When FTX collapsed last year, the fallout wasn’t just restricted to FTX users: companies like Galois Capital and Genesis Trading that had chosen to custody their digital assets on the exchange (partly for convenience) also reported losses in the tens of millions and had to issue mea culpas to their investors. Here was yet another example of how choosing the wrong custody solution meant both financial disaster and reputational damage.
For crypto companies, finding a safe and secure place to custody digital assets is a high-stakes, challenging decision. Operators have to balance convenience and security, liquidity and accessibility, and often end up with overly complicated setups that are hard to use, or simpler setups that are monumentally insecure. And given that the industry is still very much in flux, guidelines and best practices are not well understood.
In this blog post, we try to remedy this by breaking down your various options, from custodial to non-custodial wallets and providing guidance on how to choose the best solution no matter your company’s structure.
Custodial vs. non-custodial wallets
Digital assets are always stored in digital wallets, of which there are roughly two kinds: custodial and non-custodial. The main difference between them is who controls the private key. For custodial wallets, a third-party provider such as Coinbase manages the private key for you. This means a more familiar UX for customers: to access your funds, you just log in with a username and password. For non-custodial wallets, you have to keep track of your own private key and recovery phrases.
Overall, non-custodial wallets provide more control over your assets, allowing you to manage the wallet directly and integrate with financial or accounting services without having to go through your custodial wallet provider. They are also often more secure, depending on how you manage your keys. However, that comes at the cost of ease of use: it can be slower to make transactions with a non-custodial wallet, and if you mismanage your keys, you don’t have any fallbacks.
- More control over your assets
- Higher security, depending on how you manage your keys
- Requires less trust in 3rd parties
- More responsibility - you manage your own keys
- No fallbacks if you lost your private keys
- Can be more time-consuming and difficult to make transactions
- Metamask: the most popular non-custodial wallet, released in 2016.
- Gnosis Safe: multi-sig, non-custodial wallet that has secured over $107 billion of assets as of Feb 2022. For more information on multi-sig wallets, continue reading below.
- Rainbow: a newer wallet than Metamask that some prefer for its sleeker UI.
- Coinbase Wallet: a non-custodial wallet option offered by Coinbase (this is in contrast to their default custodial wallet). If you aren’t sure which one you’re using, ask yourself whether or not you have the seed phrase for the wallet. If you don’t, then you’re using the custodial solution.
- Ledger: a brand of hardware wallet that provides additional security by storing your private keys on a physical device. Since the private keys are never in your browser or computer, they’re less vulnerable to being compromised by spyware or hackers.
A custodial wallet is any wallet where a 3rd party manages the private key of the wallet for you. They are most commonly found on crypto exchanges, where your account balance is held in a wallet that the exchange controls.
Custodial wallets are useful for making day-to-day transactions where speed is important, and can be simpler for a newer team that is just getting started and doesn’t have a lot of valuable assets to store yet.
- Easier to onboard fiat into crypto
- Faster to make transactions
- More familiar account management (username + password)
- Vulnerable to the 3rd party having a security breach, going out of business, or stealing your funds
- Coinbase: probably the most trusted custodial wallet; as a US-based exchange, Coinbase is regulated by a number of government agencies. As a result, it’s required to follow various rules and regulations to ensure compliance with anti-money laundering (AML) and know-your-customer (KYC) requirements. Additionally, Coinbase holds customer assets 1-1.
- Gemini: another good custodial wallet option; also a US-based exchange so subject to strict regulation.
- Binance: popular custodial wallet that operates globally; supports a wide range of cryptocurrencies, including lesser-known coins; fast transaction speeds and low fees. However, since Binance is headquartered in Malta, and not subject to regulation in major countries, it has much laxer KYC requirements and doesn’t provide the same guarantees as Coinbase as to the destination of customer funds.
- Anchorage: custodial wallet for institutions used by Polychain and a16z crypto.
- Starlight: platform that offers unified custody for both crypto and fiat, including a custodial wallet.
Multi-Signature (multi-sig for short) wallets are a type of wallet that allows for several different keyholders. They can be configured to take advantage of this fact for extra flexibility or security. Multi-sigs can be non-custodial, or custodial (where the wallet provider, e.g. the exchange, is one of the keyholders).
Number of signing wallets
Multi-sigs can be configured to accept different ratios of signing wallets, depending on whether you are more concerned about getting hacked or losing a key:
- Requires all keyholders to sign: the simplest configuration of a multi-sig wallet is one where each keyholder must approve a transaction before it is sent. You might choose this if the wallet is holding the funds of a company that multiple people have control over. This setup greatly reduces the chance of getting hacked, but if even one person loses their key, the entire account is now inaccessible!
- Requires only one keyholder to sign: Another way to set up the multi-sig wallet is that only one account is required to approve a transaction. That way, if one person loses their private key, then another account can still sign transactions on the wallet (including one replacing the account with the lost key with a new one). However, this approach is susceptible to a bad actor taking control of an account. If even one of the accounts is compromised, then the entire wallet is now compromised.
