Unlike in traditional finance, in crypto you can truly own your money. Because whoever controls the cryptographic keys, controls the funds. That's a fundamental property and THE major benefit of crypto. If you don't have your keys, you don't really own your coins. If you deposit your coins on an exchange, you risk them going bankrupt. Instead, if you own the keys, then you are the custodian: we call that self-custody. How can you learn to take self-custody? 

Custody is a spectrum. You can slowly move your way up from other parties holding your coins, to full self-custody. In between are multi signature solutions, where you can have control delegated to multiple parties.  

Let's dive in (this article is based on the work of the great Bitcoin teacher Andreas 'not your keys, not your coins' Antonopoulos).

How keys relate to your coins 

How does a cryptographic key give you control over funds?  

A key is an insanely large number, sometimes with letters intermingled. But it's just a number. The number of keys available is comparable than the number of atoms in the universe. That's the basis of the security in this industry. It guarantees that no one will guess your private key. A key is like a password: only people with the password, have access to the coins. 

How do keys work?

You don't have to generate your own key. A random generator built in your crypto wallet does it for you. 

You must prevent other people from accessing your key: it's not for nothing we call it your private key. 

A private key does two things for you: 

• It generates an address where you can receive coins. This address is public.
• It generates a digital signature - the public key - that proves we control the address

So, the private key is used to generate a public key that you can share anywhere you want. Based on the public key, another person can know you own the funds. But they can't derive the private key from the public key.

HD wallets store many private keys for many coins

The practical problem with private keys is that you will own many private keys if you own multiple cryptocurrencies. Another privacy related issue is that ideally you don't want to reuse an address. Otherwise, people will know how much coins you own. 

That's why so-called Hierarchically Deterministic Wallets (HD Wallets) were invented. They store and back up all your private keys.  

Instead of one private key, this type of wallet generates from a 'seed' an entire tree of keys. Each branch is used for storing different coins. View them as accounts and (sub)accounts. Keep in mind that an HD wallet, unlike a hardware wallet, (see below), is not physical, not even an app: it's pure information that can be used and recreated. 

An HD wallet: an information tree that can hold many coins

The seed of the above tree is the private key: it is the only thing you need to back up. With the seed you can at any time recreate the entire tree, for example on another device. 

So, to recap, HD wallets will allow you to:

• Store multiple coins
• Use different addresses for each transaction
• A seed will recreate the tree (with all the coins) every time

Mnemonic backup and recovery

Mnemonic phrase: easy way to remember your private key
As large numbers are not easy to remember or even copy manually, private keys are for convenience encoded as a mnemonic phrase (also known as recovery phrase or seed phrase). The large number which is the private key is presented to you as a series of 12 to 24 English words. It is easy to write down and store as a backup.

Example of a mnemonic phrase (no funds on this address) 

Remember that the mnemonic phrase is the password. With it, you can always access your funds. Simply by entering them in a crypto wallet - either a software or hardware wallet. 

Storing your mnemonic phrase

When setting it up, your smartphone/desktop wallet or hardware wallet will generate a new private key, from which the mnemonic phrase is derived. The device will prompt you to write down the 12 or 24 words in the exact order. 

If you start implementing a new wallet, DO THIS! Write down the words in the right order.

How to record and store your mnemonic phrase

There are two main ways people store their mnemonic phrases: 

• Written down with paper and pen, potentially laminated
• Stamped in steel 

In either case, make two copies, for an added level of security.

Store these mnemonic phrases at safe locations, for example a safe. 

Don't overcomplicate storing your mnemonic phrase

Don't be too cute or sophisticated. Don't encrypt the mnemonic phrase itself, and don't split it up in different pieces that you store in different locations. Don't ever upload it, even in encrypted form. 

A mnemonic phrase should be kept offline. Storing it in a text file in the cloud will make it vulnerable to being hacked. The same goes for digital photos. Also, never type it into a device that is connected to the internet.

