How to Prioritize your Accountability in Crypto
A helpful framework for maintaining effective Operation Security (OpSec) and keeping your tokens safe before venturing into crypto.
Welcome from the team at GG Capital! Join our community of insightful researchers as they dive into crypto by subscribing here:
As crypto users, both new and old, spend time and money exploring new ecosystems, there are countless opportunities for them to fall victim to a protocol flaw or their own mistakes. Even the most advanced veteran might forget about securing their information or connecting their wallet to the wrong website. This eventual fear of losing one’s assets should be enough to force people to recognize what is at stake, however, this reality is not alarming enough to new market entrants.
When someone uses their first Decentralized Finance (DeFi) protocol, there might be instances where they forgo all areas of risk management in the hopes of acquiring extremely high yields. These moments usually occur when the user feels they would miss out on any other opportunity available to them. This is exactly when people are at their most vulnerable and hackers or scammers are most prepared to capitalize on your misjudgment.
Fortunately, as users placed within a transparent financial world, we have the opportunity to improve our Operational Security (OpSec) and truly maximize how we view risk management from a security standpoint. This can include understanding the common practices of scammers, researching different forms of wallet infrastructure, or simply realizing the importance of what it means to self-custody.
No matter how we look at the pros and cons of this environment, the crypto industry creates a mutually inclusive space for individuals to create new chances for themselves. This space should be viewed as the embodiment of holding yourself accountable, however, it is up to the user to prioritize their security as no one else will do it for them.
The Epitome of Accountability
This title is the verbatim description I explain to those interested in getting started with cryptocurrencies. Due to the 24/7 nature of crypto markets, this statement could be assumed to apply to:
Your emotions while leverage trading.
Purchasing the new NFT project you have heard so much about.
Testing out the unaudited lending protocol that Twitter is obsessed with.
In each case, the end-user is undoubtedly responsible for any decisions they make, yet there is a foundational understanding of this that everyone should comprehend before diving into each crypto sector.
So what can we understand by this description specifically? Every transaction you sign in crypto matters.
Being able to comprehend addresses, accounts, block explorers, and overall transactions before their execution is key to staying safe, especially for beginners. There have been plenty of horror stories of people sending large sums of crypto to an incorrect address with nothing that can be done because the blockchain is immutable.
Although these can be irregular, such a mistake could have been easily prevented just by double-checking the destination address when you were creating the transaction. These are important and foundational details that new people may not prioritize when exploring this industry, since being able to oversee all of your funds at your discretion may be a unique experience for users. This is commonly described as self-custody and should be your first step in comprehending how to maneuver in this space.
Custody as a Pillar of Crypto
One of the main purposes of crypto is that the end-user has full control of their assets. This concept originates from the understanding that whoever has custody of your private key has control of your tokens. The private key of your ledger can be viewed similarly to the password of your email, especially since this private key is what enables you to make transactions. For example, if you have your crypto stored on a Centralized Exchange (CEX) such as Coinbase or Binance, you are not the one in control of your assets. No, seriously.
You are only entitled to the username and password to hopefully be able to withdraw those assets (when you get the chance, read the fine print).
This is often referred to as third-party custody or a custodial exchange. While I am not a proponent of third-party custody, I also understand the beneficial solutions it provides and the ease of trusting an outside counterparty. Some people simply do not believe themselves capable of keeping their crypto safe. In some cases, they might be unfamiliar with interacting on-chain which is understandable; one mistake and poof your assets are nonexistent.
However, when understanding the reason behind creating and using cryptocurrencies, this mentality goes against the entire thesis of blockchains. Even though from a psychological standpoint, comfort matters to a degree, you must understand your personal responsibility when operating free of traditional systems in this space. Due to the centralization that comes with third-party solutions, using a CEX could be the main way for high-net-worth individuals and institutions to obtain bank-level security for their assets. Some of these third-party custodians add further protection by providing insurance for deposits.
Without hearing about self-custody, this sounds like the no-brainer solution for its proposed security and ease of use but these platforms also come with their pitfalls. Many of these same exchanges have been hacked and lost hundreds of millions of customers’ funds. Other times, exchanges have halted withdrawals after revealing they had lent out customer funds. For example, victims of the Mt. Gox hack in 2014 infamously lost nearly 740k BTC or $29B at current prices.
