Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Cryptographic wallets

A wallet holds a set of private keys (very large, random numbers) that can be used to spend coins. All these keys are generated from a seed phrase. The seed phrase is the key to the kingdom! You MUST NEVER store the seed phrase anywhere accessible via a device (be it a file, a digital note, a picture, or even an entry in a password manager). Similarly, you MUST NEVER share it with another user.

Ground rules

  1. You MUST NEVER store seed phrases digitally
  2. You MUST NEVER share seed phrases with other users
  3. You MUST NEVER use wallet browser extensions

Warm wallets: <$1K

If you are storing less than $1K, you MAY use a software wallet on your smartphone since it is more convenient to use than a hardware wallet. You MUST NOT use a browser extension on your laptop, because it is easier for an attacker to compromise it. You SHOULD hand-write the seed phrase generated by the mobile wallet and store it in a safe place. You MUST NOT store it digitally.

Cold wallets: <$1M

If you are storing up to $1M, you MUST use a hardware wallet, such as a Ledger device. These keep the private key encrypted inside the device, and are resistent to tampering. Teams MUST have a set of N >= 3 devices, with transaction outputs spendable by any of the devices (1 of N multisig), so hardware failures do not result in losing funds. For N < 5, at least one team member MUST keep a backup device or seed phrase in a safe deposit box. For N >= 5, the risk of leaking the backup device or seed phrase is greater than the risk all devices failing, so backups MUST NOT be made.

If you need to store more than $1M, you MUST contact us for specific instructions.

Clear signing

You MUST ALWAYS verify, to the extent possible, the destination address(es) of any transaction you send. Many recent attacks, from ByBit to the latest NPM poisonings, have surreptitiously replaced user specified data with attacker data, resulting in stolen funds. In some cases the true data displayed after alteration, in others not.

To combat this, Ledger devices support clear signing. This uses the hardware screen of a Ledger device to display a human readable description of the transaction before you agree to sign. While the frontend app that interacts with your Ledger device may more easily be compromised, the hardware screen is much more resistent to such attacks.

When you verify an output address such as a smart contract (SC), you MUST verify the address from an external source, such as previously downloaded documentation. SC calls though involve not just addresses, but also functions and parameters; verify that the entire SC call is what you have intended. User wallet addresses MUST also be verified; when possible, this should include a voice call with the user in question where the address is read and the voice is recognized.

So for software wallets, you MUST ALWAYS confirm the details before agreeing to sign. This will NOT stop all attacks, which is why you SHOULD ALWAYS consider using hardware wallets even when not required to do so. For hardware wallets, you MUST ALWAYS confirm the details on the hardware screen.

Hardware wallets

Below we will include specific instructions for configuring various hardware wallets.

Ledger Nano X

Instructions for setting up a Ledger Nano X can be found here.