Depending on your situation, you should find a balance between these two extremes. A good rule of thumb is to have at least two wallets per person, and always require at least half of the wallets in order to sign. For example, for a team of 2, each member should have 2 wallets, for a total of 4. In order to sign with the multi-sig wallet, at least 2 signatures must be provided. This offers a balance of security against a wallet being lost or compromised.
MPC stands for multi-party computation. It refers to a set of cryptographic techniques that allows multiple parties – each holding their own private data – to evaluate a computation without ever revealing any of the private data held by each party.
MPC is the technology that underpins MPC wallets, which are an alternative to multi-sig wallets. While multi-sig wallets multiply the number of keys, MPC wallets break a single key into shards. This way, rather than a single owner having to be responsible for a private key, multiple parties can hold partitions of the private key, and some subset of them can come together to sign transactions.
- Zengo: MPC wallet for everyday crypto investors that splits your key into two secret shares, one held by you and the other by Zengo.
- Fireblocks: MPC wallet for institutional investors
While this may seem like an overwhelming number of options, the good news is that you don’t have to choose only one! You can spread out your assets between several different wallets, some for day-to-day transactions and some for longer-term storage. Our recommendations are below:
Starlight custodial wallet: Offers a one-stop shop for all your custody (fiat and crypto) and financial operational needs. Starlight uses Zero Hash for custodial services. Customer assets are held 1:1.
- For day-to-day transactions: Starlight custodial wallet. Keep a few months of operational expenses in Starlight’s custodial wallet.
- For the bulk of assets: Non-custodial wallets (i.e., Gnosis Safe). Keep the rest of your assets in a non-custodial wallets. Starlight offers a direct, native integration with Gnosis Safe and MetaMask, and you can still use Starlight on top of these wallets to facilitate payments and manage funds.
After setting up your wallet
Regardless of which wallet you end up choosing, you can still use Starlight as a dashboard to manage your on-chain funds and expenses across multiple wallets, custodial and non-custodial. Starlight also offers additional features to help you manage your financial operations, including making payments, receiving payments, making payroll, and keeping accurate accounting. Finally, even the most crypto-native teams will likely still have a mix of fiat and crypto accounts. You can use Starlight to custody your fiat, in lieu of something like Mercury. Your fiat held in Starlight is FDIC-insured.
Keep track of your treasury
- Use our monthly insights to track your company's money movement across your deposit, wallet, and safes.
- Label your transactions to see how much your company receives or spends by category each month.
- Send crypto as well as free ACH, wire transfers, and checks.
- View the progress of your transactions, whether you’re waiting for block confirmations for your crypto or estimated delivery of checks.
- Spend your fiat and crypto everywhere Visa is accepted using our corporate cards, without going through off-ramps or centralized exchanges.
- Seamlessly convert your crypto to fiat and vice versa.
Wallet best practices
Keep your private key safe
If you choose to store funds in a non-custodial wallet, the security of those funds is largely left to you. Before going over best practices for key management, it’s important to understand the difference between two important components of the security of your wallet: the seed phrase and the private keys.
- Seed phrases are sequences of regular words that can be used to generate pairs of private and public keys (often using the BIP39 standard). Non-custodial wallet providers will often generate a seed phrase for you, which can then be used to create many different public key wallets.
- Private keys are strings of 32 hex characters (e.g. “0x1ba3f…”) that correspond to an individual public address. It is needed to sign any transaction on behalf of that public address.
Keep your seed phrase safe
Even with a hardware ledger, you are still responsible for managing your seed phrase. With your seed phrase, anyone can generate the private key for your public keys. Store your seed phrase in a place that is secure, but also one that you won’t forget about or lose.
- (Recommended) Written down on a physical object (e.g., piece of paper in your desk). If you are managing a small amount of money, this is an easy way to safeguard the seed phrase. Your biggest risks are physical security and disasters like fires and floods. A weather-proof safe could make a difference here, as are other physical media such as engraving on metal.
- Safe-deposit boxes: While a good option for some, be aware that there are fewer guarantees for safe-deposit boxes compared to bank accounts (see this NYTimes article for more).
- Encrypted cloud storage: while making your seed phrase more likely to stand the test of time, the security of that storage is now the same as the security of your password to that storage. Because it’s on a computer, it is subject to attacks such as keystroke recordings or database hacks.
Should I store my key phrase in multiple places?
Storing your seed phrase in multiple places has the same trade-offs that we discussed in multi-sig wallets. The more locations, the less likely you are to lose the seed phrase, but also the more susceptible it is to being stolen.
Check what you’re signing
Even if your seed phrases and private keys are safe, you are still vulnerable to phishing-style attacks, where a website tricks you into thinking you are signing a benign transaction. In reality, the message being signed transfers all of your bitcoin to the attackers. Some wallet providers like Ledger and Metamask highlight when the transaction involves a transfer of currency, so pay close attention to these notifications. For extra protection, you can consider browser extensions like Stelo that identify common trick messages.