Introduction

Non-fungible tokens, or NFTs, have taken the world by storm. These unique digital assets are revolutionizing the way we think about ownership, value, and authenticity in the digital realm. From digital art to virtual real estate and gaming, NFTs offer a new way to own, trade, and monetize unique digital items. But for those new to the world of NFTs, understanding the basics can be daunting. In this article, we'll provide a comprehensive beginner's guide to NFTs, including what they are, how they work, and their potential applications and impact on the digital economy.

What are NFTs?

Non-fungible tokens, or NFTs, are unique digital assets that exist on a blockchain. They are used to verify ownership and authenticity of digital items such as artwork, videos, and tweets, among others.

Each NFT has a unique digital signature, which verifies its authenticity and ownership. This signature is recorded on the blockchain, making it immutable and tamper-proof. NFTs are created using smart contracts, which are self-executing programs that automatically enforce the terms of the agreement. Smart contracts are embedded in the NFT and can be programmed to include various conditions, such as royalties for the creator every time the NFT is resold.

NFTs are mostly associated with the Ethereum blockchain, as the ERC-721 standard was specifically designed for the creation and exchange of NFTs. This standard provides a common set of rules for developers to create unique digital assets that cannot be replicated or divided. However, they are also on other chains such as Polygon and even on Bitcoin through Counterparty and RSK which use smart contracts to emulate the functionality of ERC-721 standard on Bitcoin. 

Some well known NFTs are Rare Pepes, a series of digital trading cards that were created as a tongue-in-cheek reference to the popular "Pepe the Frog" internet meme. The project was launched in 2016 by a group of Bitcoin enthusiasts who wanted to experiment with creating and trading unique digital assets on the Bitcoin blockchain.

How do NFTs work?

NFTs are minted on a blockchain, a decentralized ledger that ensures secure and transparent transactions. Each NFT possesses a unique digital signature verifying its authenticity and ownership. Once recorded on the blockchain, this signature becomes immutable, ensuring it's tamper-proof.".

NFTs can be bought, sold, and traded on various platforms, including online marketplaces such as OpenSea, Rarible, and SuperRare. These platforms allow users to create and sell their own NFTs, as well as browse and purchase NFTs from other creators.

One of the main use cases for NFTs is digital art. NFTs have opened up a whole new market for digital art, with some NFTs selling for millions of dollars. For example, "The First 5000 Days" by Beeple, a digital artwork as an NFT, sold for $69 million at a Christie's auction. Other examples of NFTs include virtual real estate in blockchain-based worlds, such as Decentraland, and virtual trading cards featuring sports stars.

NFTs also provide a new way for artists and creators to monetize their work and gain exposure. They offer a way for collectors to own and trade unique digital items that cannot be replicated.

What can you do with NFTs?

With NFTs, you can buy, sell, and trade unique digital items in a decentralized and secure way. You can also display your NFT collection on various platforms, including social media and digital galleries.

NFTs offer a new way to own and trade unique digital items, and they have the potential to create new revenue streams for artists and creators. For example, the digital art marketplace SuperRare allows artists to showcase and sell their NFTs as art to collectors. NFTs can also be used to represent in-game items, characters, and experiences in the gaming industry. The blockchain-based game Axie Infinity, for example, allows players to buy, sell, and trade NFTs representing creatures called Axies. From art to gaming,  NFTs have demonstrated their potential, with some selling for as much as $300,000 and others even fetching into the millions.

How do NFT royalties work?

NFTs have the potential to generate royalties for their creators or original owners every time they are resold. This is made possible through smart contracts, which are embedded in the NFT and automatically execute the terms of the agreement.

For example, a smart contract can be set up to ensure that the original creator receives a percentage of the sale every time the NFT is resold. This allows creators to benefit from the value of their work, even after they have sold it. It also provides an incentive for collectors to hold onto their NFTs, as they can potentially increase in value over time.

How do you mint an NFT?

To mint an NFT, you need to create a unique digital item and upload it to a blockchain platform that supports NFTs. This process involves verifying the authenticity of the digital item and creating a smart contract that outlines the terms of the ownership and resale of the NFT.

There are several platforms that support NFTs, including Ethereum-based platforms such as OpenSea, Rarible, and SuperRare. Some platforms allow users to create and sell NFTs in just a few clicks, while others offer more advanced customization options.

What makes NFTs valuable?

The value of NFTs is largely based on their uniqueness and demand in the market. Some NFTs have sold for millions of dollars, and their value can fluctuate based on market demand, rarity, and historical significance. The value of an NFT can also be influenced by the fame of the creator, as well as the quality and originality of the digital item.

NFTs also provide a new way for artists and creators to monetize their work and gain exposure. They offer a way for collectors to own and trade unique digital items that cannot be replicated.

