How To Safely Self Custody Your Bitcoin & Crypto - Bitfinex blog
post-template-default,single,single-post,postid-21006,single-format-standard,bridge-core-3.0.6,et_bloom,qode-page-transition-enabled,ajax_fade,page_not_loaded,,qode-title-hidden,qode_grid_1300,footer_responsive_adv,qode-content-sidebar-responsive,qode-child-theme-ver-1.0.0,qode-theme-ver-29.3,qode-theme-bridge,qode_header_in_grid,wpb-js-composer js-comp-ver-6.10.0,vc_responsive

How To Safely Self Custody Your Bitcoin & Crypto

The seasoned Bitcoiner’s mantra has always been “Not your keys, not your coins” and for good reason. Many early adopters carelessly stored their private keys, were hacked, scammed, or stored their coins on custodial platforms that were untrustworthy, losing a fortune in Bitcoin in the process. 

Not Your Keys, Not Your Coins

In the past year we’ve witnessed quite a few high profile collapses of many of the crypto industry’s most popular exchanges and lending platforms, as well as a lot of high value hacks, resulting in the loss of astronomical sums in crypto assets.

This is saddening news, and unfortunately something that is well known by long-time Bitcoiners.

Our advice is simple: Bitcoin and crypto should never be left on an exchange or custodial platform for longer than necessary, and if you need to trade, only deposit the amount that you are going to trade and then withdraw it to your own wallet upon completion of your trade. 

It’s much better to pay a little more on exchange withdrawal fees and blockchain network fees and hold your coins in your own custody securely, than it is to lose your entire stack because you trusted the wrong “trusted third party”.

Never forget the golden rule of digital assets, “Not your keys, not your coins”.

The Fool And His Bitcoin Will Be Soon Parted

Since Bitcoin began, there have been bad actors trying to trick the naive or inexperienced to part from their Satoshis. Many more users lost their Bitcoin because they didn’t understand how to properly store their private keys. 

Keep in mind hacks are very rare, and it is much more common to lose your coins than have them stolen in a hack. Some of the most tragic losses were self-inflicted, due to improper private key management. Some people simply lost their private keys, and could no longer access their coins, sometimes to the tune of hundreds or thousands of Bitcoins or Ether, or another crypto asset.

This unfortunate turn of events all throughout 2022, with the insolvencies of many of crypto’s most popular custodial platforms has spurred a lot of people to take custody of their own crypto assets. They’ve wisely decided to get them out of the hands of third parties which can become vulnerable to becoming a single point of failure resulting in a loss of funds. 

On The Road To Becoming Your Own Bank

Crypto traders and investors are becoming more savvy and taking the leap of becoming their own bank, as Satoshi intended. This undertaking however could still seem daunting for the less technical crypto enthusiast, or to newcomers in the space. It has to be done correctly.

In this post we’ll demystify the various self custody methods popular among retail crypto traders, long time hodlers, and those newcomers who are crypto curious and just getting involved in the markets. This guide will be focused on Bitcoin, but much of the info contained within, works for many other crypto coins as well.

In the crypto world, there are two primary kinds of wallets, the first of which are hot wallets, wallets that are connected to the internet and exist on devices like your phone and laptop. Hot wallets are great for spending and receiving Bitcoin or crypto, but are not very secure for long term storage. A hot wallet could be either a traditional on-chain Bitcoin or crypto wallet or Lightning Network wallet on a mobile or PC, or even a web wallet.

The second type of wallets are cold wallets, which are wallets where the private key is never exposed to the internet and the wallet remains offline. A cold wallet can take the form of a physical hardware wallet device, or an offline software wallet on an air gapped phone or computer.

Cold wallets are great for long term storage, but not as convenient for spending or receiving payments. Hardware wallets can protect you from hacks and physical theft, as they have built in security features, are easily hidden, and do not connect to the web.

Typically, a cold wallet should fulfil the role of a “savings account”, whereas a hot wallet is more akin to a “checking account”. You would normally keep your long term hodl coins in the cold wallet and move smaller amounts for transacting to your hot wallet periodically, as needed. 

With all of these details out of the way, let’s find out how to safely store our own Bitcoin and crypto.

