Securing The Bag

(Security & Payments)


This security guide is a modified version of @Punk6529’s tweet thread. Read the thread here.


The first part of this thread is not going to discuss any particular wallet, but the general concepts on how ETH stores and secures tokens.


You need to understand these concepts first. I reference ETH in this thread for simplicity, but the same general concepts apply to many other chains. Your NFT is a token. That token is on the Ethereum blockchain, a copy of which is being held by the 3,000 or so Ethereum nodes that are running globally. (etherscan.io/nodetracker)


When you sell an NFT to someone else, nothing is moving from your computer to their computer. All that is happening is that the database that is the ETH blockchain is changing the entry for which address the NFT is owned by.


What about the JPG? Where is that? Your NFT has a URI field (like a URL) that points to where the JPG is.  The best practice is that it is on IPFS or Arweave which is “decentralized storage”.  Alternatively, it might be on someone’s server (“centralized”). But the cloud (centralized or decentralized) is still just a server somewhere.  The main difference between IPFS and AWS is that anyone (including you) can join your computer to IPFS and decide to also store any particular IPFS object (including your JPG).


Some art (usually generative art) is completely on-chain. This means that the instructions to draw the art is contained in the token itself. This means the art is stored on the ETH blockchain, right with the token. So let's go to the next step and discuss public keys and private keys. A public key is an ETH “address” 0x98b7AAeb419394b13D46C9508d79b335FF6D98A0.


The best analogy for a public key is an email address. You can safely share it publicly and people can send things to it.  


Those things are most typically:

- ERC20 Tokens (fungible tokens, like UNI or SUSHI)

- ERC721 or ERC1155 tokens (non-fungible tokens aka NFTs)


So your public key is also NOT what you are storing and trying to keep safe.  What you are trying to keep safe is your PRIVATE KEY. Your Private Key is your “password” for your public key/address. What the private key primarily allows is for you:a) to move tokens out of your addressb) sign messages proving you have the private key for that address.


Unlike your public key, you must never ever show your private key to anyone.If someone has your private key, it is GAME OVER.  They can very quickly take every single asset – ETH, fungible tokens, NFTs – from your address. It's the keys to the kingdom.


A “wallet” is a piece of software that contains a set of private keys.  A private key controls a public key. Every wallet, whether software or hardware, is just this.  A piece of software that holds a set of private keys that allow you to execute transactions on specific ETH addresses. There are a couple of more concepts we need to introduce. The first is the seed phrase. A seed phrase is a set of 12, 18, 24 (or more) words. If your private key is your password, your seed phrase is your password recovery method. If you lose your private keys, you can recreate them from your seed phrase.  As with your private key, never ever share your seed phrase. Once someone has it, your wallet will be emptied.


The last concept is the ‘passphrase’. It is a series of characters/words that, when combined with your seed phrase, creates a wallet with a set of private keys. In other words, if I created my wallet/private keys with: seed phrase + “apple” seed phrase + “nft” seed phrase + “6529” seed phrase + “seize the memes of production” Each one would create a wallet with different private keys for different public keys (addresses). What is strange about passphrases is that there are no ‘wrong’ answers. If you put the wrong passphrase, you don’t get some type of error message, you just get a different set of private keys that work fine, but don’t have your tokens in them. There is NO recovery system if you lose your passphrase.



Summary


Address/Public Key: Your email address (can be shared)

Private key: The password to your inbox (never share)

Wallet: Holds private keys

Seed phrase: Recovery system for private keys (never share)

Passphrase: Optional - extra password to create new wallets (never lose)

Software wallet: a software wallet on a general purpose device (computer or mobile phone)

Hardware wallet: a software wallet on a dedicated hardware device (Trezor or Ledger)


To summarize the security failure cases: If someone gets a hold of your private keys OR seed phrase AND passphrase (if you used a passphrase) they can access all of your crypto holdings including currency and NFTs.


In order to interact with web 3.0 dapps like Uniswap or Opensea, you need a browser extension that interacts with them.  The most popular is @metamask, but there are others. Metamask has a mobile app that is a pure software wallet.


Metamask also has a browser extension that can either:

a) operate as a pure software wallet

b) provide the browser interface for hardware wallets to interact with dapps.


The two most popular hardware wallets are @trezor and @ledger.


Security Levels:


Level I: You have less than $500 to $1,000 to invest in NFTs in the foreseeable future. This is the only case to use a software wallet. Metamask is fine on both computers and mobile.


