Overview

Self-Custody cryptocurrency wallets, otherwise known as noncustodial wallets, represent the heart of decentralized blockchains - self sovereignty! With a noncustodial wallet, users hold their own keys to their money, retaining full control over their transactions, security, and privacy. Self-custody wallets allow for maximum control, but they also require a user to fully create and understand their own security posture. Let's discuss some of the pros and cons of self-custody wallets, how to choose one, and basic security tips.

Pros and Cons of Non-Custodial Wallets

There’s a classic saying in the crypto world: “Not your keys, not your coins.”The biggest pro of self custody is full control and self sovereignty. With these wallets, the users hold their own keys, giving them full access to their coins or tokens without having to rely on a third party. With this model, there's no counterparty risk - meaning there's no third party you have to trust to hold or secure your money. You are solely responsible for handling your keys securely. There's no ability for anyone else to lock you out of your funds or lock you into a particular wallet - you can transfer your keys to any software that supports standard private keys and seed phrases.

Self-Custody wallets are the most accessible to anyone, anywhere in the world. All a user needs is a phone or PC and an internet connection to download wallet software. There's no requirement for ID, a bank account, or even a permanent address to use a cryptocurrency wallet. There's also software for every need, ability, and threat model - from very easy-to-use wallets to feature rich "power user" software for the tech-savvy and perhaps paranoid!

However, there are some cons to this model of full private-key control. With noncustodial wallets, again, you are fully responsible for your money. While that provides autonomy, it also means you are solely responsible for ensuring the security of your keys. If you make mistakes in storage, or accidentally reveal your keys to an attacker, your coins will be lost. There's no support team or helpdesk to reach out to or chargeback mechanism on the blockchain. It's critical for users to understand security best-practices and implement them for their own needs.

Choosing a Self-Custody Wallet

Self-custody wallets come in several forms, most often sorted by the device you run the software on. In general, there's three major types of noncustodial wallets:

 

  • Desktop/Web Wallets
  • Mobile Wallets
  • Hardware Wallets

First, desktop and web wallets. An example of a web wallet would be the MetaMask wallet. These wallets are generally the least secure of the 3 classes, due to the highest attack surface. With web wallets especially, there's a wide variety of methods attackers can use to compromise them, such as fake-but-convincing websites that pretend to be your wallet (phishing), Javascript/web application vulnerabilities, and the like. Web wallets are not advised.

 

Desktop wallets such as Electrum can be slightly more secure, but suffer from similar potential problems. Malware that steals key files can take a copy of your wallet, and address-swapping malware (address poisoning) attacks can replace copy-pasted addresses you use for transactions with that of an attacker. All of this is not to scare you, but advise that desktop and web wallets have a higher degree of risk than other types. They can be used safely, but require vigilance and a well-secured device. 

 

A better option for an easy-to-use wallet would be a mobile wallet, an app installed on a smartphone. Mobile wallets are often designed to be user friendly, and offer quick access to your coins for everyday transactions. Mobile operating systems are more "locked down" than desktops. Although not invulnerable, they are less likely to suffer from problems with malware as users only install software from app stores, where applications are vetted for malicious code. Mobile wallets, like desktop and web wallets, store an encrypted copy of the keys on the device, so make sure to choose a strong wallet passphrase. 

 

The third and most secure type of self-custody wallet is a hardware wallet. These include wallets like Trezor, Ledger, or KeepKey. These are specialized devices designed to do one thing - generate and store cryptocurrency keys securely and use those keys to sign transactions. They don't run any other software or even connect to the internet. This type of wallet has the smallest attack surface, and therefore fewer chances for an attacker to compromise your keys. These do cost more money than desktop or mobile wallets, which are usually free. A hardware wallet will often cost around $50 USD, which may be expensive for users new to cryptocurrency. 

Seed Phrase Basics

Almost all modern wallets, whether desktop, mobile, or hardware, will give the user a seed phrase. This phrase of 12-24 random English (or local language) words encodes all of the user's private keys in a simple format. The seed is used to access all of the cryptocurrency in that wallet, so it is critical to safeguard this phrase. 

 

For a desktop or mobile wallet, it is okay to store an encrypted form of that seed in software such as a password manager, protected by a long strong passphrase. However, there are some risks associated with doing so. It's preferred to write down a seed phrase on paper or metal, and store that in a safe location. 



For a hardware wallet, you must only write that seed on paper or metal, and never type it into any general-purpose computer like a phone or PC even if it's encrypted. The security model of a hardware wallet is to generate and store keys offline - so doing this basically turns a hardware wallet into a normal desktop or mobile wallet. Your security is no longer that of an offline hardware wallet, it's only as good as that phone or PC you're storing a copy of the seed on! It doesn't mean your money will be instantly stolen, but you'll have less security than you think you do. 

 

No matter what type of wallet, never store a copy of the seed in plain-text form on a computer. Do not type your seed into a Google Doc, a .txt file, or even take a picture of it with your phone. Malware and other sophisticated attacks can search your PC for this information if it is compromised, and use the seed to steal all of your coins. Also, make sure that no matter how you store your seed you make backups. If on paper, place a copy in another safe location so that fire or flood does not completely destroy the keys. If stored in encrypted form, make sure there's backups of that vault. Losing your seed means losing your coins, so it's critical you always have access to that information. 

Self Custody Sovereignty

Self-custody wallets give users the best of cryptocurrency - full control! You can use your coins any time, anywhere in the world without relying on third parties. No ID, no KYC, no lockouts or inconveniences of traditional banking. But with this power does come additional responsibilities. You are fully responsible for the security of your coins. Make sure to choose a secure, well vetted wallet that fits your needs. For small amounts of spending money, a mobile wallet is the best choice. For larger amounts or long-term storage, a hardware wallet will offer additional security. In either case, secure storage of the seed phrase is important. Make sure your seed phrase is stored somewhere safe on paper or metal, and make and store safe backups. Make sure you don't lose that seed phrase; keep yourself safe and sovereign with your coins!

This article was written by our CryptoCurrency Essentials (CCE) Committee, with special thanks to committee member Josh McIntyre.

Disclaimer

The information presented in this article is for educational and informational purposes only. It does not constitute financial advice, investment recommendations, or any form of endorsement. 

The views and opinions expressed by individuals in this article are solely those of the speakers and do not necessarily represent those of C4 or any other organizations with which they are affiliated.

The mention or inclusion of any individuals, companies, or specific cryptocurrency projects in this video should not be considered as an endorsement or promotion.

Regulations and legal frameworks around cryptocurrencies may vary in different jurisdictions. It is your responsibility to comply with the applicable laws and regulations of your country or region. 

The CryptoCurrency Security Standard (CCSS) has been updated to version 9.0. See the updated CCSS here.

Systems certified under 8.1 are still valid.