Keep It Simple Stupid

Keep It Simple Stupid or (KISS) for short, is a military saying, which originated out of the US Navy during WW2. It operates on the principle that systems work best when they are designed simply and that unnecessary complexity is disadvantageous and should be avoided. More moving parts means more margin for error, and this is the philosophy behind KISS.

With that in mind, we want to do things in the easiest but most secure way possible. 

The three main things we want to avoid are:

  1. Losing our private key or seed phrase.
  2. Other people getting hold of our private key or seed phrase.
  3. Putting our private key or seed phrase in any wallet or device connected to the internet, or in any physical location where it can be stolen by criminals or seized by state level adversaries.

The most simple and straightforward way to achieve all of these objectives is with a two device system which consists of a metal hardware wallet combined in tandem with an electronic hardware wallet device. 

A Two Wallet System

This two device system allows you to sign transactions when you want to send a payment, and to receive payments with your electronic hardware wallet (which you can also pair with a watch only hot wallet), and store your private keys in a way that can prevent loss or damage securely, without reliance on anyone else with your metal wallet.

The metal wallet can store your private key long term, and in a way that will survive the elements and the unexpected, like in the case of a flood, fire, or earthquake. The electronic hardware wallet is an offline device which allows you to prevent theft and securely store and transact with your coins, and sign transactions

Many hodlers can and do get by just fine with a single hardware wallet device whether a metal wallet or an electronic hardware wallet. However, a two device system offers advantages that are not conferred when utilising a single device. 

While buying two devices may seem like it’s a bit expensive, or a bit overkill on the security front but if you have more value in crypto assets than the price of the two devices, it’s worth it. It offers a failsafe that a single device alone does not. 

Generate Your Private Key

The first step is to generate a private key. Hardware wallets have included software on the device which can generate a key securely offline, and this is the best way for most people. Different devices have different ways to do it, so check out your device’s documentation.

If you have an especially sensitive threat model, you can also securely generate private keys without software by rolling dice, completely offline. You can import this offline key to your offline hardware device, manually.

Popular Electronic Hardware Wallets

If you decide to keep in line with our KISS principle of generating a private key in the easiest secure way, you’ll start your journey to self custody with the purchase of an electronic hardware wallet device. There are many reputable hardware wallet vendors, and they all have their own sets of features. 

Some, like Trezor and Ledger, offer multi-coin support for a variety of crypto assets, while others, like Coldcard, are “Bitcoin Only”. Some of the top of the line hardware wallets can cost a couple hundred dollars, while others are budget friendly and can be purchased for under $100.

The most popular hardware wallets, in no particular order are as follows:

  • Trezor – One of the oldest hardware wallets. Comes in the Model T version or Trezor One version, both of which support Bitcoin and a wide range of altcoins, Web3, and ERC-20 tokens.
  • Coldcard – The Bitcoin Maximalist’s preferred “Bitcoin Only” wallet. It offers advanced security features for power users but it’s still easy enough to use for a beginner.
  • Ledger – The world’s most popular hardware wallet. Ledger comes in three varieties, Ledger Nano S, Ledger Nano X, and the soon to be released Ledger Stax. Ledger offers multi-coin support for a large selection of altcoins, Web3, and ERC-20 tokens.
  • Bitbox – Bitbox is the fabled Swiss bank account in your pocket, a Swiss hardware wallet with support for Bitcoin and 1500 additional coins and tokens.
  • Keepkey – Keepkey is another reputable device that also has a long history in Bitcoin. Keepkey offers support for over 40 popular crypto assets.
  • Passport – A newcomer to the hardware wallet industry, Passport is an elegant “Bitcoin Only” hardware wallet with advanced security features and designed for a user-friendly experience.

Storing Your Private Keys

Most electronic hardware wallets have a paper card that allows you to store your 12 or 24 word seed phrase and an optional password and pin number, which allows you to access your funds and if need be recover them in the event that something happens to your device. 

Copies of this paper card should be stored safely in a few different places and always kept private and never entered into a device that is connected to the internet, or stored in a place where it can be seized by hostile authorities with a court order, like a bank safety deposit box. 