Are NFT’s only artwork?

NFTs are not just limited to the art world. In fact, they can represent any unique digital asset that can be stored on a blockchain. This versatility has opened up new possibilities for various industries, including DeFi, or decentralized finance.

Some examples of NFTs that are not artwork include virtual real estate, music, sports memorabilia, tweets, and in-game items and experiences. NFTs can be used to represent ownership and authenticity of any digital item that is unique and has value.

In the context of DeFi, NFTs can also be used to represent LP (liquidity provider) positions on decentralized exchanges such as Uniswap. LP tokens represent a share in a liquidity pool that contains a certain amount of two different tokens. These LP tokens can be traded or sold on various platforms.

NFTs can be used to represent LP tokens, allowing users to trade and transfer their LP positions in a decentralized and secure way. This provides a new way for users to monetize their LP positions and participate in various yield farming and liquidity provision opportunities that exist on decentralized exchanges.

Introduction:

Cryptocurrency wallets are essential tools for managing and using digital assets. They provide a secure way to store private keys and interact with the blockchain to manage transactions and access funds. With the growing popularity of cryptocurrencies, there are now a wide variety of wallet types available, each with its own unique features and benefits. 

In this guide, we will explore the different types of wallets, including hardware wallets, software wallets, and web wallets, to help you choose the right wallet for your needs. Whether you are a beginner just starting out with crypto, or an experienced user looking for a more secure solution, this guide will provide valuable information and insights.

In this guide we will briefly go over:

1. Chrome Extension Wallets
2. Web Wallets
3. Mobile Wallets
4. Desktop Wallets
5. Hardware Wallets
6. Open Source vs Closed Source Wallets

Please be advised that C4 neither endorses nor recommends any specific wallets that we discuss. Our content is intended solely for educational purposes to provide insights and information. We strongly encourage our readers to undertake comprehensive research and exercise due diligence. This will empower you to make informed decisions and select a wallet that is best suited to your individual needs and preferences.

A Chrome extension wallet is a type of cryptocurrency wallet that is accessed through a web browser extension designed for use with the Google Chrome web browser. It is a type of software wallet that allows users to store, manage, and access their digital assets through the Chrome browser. It is important to note that these extension based wallets also work on other similar browsers such as Brave, Firefox etc.

Chrome extension wallets offer the convenience of being accessible from any device with the Chrome browser installed. This means that users can access their wallet and manage their digital assets from any computer, laptop, or mobile device that has the Chrome browser installed.

In terms of security, Chrome extension wallets offer added protection because the user's private keys are stored locally on their device, rather than on a remote server like with a web wallet. This means that the user's funds are less vulnerable to hacking or other security breaches on the wallet provider's servers. However, it is still important for users to carefully research and choose a reputable wallet provider to ensure the security of their funds.

Some examples of Chrome extension wallets include:

1. MetaMask: A popular Chrome extension wallet for Ethereum and other blockchains such as Polygon, RSK, Avalanche, BNB Chain among others as well as ERC-20 tokens on their respective chains. 
2. Rabby Wallet: A Chrome extension wallet for Ethereum and other based cryptocurrencies with a focus on user privacy and security.

Extension based wallets are a convenient and secure option for storing and managing cryptocurrency assets. However, like with all types of cryptocurrency wallets, it is important for users to understand the risks and take appropriate measures to protect their funds.

A web wallet is a type of cryptocurrency wallet that allows users to store, manage, and access their digital assets through a web-based interface. Unlike hardware wallets, which are physical devices that store cryptocurrencies, or software wallets, which are applications that run on a user's computer or mobile device, web wallets are hosted on remote servers and accessed through a web browser.

Web wallets offer the convenience of being accessible from any device with an internet connection, making them a popular choice for users who want to easily manage their digital assets from multiple devices. To use a web wallet, users simply need to create an account with a web wallet provider, deposit their digital assets into their online wallet, and then access their funds through the web interface.

In terms of security, web wallets are generally considered less secure than hardware or software wallets because the user's private keys are stored on the web wallet provider's servers. This means that users are reliant on the security measures of the wallet provider to protect their funds. As a result, it is important for users to carefully research and choose a reputable web wallet provider with a strong track record of security.

Some examples of web wallets include:

1. Coinbase: A popular web wallet and cryptocurrency exchange with support for a variety of cryptocurrencies. Note, they have an extension based wallet, a custodial mobile, and non-custodial mobile wallet as well but Coinbase is best known for their exchange on the web.
2. Binance: A web wallet and cryptocurrency exchange with support for a wide range of cryptocurrencies and trading options.
3. Kraken: A web wallet and cryptocurrency exchange with support for a variety of cryptocurrencies and advanced trading features.

