How to keep your crypto safe in 2023 | Analyst explains

If 2022 taught that something is that we should 
be careful about how we store our crypto. That   We shouldn't entrust all our funds to centralized 
entities and that controlling our private keys is   The only way to get rid of the counterparty 
risk. But critics say that self-custody is   Too complicated and cumbersome for most crypto 
users. If not done it correctly, managing your   Private keys could be even riskier than trusting a 
third-party custodian. So what is the best way to   Keep your crypto safe? Is self-custody really the 
most reliable option? In this video, we discuss   The nuances of crypto storage with James Check, 
lead on-chain analyst at Glassnode. I'm Giovanni,   On this show we challenge the ideas that are 
shaping the world of crypto. In each episode, we   Challenge a crypto narrative, a price outlook, or 
a potentially disruptive technology. Only the most   Solid ideas will make it to the other side. This 
video is presented by our sponsor, Web3 Antivirus,   A security solution that helps protect users from 
online threats and scams on the decentralized web.   Okay, James, so let's start from the basics. So   What is self-custody according 
to you and why it is important? Sure. I mean, the concept of self-custody is 
essentially taking ownership of these bare   Assets. Now, when people who are brand new to 
the digital asset space kind of asked me this   Question, I think the best analog is like holding 
physical cash, it's like holding physical gold.   And the reason why it's important is that 
it's really one of the key innovations of   Bitcoin being a bare asset, a bare, hard asset 
that you can actually hold outside the system.   And as we've seen over the course of 2022, 
there were several instances where we had   Centralized entities who are the custodians 
who overleveraged, lent out customer assets,   Or just otherwise gambled them away. So in all 
of those instances, if you're not holding your   Own assets, then you are essentially liable. 
They are a liability on someone else's balance   Sheet. And you know, these people, many of 
them ended up with zero. So in many ways,   It's one of these few, the first time we've had a 
digital asset that you can hold in your own keys   In a bare format. And really it overcomes one of 
the largest problems with gold, which was that   It is naturally centralized by design because 
gold coins are just really hard to move around. A few days ago we saw that a Bitcoin core 
developer was the victim of a hack in which   He lost control of his Bitcoin. So he was 
doing self-custody and he had $3.5 million   Worth of bitcoin stolen in a hack. So we don't 
exactly know for sure what happened, or what   Are the details of this, but what I want 
to focus on is the reaction that this   Event sparked specifically on crypto Twitter. 
Basically, a lot of people were saying that if   A Bitcoin core developer couldn't handle 
self-custody wasn't able to self-custody,   Then how would an average user do it? 
People say that this is too complicated   And risky for the average user. So what is 
your comment on those types of reactions?

Yeah, I mean, I completely disagree that 
having a core developer losing their coins,   As unfortunate as it is, at the end of the day, 
I'm also an average person and I've managed to   Do self-custody. If you have gold in your 
vault, if you have cash in your wallet,   It's the same concept. You need to exercise 
a level of responsibility. So understanding   What those attack vectors are and in many 
instances, you know, 24 words or 12 words,   Which is your ultimate seed phrase, that is 
essentially no different from saving your   Password for a password manager. Right. Or a 
password for your bank account. So it's the   Exact same concept. Yes, there are risks, but at 
the same time, we as humans, our job and what we   Do is assess risks. There are no solutions, 
only trade-offs. And the trade-off is you're   Removing that liability on third parties. But you 
have to look after a 12 or 24-word seed phrase. OG Bitcoiner Udi Wertheimer makes a case 
specifically against seed phrases. He says   That this list of words is very difficult to 
keep safe for years and learn how to do is   Also very difficult. He recommends 
using custody solutions that don't   Require handling the seed phrase yourself. 
What do you think about these statements? I think that the example he's probably alluding 
to is things like collaborative custody, like,   You know, Unchained and some of these companies 
who give you a two or three or a three or five,   Whatever your setup is, they can provide you 
with a collaborative custody solution. They're   Absolutely a fantastic solution. I'm glad 
that they exist. But if your weakest link   Is somebody getting into your email account to do 
the social recovery for you, right? They can do   Reset passwords. They get the link, suddenly they 
get your funds. So it's one of those things where   Collaborative custody is important. It solves 
a certain problem, but you open up a different   Attack vector, which is what happens if you lose 
the password to your email account. So at the end   Of the day, all of this actually boils down to 
what is the weakest link in your security setup?   And there is no correct answer. It is a process 
that people need to go through. It's a personal   Decision. At an individual level. It's the same 
as all privacy, all security online. What is your   Weakest link? If somebody can get into your master 
email account and reset all of your bank passwords   And access your social recovery, then you may as 
well have had 12 words written down a book in the   Back of your cupboard. So, you know, at the end of 
the day, identifying what is the weakest link is   Not a difficult process. It's just a process 
people actually need to do the work for. And   It's no different to whether you're doing social 
recovery or a pure self-custody type set up at   The end of the day comes down to education and 
spending the required hours to look after the   Wealth that you're putting into this wallet. If 
you're not willing to put more than 5 minutes into   It, then don't put more than $5 into it. If you're 
willing to do 100 hours now, you can start talking   About doing your significant sums of savings. 
So again, everything scales with the use case.

