How to manage crypto wallets
Knowledge of how to manage crypto wallets is necessary for effective management of cryptocurrency assets. A crypto wallet is the equivalent of bank vaults, where your funds are securely stored and access to them is possible only with your consent.
In this blog article, we will look at six best practices that will help you successfully manage multiple crypto wallets and ensure the security of your organization’s crypto assets.
Always hold most assets in self-custody
Independent storage is necessary to maintain control over your crypto assets. By depositing funds to the wallets of centralized exchanges, you give them full access to your private key and funds. This exposes your organization to counterparty risk, such as withdrawal restrictions, freezing of funds and possible hacks.
Such events can adversely affect the cash flows of your organization. In the worst case, they may even affect the balance if the funds become non-refundable or if the costs of returning them through court proceedings turn out to be unprofitable.
Whenever a centralized exchange (CEX) or a centralized financial (CeFi) lending platform encounters financial difficulties, it has a ripple effect that affects not only them, but also all fund managers, companies and employees whose crypto assets are stored in their custodial wallets.
In contrast, despite a series of crashes observed on CeFi platforms in 2022, including Celsius, Hodlnaut, FTX and DCG, virtually none of the more than 2,300 teams using Request Finance to manage more than a quarter of a billion dollars in crypto payments were significantly affected.
This is due to the fact that using decentralized applications (gapps), such as Request Finance, requires you to use your own wallet. This means that withdrawals can never be suspended or funds frozen – never.
Remember: deposits are obligations to depositors. The balance on your deposit account with any organization or platform reflects only outstanding debts to you, and not money that you control or assets held in reserve. Debts are promises to repay a debt. Promises are easily broken.
Use different crypto wallets for different purposes
Creating multiple wallet addresses associated with the same initial phrase and private key is akin to creating multiple bank accounts with the same login details. But this is not an ideal option, especially from the point of view of resistance to hacking and the implementation of access control.
For greater clarity, it is recommended to divide the company’s assets into several crypto wallets with different initial phrases. Combining everything into one wallet can make it difficult to monitor your organization’s crypto finances.
Instead, consider introducing at least three crypto wallets: one to receive payments, another to pay expenses, and the third wallet acts as a savings account.
Maintaining different wallets for different purposes provides clarity in tracking your organization’s cryptocurrency finances. It will also allow you to implement proper financial controls and simplify financial reporting for tax and audit purposes.
Security remains a top priority, given that billions of dollars in cryptocurrency have been lost as a result of hacking in recent years due to insecure management of cryptocurrency wallets. In 2018 alone, hackers stole private keys controlling over a billion dollars’ worth of cryptocurrencies from hot wallets.
Someone can hack your device, communication software, or cryptocurrency exchange to get the private keys of your wallet. A person who owns your private keys can drain your company’s funds. If your initial phrase is somehow compromised, all wallet addresses created using this initial phrase will be compromised.
Diversification is extremely important both when managing your organization’s investment portfolio and when storing your company’s cryptocurrencies. Never put all your eggs in one basket. Limiting the amount of funds stored in any wallet limits the damage that hacking can cause to your company’s entire cryptocurrency portfolio.
Use a mix of wallet types
The combination of hot and cold wallets in your crypto wallet management strategy can significantly increase overall security and availability.
Hot wallets are the cryptocurrency equivalent of small money in your physical wallet – they are easily accessible and convenient for daily transactions. They are usually connected to the Internet and allow you to quickly transfer and spend funds.
On the other hand, cold wallets provide an additional level of security and act as a reliable repository for storing inactive funds. These wallets are offline and not directly connected to the Internet, which makes them less susceptible to hacking or unauthorized access. Cold wallets are ideal for long-term storage of funds that are rarely required for transactions.
Considering the trade-offs, cold and hot wallets are usually ideal. You can balance availability and security when managing cryptocurrencies and define specific goals for each type of wallet depending on the needs of your organization.
For example, you can use a hot wallet for daily transactions and receiving payments, and keep most of the funds in a cold wallet for long-term storage and security.
Consider experimenting with various wallet technologies to further improve the management of crypto wallets. For example, multi-signature wallets (multi-sig) require multiple authorized signatures to initiate transactions, adding an additional layer of security and control.
Secure wallets with multi-party computing (MPC) use cryptographic methods to distribute private key information between multiple parties, which increases security and reduces the risk of a single point of failure.
Each type of crypto wallet has its advantages and disadvantages, which allows them to play different roles and meet different needs in your crypto currency operation.
Understanding the different wallets can help you assess whether your organization’s current crypto wallets are being used according to their purpose.
More importantly, the effectiveness of choosing a crypto wallet largely depends on the processes and controls that you have established in your organization.
Have a clear system for managing your organization’s crypto wallets
Creating multiple crypto wallets can simplify financial reporting and increase the security of your crypto assets. However, many large cryptocurrency companies often neglect such important aspects as keeping records of all wallets, determining their purpose, identifying authorized persons who signed wallets, and creating a process for approving new wallets.
