6.1 Wallet Fundamentals
A cryptocurrency wallet doesn't actually store cryptocurrency - it stores the private keys that prove ownership. Understanding this distinction is fundamental to understanding custody and security.
"Your crypto" exists only as records on the blockchain. What you "own" is the private key that allows you to sign transactions moving those records. Whoever controls the private key controls the crypto.
Key Cryptography Basics
HD Wallets (BIP-32/39/44)
Modern wallets use hierarchical deterministic derivation:
- Single seed: One 12/24 word phrase generates unlimited addresses
- Derivation paths: m/44'/60'/0'/0/0 (Ethereum account 0)
- Multi-chain: Same seed, different paths for each blockchain
- Backup once: Seed phrase backs up all current and future addresses
NEVER store your seed phrase digitally - no photos, no cloud storage, no password managers. Write it on paper or metal. Anyone with your seed phrase can steal all your crypto. No legitimate service will ever ask for it.
6.2 Hot vs Cold Wallets
Wallets are categorized by their connection to the internet. Hot wallets offer convenience; cold wallets offer security. The right choice depends on your use case and the amount at risk.
| Feature | Hot Wallet | Cold Wallet |
|---|---|---|
| Internet connection | Always online | Offline / air-gapped |
| Convenience | Instant transactions | Manual process required |
| Security | Vulnerable to hacks | Immune to online attacks |
| Best for | Daily transactions, DeFi | Long-term storage |
| Examples | MetaMask, Coinbase Wallet | Ledger, Trezor, Paper wallet |
Types of Hot Wallets
Browser Extension
- MetaMask (Ethereum, EVM chains)
- Phantom (Solana)
- Convenient for DApps
- Risk: Browser vulnerabilities
Mobile Wallet
- Trust Wallet (multi-chain)
- Rainbow (Ethereum)
- Convenient for payments
- Risk: Phone theft/malware
Desktop Wallet
- Exodus (multi-chain)
- Electrum (Bitcoin)
- Full feature set
- Risk: Computer compromise
Use hot wallets like a physical wallet - only what you need for daily use. Keep the majority of holdings in cold storage. Consider any amount in a hot wallet as at-risk from potential compromise.
6.3 Hardware Wallets
Hardware wallets are dedicated devices that store private keys offline and sign transactions in a secure element. They represent the gold standard for individual self-custody, offering strong security with reasonable usability.
Major Hardware Wallets
| Device | Price | Secure Element | Key Features |
|---|---|---|---|
| Ledger Nano X | ~$150 | Yes (CC EAL5+) | Bluetooth, 100+ apps, large screen |
| Ledger Nano S Plus | ~$80 | Yes (CC EAL5+) | Budget option, USB-C |
| Trezor Model T | ~$220 | No (general MCU) | Touchscreen, open source firmware |
| Trezor Model One | ~$70 | No | Budget, proven track record |
| Coldcard | ~$150 | Yes | Bitcoin only, air-gapped option |
How Hardware Wallets Work
- Setup: Device generates seed phrase offline in secure element
- Transaction request: Software wallet creates unsigned transaction
- Verification: User verifies transaction details on device screen
- Signing: Device signs transaction internally, private key never exposed
- Broadcast: Signed transaction sent to network via connected device
ONLY buy hardware wallets directly from manufacturer. Never from Amazon, eBay, or third parties. Compromised devices with pre-set seeds have stolen millions. Verify device authenticity on first setup.
Backup and Recovery
- Metal backup: Cryptosteel, Billfodl - fire/water resistant seed storage
- Multiple locations: Store backups in geographically separate secure locations
- Test recovery: Verify you can recover from seed before storing significant funds
- Passphrase (25th word): Optional additional security layer
6.4 Multi-Signature Wallets
Multi-signature (multisig) wallets require multiple private keys to authorize transactions. This eliminates single points of failure and is essential for organizational treasury management and high-value personal holdings.
Common Multisig Configurations
| Config | Use Case | Tradeoffs |
|---|---|---|
| 2-of-3 | Personal high-value, small teams | Balanced security/convenience |
| 3-of-5 | Corporate treasury | Higher security, more coordination |
| 4-of-7 | DAO governance | Very secure, operational overhead |
| 2-of-2 | Joint accounts | No redundancy - both keys required |
Multisig Platforms
- Gnosis Safe: Most popular Ethereum multisig, used by major DAOs
- Casa: Consumer-friendly Bitcoin multisig with key recovery service
- Unchained Capital: Collaborative custody with institutional support
- Electrum: Native Bitcoin multisig in desktop wallet
Multisig Benefits
Eliminates Single Points
- No single key compromise is fatal
- Protection from insider theft
- Redundancy if one key is lost
Organizational Control
- Enforces approval workflows
- Separates custody from approval
- Audit trail of signers
For significant personal holdings, consider a 2-of-3 multisig: one key on hardware wallet at home, one in bank safe deposit, one with trusted family member or service. Protects against theft, loss, and death scenarios.
6.5 Institutional Custody & MPC
Institutions managing millions or billions in crypto require enterprise-grade custody solutions with sophisticated key management, compliance features, and insurance. MPC (Multi-Party Computation) has emerged as the leading technology.
MPC vs Traditional Multisig
| Feature | Traditional Multisig | MPC |
|---|---|---|
| On-chain footprint | Multiple signatures visible | Single signature (privacy) |
| Transaction fees | Higher (more data) | Lower (standard tx) |
| Key rotation | Requires new address | Can rotate without moving funds |
| Protocol support | Chain-dependent | Works with any chain |
| Complexity | Simpler cryptography | More complex, newer |
Major Institutional Custodians
| Custodian | Technology | AUC | Regulation |
|---|---|---|---|
| Coinbase Custody | Cold storage + MPC | $100B+ | NY Trust Company |
| BitGo | Multisig + MPC | $50B+ | SD Trust Company |
| Fireblocks | MPC (primary) | $4T+ transferred | SOC 2 Type II |
| Anchorage | MPC + HSM | $50B+ | OCC National Bank |
| Fidelity Digital | Cold storage | $10B+ | NY Trust Company |
Choosing Custody Solution
Self-Custody
- Full control, no counterparty
- Best for: Individuals, small funds
- Tech: Hardware wallet + multisig
- Risk: User error, physical security
Institutional Custody
- Professional management
- Best for: Funds, corporates
- Tech: MPC, HSMs, insurance
- Risk: Counterparty, regulatory
Hybrid/Collaborative
- Shared key control
- Best for: HNWIs, family offices
- Tech: 2-of-3 with recovery service
- Risk: Balanced tradeoffs
Estate Planning Considerations
- Inheritance: Document recovery procedures for heirs
- Time-locked releases: Dead man's switch mechanisms
- Legal trusts: Incorporate crypto into estate planning
- Seed splitting: Shamir's Secret Sharing for distributed backup
Billions in crypto are permanently lost due to death without proper inheritance planning. Document everything: what you own, where keys are stored, how to access. Update regularly. Consider professional estate planning for significant holdings.
Key Takeaways
- Wallets store private keys, not crypto - whoever controls keys controls funds
- Seed phrase = master backup - never store digitally, protect physically
- Hot wallets for daily use, cold for storage - treat hot wallet balance as at-risk
- Hardware wallets are gold standard for individual self-custody
- Multisig eliminates single points of failure - essential for significant holdings
- MPC enables institutional custody with privacy and flexibility advantages
- Estate planning is critical - document everything for inheritance