If you own a significant amount of crypto, the biggest problem you need to solve is how to solve it securely. Having your own cold storage devices is fine for some, but others want third-party solutions that are even more bulletproof, although there is also the trusted third-party risk to consider.
The web is full of horror stories of people who got their cryptos stolen, or just misplaced the information necessary to access their holdings.
The challenge of custody remains, in my opinion, one of the biggest impediments to the mainstream adoption of Bitcoin.
On the other hand, several companies have been working on coming up with a solution for the custody challenge. Multisig solutions, in particular, have really taken the forefront in 2020, and I expect more innovations in 2021.
In an ideal world, everybody would self-custody their Bitcoin and cryptos, as this is the most censorship-resistant and secure way of custody, provided you know what you’re doing and can handle the responsibility that comes with it.
There are several leading self-custody hardware devices:
Ledger and Trezor are easier for those doing self-custody for the first time, while the Coldcard is a magnificent Bitcoin-only device that is used by those who want more security and are technical enough to be able to set it up. Blockstream Jade is a very new product from a very reputable company in the space.
Keep in mind that when you use one of these hardware wallets, you should also host your own full node for maximum privacy and security. Sadly, the number of Bitcoin nodes in the world is still low, as can be visualized here. At the time of writing, there are 11289 running nodes.
With nodes, there is the caveat that having your IP address associated with a node means effectively broadcasting in an open way your deep interest in Bitcoin. Hackers or thieves might assume that you also hold some Bitcoin based on this interest, and make you a more likely target to them. You can use Tor to anonymized your IP address when using a node to counter this risk.
Setting Up Self Custody with Ledger and a Seedplate
Self-custody is currently the best way to keep your Bitcoin secure, provided that you have the time to plan it properly and implement a few best practices. The idea is that you become your own bank and don’t rely on anyone else to protect your store of value.
This sits right in line with Bitcoin’s principle of self-sovereignty and censorship-resistance.
What you will need:
The first item we will need is a tool for cold storage. The “cold” part means that we are keeping the private keys stored in a device that is not connected to the internet. The Ledger Nano X or a Trezor will do that part of the job perfectly.
The next thing we need when working with any hot or cold wallet, is a way to store the backup seed, which contains 24 words. With this seed, you will be able to recreate your wallet should you lose it.
This is as important as your wallet, in fact, I would say it is even more important. If someone gets possession of your wallet, he won’t be able to do anything with your crypto unless he knows the password to that device, but if they get your backup seed they need nothing else to be able to recreate the wallet and transfer all your crypto assets to their own wallet.
And that is why we need to be very careful about how we store this backup seed. Traditionally, the easiest way to store the backup seed has been a piece of paper stored somewhere safe. In fact, cold wallets such as the Ledger Nano come with a cardboard sheet that is prepared for backing up your seed.
However, after so many horror stories of these papers being thrown away, displaced, or simply destroyed in some for or another, it became apparent to serious holders of Bitcoin that a better solution was needed.
Here are some typical scenarios:
I had my seeds written in a paper notebook that I put in my safe which was 4 1/2 feet off the ground. During Hurricane Harvey we got 6.5 feet of water. I had $1 million of [cryptocurrency], now I have nothing.
Enter the Billfodl, a stainless steel device with laser engraved tiles. It serves as secure storage for your backup seed.
Why do we choose something like the Billfodl instead of just writing the seed words down on a piece of paper? There are several reasons:
- Fireproof – Forged to withstand more than double the average house fire.
- Waterproof – Marine-grade 316 stainless steel means it will never rust
- Shockproof – Shockproof up to 1 million volts means serious protection
- Hacker proof – Seeds and keys remain completely offline
- You proof – Unlike a piece of paper, you will never accidentally throw away your Billfodl
The Multishard setup is essential, in my opinion. With the Multishard, you are given 3 single-sided stainless steel units very much resembling the original Billfodl. However, each of these units only stores 16 of the 24 words your seed phrase is made of. Each unit tells you which 16 of the 24 words to load, and after full installation, you will have backed up each seed word twice. Any recovery efforts in the future will require 2 of the 3 devices because that is the only way to know the entire seed phrase.