So when you talk about these weak links,   What do you mean exactly? Can 
you give us a practical example? So let's say you have a password manager and you 
put your 12 words inside your password manager and   Then you post your password manager's password to 
your Dropbox. Somebody getting into your Dropbox   Is the weakest link because that is the pathway 
by which they will access. You kind of look at   It as like a flow chart. If your seed phrase is 
locked in a vault and that's the only place that   It exists, then somebody breaking into your house 
and stealing that 12 words, that is your weakest   Link. So it's about identifying if the attack 
vector is that you're going to lose your 24 words,   What are the multiple pathways that somebody 
could use to actually get to those 24 words and   Essentially identifying what is the weakest part 
of that puzzle that will essentially give them up. Another point   Made by Wertheimer is that different types of 
crypto use require a different type of custody.   So he makes the point that, yeah, holding your 
coins in a hardware wallet is a good solution if   You are storing your wealth for the future, for 
future generations, or for anyway for the long   Term. But if you use your crypto for swapping 
NFTs ten times per day or for on-chain trading,   Then holding your crypto on such a hardware 
wallet is not the most user-friendly, comfortable   Solution. Don't you think that it depends also 
on the usage that you are making of that crypto? Of course, and it's about having the 
right tool for the right job. You know,   In my personal setup, I have cold 
storage, I have warm storage,   Which is coins that I have on my mobile, 
but I cannot just send with my mobile.   You still need a hardware device to actually send 
them. You've got cold storage that's completely   Separated from the Internet at all times and 
is very secure. And then I have a hot wallet,   Which is if I need 100 bucks, 200 bucks to just 
move around or do an intermediary transaction,   Then you have a hot wallet that's just a wallet 
on your phone, right? It comes down to the right   Tool for the right job. And with all of these 
things, you have different levels of security. Wertheimer points out that third-party 
custodians are not always bad. For example,   He makes the example of Michael Saylor. So 
Michael Saylor stores his crypto, apparently,   In a third-party custodian. 
And he said that if he does it,   Then why wouldn't the average user do it? 
And then he also says you can put part of   Your holdings on different third-party 
custodians, on different, for example,   Exchanges, in order to minimize the risk. What do 
you think about this solution as an alternative? Yeah, I mean, you know, I'm going to disagree with 
Udi on this one because if you think about it,   So let's just take the Michael Saylor approach. 
I'm quite positive that the custodial setup that   Michael Saylor and Michael and MicroStrategy 
have, If the bill from Coinbase or whoever their  

Custodian is, if the bill came to you and I, it 
would send us broke, right? The amount of money   That he would be paying in order to obtain that 
level of custody and that whole solution, it's not   Feasible for the average person. So really what 
you're saying there is that people just deposit   Across all these exchanges. Okay, So what is the 
weakest link? Well, the weakest link is you now   Have let's just say, for example, five exchanges. 
You've split your deposits one-fifth in each. Now   You have to manage five different passwords and 
five different two-factor authentication methods.   So when you actually peel back that onion, the 
solution that Udi is proposing is far worse   Because you have more passwords, more two-factor, 
and you still have third-party custodial risk. Yeah, that makes sense. Although having 
to remember those passwords is not as   Critical as when you remember you have 
to remember your seed phrase because I   Think there are retrieval systems in 
case of exchanges and third parties,   While there are no retrieval systems 
in the case you lose your seed phrase. Of course, but it comes down to trade-offs,   It comes down to hardware. You know, there are 
mitigation solutions even within that framework   To make it really, really difficult 
for you to lose your coins. When that accident happened, you pointed 
out on Twitter how you would recommend   An average user to approach self-custody. 
So can you guide us through this process? As I mentioned, it is a learning journey, right? 
When you start with your first by just downloading   An app, you know, in terms of Bitcoin wallets 
like a Nunchuck or a Green Wallet or any of   These self-custodial wallets, they give you the 
12 words. They're very, very simple to set up.   And you can start storing coins there, right? 
Very, very simple. All supported by exchanges,   Really, even in the modern era, are pretty 
hard to get wrong. So you can start with   A mobile wallet, right? Everyone's 
going to mobile phone. Fairly simple.   As you start to build up your holdings, you've 
got some kind of meaningful wealth, you know,   A couple of thousand dollars. It's starting to 
get meaningful. Well, investing in a $120 Ledger   Or a cold card or something to just give you 
that extra security is really the next logical   Step. Now the Ledger and Trezors are super, 
super easy from a user interface perspective.   You know, people who have multiple coins, 
and these things offer you a really clean   User interface. Again, once they're set up and 
you've done the initial setup with the 12 words,   So you're used to this, the transfer across 
to a hardware wallet is a pretty, pretty basic   Next step, right? You're not scaring yourself by 
going all the way to a multisig with six devices. You're just starting with 12 words, a 
mobile app, hardware wallet. And then   Once you get beyond that, the next step is really 
to start thinking about, you know, if you've got   A meaningful amount of wealth, you can start to 
think about do you have multiple hardware devices?  

Do you move to something like a cold card that 
gives you more options in terms of passphrases?   You know, do you actually have multiple 
signing devices? Is that actually keeping   It simple or are you making it too complex for 
yourself? So experiment, find the software,   Find the wallet, try different things, 
try different hardware vendors. You know,   I've been in this industry for almost six years 
now, and I've used most hardware wallets, right?   You buy one version of each one and you just play 
around with it, see what works, and eventually,   You settle on, I like this. This makes sense. 
I understand it. Here's my process. And again,   It scales with your holdings. $100, 
who cares? $100 grand. Different story. Awesome. Yeah, I think that was 
a great overview of the different   Approaches that people can use for this, 
and hopefully, people watching will be   Able to think about it and choose their 
own personal solution for self-custody.   So yeah, thanks a lot, James, for 
coming on our show, and Happy New Year! Thank you. Happy New Year.