Consider maintaining a comprehensive document in your organization’s Knowledge Management System (LMS), such as the Notion pages, to solve this problem.
This living document should clearly describe the existence and purpose of each wallet, as well as the corresponding wallet address. This is especially important for large organizations subject to audit requirements, as it simplifies the financial reporting process.
A clear process for approving new wallets is no less important. When reviewing requests, make sure they meet your organization’s storage, security, and workflow requirements.
Ask important questions, such as the reason for the existence of the wallet, who should have access to it, the expected flow of funds into and out of the wallet, and how cryptocurrency transactions from the wallet should be indicated in the organization’s chart of accounts.
It is very important to identify the risks associated with authorized persons with the right to sign and their wallets, especially in web3 organizations.
Implement solutions to mitigate conflicts of interest and risks associated with key individuals, ensuring the safety of community assets. Wallets with multiple signatures (multi-sig) or secure multi-party computing (MPC) can reduce dependence on individual key holders.
Collusion between interested or related parties remains a potential vulnerability. The required number of independent signatures of private keys additionally protects a wallet with multiple signatures.
Olympus DAO, for example, requires a “four out of eight” multisig, which requires “a quorum of 4 people to authorize any transaction, for example, participation in DAO swaps.” Olympus specifies the public key of each signatory for additional transparency.
The Treasury is the beating heart of any organization. Once in the hands of bad players, all its funds can be emptied in a few clicks, which will lead to serious problems with functioning.
You can never be too secure when it comes to protecting the cryptocurrency treasury and controlling the authorization of payments on the chain.
The portfolio tracker can help track various crypto wallets, balances and transaction flows in various blockchain networks. This ensures that all wallets are accounted for, and allows you to track the origin and purpose of your crypto assets.
Reliable portfolio trackers prevent the frustration of crypto accountants by providing full visibility and understanding of your wallet balances.
Securely manage your wallets’ seed phrases
When managing multiple wallets, make sure that you have accurately recorded and preserved the sequential order and spelling of seed recovery phrases. Consider secure options such as splitting phrases between multiple safes or using services for engraving.
Alternatively, it may be effective to record and store copies of recovery phrases in secure locations. You can also encrypt and store the encrypted version of the recovery phrase in the cloud or save an offline copy.
The easiest way to manage multiple wallets is through browser profiles or browsers. You can simply install web wallets in different browsers or use separate browser profiles for each wallet. This simplifies management and provides simultaneous access to multiple wallets.
To maximize the security of your computer and its contents from persons who have physical access to your machine (for example, to get technical support), we recommend that you enable full-disk encryption, such as File Vault on Mac or BitLocker on Windows, to protect your computer and its contents, including cryptocurrency keys.
Observe cyber hygiene
To maintain cyber hygiene, avoid interacting with malware or risky smart contracts that have not been audited or time-tested.
In addition, implement basic data protection methods, such as regular software updates, compliance with vulnerability correction protocols, effective password management and access control.
Otherwise, there is a risk not only of data security violations, but also of “errors” in the execution of the contract, which can lead to loss of funds.
“Social engineering” attacks are often used to bypass complex technical controls. Instead of cracking a well-designed lock, hackers can trick one of your organization’s members into handing over the keys.
Millions of dollars have been stolen from tech giants like Facebook and Google, major global banks such as Oversea-Chinese Banking Corporation (OCBC), and even US government agencies.
A common tactic is the forgery of invoices. Fraudsters pose as a supplier, demanding payment for services rendered to the company. Often this type of attack disguises itself as one of the real suppliers of the organization and uses a realistic-looking account, but with the details of the fraudster’s bank account or the address of the crypto wallet.
The problem with invoicing is that the employees who issue invoices usually do not participate in the review and payment of invoices by the company’s finance department. This makes it difficult for the financial group to verify whether the account is legitimate or fraudulent, resulting in legitimate bills not being paid on time, or worse, fraudulent bills being paid.
For example, in October 2022, security researchers from the Japanese company Trend Micro discovered fraudulent PayPal accounts posing as well-known cryptocurrency companies such as Stellar XLM, Bitcoin Exchange, Terra Luna Classic, Oasis Network and TrueUSD.
To protect corporate users from account fraud, consider using tools for cryptographic billing, which allows you to require vendors to specify multiple persons in the invoices you receive.
This way, your financial team can check other team members for the legality of the account. This will protect you from fraud when invoicing and at the same time ensure timely payment of your company’s bills. If you receive unsolicited invoices that seem fraudulent, you can also block the issuer of these invoices.
It is very important to remain vigilant against scammers and social engineering attacks. Be careful when processing payments or transmitting confidential information and always verify the authenticity of invoices or requests before taking any action.
By following these rules, you will be able to increase the security and management of your wallets and protect your crypto assets from potential threats.