The best failsafe for not losing your seed phrase or falling victim to your paper card becoming damaged is to keep your private key safely in a metal hardware wallet. A metal hardware wallet is a metal device which can keep your seed phrase secure from wind, water, fire, being crushed or some other natural disaster or act of God.

Popular Metal Hardware Wallets

There are quite a few metal hardware wallets on the market. They all have their own quirks, and operate in much the same way, you either stamp your seed phrase into a metal device, or use removable metal tiles or rings to write it out in letters. 

Each device has its own method. Some, like Ellipial and Safepal, offer both a metal wallet and companion electronic hardware wallet that can be used together in the manner described above. Many of these metal wallets will work not only for Bitcoin, but will allow you to store a private key recovery seed for another currency, if desired.

The most popular metal wallet devices, in no certain order are as follows:

  • Crypto steel – Comes in two varieties a capsule and a cassette format which offer a way to store your private key.
  • Blockplate – As the name implies, it’s a metal plate with a punch tool that lets you save your private key by stamping it on the block.
  • Coinplate – Similar in design to Blockplate, Coinplate is a metal plate with a punch tool, and an additional protective cover plate.
  • Ellipial Mnemonic – Elliptical is a foldable cassette-style design which allows you to store your seed phrase with metal tiles with engraved letters.
  • Safepal Cypher – Safepal’s cypher is also a cassette-style metal wallet that utilises metal tiles with engraved letters to store your seed phrase.
  • Hodlinox – Hodlinox is another cassette-style metal wallet on which you can engrave your seed phrase.

Any of these wallets will work for our purposes, and they are priced to fit into any budget, with some costing more than others. The best way to choose is to take a look at the features and choose the one you’re most comfortable with.

Collaborative Self Custody As An Alternative

An alternative to our dual device system using both a metal and electronic hardware wallet device, is to use a self custody service which will keep your funds in a multi-signature wallet.

A multi-signature wallet is a wallet with multiple private keys, where you have access to the funds but the collaborative self custody service does also. This way, if you ever lose your private keys or if they become compromised, the self custody service can help you recover funds, or block unauthorised spending, no matter what. 

Self Custody Services

An alternative to manual self custody using a hardware wallet, is to use a self custody service. These are companies which help you secure your crypto assets in a multi-signature wallet setup for a fee, and which will do all the technical heavy lifting. Keep in mind that you’ll still need to pair your preferred self custody service with an electronic hardware wallet device.

Self custody services are a great option for those who don’t want to take full responsibility for the long term storage of their assets, those who have a substantial amount of assets, or for the non technical who don’t want to invest the time to learn how to properly store their funds and private keys.

Self custody services are usually designed for individuals, although institutional options also exist for enterprise level custody of assets. Self custody services often have additional services focused around custody, such as inheritance planning, so coins can be left to a child, grandchild, or relative.

Self custody services do have a couple shortcomings however, since they’re businesses they are compelled to comply with regulations, which means they will make you AML/KYC and work with blockchain surveillance firms, so they don’t offer as much privacy as a do it yourself setup. 

There may be other disadvantages which make themselves apparent in the future as crypto regulation matures and as the rules may change. Another shortcoming is that self custody services may not offer self custody products for many altcoins and tokens, they may be either “Bitcoin Only” or only offer support for a few of the most popular coins.

The most popular self custody services in no specific order are as follows:

  • Casa – Casa was one of the first self custody services for retail Bitcoin investors. Formerly “Bitcoin Only”, Casa launched Ethereum support at the end of 2022, although it’s only for ETH, not ERC-20 tokens. 
  • Unchained Capital – Unchained Capital is a Bitcoin financial services company which offers “Bitcoin Only” collaborative self custody services, as well as other Bitcoin centric financial services, like loans and IRAs.
  • Liminal – Liminal is another option for collaborative self custody which also offers support for multiple chains, and DeFi tokens.
  • Nunchuk – Nunchuk is a newer “Bitcoin Only” collaborative self custody service which bills itself as the gold standard for Bitcoin custody and specialises in providing a user friendly experience and inheritance planning.

