates) to custody your cryptocurrency for you.
Self-custody - You are the sole custodian of your wallet.
A “hot wallet” - A piece of software easily connected to the internet. You custody your keys, but without a lot of safeguards. Hot wallets are conveniently stored on your phone or computer, so it’s easy to accidentally sign a transaction where someone else can access your keys (e.g., to click on a link or download a bad browser extension). And if you lose your computer or phone, you can lose your assets too!
A hardware wallet - A specialized piece of hardware that stores keys and signs transactions. Ideally, the keys are never on your computer, so making mistakes is hard. A 12-25 word seed phrase is used to generate your keys and is usually backed up with cold storage.
In cold storage - Usually a piece of metal that stores your keys. Common practice is to use a seed phrase or a QR code stamped on metal. A less durable option is a paper wallet.
Hybrid custody - Several companies are starting to offer a mixture of self- and 3rd-party custody through what’s known as a multi-signature wallet. Multiple keys are needed for funds to be transferred out, and those keys can be custodied by you, a friend, or the company.
All of these can be valid ways to store crypto. What you choose for yourself depends on how you want to use cryptocurrency, how much you want to store, and who you trust.
Choosing a custody option if you want to transact or trade
If you want to transact or trade in crypto, you need to be able to move funds quickly. You’ll likely want the convenience of an exchange, crypto bank, or a hot wallet.
My general advice is that you shouldn’t put more crypto in an exchange or hot wallet than you’re willing to lose. If you’re trading, you probably already know this intuitively (because you might lose cryptocurrency in your trade too). Hot wallets and companies are vulnerable to phishing attacks, exchange insolvency, or hacking. The added advantage of exchanges and crypto banks is that some of these services offer account backups.
In light of this week’s news, I’d like to double-underline that you shouldn’t put more crypto in an exchange than you’re willing to lose.
Choosing a custody option if you want to store
Something that exacerbated this week’s news was that many retail investors also chose to store their crypto with an exchange. While a crypto exchange should never do what FTX did, I don’t think retail investors should casually keep their assets with an exchange. Instead, you should choose who you trust and what risks you’re willing to assume (and never use a hot wallet for large amounts of crypto storage).
Here's a comparison of the different risks associated with each type of custody solution:
Rather than navigating this table and mapping it to a custody solution yourself, here’s a set of questions you can ask yourself to determine how you should store (assuming Bitcoin and USD but can be extrapolated to other currencies):
(A) Have a trusted 3rd party company custody. If you store for a long time, adoption of the network will increase so that transaction fees may increase. If you self-custody too small an amount, you could accidentally strand your assets when transaction fees exceed your stored amount of crypto. Unfortunately, this means you have to assume all the risk associated with 3rd party custody on an exchange or crypto bank.
(B) An increasing number of providers are starting to offer hybrid custody, which provides additional safeguards beyond hardware wallets and cold storage, as long as you aren’t looking to move crypto quickly (which should always be the case for storing wealth). For instance, hybrid custody gives you a fallback if you lose a key, and it can reduce the risk of theft by making it hard for transactions with just one key. Reasons not to adopt this strategy:
You prefer easy access and simplicity - If you want easy access balanced with some security, using a hardware wallet with steel copy(s) of your seed phrase is a good option.
You don't trust any companies offering hybrid custody or store enough for hybrid custody to be cost-effective - Choose between a hardware wallet or cold storage. You could also roll your own multi-signature wallet and geographically distribute your keys for added redundancy and safeguards. If you don't want to trust anyone, do full cold storage via the Glacier Protocol.
(C) You probably shouldn’t store with a crypto company. Instead, use hybrid custody with multi-signature key recovery and/or copy your keys with cold storage and store in multiple locations.
(D) Given that you trust a 3rd party company, you will probably want to store most of your assets with them. There’s still a risk of hacking/phishing/insolvency, so if you want to be extra safe, store some assets via (B).
Should you trust a company?
What’s challenging about writing this section is that many people trusted FTX a week ago. Only you know if you trust a company, and you can still be wrong and might not find out until it’s too late. But here’re some things to think about:
Where is the company located? Different countries have different rules for financial companies. Understand where the company is located and what protections or loopholes might exist.
Have you seen their “proof of reserves”? A cascade of exchanges have published their proof of reserves to quiet fears of their potential insolvency in the wake of FTX. For example, Binance tweeted its snapshot but will also publish an audit. I’m hopeful that 3rd party public audits of funds will become the new normal.
What do you know about their company structure and financials? Many of these companies are private, so it’s hard to know, but see if you can find information about their inner workings. In the case of FTX, their org chart looked like a giant shell game, SBF created a porous wall between Alameda Research and FTX, and there were only two board members. Hindsight is 20/20. The next fraud will look different, but if we’re all a bit more informed on what a sketchy company looks like and asking questions, we’ll make it harder.