Web wallets offer a convenient and accessible way to manage digital assets, but come with some security risks. Users who are considering using a web wallet should carefully weigh the pros and cons, and take appropriate measures to protect their funds. Many of these wallets are custodial, which means that we do not own our keys, therefore, we do not have control and ownership of our cryptocurrencies. If you'd like to learn more on the pros and cons between custodial vs non-custodial wallets, check out our write up over here!

A mobile wallet is a type of cryptocurrency wallet that allows users to store, manage, and access their digital assets on a mobile device, such as a smartphone or tablet. Mobile wallets are specifically designed to be used on mobile devices and offer the convenience of being accessible from anywhere with an internet connection.

To use a mobile wallet, users need to download a mobile wallet app from the app store and install it on their mobile device. Once the app is installed, users can create an account and start using the wallet to manage their digital assets. Mobile wallet apps typically offer a range of features and functions, such as the ability to view balances, send and receive transactions, and track the performance of different digital assets.

In terms of security, mobile wallets offer some advantages over web wallets because the user's private keys are stored locally on their device, rather than on a remote server. However, they are still subject to the security risks of software wallets in general, such as the potential for malware or hacking attacks. It is important for users to carefully research and choose a reputable mobile wallet provider with a strong track record of security.

Some examples of mobile wallets include:

1. Mycelium Wallet: A mobile wallet for Bitcoin and other cryptocurrencies with a focus on user privacy and security.
2. BRD Wallet: A mobile wallet for a variety of cryptocurrencies with a focus on user-friendly design and accessibility.
3. Trust Wallet: A mobile wallet for Ethereum and other ERC-20 tokens with support for decentralized applications (DApps).
4. Exodus Wallet: A mobile wallet for a variety of cryptocurrencies with a focus on design and user experience.
5. Edge Wallet: A mobile wallet for a variety of cryptocurrencies with a focus on user control, security, and privacy.

Mobile wallets offer a convenient and accessible way to manage digital assets on the go. However, like with all types of cryptocurrency wallets, it is important for users to understand the risks and take appropriate measures to protect their funds.

A desktop wallet is a type of cryptocurrency wallet that allows users to store, manage, and access their digital assets on a desktop computer. Desktop wallets are a type of software wallet that are specifically designed to be used for both desktop and laptop based computers and offer the convenience of being accessible from a single device.

To use a desktop wallet, users need to download and install the wallet software on their desktop or laptop computer. Once the software is installed, users can create an account and start using the wallet to manage their digital assets. Desktop wallet software typically offers a range of features and functions, such as the ability to view balances, send and receive transactions, and track the performance of different digital assets.

In terms of security, desktop wallets offer some advantages over web wallets because the user's private keys are stored locally on their device, rather than on a remote server. However, they are still subject to the security risks of software wallets in general, such as the potential for malware or hacking attacks. It is important for users to carefully research and choose a reputable desktop wallet provider with a strong track record of security.

1. Electrum: A desktop wallet for Bitcoin and other cryptocurrencies with a focus on speed and security.
2. Exodus Wallet: A desktop wallet for a variety of cryptocurrencies with a focus on design and user experience.
3. Jaxx Wallet: A desktop wallet for a variety of cryptocurrencies with a focus on user-friendly design and accessibility.
4. Atomic Wallet: A desktop wallet for a variety of cryptocurrencies with support for atomic swaps and decentralized trading.
5. Armory Wallet: A desktop wallet for Bitcoin with a focus on advanced security features and cold storage options.

Desktop wallets offer a convenient and accessible way to manage digital assets on a single device. However, like with all types of cryptocurrency wallets, it is important for users to understand the risks and take appropriate measures to protect their funds.

A hardware wallet is a physical device that is designed to securely store your cryptocurrencies. It looks like a small USB drive and can be easily carried around with you. The idea behind a hardware wallet is that it enables you to store your cryptocurrencies offline, which makes it much more difficult for hackers to access your coins. This means that even if your computer or phone is compromised, your coins will remain safe on your hardware wallet. However, it is important to note that no form of storage is completely secure, and you should always take steps to protect your hardware wallet, such as keeping it in a safe place and not sharing your recovery phrase with anyone.

To use a hardware wallet, you will first need to buy one and set it up. Note, you will want to make sure you purchase this straight from the manufacturer as purchasing from a 3rd party could put you at risk with a tampered device. Once you have your hardware wallet, the next step typically involves connecting the hardware wallet to your computer or phone and following the instructions provided by the manufacturer to create a new wallet and generate a recovery phrase. Once your hardware wallet is set up, you can use it to store your cryptocurrencies by sending them to your hardware wallet's address.