Anyone with a significant amount of crypto who is relying on paper seeds or any other similar means of backup should consider switching to the Billfodl Multishard setup.
How to Setup a Billfodl
Setting up is straightforward, but make sure you have some time reserved for this procedure, in order to make sure you understand what you are doing and double-check everything.
The best way to explain how to set things up is to show you, so just follow this 5 part video tutorial and you’ll be all set.
Older and Discarded Options
More advanced options
Yeti is a script by JW Weatherman that installs bitcoin core and then walks the user through the setup of a cold storage solution. There are several advantages and some disadvantages listed on its Github repo page.
Here’s another thread that focuses on challenging the use of HWW:
— Robert Spigler 🔑 (@RobertSpigler) December 30, 2020
Collaborative custody is a newer form of custody service offered by two main companies, at the moment:
Under this model, the crypto funds are secured using multiple signatures. That means that any time the funds need to be moved, there will have to be multiple keys that sign off the transaction. The multiple keys might be held by multiple people or it could be the one owner of the assets having keys held in different geographical locations.
Casa and Unchained Capital, in turn, hold one of the keys, and they offer support in setting up the multisig system as well as ongoing support when needed. It is important to understand that these companies are not custodians, they only hold one private key of multiple keys, and therefore cannot initiate any transactions unilaterally.
There are many benefits to this model, especially for those retail investors holding significant funds. Typically such investors don’t want to have the single point of failure issue that comes with storing private keys on a hardware wallet with a 24-word seed backup phrase.
They also want better security. With collaborative custody, it becomes very difficult for a physical attack on the crypto holder to result in the draining of his funds, because the keys are spread over multiple locations rather than held in one device.
Casa and Unchained Capital have different fee models, and I think Casa is best for those who have less technical knowledge, while Unchained is better for more advanced users who don’t fancy paying the monthly fees charged by Casa.
When it comes to disadvantages, in Casa’s case it would be the fact that they use a closed-source app on your phone, so you don’t really know what the app is doing as you cannot inspect the code. There’s also the fact that they will be able to look at your balance and transactions as you need to use their server, just like you do when using a Ledger Nano, for example. However, in Ledger’s case, they have now provided a way to use a self-hosted node to eliminate this issue, as I mentioned earlier on. Casa’s monthly fee, while being core to their business model, is something that some users might not like. The alternative would be to invest more time and money up front in building your own system for cold-storage, but then have it be cost-free for the rest of your holding period, which for many people will be many years, so it would make sense to want to avoid paying monthly fees.
The disadvantage of Unchained Capital is that they only offer 2-of-3 multisig at the moment. I wouldn’t feel that comfortable using just 3 keys – I think Casa’s 3-of-5 option is much more secure especially for larger holdings of Bitcoin.
Collaborative custody might be a good solution for those with very little technical knowledge, institutions or those who absolutely don’t want the burden of responsibility for taking care of their cold storage wallet and seed phrase setup.
Yet another alternative is to set up your own multisig setup using the open-source tool Caravan, which was developed by Unchained Capital. The downside is that this is still quite a new tool, while the cold storage wallet + seed phrase setup has been in use for many years now.
It is true that a hardware wallet device, when used by itself to secure funds, is a single point of failure. Using hardware wallet devices as part of a multisig setup offers greater resilience.
When relying on a custodian, you are giving them your private keys to hold them securely for you in exchange for a monthly or yearly fee.
Some of the most trusted third-party custodians at the moment are:
- Gemini Custody
- Bitcoin Suisse Vault
- Coinbase Custody
- Fidelity Custody
- Knox Custody
- Genesis Custody
It’s also important to note that crypto custodians are typically targeting institutional clients with large holdings ($1m plus) of crypto assets, and are thus not suitable options for the average retail Bitcoin investor.
A few of them also offer insurance, although the terms can be pretty restrictive. It’s quite commonly pooled insurance rather than insurance on specific client accounts, so at the moment I view it as more of a marketing ploy and very basic coverage rather than something to rely on.