Multisig and shared custody 

Besides the options of taking total control and handing over control to a custodian, there is a third option: shared custody between multiple owners or devices. 

Multisignature schemes

In Bitcoin, for example, there is a special type of address that requires more than one person or device to sign and get access to the funds.

Multisignature (multisig) schemes can be set up as for example: 

• 2 of 3: at least two keys out of three are needed to sign
• 3 of 5: at least three keys out of five are needed to sign 

Multi-factor, single-party

Alternatively, you can set up a multisig scheme where you need more than one device to sign. For example, you need at least two of three devices to sign a transaction.  

Why set up this option? Well, if you lose a device, you're still in control of your funds. Or, if a thief gets access to one set of private keys, he doesn't have enough control to sign transactions. 

The best multisig scheme for self-custody

Why even bother handing some of the keys to a third party, a custodian? Well, let's say you set up a 2 out of 3 multisig scheme. The single key you give to the custodian is a form of backup. This key alone doesn't give them access to your funds. Whereas you make sure that you have 2 keys yourself, so you can sign independently of the custodial service. But in case you lose one of your keys, you can ask them to co-sign.

To summarize: shared custody can function as a backup mechanism where you still have ownership, but offload some of the responsibility of backing up the keys to a third party. If you lose one of your keys, you can be rescued by the custodian. 

Tiered storage: different forms of custody for different funds 

Let's face it: not everyone is a hodler, there are traders too. They want to have funds to trade with on a custodial service like LiteBit. 

Hot storage
The word hot refers to the fact that the private keys are stored online. For example, you have an account at a crypto exchange where you have funds to trade with, or your MetaMask wallet (an app or browser extension). 

Cold storage
The funds that you never or rarely access and keep safe in one of the ways described above. A typical way to implement cold storage is by a hardware wallet (see below). 

Most people who start out in crypto start with hot storage. They buy some coins on an exchange, or buy an NFT with their MetaMask app. As you get more involved in crypto, and collect more funds, it makes sense to go the safe way and start moving (a part of) your funds to cold storage.

Using a hardware wallet

The highest step of the self-custody ladder is using a hardware wallet. These are pieces of hardware that can resemble a usb-stick. They're small, single-purpose computers that you connect to your desktop of mobile phone. The most common brands are Ledger and Trezor. 

Hardware wallets generate and hold your private keys and allow you to sign transactions.

Example of a hardware wallet. Source: Ledger 

Why is a hardware wallet a form of cold storage? It's because it keeps your private keys physically separate from any computer or smartphone. Still, to interact with the hardware wallet, you will need some sort of wallet software on your desktop or mobile phone that either supports the device or is directly supplied by the hardware wallet manufacturer. But the private keys will never leave the hardware wallet. And you only sign for transactions on the hardware wallet itself.

Losing your hardware wallet won't mean losing your coins

The term wallet isn't totally apt here. A hardware wallet is more like a keychain. As long as you have a backup key - that's your mnenonic phrase (see above), you won't lose your funds, even if you lose your hardware wallet. The hardware wallet itself is protected by a pin code of your choice. So, if your hardware wallet would be stolen it won't give the thief access to your crypto.

Using a software wallet

You can self-custody with a software wallet. This is a form of 'hot storage', as the generation and signing of private keys happens on a device like a mobile phone or desktop computer. This means that they are connected to the internet and its connectivity devices. That makes hot storage vulnerable to viruses such as keyword loggers. 

Why use a software wallet? Well, it's easier and faster to use than a hardware wallet. To buy let's say a not-too-expensive NFT on OpenSea, sure you could use a software wallet like MetaMask. But to permanently store it, why not move it to your hardware wallet? 

Conclusion: a skill that liberates

This all seems like quite some work, and it is. Taking custody of your assets is the work you have to put in to set you free from third parties managing and misusing your money. The good news is that you are free to learn this new skill at the pace and with the amount of money that feels comfortable to you.