A much more recent exploit that users should be aware of occurred during the Crypto.com hack, a “regulated” platform that the everyday user would assume is protected. While this occurrence only affected a relatively small number of users (483 at the time of writing), this still led to $35M of losses. Now, you may counter that by saying that Crypto.com explained it would reimburse its users for the loss.
This is correct after you file a police report for an issue that happened while they controlled your assets. Oh, and only up to a limit of $250k, so imagine if you stored more than that on their platform. Although larger amounts might not be relevant to these users, we can at least apply this “limit” as a precedent for any future exploits.
Furthermore, if you held all your assets here, you are effectively bankrupt and would have to violate your privacy yet again (even if you already went through their KYC process). The reality of this situation is that blame can be placed on both the user and the CEX itself, however, you are the one that has the option to decide who or what will custody your assets.
Considering this event happened in 2022 and will most likely not be the last, it is a stark reminder that Centralized Exchanges still are not completely safe for new users and for those holding crypto long-term. Understanding that there are tradeoffs between ease of use, accessibility, security, and other factors should be part of the initial foundation that new users establish.
Global Benefits of Crypto
Self-custody will always be a double-edged sword because while it grants you absolute control, accountability becomes a significant tenet in the way you function. If you are detail-oriented and have common sense, most of the attack surface can be minimized to a minute amount. With self-custody, you can have complete sovereignty over your funds. Your assets can be held in various corners of the earth and retrieved or sent at a moment’s notice. What does that mean exactly? Although extremely unfortunate, this point can be illustrated by Russia’s invasion of Ukraine.
Due to many banks in both countries limiting and shutting off cash withdrawals due to potential bank runs, ordinary people were left without any resources to survive with. In this case, we can portray the effective use case that crypto enables: sovereign funds. A currency that can not be confiscated by anyone who does not have access to the private key has a real impact on the well-being of individuals in their most dire time of need.
There were stories of people fleeing the ongoing violence that were able to escape into other countries and access funds that were stored on the blockchain. The beauty of this? If you can memorize your seed phrase which consists of 12-24 words based on the seed format or secure the safety of your private key, you can travel to any place on the planet to access those funds.
While local exchange rates can vary drastically between countries, a common narrative with crypto-natives is that 1 Bitcoin = 1 Bitcoin, 1 ETH = 1 ETH, etc. With this in mind, your crypto can be withdrawn and transferred to other places in the world without worrying about its immutability. The blockchain itself is absolute. However, we should still recognize that the off-ramps/on-ramps for exiting and entering crypto are where infrastructure is lacking to fully support this thesis.
Self-custody also allows you to partake in protocols built on these blockchains. In many cases, this establishes a paradigm shift within your mind when you realize you can do more than simply buy and hold these assets. Sectors like NFTs have been able to onboard large amounts of people into crypto and there are DeFi protocols that offer transparent financial products to users looking to earn a higher yield on their tokens. In traditional finance, the typical savings account in America provides less than 1% APY in interest. For many of these protocols, you can earn anywhere from 2% to 19% APY on assets like stablecoins (tokens pegged to $1 USD).
Courtesy of ValuePenguin
The current state of the traditional banking system serves to only benefit the banks themselves and the rich. They will happily lend your saved money out at an interest rate much greater than the 0.01-0.50% APY they will typically award you and they will do so without telling you where your money is going or what will happen when you ask for it back.
In countries like Venezuela that face hyperinflation due to a weak fiat system and weaker leadership, blockchains act as a safe haven. These networks provide a way to access your own US dollars or Bitcoin to preserve purchasing power, based on what you believe to be a riskier asset. This use case will always be commended, however, this environment is still dangerous and should be a place where protection is prioritized.
Common Risks of Self-Custody
The new technologies and Dapps (Decentralized Applications) being developed now have never been as fully accessible as they are now. We should constantly be aware of this as we are provided with a wide and open lane for innovation, where being early to the right projects can be very lucrative. Despite these benefits, the risks of self-custody are also very real.
