During an upgrade to the Compound platform, a bug caused the system to transfer close to $90 million in COMP (their cryptocurrency) to random users. In a desperate tweet, Compound’s CEO begged the users to give the money back. He threatened to dox the users. (That’s a slang term for making user identities public or, in this case, reporting them to the IRS.) Then offered a 10 percent reward for “doing the right thing.”
There are many crisis management lessons here. But let’s concentrate on one of the fundamental tenets of decentralized finance (DeFi); the ability to make financial transactions without the need for a trusted intermediary. Said differently, there’s no one for Compound to go see. They can ask for the money back, but if the recipients choose to keep it, Compound has zero recourse.
As you think through the implications of using and guarding your own money without the protection of a central authority your schadenfreude will be interrupted by a sobering question; if DeFi professionals can’t keep their money safe, how can you? It’s the right question, so let’s review some of the tools and techniques you should be familiar with as you begin your DeFi journey.
Encrypting Your Crypto
The moment comes when you realize there’s real money in your crypto wallet and you start wondering about hackers and ransomware and all kinds of bad stuff. If you’ve set up a digital wallet, bought some crypto, and collected a few NFTs and you’re starting to trade across a range of marketplaces and exchanges, you are starting to experience the exceptional financial freedom the world of DeFi has to offer. Of course, there’s a catch… Now, you’re also in charge of guarding the treasury.
This is exactly as scary as it sounds, which is one of the main reasons people put their money in banks. Not only are banks good at protecting your money, in the United States, you can choose bank accounts that are insured by the Federal Deposit Insurance Corporation or the National Credit Union Administration so if something happens to the bank, your money is still safe.
In lieu of safety, or insurance, or even customer service, DeFi transactions come with a warning: “All transactions final.” And an admonition: “Protect yourself at all times.”
Guarding the Vault
It is in the spirit of this last little bit of wisdom that I offer some workflow and process to help you protect your crypto holdings.
First, make sure you are using a name brand digital wallet. There are software wallets and hardware wallets. You should have both. When choosing a wallet, make sure that it is compatible with the cryptocurrency you want to store in it.
Use your hardware wallets to store the crypto you are hodling (crypto-slang for holding). That’s wallets. Plural. If you have a substantial sum of crypto, you should keep it in several different wallets. My suggestion is to have the percentage of tokens in any given wallet allocated to mirror your portfolio. A mix of coins. It probably goes without saying, but don’t put all your crypto in one wallet. Ever!
There are several popular hardware wallets. I am a fan of the Ledger Nano X and the Trezor Model T. I don’t have a relationship with either company; I purchase my wallets retail directly from their respective sites. There are some promo codes to be found online, but for reasons that will become obvious as you read on, only purchase your hardware wallets directly from the manufacturer’s website. Do not break this rule. Purchase enough wallets (from more than one vendor) to split your portfolio up into thirds or more. Don’t put all your crypto in one wallet. Ever! (Did I mention that before?)
You can keep a small amount of crypto in software wallets. There are many to choose from. Because of its browser extension, Metamask is a great utility wallet. There’s also Coinomi, Coinbase Wallet, Trust Wallet, Exodus, Electrum, Mycelium … the list is long. Some have fully functional smartphone apps, and others have apps that give you visibility into your wallet but don’t offer access. Some apps are Bluetooth; others use the web. No matter which one you choose, just keep enough crypto in your software wallets to do your daily crypto business. Whatever you’re hodling, keep it offline!
Storing Your Passwords and Recovery Phrases
No matter which wallets you choose, you will set them up with a password or pin and they will almost certainly require a 12- or 24-word recovery phrase. If you’ve never set up a digital wallet, go to Metamask and set one up. You don’t need to put any crypto into it. You never need to use it, but you should go through the process of setting up a secure digital wallet. When you’re done, you will have two important things to write down: your password or pin, and your recovery phrase. Where will you store them for safekeeping?
A Trusted Family Member or Friend
You need to make sure that someone (other than you) has access to the records and understands exactly where your physical hardware wallets are hidden, and where the computer or smartphone with your software wallets is located. Otherwise, if something happens to you, your crypto goes with you.
Old School
You can write down your password and recovery phrase on a piece of paper and store the paper in a safe or safety deposit box or wherever you keep important documents. But understand that you will change your passwords quite often and you are going to have several wallets. Paper records are fine. I would suggest doing this no matter what other solutions you choose.
Slightly Newer School
For a mostly safe way to store your wallet information on your computer, you can copy and paste it into a Microsoft Word or Excel document and encrypt the file when you save it. File>Info>Protect Workbook (Document), then enter your document password, then confirm it, and your document cannot be opened without that password. It’s pretty good protection, and if you don’t name the document something like “My Crypto Passwords,” it won’t be found by a casual snooper.
Your Inner James Bond
To take it up a notch, take a new USB drive (flash drive, thumb drive, USB stick) and when you open it, right click it and select “Turn on Bitlocker” on a Windows PC, or “Encrypt” on a Mac. Linux peeps, there are good instructions here. Once you’ve encrypted and password protected the USB drive, save your encrypted, password-protected documents to it and remove them from your computer. You don’t need to put the USB drive in a safe (unless you want to); you can just keep it in a safe place. The info on it is about as safe as it can be in a digital world. This solution will only work on one operating system. So Mac encryption is readable on a Mac, Windows on a Windows PC, etc. Some cross-platform commercial encryption software is available, but I have not had wonderful experiences with any of it. Bitlocker works. Encrypt works. The Linux encryption sequence I linked to above works.
Channeling Tony Stark
There’s always a next level. You can purchase a hardware-encrypted USB drive. They are expensive. On the other hand, if you feel you need even more protection, Kingston’s IronKey or Apricorn Aegis Secure Key or other so-called military-grade encrypted USB drives may work for you. Some of these drives (the expensive ones) have self-destruct capabilities if too many failed login attempts happen in a row. Others offer higher levels of security or speed. Because they are hardware based, almost all of these drives will work on any computer platform.
Where You Are Most Vulnerable
Do not get too crazy with encryption. It is not your first line of defense. Use strong passwords on your computer and make sure your antivirus software is up to date. If you truly want to protect your “vault,” keep it offline as much as possible. This can be accomplished by dedicating a PC or Mac as “crypto only.” By dedicating, I mean nothing is on the computer but your wallet software and a browser − not Zoom, not Netflix, not email − nothing but your crypto software.
The reason for this is simple. You are the weakest link in your online security. The doing of online business happens on your computer and your smartphone. You can do online banking with a bank because they are doing all the security for you. When you are both banker and security team, you need to reduce, to the highest extent possible, common attack vectors. Isolated, dedicated hardware and software reduce your likelihood of clicking on something you shouldn’t click on.
Want to know more? This article is an excerpt from my Amazon #1 Best Seller, Blockchain – Cryptocurrency, NFTs & Smart Contracts: An executive guide to the world of decentralized finance 2nd Edition. Mark Cuban calls it “a crisp, easy to understand overview of crypto and DeFi.”
Want to chat about a blockchain project?
If the form is not visible, click here.
Author’s note: This is not a sponsored post. I am the author of this article and it expresses my own opinions. I am not, nor is my company, receiving compensation for it. I am not a financial advisor. Nothing in this article should be considered financial advice. If you are considering any type of investment you should conduct your own research and, if necessary, seek the advice of a licensed financial advisor.