Software wallets are not long-term safe. They simply store your private key on your phone or computer. If your computer is compromised by a virus, your private keys will be stolen. When you are setting up the wallet, you will be given your seed phrase. You need to write this down carefully on a piece of paper. This allows you to recreate your wallet. You should never ever type your seed phrase into a computer or photocopy it. Metamask will have you create a password. That password is the password that Metamask uses to give you access to Metamask. This is NOT your passphrase. It is specific only to Metamask on the specific. computer you have installed Metamask. You will need your seed phrase if your computer dies, if Metamask gets corrupted, if you lose your computer, if you forget your Metamask password. The seed phase is your backup! Ideally, your seed phrase is not in your house, but somewhere else. Some people use a steel object to store their seed phrase to be more fire resistant.


Level II: You are going to invest more than $1,000 in NFTs, set up a proper hardware wallet from Day 1.  Trezor and Ledger are both fine, but my detailed setup recommendation is below.


The most expensive hardware wallets are ~0.06ETH (~$200). If you are investing ANY significant amount in NFTs or expect any significant price appreciation in your NFTs, you must use a hardware wallet.


OK, how are we going to set this up? 6529 is going to push you do it correctly from Day 1 and use the full panoply of tools available to you. Why? Because if you do, your setup for $5K in NFTs is also a good setup even for $1M in NFTs and you don’t have to change later. Changing default wallets is a huge pain in the ass and 6529 has not enjoyed it at all. I have done both transitions, from software wallet to hardware wallet and from hardware wallet to Gnosis. It sucks. You have pay gas to move each individual NFTs. 


My recommended setup for setting up a Trezor is the following:

a) Install Trezor Suite

b) Set up the Trezor

c) Apply a PIN to the device

d) Use the Shamir’s Secret Sharing Scheme to split your seed phrase 2 of 3  

e) add an easy-for-you-to-remember passphrase


Let’s take it one step at a time.  

Step 1: Buy a Trezor directly from the Trezor web site. 

Step 2: Follow the software’s instructions for installing the Trezor Suite Software and getting the device set up.

Step 3: Select a PIN. This PIN is the equivalent of the password on Metamask. It unlocks the Trezor device so you can use it. You must do it. Go for at least 8 digits.

Step 4: Split your seed phrase through Shamir’s Secret Sharing Scheme (it is a built in option in Trezor Suite).  


What is this?  One naïve security measure is to divide your seed phrase in half or in thirds so “nobody can find it all in one place”. This weakens its security however. If you divide a 12 word seed phrase into two and someone finds 1 part, it is computationally feasible to crack 6 words. (It is not computationally feasible to crack 12 or 18 or 24 words). When you select SSSS as an option, and you select 2 out of 3, the software will create 3 lists of 20 words. You will need any 2 of out 3 to recreate your wallet. You can then put these 3 lists in three different places (safety deposit box, your in-laws house, whatever). This means your system is robust to your house + 1 other place burning down. It is also robust to any one of the seed phrases being exposed. You need at least two to replicate a wallet. SSSS is better for protecting one key for one person and you can use it in combination with multi-sig.


You apply a passphrase. The passphrase should be something you and/or your family can easily remember.  The hardcore recommendation is “do not write down the passphrase” but if solo you should consider writing it down somewhere else bc you might forget it. I would have a minor amount of ETH in your wallet without a passphrase. This is the decoy wallet, something to be discussed later. Then your main assets go in the wallet with the passphrase.


VERY IMPORTANT

You need to test that you recorded your seed phrase correctly before you store it.  


Your order of operations is:

a) set up the trezor, with SSSS 2 out of 3 and a passphrase and non passphrase wallet

b) send some small amount to ETH to both wallets

c) wipe your Trezor

d) set up again using first 2 out of 3 seed phrases. See that your ETH is there in both wallets

e) wipe your Trezor again

f) repeat the recovery with the last 2 seed phrases


If you have recovered the wallet with both ways, you are cleared for take-off. Go stash away your seed phrases in different secure locations and, probably your passphrase, in a 4th location (or stash the passphrase in the brain of various other people).


You now go back to Metamask and Import Hardware wallet to connect your hardware wallet to Metamask. Now you can use Metamask, using your hardware wallet. If you have NFTs, you have to transfer them to this new wallet. The easiest way is the ‘transfer’ function on OpenSea.You should transfer 1 to the new wallet and then transfer it back to make sure you do control your address. Only then should you transfer the rest. You should NOT just migrate your existing wallet to your Trezor. Your keys might have already been compromised in Metamask. You must make a new wallet and transfer the NFTs.