Imagine you have hundreds of thousands of dollars in a Bitcoin wallet and believe you know where your physical seed phrase backup is. Then all of a sudden, your phone/computer breaks, relinquishing access to the settings of your wallet where you would otherwise be able to reveal the seed phrase. If you end up realizing that you lost the only physical backup to your seed phrase, those funds are gone forever. There is no customer service or support you can call who would be able to recover that wallet for you.
With this in mind, we can begin to understand that user error is the main area of attack when it comes to self-custody. In such an expansive and complex field, naive investors can be easily separated from their crypto without proper education. Whether this happens through phishing, Googling a website and accessing a fake version, or signing a transaction you do not understand…this all falls back on the individual.
To emphasize once again, this is why the crypto space should be viewed as “the epitome of accountability”. Only you can lose your ticket to financial well-being, regardless of the method how. Thankfully this is not the end of the road because, with continued time and effort, users can grasp knowledge that will gradually feel like common sense as they learn. This process begins with understanding the simpler strategies people take advantage of.
Something smells phishy
Phishing is a very popular tactic for scammers in the cryptocurrency space. This could be a Direct Message on an app like Discord or Telegram that takes you to an unusual website. Here is where the site can ask for your seed phrase or sign a transaction you are not aware of. This should always be a red flag since possessing your seed phrase grants absolute power over the wallet it is connected to. A golden rule for social media sites is to be cautious of people sending you private messages.
Do not fall for anything like this!
For messaging applications like Discord and Telegram, we would recommend closing off your DMs, especially when joining new groups or servers. In most cases, there will not be any value in a random DM from someone telling you “Congratulations, you won this prize!”. Scammers will also portray themselves as administrators to convince you to trust them. Another golden rule in crypto is that admins, moderators, and project team members will never DM you first. Bypassing this trust gives them an easy way for you to let your guard down.
www.uniiswap.com
Fake websites displayed through Google advertisements are another infamous way that people can lose their assets without realizing it. In this case, Google is not your friend when it comes to crypto as they refrain from properly reviewing who pays for these crypto advertisements. There are times when a site may have an extra letter or use an “l” instead of an “I” and you could be blissfully unaware if the rest of the platform looks the same. Make sure to always check the URL of each webpage you visit and double-check what you are doing before connecting your wallet.
Usually, these sites will ask for your seed phrase which should signal an obvious red flag. You also may end up signing a transaction on the site that does not do what it says it does. The learning curve for understanding what a transaction can do is pretty substantial as some of these sites may have a smart contract on the backend that is only used to drain your wallet. Luckily, this risk can be minimized by finding the official project on Twitter and only using official links. Comprehending these risks is key for maneuvering through crypto, however, there is still one factor that user error affects: your wallets.
The Ins and Outs of Wallets
A crypto wallet is a program, device, or service that securely contains the private key used to access your public key. This is often viewed as the wallet address (“0x…” for Ethereum and “bc1…” for Bitcoin addresses) that houses where users make their transactions. Since the primary focus of a wallet is to store your private key, multiple methods have been created around this purpose for either increasing security or improving useability.
The first example we will touch on is a hardware wallet. Usually portrayed as a small flash drive, these devices can be used as portable devices to access your tokens. Outside of signing a bad transaction or the physical attack vector, you potentially can become “unhackable” when it comes to self-custody. As long as you can keep your private key offline and securely stored, your device will be kept out of reach from those online.
Unfortunately, one issue that users should be aware of is the origin of these hardware wallets. Unless you can verify the purchase of your wallet, you might fall victim to a fake device that drains funds once they are transferred. The easiest solution to this type of user error? Purchase your hardware wallet only from the official website, such as Trezor and Ledger. You can also check out GridPlus if you are willing to pay extra for security and efficiency.
Hardware wallets remain effective by generating your private key or seed phrase offline, which prevents it from being intercepted or remotely accessed. When using the wallet, the private key stored on the device will never be exposed to the Internet. This means that if you are savvy enough to mitigate the other attack surfaces, physical access is the only way your funds can be stolen.
Depending on the wallet, a PIN is required to access it or an additional passphrase can be deployed to create a decoy wallet on the device to hide your main wallet, which can render physical access moot. One important aspect of this is that once you create a backup of your private key but the device is physically stolen, you can recover these funds by restoring the wallet address to a new device. At this point, you can safely transfer the funds to a brand new wallet without fear of the wallet being drained.
