The Dos and Don’ts of Bitcoin Self-Custody
Bitcoin is a completely decentralized system, there is no ability to reverse payments, and there is no customer support line where you can call for help if you mess something up. When you take self-custody of your own Bitcoin, you and only you are responsible for the safety of your funds. Self-custody also means that no one can freeze your funds, and no one can stop you from making a payment you want to make. It’s a double-edged sword: there are huge benefits to self-custody, but it also comes with responsibility.
If you make a mistake and send Bitcoin to the wrong address there is no undoing it. Then if someone can access your seed phrase (seed words), there is no customer support to help you, that person now has access to your money. If you lose your keys and your seed phrase backups, there is no recovery process to get your wallet back. It’s very much like cash in that regard: once it’s gone, it’s gone.
People generally go through life with no existential anxiety over having small amounts of cash but protecting significant amounts of money presents a source of worry, and Bitcoin is no different.
Custody and Crypto Wallets
When it comes to managing your Bitcoin, there are multiple types of wallets you can use. However, not all of them offer you true ownership of your assets. Here’s a breakdown of the types of wallets you will encounter and how they approach self-custody.
Custodial Wallets
Custodial wallets are generally offered by centralized exchanges, the same platforms that allow you to buy Bitcoin with fiat currency. These wallets work essentially just like a bank account. You do not actually have any control of your money. They can freeze your funds, lock and close your account, and deny you permission to make transactions or withdrawals with your own money. They do offer the potential to transact very cheaply with other users of the same wallet, but at the cost of giving control over your money to the custodian. They should never be used to store any significant amount of money, and any Bitcoin you purchase should be withdrawn to a non-custodial wallet as soon as possible.
Non-Custodial Wallets
Non-custodial wallets all offer true self-custody: only you have access to your assets. But even wallets that offer self-custody come with a range of trade-offs. They can also serve different purposes.
Software Wallets, also known as hot wallets, run on your mobile phone or your laptop computer. They do leave control over your funds in your own hands, but they manage and store the private keys on your device. This exposes them to the risk of compromise by hackers. You should only protect small amounts of money with a software wallet, what you reasonably expect to spend in a short time period.
A hardware wallet is a special device designed to keep your private keys as secure as possible. These devices are what you should use to store the bulk of your Bitcoin. They keep the private key offline and inaccessible to any threat from hackers, and allow signing transactions in a secure environment. A special note when using hardware wallets, the vast majority of them have a screen on the device that is used to display information about where a transaction is being sent before signing. Always double check the address and amounts shown by your device when signing to make sure the money is being sent to the correct place.
How to approach Self-Custody
Here are some basic steps you can take to ensure you are interacting with your Bitcoin in a safe and secure manner:
Test Your Backups
The first thing you have to do when taking custody of your own funds is to generate your seed words, also known as a seed phrase. This is like the master key to all of the accounts you will create with that wallet.
When you first complete the wallet setup, your wallet will generate a random number called a seed, or entropy. From there, your wallet will translate this number into 12-24 words called a seed phrase, or seed words.
Any wallet that is properly designed to encourage user safety should have you verify and prove you wrote down the seed phrase by challenging you on some (or all) of the words in it. If you are managing significant sums of money, it is always safest to double-check.
To follow, you will need to generate an “account” which will create your wallet’s first receiving address, which looks like this: bc1q653jc5hxawj5lwxgm8tt73qzw6rurmc5d42qd2
It never hurts to be safe and double-check things. After you’ve finished setting up your wallet, but before you start transacting, you can reset the wallet and re-initialize it. Instead of generating a new seed phrase, you can import the one you just backed up. If the first Bitcoin address is the same, you can be sure you’ve correctly backed up your seed phrase.
Send A Test Transaction
When it comes to making your first withdrawal from an exchange it can be a bit nerve-wracking. Is this address correct? Did I make a mistake? One of the scariest things for many people about Bitcoin is the digital nature of it. Everyone has in their mind this image from a movie scene where someone teenage hacker compromises a government system to further the plot. Most people don’t understand the first thing about how computers work, but they understand there are numerous ways they can be compromised or hacked.
I don’t know about you, but when there is a risk I am aware of that could affect me and I don’t understand how that risk exposes itself to me, I get worried. Just like verifying your seed phrase by recovering the backup before using the wallet, you can send coins to your wallet slowly. If someone were to compromise how you generated your wallet in the first place, they would be able to take any money you send to that wallet the instant you send it.
So just don’t send all of your money at once. Send a small test transaction with a tiny percent of the Bitcoin you intend to take into self-custody. Make sure those funds actually show up in your wallet first. To really be sure, you can even make sure that you can spend those coins by sending them back to the next address in your wallet.
