Won’t be fooled again! The importance of self custody with tips and tricks to avoid common mistakes.
Hi, folks. Sherpa here. If you’ll remember my previous article on self-custody from July, I argued that the biggest risk is and always has been trusting your financial future to a centralized third party.
After the events of the last few weeks with FTX and others breaching trust in a myriad of unsavory ways, I felt like it might be the perfect time to directly address self-custody and why it is so important.
There are two main reasons why self-custody is important.
The first is security. When you trust a third party to hold your cryptocurrency, you’re putting your security in their hands. And as we’ve seen time and time again, centralized exchanges are not secure custodians.
The second reason is control. When you entrust your cryptocurrency to a third party, you’re giving up control of your own money. You’re at the mercy of their terms and conditions, their customer service, and their financial stability.
Whether it’s backdoor deals & terrible financial decisions at FTX, data leaks from Binance, hacks at Bitfinex, or the next big cataclysmic event at the next exchange that was “Too Big to Fail”: the best way to stay safe is to keep your funds in your own custody.
I find it somewhat ironic that more than a decade in, we’re still making the same mistakes that satoshi set out to solve.
Again, the problem is in trusting third party middlemen. “Be your own bank” involves a lot of inherent risks, but that responsibility is the price of financial sovereignty.
If we want cryptocurrency to fulfill its promise as a trustless, decentralized financial system, we need to start by taking responsibility for our own funds.
Self-Custody: The Simple Mistakes
As so many users begin moving their assets off of centralized exchanges and into their own custody, there are some things to be aware of, and some simple mistakes you can make if you’re not careful.
- If you’re transferring tokens or stablecoins off exchange, make sure to check the associated fee for withdrawal. ERC-20 tokens, for instance, tend to have a higher fee than ETH or other native assets.
- If you’re withdrawing stablecoins, you might consider converting them to ETH or whatever the primary asset is of the chain you’re moving to. This is for a number of reasons: most stablecoins exist on multiple chains, and it is sometimes easy to withdraw the wrong one.
Additionally, if you’re withdrawing to a freshly-created address in metamask, for instance, you likely don’t have any Ethereum in it, yet. So if you move the ERC-20 tokens there, you won’t have the gas to swap them or even move them again without buying more Ethereum. For these reasons, it might be better to withdraw Ethereum from the exchange, and then swap back to stablecoins or your desired token via a DEX
- When you move your assets to a personal wallet, do not use an online wallet, web wallet, or custodial wallet. These wallets might be “convenient”, but they are also incredibly insecure, and you are entrusting your security to a third party.
Use a software wallet like Metamask or Argent, that gives you control of your own keys.
- Make sure you’re bookmarking the sites you use most often, as a simple typo in the address or search bar might lead you to a fake or phishing lookalike.
Popular DEX sites like Uniswap, Sushiswap, and Quickswap are frequently copied, and other resources like Chainlist you end up needing frequently for RPC data when you’re connecting to other chains & L2s.
- Make sure you triple check any links you click, and only click links from people or organizations you trust. Cryptocurrency is rife with scams, and no one is safe. I have even seen people get scammed in the comment section of popular YouTube videos.
- When you’re storing your keys, keep them in a safe place. We covered some of the advantages and disadvantages of different methods in my previous article on self-custody, but in reality I wouldn’t risk too much with any one method.
The more you own, the more you should be partitioning assets & mitigating risk. If all of your assets are in metamask & it gets compromised? You’re rekt. Even hardware wallets present inherent risks, so the best method overall (in my opinion) is partitioning.
Example: Let’s say you’re only holding Ethereum. Maybe you split it into three or four ‘stacks’.
- You store one stack on a hardware wallet.
- You create a Gnosis Safe for another stack – this gives you a bit more control than a paper wallet, as you can control all the multisig addresses yourself but store them in different places. This takes a bit more time to set up the addresses, but offers more security.
- The third stack you could hold for spot trading, or maybe store the bulk of it on a fresh address you bridge to an L2 like zk.money and shield. Most hacks and fake mints that I’ve seen tend to just scan for Ethereum, Polygon, or BSC holdings, and so keeping some shielded elsewhere might be a smart move.
However you decide to handle your self-custody, I strongly suggest that you at least consider it. I don’t mind using a centralized exchange on occasion. I do not keep funds there. I don’t mind using a centralized platform or service on occasion. I do not keep funds there.
We learn these lessons either in moments of inspiration or moments of desperation. I watched Cryptopia’s discord & how their admins handled situations in 2017, and I started warning people that “Craptopia” was going down sooner or later. That was our “FTX”.
They might change up the tune or the chorus from time to time, but the song remains the same. Until next week…research more; trust less.