There are several risks that you are taking when you entrust a third-party custodian with your crypto assets:
- Hacking risk – Since the custodians are well-known, they are prime targets for hacking attempts. When we talk about hacking, it can either be via software attacks or via social engineering and infiltration into the organization in order to gain access to the security structure holding the custodian’s private keys. Since most funds are held in cold storage, this is arguably a more dangerous threat than the pure software play that has led to exchanges like Mt Gox lose millions in client funds in the past.
- Transparency risk – Unless there is a daily third-party audit, you never know whether the custodian is actually running a full reserve of the funds deposited. Moreover, funds are often commingled and in that case, there is a risk of loss in the case of insolvency.
- Compromised user accounts – If a client’s login is compromised, an attacker can make unauthorized transfers and drain the user’s account. There are measures to mitigate this risk, so I wouldn’t consider this a big risk, but it requires the user to exercise a degree of responsibility by properly storing their login details and using a secure form of 2FA.
- Censorship/frozen accounts – Just like in the traditional banking system, a government can ask the custodian to freeze your accounts. This action can also be performed by the custodian and they can cite a million reasons for doing so, just like banks do.
Ultimately, as the saying goes – not your keys, not your crypto.
For publicly traded companies and some types of private companies, using a custodian is currently the only practical route to holding Bitcoin and crypto, because there are many audit requirements that must be met, and the system is currently built on trusting third parties. Just like no company keeps their treasury money locked up in a safe at their HQ, but instead use banks or brokers instead.
This is a good point to mention Ledger Vault, which is an innovative product that aims to bridge the gap between self-custody and third-party custodians. With this system, you retain self-custody but get the tools that companies need compliance and access control. It also comes with a pooled insurance offering. I’ve seen several companies using this solution, including one of my favorite crypto borrowing and lending companies – YouHodler.
How to Claim Capital Loss If You Lose Your Crypto Private Keys
If you lose access to your cryptocurrency, then you may be eligible to claim a capital loss. To claim the loss, you will need to be able to provide the following kinds of evidence:
- when you acquired and lost the private key;
- the wallet address that the private key relates to;
- the cost you incurred to acquire the lost or stolen cryptocurrency;
- the amount of cryptocurrency in the wallet at the time of loss of private key;
- that the wallet was controlled by you (for example, transactions linked to your identity);
- that you are in possession of the hardware which stores the wallet;
- transactions to the wallet from a digital currency exchange for which you hold a verified account or that is linked to your identity.
I am looking forward to more innovation in the space of crypto custody, but at the moment, it seems that the best options are quite clear.
The best value and most convenient setup for most holders of Bitcoin and other cryptos is the combination I mentioned:
The Ledger and the Trezor are the undisputed top dogs when it comes to cold wallets, while the Billfodl is cheaper than competition while at the same time using better materials and making it very easy to set up.
For just $89 for the Billfodl or $199 for the Billfodl Multishard (my recommended purchase), plus the Ledger or Trezor, you will have a very secure setup that is pretty much hacker-proof, meaning you can rest safe with the knowledge that your crypto investment will be there for you tomorrow or years ahead.
Keep in mind that if you’re interested in earning a return on your cryptos, you’re most likely going to have to give up your private keys and trust a third-party lending platform like YouHodler. You can even earn a good return by staking cryptos like Polkadot or Ethereum on the main exchanges, such as Kraken.
For corporate treasury purposes, BitGo is a good option. If you’re building a crypto company and need to hold client funds, then you should look at all the other custodians I mentioned and take a special look at Ledger Vault if you really value self-custody.
- 10X Bitcoin Security Guide
- Econo alchemist – lots of great guides
- Keep it simple bitcoin – great custody guides
- Matt O’dell guide
- Bitcoin Backup overview
- No Bullshit Bitcoin – Telegram group
Smart Custody project
- List of HWW hacks to date
- Security – HWW vs offline laptops
What are our thoughts on Bitcoin and crypto custody? Let me know in the comments section.