Some examples of popular hardware wallets include:

1. Ledger Nano S
2. Trezor
3. SafePal

These wallets support a wide range of cryptocurrencies and are known for their security and ease of use.

If you’d like to learn more about hardware wallets and security basics, click here.

The described wallets we went over can also be open source or closed source. Open source wallets and closed source wallets are two different types of cryptocurrency wallets that differ in terms of their source code and development approach.

Open source wallets are cryptocurrency wallets that have their source code publicly available and open for anyone to view, review, and contribute to. This means that the development of the wallet is transparent and decentralized, with contributions from a community of developers and users. Open source wallets are typically considered more secure and trustworthy because the code is open to scrutiny and audit by anyone, which can help identify and address potential vulnerabilities.

Closed source wallets, on the other hand, are cryptocurrency wallets that have their source code proprietary and not publicly available. This means that the development of the wallet is centralized and controlled by a single entity, such as a company or individual. Closed source wallets may offer more advanced features and functionality, but they also come with some security concerns because the code is not open to public review and audit.

Some examples of open source wallets include:

1. Electrum: A lightweight, open source wallet for Bitcoin and other cryptocurrencies.
2. MyEtherWallet: An open source wallet focused for Ethereum and other ERC-20 tokens.
3. Wasabi Wallet: An open source wallet for Bitcoin with a focus on privacy and anonymity.
4. ZenGo: An open source wallet for a variety of cryptocurrencies with a focus on user-friendly design.
5. Edge Wallet: An open source wallet for a variety of cryptocurrencies with a focus on user control and privacy.

The choice between open source and closed source wallets ultimately depends on the individual user's priorities and needs. Users who value security and transparency may prefer open source wallets, while users who value advanced features and functionality may prefer closed source wallets.

There are some wallet projects that have different variants such as mobile wallets, desktop wallets and connection with hardware wallets. One of them is Green Wallet, exclusive for Bitcoin and the liquid network (second layer of bitcoin). Green Wallet is also open source.

Closing:

In conclusion, cryptocurrency wallets are essential tools for managing and using digital assets. They provide a secure way to store private keys and interact with the blockchain to manage transactions and access funds. With the growing popularity of cryptocurrencies, there are now a wide variety of wallet types available, each with its own unique features and benefits.

In this guide, we have explored the different types of wallets, including hardware wallets, software wallets, and web wallets. We have discussed the key features and differences of each wallet type, as well as the pros and cons of open source and closed source wallets.

Ultimately, the right wallet for you will depend on your specific needs and priorities. Whether you are a beginner just starting out with crypto, or an experienced user looking for a more secure solution, it is important to carefully research and choose the right wallet for your needs. By understanding the different types of wallets and their features, you can make an informed decision and take steps to secure your crypto assets.

If you need help deciding what wallet might be right for you and are not sure, you can also visit https://bitcoin.org/en/choose-your-wallet and answer the questions which can guide you to select one based on your preferences and priorities.

Overview

Cryptocurrencies offer the ability to send secure, irreversible payments to any person anywhere in the world. These borderless technologies are powerful tools for payments — but with this comes power scammers can use to steal, leaving victims with no way to get their money back. There are several common types of crypto scams that any user may encounter. Let’s look at these types of scams and ways to prevent losing money to them.

Types of Scams

Investment Scams

One of the most common scams in the crypto space is the fraudulent “investment” scam. In this type of attack, the thieves trick users into believing they are investing in a lucrative opportunity. In reality, the victim is simply sending cryptocurrency to the scammer’s wallet.

These scams most often start via social media. The perpetrators create convincing profiles of fake “investment managers” that appear to be rich. The name isn’t always a good indicator, but many accounts have “trade” or “fx” (short for foreign exchange) in the name. The accounts have stories or pictures of fake “user withdraws” and fancy cars/houses/lifestyle items to draw you in. The returns promised are too-good-to-be-true, often upwards of 10% per day — this is a red flag.

These scams may also tie-in with impersonation scams, where someone pretends to be a famous person (often related to cryptocurrency) to steal your money. For example, someone pretends to be Andreas Antonopoulos, Roger Ver, or another noteworthy individual.

Online security is not a luxury but an essential aspect of our digital lives. Understanding the basics of protecting our sensitive information and digital assets empowers us to navigate the online landscape with confidence.  

From managing finances to sharing personal information, it's crucial to adopt best practices for online security. By following a few simple guidelines, you can protect yourself from cyber threats and enjoy a safer online experience. 

Let's dive in!

Create Strong and Unique Passwords:

One of the fundamental steps in securing your online presence is to create strong and unique passwords. Avoid using obvious choices like "123456" or "password." Instead, create complex passwords by combining uppercase and lowercase letters, numbers, and special characters. Furthermore, refrain from reusing passwords across multiple accounts. Consider using a password manager such as 1password, NordPass or Keeper,  to securely store and generate strong passwords for you.