Coinjoin: A Way To Provide Sufficient Privacy For Self Custody

An additional but optional step to consider is whether you want to coinjoin your Bitcoin before sending it to your cold storage wallet, for additional privacy. There are pros and cons to coin-joining your Bitcoin, but doing so does provide sufficient privacy to allow you to store your coins confidentially. 

Keep in mind that coinjoin does add an additional layer of complexity to our KISS strategy.

A coin-join is when you use a privacy wallet to mix your Unspent Transaction Outputs (UTXOs) with the UTXOs of other users, in order to break the on-chain heuristic links used to trace Bitcoin transactions by blockchain surveillance firms. Coin-join can provide good privacy, but does require participants to pay additional fees for the service.

Coin-join offers many benefits in regard to on-chain privacy, but it must be done correctly, and users must practise proper UTXO management with both pre and post mixed UTXOs. You should never combine pre-mixed UTXOs with post-mixed UTXOs, and you should never lump post-mixed UTXOs together into a single transaction, or you risk compromising your privacy. UTXO management is also referred to as Coin Control.

You can learn more about UTXO management, here.

Whether you decide to coin-join or not is a decision one must make for themselves. The pros are increased privacy and security with the ability to store your coins confidentially. You’ll have a much smaller threat model, and lower the associated risk of being wrench attacked because you own a highly valuable bearer asset.

The cons are that there’s a bit of a learning curve, there’s also a margin for error if not done correctly which could compromise your privacy, and the possible risk that Coin-joined UTXOs may be deemed as suspicious, or flagged by some custodial services, which may request additional AML/KYC information about your coins, for compliance reasons. 

Just remember, privacy is a fundamental human right, and is not illegal.

If you do decide to coin-join your coins, the most popular Bitcoin privacy wallets in no particular order, are as follows:

  • Samourai Wallet – Samourai Wallet is a Bitcoin privacy wallet with a suite of privacy features, and built-in zerolink coin-join implementation known as Whirlpool. It’s user friendly enough for beginners with a rich advanced feature set for power users.
  • Sparrow Wallet – Sparrow wallet is another popular Bitcoin privacy wallet which leverages Samourai wallet’s whirlpool coin-join implementation, with an emphasis on usability. Sparrow also offers a bunch of advanced features for power users
  • Joinmarket – Joinmarket operates coinjoins on a taker/maker model which incentivises liquidity providers to earn a return for providing liquidity for coin-joins. Joinmarket has an array of powerful features, but is aimed at more technical users.
  • Wasabi Wallet – Wasabi wallet is a user-friendly privacy wallet with built-in Chaumian coin-join. Wasabi has been the focus of controversy recently, as early last year they announced blacklisting addresses, and began working with a blockchain surveillance firm. That being said, it remains a popular and reliable way to gain a sufficient degree of on-chain privacy.

In Conclusion

Self custody of crypto assets is the safest way to store your coins and tokens, even if it is a bit more responsibility. The point of crypto is to decentralise finance, take back the power over your own wealth from trusted third parties and intermediaries and to increase your financial freedom and security.

By choosing to keep your coins in a custodial wallet, you give up all the benefits that crypto was designed to empower you with. You also open yourself up to loss of funds, confiscation, theft, hacks, mismanagement, fraud, and other risks that are inherent with letting someone else hold on to your money.

Over the last year, we have seen countless examples of people learning this lesson the hard way, and losing all their crypto assets. We’ve witnessed platforms get hacked, go insolvent due to mismanagement or poor risk management, collapse due to fraud, etc. There are too many examples to list here.

Many of these financial catastrophes could have been avoided in a large part if the users of these custodial platforms had simply been proactive about holding their own assets with their own private keys. “Not your keys, not your coins” is often the most bitter pill to swallow. 

We strongly urge you to take responsibility for your own assets, by taking the leap to self custody and to become a sovereign individual who embraces financial freedom. Take the necessary steps to become your own bank. Eliminate third party intermediaries.

Don’t become a victim who is now deemed an unsecured creditor who hopes to one day maybe get pennies on the dollar for their lost assets, after years of litigation. Just ask a former Mt. Gox customer how much fun that can be.