I have been buying Bitcoin consistently for almost two years. I also bought a hardware wallet at some point, but I was too afraid of "being my own bank". The cryptocurrency world is rife with stories of people who lost their private keys and in turn lost access to millions of dollars' worth of Bitcoin. I figured a company like Coinbase is probably much better positioned to guard my assets than I am.
The events of the last few weeks have changed that reality completely. In the face of peaceful protesters that were too much of a political inconvenience to him, the Canadian prime minister, using emergency powers, gave banks carte blanche to freeze the bank accounts of not just protesters but anyone suspected of supporting them. This was done with no due process and oversight. A short while later, Russia invaded Ukraine, and as of this writing, the greatest response this has invoked has been much the same punishment the Canadian freedom convoy supporters received at a much larger scale: severring access to the financial system.
Between these two momentous events, the case for crypto could not have been made more strongly. Money is a political weapon and those with power will use it against you. If your access to the financial system requires the permission of your enemies, may god have mercy on your soul.
Every nation state that's watching the response to Russia will be wondering if they're comfortable having their reserves in currencies largely controlled by western governments that may not share their values. The alternatives they'll be looking at are the Chinese renminbi, storing commodities, and Bitcoin. Similarly, every individual with a single non-milquetoast bone in their body will have to wonder if their views (or old tweets) will be grounds for a future de-banking.
To be sure, being your own bank carries risks, but it is now abundantly clear that there are risks to allowing a third party to be your bank, too. The question is: if one is to keep custody of one's own funds by having exclusive access to one's private keys, then what are the best practices to doing so?
Over the last two weeks, I have been trying to answer that question, and this post, which I will update from time to time as I learn, is a summary of my findings on how to be my own bank. By being your own bank, you're taking on a nontrivial amount of responsibility. I believe doing this right will be a fine balance between feasible but also disciplined practice.
Let's get started with a few basics and a word of caution:
Being your own bank is dangerous, and the intention of this post is to share my as-of-yet-unvetted findings in order to hear feedback. What I describe below is the protocol I intend to follow but it is not battle-tested. It could be flawed and result in loss of funds. Always do your own research.
Your cryptocurrencies are controlled by your private keys, and where those keys are stored determines the amount of risk they're exposed to. When you use an exchange to make purchases, the exchange is holding the keys to your funds. When you use a software wallet, the app is holding your keys. When you use a hardware wallet, your keys are stored on the hardware device.
Having a hardware wallet is important because unlike your computer, these wallets are not connected to the internet and run very limited software. Therefore, they're much harder to hack, although they're prone to anything that can happen to a physical device: loss & damage. More on mitigation of these risks below.
When you set up a new crypto wallet, you're given a seed phrase. This phrase is based on something called "BIP-39". All you need to know about it is that it's a mechanism to recover multiple private keys from a list of 12 or 24 words. This list, therefore, is as sensitive as your private keys and should be stored somewhere safe.
If you ever lose your hardware wallet (which contains your private keys), you can still recover your private keys using any BIP-39-compatible hardware or software wallet and your seed phrase.
Becoming a Bank
When you are your own bank, failure can mean total loss of your funds. I've based on my approach on the principle of defence-in-depth), which is used both in military and cybersecurity contexts. The idea is that you have multiple layers of protection, such that if one fails, others can hold. Of course, no system is foolproof. The key is to find a system that is both practical and has sufficiently low risk.
If you've been dabbling in web3 for a while, you probably already have multiple wallets, at least for different blockchains. This is good. In the traditional finance world (tradfi), you would have multiple accounts as well:
- TFSA/RRSP for long term investments
- Savings account for long term but accessible investments
- Chequing accounts for day-to-day banking
- Cash in your pocket (I know, I know, the 90s called) for daily spending
Each one of these requires a different level of security consideration. If you lose the cash in your wallet, it's probably not a big deal, but if your investments are compromised, it could be catastrophic.
You have to judge which precautions make sense for each of the different accounts you hold. In this post, I aim to talk about procedures that would be suited for maximum security needs, but not every account will need that.
