Hey all! With the recent publications of hacks as well as hundreds of newly onboarded members to MVHQ, I figured it was a good time for a wallet structuring write-up. This system should be the simplest you get with your wallet structure, but feel free to expand on this to make it even more secure, air-gapped, and redundant.
Before we talk about how to organize your set of wallets, let’s go over some key ideas and terms to get everyone familiar with all aspects of a crypto wallet.
First, let’s talk about the difference between software and hardware wallets. A software wallet is essentially only utilized due to its simplicity and quickness when it comes to sending transactions. It is by far the least secure wallet type due to all prompts to send a transaction occurring on your computer, which has internet access and is prone to a multitude of security risks. A hardware wallet, though, requires a physical push of a button on your piece of hardware to send any type of transaction. This means that someone either must physically have your hardware wallet or seed phrase in their possession to compromise this type of wallet.
Next, we need to understand that a wallet has 3 sets of keys, all differing in use and security clearance:
1) Public Key – The public key is a series of letters and numbers that you see attached to the wallet at the top section of Metamask and is used much like an email address, easily shared with others with no security implications.
2) Private Key – The private key is the access key to that one particular wallet, and only that wallet. If someone were to get their hands on the private key for a wallet, they will have unlimited access to all assets on that single wallet.
3) Seed Phrase – The seed phrase is the access key to all wallets within that wallet tree. I use the term wallet tree to describe the original wallet as well as the wallets that are produced when you click ‘Create Account’ on Metamask. If someone were to access your seed phrase, they would have access to all assets on all wallets within this wallet tree. It doesn’t matter if you use a hardware wallet if someone is able to retrieve the seed phrase for it.
Before we head down the path of creating your wallet structure, we need to go through some dos and don’ts that you need to understand before the process:
- First and foremost, never type out or store your private keys or seed phrases on internet-connected digital devices. This is the leading cause of investors losing all assets and should be avoided at all times. Storing these keys on an always-offline digital device is ok, but keep in mind that digital devices break, so be sure to store those keys in a secondary location as well. You can connect any hardware wallet to Metamask to easily see the contents of that wallet and initiate transactions, but that means using the ‘Connect hardware wallet’ option. DO NOT just import your seed phrase. Doing that will make your hardware wallet useless.
- To that point, it is always best to have multiple copies of your keys stored in different locations in case of fire or any other disaster that can obliterate the keys.
- A good practice is also to pick a very durable medium that you store these keys on. Paper is very brittle and erodes over time, even if laminated. The best mediums available are treated metals that can withstand fire and water. And it goes without saying, store these keys in spots that are unfindable.
- Any time you set up a new wallet tree with a new seed phrase, copy it down on your physical medium and read through it three or four times while comparing it to the source that provided the seed phrase to you.
- Once the wallet is set up, send a tiny amount of crypto to it. Once the transaction clears, fully erase the wallet and re-initialize it with the seed phrase you have written down onto your physical medium. If the seed phrase you have copied down is correct, you should see the same wallet populate with that tiny amount of crypto you sent to it. Now you can be fully assured that you have copied the seed phrase correctly.
At the bare minimum, I recommend setting up three wallet trees which means three separate seed phrases (Seed 1, Seed 3, Seed 4). If you are a bot minter, you’ll need a fourth (Seed 2). And if you have high-value NFTs, I recommend one additional per high-value NFT (Seed 5+). Follow all the rules above when creating these wallet trees.
1) Seed 1 – Allowlist & Manual Mint Wallets: This initial wallet tree will be created as a software wallet tree, directly on Metamask. You can create however many wallets you need within this wallet tree to take advantage of multiple mints within a project or multiple allowlist signups. Be sure to keep funds limited on this wallet and strive to only mint directly from contracts, as minting from websites can introduce a multitude of security risks between you and the actual mint function you want to interact with.
2) Seed 2 – Bot Mint Wallets: If you are in the bot minting game, I recommend setting up a new seed phrase and wallet tree for these wallets. This is mostly for organization to have bot wallets separated out as people usually utilize upwards of 20+ wallets with a bot, but it can also serve as a security measure: if these wallets get compromised they won’t then be littered throughout the list of wallets within your Seed 1 wallet list (because Metamask doesn’t allow you to delete/reorder wallets that were created within that wallet tree), you can just fully abandon that whole seed phrase and wallet tree. Most bots nowadays can create bot wallets for you that you then import into Metamask with their private keys, but for ease of use I generally switch the process around and create them myself then import them into the bot using their private keys.
3) Seed 3 – Marketplace Wallets: The next wallet tree is meant for interactions with marketplaces. Generally, any wallets that hold anything of value should use a hardware wallet, but I can see the argument for using a software wallet here just for ease of use as you would need your hardware wallet with you for all buys and sells. An important aspect of the interaction between Seed 1, Seed 2, and this wallet tree is the fact that you should immediately transfer all “valuable” mints to this wallet tree immediately since Seed 1 and Seed 2 are your minting wallet trees and theoretically your most insecure group of wallets.
4) Seed 4 – General Vault: This wallet tree 100% needs to be a hardware wallet, as it will house your NFT and crypto assets that you want to hold for the time being. The only transactions and interactions with this wallet should be sending NFTs and crypto in and taking NFTs and crypto out. Do not connect this wallet to any marketplaces, mint websites, or any other service. If you would like to sell an asset that is within this vault, transfer the asset to your marketplace group of wallets in Seed 3. I generally use a Lattice hardware wallet for my general vault as it has the easiest user interface and my general vault is the vault I most interact with. Also remember, if you want to import this vault to Metamask to view its contents and initiate transactions, use the ‘Connect hardware wallet’ option on Metamask rather than importing the seed phrase. If you type the seed phrase of your hardware wallet into Metamask, that hardware wallet is now useless.
5) Seed 5+ - High-Value Item Vault: It is very good practice to have a seed phrase for each of the high-value NFTs that you hold. This ensures that, God forbid, one of your vault seed phrases gets compromised, your losses are minimized. With the low price of Ledger hardware wallets, I generally use a separate Ledger for each high-valued NFT. Do not connect this wallet to any marketplaces, mint websites, or any other service. If you would like to sell an asset that is within this vault, transfer the asset to your marketplace group of wallets in Seed 3.
I hope this wallet guide was able to give you some fundamental foundations to structure your wallet system. There are definitely ways to up your security game using Gnosis safes or multisigs, but these ground rules will get you in a place where you don’t need to constantly worry about your security.