While passwords should be complex, length is a more important factor than just additional numbers and symbols. An 8 character password with uppercase, lowercase, numerical, and special characters can still be cracked in minutes to hours. Whereas, a 16 character random password with just uppercase, lowercase, and numerical characters can take millions of years to crack. The time it takes to brute-force guess passwords increases *exponentially* with each additional character, but doesn't increase much by increasing the character set.

Enable Two-Factor Authentication (2FA):

Two-factor authentication provides an additional layer of security by requiring an extra verification step, typically a unique code sent to your mobile device, in addition to your password. 

Enable 2FA whenever available, especially for critical accounts like email, banking, and social media. This added security measure significantly reduces the risk of unauthorized access to your accounts.

There are multiple types of 2FA; wherever possible, use the best available type of 2FA for your account. 

Authenticator app or hardware security key 2FA,  offer less potential avenues for compromise, outside of stealing the device itself.   A hardware security key is a device, similar to a USB stick, that offers extra security for online accounts. Used with a password, it's part of two-factor authentication (2FA). Like a house key, even if someone knows your password or address, they can't access without this physical key.

Authenticator app (auth-app) based 2FA (Microsoft, Google, Duo, etc.) provide a greater level of security than SMS (text message) or email based 2FA. SMS 2FA is vulnerable to "sim swap" attacks, where the attacker tricks the phone company into porting your number onto their phone (so they can then steal your accounts). 

2FA is "something you have" where the password is "something you know". These offer additional layers of security than simply having the password, because an attacker must now compromise both layers to steal the account.

Keep Your Software and Devices Updated:

Regularly updating your devices, operating systems, and software applications is vital for online security. These updates often include important security patches that address vulnerabilities and protect against emerging threats. Enable automatic updates or set reminders to ensure you're always running the latest versions.

Be Vigilant against Phishing Attempts:

Phishing attacks continue to be a prevalent threat. Exercise caution when interacting with emails, messages, or pop-ups requesting personal or financial information. Be skeptical of suspicious links or attachments, and avoid providing sensitive data through unsecured channels. Verify the legitimacy of requests by contacting the organization directly through official channels.

Phishing attacks can be sophisticated or simple. Always be vigilant if someone is asking for information such as wallet seed phrases, passwords, or 2FA tokens. If you receive an email, text or other communication asking for information, go directly to the website in question instead of following links provided in the message. For example, if you receive an email about KYC verification from someone claiming to be Coinbase, don't follow the link in the email. Go directly to Coinbase.com to log in and see if the request is legitimate. 

Never give out a seed phrase for a cryptocurrency wallet, no matter why someone claims they need it. Only enter your seed into a piece of wallet software you want to use. Even then, be vigilant and ensure the software is legitimate. Anyone with your seed phrase has *full access* to all of the money in that wallet. 

Utilize Secure Wi-Fi Networks:

Public Wi-Fi networks are convenient but often lack adequate security measures. Avoid accessing sensitive information, such as online banking or shopping, when connected to public Wi-Fi. If you must use public networks, consider using a virtual private network (VPN) to encrypt your data and protect your privacy. Most critical websites such as online banking will use Hypertext Transfer Protocol Secure (HTTPS), which offers a layer of encryption between you and the website. It is helpful to ensure websites you use always use HTTPS, especially if you use them to "log in" via a password. 

Practice Safe Online Shopping:

Online shopping offers convenience, but it also presents potential risks. Stick to reputable websites and ensure they have secure connections (look for "https://" and a padlock icon in the address bar). Avoid making purchases on public computers or using public Wi-Fi networks. Regularly review your credit card and bank statements for any suspicious activity.

Protect Your Personal Information:

Be cautious about sharing personal information online. Avoid posting sensitive details, such as your full address, phone number, or financial information, on public forums or social media platforms. Adjust privacy settings on social media to limit who can access your personal information, and be mindful of what you share with third-party apps or services.

Regularly Back Up Your Data:

Data loss can occur due to various reasons, including cyber attacks, hardware failure, or accidental deletion. Regularly backup your important files and documents to an external hard drive, cloud storage, or both. This ensures that even if something unexpected happens, your data remains safe and recoverable.

Backups should follow the "3-2-1" rule: 3 copies of the data in total, 2 different types of media, and 1 offsite backup. So for example: one copy on your PC solid state drive, one copy in "cloud storage", and another on an external hard drive. 