After making a test transaction and ensuring that you have the keys needed to spend money sent to that wallet, you can deposit the rest of your money to that wallet. After a small test deposit without seeing such a transaction occur that you didn’t initiate, you can have much greater confidence that your wallet was set up securely.
NEVER Create Digital Seed Phrase Backups
Your seed phrase backup is your money. Whoever has access to your seed has full access to your funds. There is no customer support line to call, there are no chargebacks or insurance coverage for stolen funds in non-custodial Bitcoin wallets. If you mess this up, what’s done is done.
Hardware wallets that you actually use to sign transactions are specifically designed to hold the private keys your seed generates securely. When you make a backup of your seed phrase it should strictly be on something analog; a piece of paper, a steel plate with punched letters, something physical and completely offline.
You should NEVER do something like take a screenshot or picture of your seed phrase on your phone, or keep a backup in a text document or Google Cloud or iCloud. People’s computers and internet service accounts get hacked and compromised on a regular basis at very large scales.
Only keeping your keys stored on a physical medium like paper, and a secure device like a hardware wallet immensely lowers your risk of your coins being stolen through the compromise of your seed phrase. Your iCloud account can be hacked remotely from anywhere, whereas the seed phrase backup on steel in your safe requires someone to physically break into your safe.
Multisig Requires Extra Backups!
If you are using a multisig wallet, the seed phrase backups are not enough to recover your funds. The point of multisig is to increase your security by requiring more than one key to sign to spend your money. Typically, they will require a minimum threshold of devices that must sign each transaction. For example, it might require 2 out of 3 signatures. This ensures that someone compromising or you losing a key or two doesn’t result in losing your funds, but it comes with a nuanced catch. You can lose some of the private keys in a multisig, but if you don’t keep all of your public keys, you won’t be able to find your Bitcoin on the blockchain to spend in the future. This is due to how multisig wallets create the information necessary to process transactions.
When you make backups for a multisig wallet, each individual private key backup should also be accompanied by a backup of the public keys (wallets will call this an “xpub”) for all of the wallet addresses involved in the multisig. This ensures that you can find your coins on-chain even if you lose access to one of the accounts.
Never Talk About Your Stack
Being involved in Bitcoin can be a very exciting experience, especially when the price is going up. This can also be a liability depending on who knows about your Bitcoin holdings. As was mentioned earlier, if someone can gain access to your seed phrase they gain access to your money. Bitcoin has the potential to become immensely valuable in the future.
Owning Bitcoin is not a fact that you should be parading around to the whole world and everyone you know. Obviously, if you are married it will be very difficult to keep a significant sum of Bitcoin secret from your spouse. If you have very close friends, it’s something likely to come up or be observed by them over time.
But you don’t have to go telling everyone you meet that you own Bitcoin. And you shouldn’t. As Bitcoin has increased in value over the years, physical attacks on Bitcoiners in order to steal their money have become more and more common. The more people who know you hold Bitcoin, the greater your exposure to potential risks like that.
Don’t go blabbing your mouth off to everyone you meet about your Bitcoin stack.
Wrapping Up
Bitcoin can be, although it shouldn’t be, an intimidating thing to take possession of. It’s just like cash in a way, if you lose it no one can do anything about it. But in other ways, it’s not quite like cash at all.
People are worried about holding large sums of cash because if you lose it or someone steals it, it’s gone for good. Bitcoin can be backed up. If you lose your Bitcoin, you can literally just magically get it back if you have a backup. That’s because your Bitcoin isn’t in your wallet, your Bitcoin is stored on the blockchain. If you have a copy of your seed phrase you can regain access to all of your BTC no matter which wallet you use.
You can’t just “back up” physical cash. A xerox copy of cash isn’t cash, and won’t be treated as such by anyone. But a Bitcoin word seed phrase restores your access to your Bitcoin instantly. That should be an alleviation of anxiety when comparing Bitcoin to something like cash.
Multisig wallets offer an option to defend against theft. When you have a safe full of cash at home, someone can simply break into your house and take all of it. With a multisig Bitcoin wallet, if you only have a single key at home with you a thief cannot take your Bitcoin by breaking in and taking the key you have at home. This is something that cash cannot do.
Larger amounts of cash are a large incentive for thieves to target you. But if they don’t know you have a large amount of cash, they have no reason to target you. Just don’t tell them about it. Bitcoin isn’t a special variable here.
Bitcoin can be intimidating to self-custody because of the risks it shares in common with cash, but when you really take the time to learn what tools are available to help you self-custody it, it’s not that intimidating. In many ways, it can be safer than cash to hold yourself.
So stop worrying, have a little patience, and slowly take the time to learn the basic things you can do to protect your stack yourself. After a little while you won’t even think twice about it.