Maximum security, of course, demands using a hardware wallet. An upgrade to just using a hardware wallet would be using "multi-sig" wallets, and there are services that make doing so easy... for a fee. In this scenario, your wallet is controlled by multiple private keys, and you would need (as an example) two out of three in order to be able to touch your crypto assets in the wallet. For now, I've decided to forego that level of security, but I may adopt it in the future. I'm simply keeping my hardware wallet secure, and relying on my seed phrase in the event that it gets lost/stolen.
Securing Seed Phrases
Most hardware wallets come out of the box with a few sheets of paper on which you can jot down your seed phrase. You should never keep your seed phrase in an electronic form, since almost any device you use for this can connect to the internet and potentially be compromised. Only keep your seed phrase on a physical (ie. non-digital) medium. The exception to these is, again, for smaller wallets. I have some software wallets that I have created in the course of experimentation and the seed phrases for those are stored digitally and on the cloud. Both of those are anti-patterns as far as security is concerned, but those wallets hold trivial amounts of money and are for experimentation purposes only. In that case, convenience trumps security.
For your most important accounts, however, you need to ensure that your seed phrase cannot fall into the wrong hands, and that you don't lose access to it.
I'm breaking up my seed phrase into three segments: words 1-16, 16-24, and 1-8 & 8-24. In this setup, you need two out of three segments to get the whole seed phrase for recovering the private key.
You could keep your seed phrase on the pieces of paper that comes with your hardware wallet. But paper is easily copiable and easily damaged. I have gone for metal toolkits for storing seed phrases, like Keystone or Crypto Steel. These can typically resist significant abuse (fire/water damage, or even bullets) before they lose the seed phrase stored in them.
The unfortunate part about being your own bank is that no single tool can do it all for you, and at least at the current level of maturity of the ecosystem, it comes with significant inconveniences. So even if you have stored your seed phrase, it is important that you understand how to use it, and you have the competency to use it well when you need it.
I'll be storing the three segments of my seed phrase and my hardware wallets in separate, secure locations. But it's also possible that I lose access to these locations or I may not be able to access them fast enough.
That's why I believe a core part of being your own bank is establishing good processes for different scenarios and running drills to ensure that you can always access your funds. This is probably the hardest part of being your own bank, and it's arguably the most important. As the Greek poet Archilochus says, in times of crisis, "we don't rise to the level of our aspirations; we fall to the level of our training."
Here are some scenarios I'm thinking about. I'd be curious to hear what others people can imagine:
- My hardware wallet gets destroyed by an act of the flying-spaghetti-monster.
- My hardware wallet gets stolen.
- One of my seed phrase components get damaged or stolen.
- Martial law gets declared, and I can't access my secure locations.
I suggest you let your imagination run wild here but with some limits. Some of you will think the last scenario I suggested is too farfetched, but a mere few months ago, a Canadian province was imposing arbitrary curfews on its citizens. On the other hand, a scenario where a nuclear bomb goes off in such a way that it destroys all your keys and seed phrase components but leaves you alive is both unlikely and one in which you're probably not going to worry about your digital assets most of all.
The scenarios you should come up with depend significantly on your specific situation: what kinds of secure locations do you have access to, how secure they are, how do your lifestyle choices affect your security, etc.
I think the lost/stolen key/seed phrase scenarios are a healthy baseline to start with. Once you have your scenarios, it's important to write out a plan of action that you'll take when you become aware that you're in that scenario.
I'm not going to go into details about what your response protocols should contain for each of these scenarios. I hope this post has given you a taste of the kind of security and redundancy thinking that you need to be your own bank. And remember that everything is a tradeoff. Some people will not perceive any risk from centralized banking, in which case, they can happily stick with it. Even if you do perceive a risk, perhaps you don't think this risk warrants moving your entire net worth into self-custody bitcoin. Risk mitigation is the name of the game, and you should only do it insofar as you perceive the risk and insofar as is practical.