What does your gut say? Trust your gut. Have you poked around and seen that the founder is too optimistic or risk-tolerant? Does their business feel overly complex? Walk away; there are other options, and you can always consider some self or hybrid custody flavor.
Now is not a moment when crypto company trust is high. I can’t imagine most people reading this post right now will desire the 3rd party custody path. But I don’t think the correct long-term answer for crypto custody is entirely self-custody. I have had dozens of user interviews that confirm that many folks want to offload personal risk as much as possible. But now might not be the moment to trust a company to store your crypto assets. Before we get there, we need to build better custody solutions and better transparency. The industry needs to evolve.
Enjoying this so far? Subscribe to my newsletter to watch me build next-gen custody.
Okay, let’s do this!
If you want to change your crypto custody strategy, here’s an abbreviated summary of what to expect. Feel free to ignore the content that isn’t relevant to your chosen path. You might also want to hedge your bets across multiple strategies listed below. You do you.
Note: I’ve listed a few products and companies below, but I am not recommending them. I thought it would be most beneficial to be concrete, but I haven’t personally vetted these products. It’s mostly that I don’t have a reason not to recommend them yet.
3rd Party - If you want to store your assets on a crypto bank or exchange, you must connect your bank account and buy. Done! In the US, familiar companies that do this are Coinbase, Robinhood, Gemini, Strike, and many more.
All other options require you some additional setup to generate keys. Once your wallet is created, send crypto assets acquired in Step #1 to your new address.
Hot wallet - Download a hot wallet and go through the setup flow. Write down the seed phrase (maybe store it via cold storage). Common hot wallets include browser extensions like MetaMask and many self-custody mobile wallets like MUUN or Coinbase Wallet.
Hardware wallet - Buy your hardware wallet of choice. Each wallet has its own setup flow, which might include downloading its software locally on your computer. The hardware wallet will give you a seed phrase. Write it down, ideally via cold storage. You will need to use hardware-wallet-compatible software on your computer to send and receive your crypto. Common hardware wallets are Ledger, Trezor, and Cold Card. Buy directly from their websites to prevent the risk of counterfeits.
Cold storage - First, generate your keys. If you want to maximize your security, use the Glacier Protocol. Otherwise, you can generate your keys using a local copy of software you trust (I see bitaddress.org referenced places, but this isn’t an endorsement). Once you have your address, record your address in steel using a seed phrase. There are a ton of different companies here, but I’ve seen several people use Crypto Steel, Seedplate, and Billfodl.
Hybrid storage - Select a hybrid service provider. They will ask you to go through a setup flow, which will generate a multi-signature wallet for you with multiple public-private key pairs. The hybrid storage provider will offer to store one of your keys on their servers and likely offer some additional services like transaction limits and notifications. Geographically distribute your private keys for additional redundancy. For BTC, these include services like Casa, Unchained Capital, or the in-development wallet from Block. You can also roll your own multi-signature wallet using a tool like Electrum and Sparrow Wallet. Fedi is thinking about leveraging Fedimint for social recovery. For ETH, multi-signature with social backup can be encoded with a smart contract (Vitalik’s preferred storage strategy), and there are also companies providing the service, like Argent.
If your head is swimming after reading all this (if you got this far), I get it! Each of these strategies has new terminology, mental models, and tools. Widespread adoption of crypto assets isn’t here yet. Still, scalable, well-traveled custody solutions will be increasingly necessary. More and more people are entering the crypto industry, and an increasing amount of value is stored in crypto assets. We shouldn’t have to live in fear of our assets disappearing overnight.
I’m embarking on a journey to make custody solutions more reliable and easier to use so that you don’t have to think too hard about all this and you’re prepared for the future. I’ve built many products in the past that turn complex things (like learning to code or a cell phone carrier) into beautiful, intuitive products. Follow along at runningtowards.xyz to watch the creation of the next generation of custody tools, and give me your feedback to help make something that works for you and your loved ones.
Yes, you could use cold storage to backup your hot wallet seed phrase or private key, but in practice, most people don’t.
It's also possible to create your own multi-signature self-custody wallet, but it requires a fair amount of sophistication to roll your own.
In some of the runs up, Bitcoin transaction fees went as high as $60. I'm using $100 in this case as a rough proxy, since it'd be a bummer for you to lose more than half your funds to transaction fees. No one knows the longer term transaction fees for Bitcoin, but they will presumably grow over time if Bitcoin usage grows. Many other cryptocurrencies have technical solutions to reduce transaction fees; that analysis is beyond the scope of this post.
Great timing. Thanks for the nice framework.