Educate Yourself about Online Threats:

Staying informed about the latest online threats and security best practices is essential. Keep yourself updated on common scams, new hacking techniques, and emerging vulnerabilities. Follow reputable online security blogs or subscribe to newsletters from trusted sources to stay informed and better protect yourself.

Invest in Reliable Security Software:

Equip your devices with reputable antivirus and anti-malware software. Ensure these programs are up to date and regularly perform scans.

Conclusion

By adopting strong passwords, recognizing phishing attempts, and staying updated on security practices, we strengthen our defenses against ever-evolving cyber threats. 

Whether for individuals or businesses, online security is the key to safeguarding our financial well-being, personal privacy, and online reputation and embracing this responsibility ensures that we can fully enjoy the boundless opportunities of the digital age while minimizing the risks.

 So, let us commit to being informed and proactive, creating a safer digital environment for ourselves and future generations.

Why Have a Plan?

Your digital assets should be treated like any other personal property when estate planning, and it is important that you take steps to include them in your Will. However, the assets will only be available to your heirs if you have developed a plan. That plan should include detailed instructions for them about what you have and how to access it.

Where Do I Start?

Before diving into inheritance planning, make sure you have a solid understanding of cryptocurrencies. Use trusted sources, such as C4, to familiarize yourself with the basics of blockchain technology, private keys, wallets, and the specific cryptocurrencies you hold. This knowledge will empower you to make informed decisions and communicate effectively with your beneficiaries.

Start Simple:

Although it may seem overwhelming, start with a simple pen and paper to create an inventory of your assets. There are templates available online that can be printed off, filled out, and stored in a safety deposit box or in a secure location in your home.

You can also to explore the growing number of cryptocurrency estate planning tools and services available. These tools can assist you in securely storing and transferring your digital assets.

They often offer features such as multi-signature wallets, time-locked transactions, and contingency plans for managing your cryptocurrencies in specific circumstances.

Pamela Morgan’s book “CryptoAsset Inheritance Planning: A Simple Guide for Owners”, has templates to help get you started and offers additional guidance as you develop your plan. (Disclosure: Pamela is a board member at C4.)

Regardless of where or how you start, we urge you to use the knowledge provided in this article to further educate yourself with the plan and options that best suit your needs and situation. Unlike other assets, there is no ‘Bank Manager’ and not having a plan could almost certainly guarantee some or all of your crypto assets may be lost when you’re gone.

In general, a balance of both legal and technical assistance will help ensure your assets can be properly passed down to your loved ones, while still keeping them secure.

Here are some general best practices to get you started with a simple inventory to help with the creation of your cryptocurrency inheritance plan.

Inventory Planning:

Start by creating an inventory of all your cryptocurrency holdings. Include information such as the name of the cryptocurrency, wallet addresses, private keys, and any relevant account information. Keep this inventory updated as you acquire or sell cryptocurrencies. You may also want to include information relating to:

1. Exchanges — Write down the exchanges you are currently using or have used in the past. Do not list your password or login credentials at this stage.
2. Wallets — If you use a wallet hosted by an exchange, note which wallet is connected to which exchange in the step above. If you are holding your own keys, then your heirs should be made aware of at least two things: Name(s) of the wallets you use and where your wallet backups are located. Remember, anyone who has access to these backups could steal the funds. Be aware of this when considering anyone that may be assisting you or has access to your plan.
3. Devices — List the devices that you are using to access your wallet accounts, such as your phone or laptop. This will ensure your heirs know not to throw away, donate, gift, or destroy these devices until the funds have been successfully retrieved/moved. It is good to note that you do not need to provide your passwords for these devices at this stage. A picture may also be beneficial to ensure they know the devices they are looking for (i.e., a generic photo of your hardware wallet model).

Consider Wallet Seed Storage

Your wallet seed is a combination of random words that enable you to access your cryptocurrency on the blockchain in case you lose access to your wallet. It is recommended to store your wallet seed using an element proof device, such as a steel wallet.

Overview

Cryptocurrency exchanges serve as convenient on and off ramps for users. These services allow people to trade fiat currency (such as dollars, euros, or yen) for cryptocurrencies, or to trade between various digital assets. These exchanges often serve a second function — as custodial wallets. Most major exchanges will allow users to store digital asset balances, and send/receive them on the blockchain. There are a number of pros and cons to storing digital assets on custodial exchanges.

Pros of Custodial Wallets

The major pro of using custodial wallets is simply ease-of-use. There are several advantages to storing and using cryptocurrencies via exchanges when it comes to the user experience.

The first is that the security experience is familiar for most users. Custodial wallets feature username and password based logins with 2 factor authentication. This login experience is the same as many other popular web applications such as social media sites, email, and bank accounts. Familiarity with security practices increases the likelihood users will avoid costly mistakes, especially when new to a domain like cryptocurrency.