The benefits of a hardware wallet far outweigh any negatives in many circumstances. However, we can assume that the average beginner in crypto does not want to go out of their way to spend $100+ on a hardware wallet when they are not aware of its importance. In these instances, the new user might be better off starting with a hot wallet to better understand the protocols they will be using. Fortunately, these programs have gone through a large amount of development over time and offer plenty of optionality for the everyday user.
Hot, Soft, and Online Wallets
The above terms are used to describe a wallet that is stored online otherwise known as a hot wallet. “Soft” is referenced as “Software” since these are all programs that are created for you to download onto your computer. There are currently many different wallets that have been created with the majority ranging from simple browser extensions to locally stored applications.
For browser extensions, some of these include:
Examples of downloadable programs include:
There are multiple benefits to having a program stored on your local device as this allows for increased usability and efficiency as you use more and more protocols. Those that frequent multiple chains and test out new projects are often looking for the easiest format available that still provides the security they need.
Unfortunately, there are still countless examples of users not being aware of the downsides to hot wallets. These include importing your private key to cloud storage, fault tools like vanity address generators, or even falling victim to common malware attacks. It is important to recognize that the user still has full control over what can and can not affect their assets. Since the private key for hot wallets is generated within the typical browser extension wallet app, the mere possibility of exposure exists.
With improved OpSec practices, you should be confident knowing that you have maintained the security of your seed phrase by keeping it away from cloud-based storage and as offline as possible. If you wish to combine these two access points, you can use browser extensions that allow for connecting hardware wallets. In this case, you can prioritize the security of your device since the cold wallet will remain offline while you transact on protocols through the browser extension. This allows for increased efficiency by using the ‘Connect Hardware Wallet’ functionality built into many of these browser extension wallets.
Courtesy of Ledger
Hardware wallets are significant for users that need to maximize their security or are looking for long-term storage, however, there are still tradeoffs between each device and program. User errors can become a much larger issue once you have graduated to this stage. For instance, hardware wallets that have small displays are sub-optimal for viewing transactions before you sign. This can let users fall victim to wallet drains but can be avoided by connecting a hardware wallet to a program such as Frame.
Although there are multiple areas of risk management that a user has to cover, there are still many advantages to securing your assets. By understanding the infrastructure behind different crypto wallets, you can prepare yourself for even the worst circumstances. Eventually, the average user will become familiar with various benefits and different types of wallet security.
For example, you can expand on the above topics by combining your hot and cold wallets with a multi-sig. A multi-sig allows for multiple users (or your own devices) to split ownership of a wallet, thus creating increased security due to the safety policies required before a transaction is completed. As you take your first steps into crypto, you should prioritize the methods you apply and secure the access points to your wallet. Eventually, your accountability can become as stress-free as possible knowing that you have maximized the protections provided.
Keeping Yourself Accountable
While not spoken about enough, custody is the difference between web2 and web3. With the completely new opportunity for everyday people to create and own their wealth, understanding where your responsibilities lie as you venture into crypto will be of utmost importance.
By remaining cautious of this vastly untamed environment through careful research, your finances will be kept safe while also learning about the inner workings of the blockchain. Individuals choosing other third-party custodians to store their crypto largely miss the point of why the space came to exist in the first place. As with other pillars of crypto, such as privacy and decentralization, custody does not matter until it affects you.
However, we can be grateful for being placed within this transparent financial world which provides the opportunity to improve our Operational Security (OpSec) and change how users understand risk management.
By putting aside the positives and negatives of this industry, the applications created from cryptography’s advancements have established an inclusive environment for those wishing to improve their financial stability and security. As you become more accustomed to this industry, you might not recognize it as the epitome of accountability until a specific area affects you. Our goal is to make sure this does not happen to you, so remember that it is always up to the user to prioritize their security; that responsibility should be appreciated in any circumstances.
If you enjoyed this article, let your friends know! Feel free to reach out to us on Twitter and start a discussion about this topic as we love learning from our readers.
 | A guest post by
|
This is well written and educational for beginners like myself and a great reminder to those already in the space. Thank you.