Your wallet has multiple ETH addresses.  You should use one as the vault for important NFTs & do not transact out of that wallet. You can use another address on ur same hardware wallet for doing things like minting the new unaudited contract for the Slimy Snail collection.


That way, if the contract is malicious, you don’t risk your important NFTs.You can use a mobile wallet for fun/small purchases like this too, at the cost of the extra gas to send them to the vault wallet.


Now, what is not protected by the above?

a) you give someone your seed phrase

b) you click on a malicious link on your address with your valuable NFTs. So, don’t do that.


Level III: You have more than $1M to $3M of NFTs or you are working in an institutional context or you have irreplaceable NFTs. You should set up a @gnosisSafe multi-signature wallet. Software Wallet: Only if you are investing small amounts in NFTs (<$1,000).


This is the highest level of security you can have today but it comes with real costs in inconvenience. The major additional concern of a 🐳 is a wrench attack


What is a wrench attack?

https://pbs.twimg.com/media/FEkx5HQWUAEb3q2.png


The theoretical defense against the wrench attack was the decoy wallet.Open your wallet without a passphrase, show 10ETH, send it to the attacker, wish them a nice day.They don’t realize that with a passphrase, you have 1000ETH. This does not work with well-known NFTs. So if someone wants to attack me for summer.jpg, they aren’t going to get fooled by decoy wallet.


For this level of sophistication, you need to move to @gnosisSafe. Gnosis is a smart contract masquerading as a wallet. In other words, it has an address that can be treated as a public address, but it is really its own smart contract on the ETH blockchain and it is visibly so. Gnosis has been used as a vault/treasury by many defi protocols and increasingly for NFT vaults. The important feature for these purposes is that you can create whatever signing protocols you want to authorize a transaction.


In the high-end setup, each of the signers can be anything – a software wallet or a hardware wallet. The most hardened approach would be that each signer is a distributed offline SSSS hardware wallet setup.


There is another potential use of a multi-sig which is “being an idiot insurance”.  Here you can make a 2 out of 3 setup, give a trusted friend 1 key and don’t do anything unless they sign also. That way if you have a momentary FOMO moment and start trying to connect to some site someone pitched you on Discord, you might have a 2nd voice of reason that prevents disaster.@argentHQ, in a different way, tries to provide something like this There is one more great use of Gnosis and it is for collective holdings. A group of friends or an institution (e.g. company, fund, etc) or a DAO hold some NFTs. Nobody should have sole responsibility or authority to hold those NFTs, regardless of value.  A Gnosis multi-sig, possibly with the keys more accessible for convenience, is a great solution for this situation.


So let me summarize the key steps so far:

a) <$1,000 – software wallet

b) everyone else – hardware wallet 

c) [🐳only in most cases] – gnosis multi-sig, with offline key distribution

d) friends/groups/institutions – gnosis multi-sig, offline or online keys


If you are distributing SSSS seed phrase shards, pins, hw wallets, passphrases and so on, you need to think carefully who could get quorum on your wallet or multi-sig and who you trust.This is very individual, I can't help, just think about it very very carefully.


One of the nice thing about distributing SSSS off-site versus seed phrases is that the shards are individually useless. Whereas a seed phrase without a passphrase is the keys to the kingdom. One more thing to consider. If you have NFTs of financial and emotional value, you should think through how the beneficiaries of your will, will receive those NFTs. There have been many horror stories from BTC era on of huge fortunes dying with the key holder. Every situation varies, but if you think through the possibilities with seed phrases (SSSS) and/or multi-sig wallets, you can construct I believe logical estate planning approaches.


What is great about all the above? They are all non-custodial. There will be custodial solutions soon from the major players and those are fine too. But I doubt they are much more secure in practice (the risk of social engineering or a wrench attack just moves to the authorization stage between you and the custodian) and you are no longer digitally self-sovereign.  Or, at least, you are less so. This might seem like a lot to absorb, or maybe even difficult. But the investment in time to get up to speed is really not that high.  


It is a 1-time cost and once you have done it and you on the other side, it is quite straightforward. I consider crypto competency a core life skill like 'driving a car' or 'understanding how budgets work'. Each of those things takes hundreds of hours to learn.


This will be a few hours for most people. But even if it is 10 or 20 or 40, why not? Learning these skills puts you a step ahead for the Web 3.0 economy and lets you reduce dramatically the risk of some type of disaster with your NFTS and crypto.