As well, using an exchange wallet offers all functions cryptocurrency users might want “under one roof” — they can buy and sell, trade currencies, and send and receive to external wallets. This can make tasks such as inheritance planning, transfers, and interfacing with legacy financial instruments easier.

A final advantage of exchanges/custodial wallets can be support and documentation. Exchanges are businesses, and often have dedicated support staff and quality documentation. These resources can help both new and experienced users navigate security challenges.

Cons of Custodial Wallets

Custodial wallets do have several disadvantages to self-custody solutions. The most notable is that custodial wallets reintroduce counterparty risk into the cryptocurrency experience. Counterparty risk means, simply, having to trust a third party with your cryptocurrency assets. One major advantage of cryptocurrencies is the ability to hold your own keys and therefore your own money without having to trust someone else.

Using an exchange to store assets is more similar to trusting a bank, but with less regulations and safeguards. Users are exposed to several threats — such as insolvency. Several major custodial exchanges in cryptocurrency history have dissolved or filed for bankruptcy, such as Mt.Gox, QuadrigaCX, and most recently, FTX. Exchanges also serve as large, centralized targets for hacks and theft. While many major exchanges have excellent security practices, there is always the possibility of compromise. And large repositories of user funds like an exchange are a larger potential target than individual users.

While the familiar security user experience of exchanges can be an advantage, it can also be a disadvantage if a user has poor security hygiene. If a user generates a poor quality, short, or reused password, their account may be compromised easily. Similarly, poor 2 factor authentication practices such as using SMS may lead to SIM-swap attacks and account takeover. Users that neglect their email security may find it used to initiate password resets and account takeovers.

You can learn more about cryptocurrency security by visiting https://cryptoconsortium.org/articles.

Overview

Cryptocurrency exchanges are a vital part of the ecosystem, as they allow users to buy and sell various coins and tokens for common currencies such as the US dollar. Exchanges also serve as an entry-level wallet without having to understand seed phrases and other self-custody security procedures. While exchanges are an important part of the decentralized ecosystem, most themselves are centralized, meaning they control your private keys on your behalf.  Exchanges come with their own security best-practices users should follow to keep their assets safe.

Password Management

Users should first focus on password hygiene when thinking of exchange security. There are 3 areas of focus for password security - password length/complexity, password reuse, and password storage.

The first rule to follow is do not reuse passwords, especially for cryptocurrency exchange accounts. The password for your account must be unique. This prevents password leaks from other services from compromising your exchange account. For example - let's say you reuse the same password for your exchange account and for an online shop. If the online shop's password database is compromised, attackers may try and use that password to gain access to your account. This type of attack is known as credential stuffing.

The second security practice is to favor length over complexity when generating your passphrases. Many think that adding additional characters to a short password makes it harder to crack - for example changing the password LeetSpeak to L33t$pe@k. However, this does not significantly increase the time it takes an attacker to guess your password! In fact, length is far more important than special characters. For example - ILikeToCreateLongerPassphrases is far more secure than L33t$spe@k. 

The most difficult passwords to crack are those generated from secure random sources. Even better than ILikeToCreateLongPassphrases is something like e9623WR108SpXSbfhSlj. This passphrase contains a high amount of entropy (randomness). If your password needs to be typed rather than copy/pasted or autofilled, diceware passphrases can be generated using wordlists and random sources like dice or a diceware password generation tool. For example: JeanRemanTonCockyTyburn. These are English words that have no correlation with each other, but are easy to type or even remember if necessary. A complex and hard-to-crack password does not necessarily have to be difficult. Combining 5 unrelated words that you can remember is a good first step towards creating a strong passphrase. 

A third challenge users face is storing and remembering all these long, randomly generated, unique passphrases. Many users have tens if not hundreds of online accounts. To prevent password reuse, or having to remember high-entropy passphrases, a password manager is an excellent security tool. Password managers store passphrases in an encrypted database - the user only has to remember one very long and secure master passphrase to access the manager. Most modern password managers make it easy to autofill passphrases into websites, or to copy/paste them as needed. Most will also generate high entropy passwords for you.

2 Factor Authentication

It's also critical that users apply strong 2 factor authentication (2FA) to their exchange accounts. This adds a second layer between an attacker and account access. A password is "something you know", while most 2FA tokens are "something you have." There are 3 common types of 2FA.

The first is email or SMS text-message based. In this case, after entering your passphrase, the website sends you a one-time code via email or text. You enter the code into the website to finish logging in. This type of 2FA is strongly discouraged - because it is the easiest for an attacker to steal from you. Many in the cryptocurrency space have lost accounts and assets via SIM swap attacks - where the attacker pretends to be you, calls the phone company, and ports your number to their phone. They can then use the 2 factor codes to take over the exchange account. 

A second more secure method is to use app-based 2FA via apps like Microsoft Authenticator, Google Authenticator, Duo, and many other examples. For app-based 2FA, you first set up authentication by installing an app on your phone and scanning a "seed" provided by your account. The app on your phone then generates one-time codes that change every 30 seconds or so. You enter these codes into the website to complete logging in, just as with SMS based. However, the codes are generated from a secure seed stored by the app instead of transmitted over text messages which is far more difficult to steal.

The third and most secure type of common 2FA is hardware security token-based. A popular example is the Yubikey brand of hardware devices. These are small USB sticks that can be linked to your account. When logging in, you simply make sure your token device is plugged into the PC you are using. Compromising this type of 2FA requires physically stealing a user's device which is an uncommon form of attack (compared to SIM-swapping).  

Email Security

Many users overlook email security when considering the security of their exchange accounts. Most often, access to email allows a legitimate user to "password reset" the account in case they forget their passphrase. If your email is insecure, an attacker could first gain access to your email and then use it to take over your crypto exchange account. You should ensure you follow the same best practices for email - strong, unique passphrases and app or hardware-based 2FA. It may also be helpful to use a separate email just for cryptocurrency-related accounts, following all of these security guidelines around securing that account. This may prevent someone from easily obtaining your email as a first step to account compromise.

You can learn more about cryptocurrency security by visiting https://cryptoconsortium.org/articles.

Overview

One of the core components of blockchain technology is the concept of “private keys” which may be viewed as the mechanism to authorize a transaction on the blockchain. One of the fundamental decisions one must make is who is in control, or custodying, those keys. One may choose to have a trusted third-party custody those keys or one may choose to safeguard those keys themselves, or self-custody. Self-custody in the context of cryptocurrency means “the user holds their own private keys”. There are many ways a user can safeguard these keys, such as a mobile wallet on your mobile phone, a wallet application on your desktop, or a special hardware device known as a hardware wallet. One of the challenges relates to how to backup these private keys in a manner that is convenient as well as secure. When a user generates a new mobile wallet or hardware wallet, for example, they are given a “seed phrase” to back up. The seed phrase, typically 12 or 24 random words, is a mechanism used in many modern wallets to use as a foundation in which other keys may be generated from. This convenience results in only needing to backup and safeguard that seed phrase since that seed can be used to regenerate the same keys. This approach is powerful, with several security advantages over custodial solutions providing it’s done in a safe and secure manner. There are, however, some disadvantages to self-custody. Let’s dive into the pros and cons of managing your own crypto keys.

Pros of Self-Custody Wallets

The first major pro of self-custody is self-sovereignty — part of why crypto exists is so that users can truly own their digital money by holding their own keys, rather than having to trust a third party with your keys as well as your private information. Having to trust a third party is known as “counterparty risk”. This method transfers the responsibility of safeguarding those keys to that other party and you are now relying on their security. By holding one’s own keys, a cryptocurrency user avoids counterparty risk in their key ownership.

A second advantage is that of options. There exists a multitude of cryptocurrency wallets for every level of security, technical knowledge, or desired currencies and tokens. Depending on the user’s desired level of security, one could use a simple mobile wallet or go all the way up to a hardware wallet or even utilize more complex configurations such as requiring multi-signature. Moreover, many popular wallets are open source and audited by the professional development and security community, and closed source wallets have strong user bases as well with many offering a bug bounty program to reward ethical hackers who find vulnerabilities.

It is also easy to move between self-custody wallets — there is no concern of lock-outs, know your customer regulations (KYC). There are often more supported cryptocurrencies available, as new tokens or currencies that aren’t yet available on exchanges can be used via self-custody software.

These wallets offer the highest level of accessibility for all around the world. A user only needs to install wallet software on a mobile phone to start transacting with cryptocurrency. There is no need for identification, a bank account, or addresses to use a simple self-custody wallet. This is a huge advantage for those without access to traditional banking services.

Cons

There are, however, some disadvantages of self-custody wallets over custody accounts. Most of these revolve around backups and issues of security hygiene. First, a user must take sole responsibility for the safeguarding of their keys, and therefore their money. If the user loses their wallet (such as their phone), and loses backups of their seed phrase, they will lose access to their coins with no options for recovery.

The user must exercise diligence in securely backing up their seed phrase (private keys) and maintaining access to those backups. These should be stored in multiple secure locations and tested to ensure recovery works if the primary wallet is lost. If a backup is made or stored improperly, the user can lose access to their coins.

Every user of a self-custody wallet must take ownership of their security — both digitally and physically.

You can learn more about types of wallets and custody by visiting https://cryptoconsortium.org/articles.