 If 2022 thought that something is that we should be careful about how we store our crypto, that we shouldn't entrust all our funds to centralized entities, and that controlling our private keys is the only way to get rid of the counterparty risk. But critics say that self-custody is too complicated and cumbersome for most crypto users. If not done it correctly, managing your private keys could be even riskier than trusting a third-party custodian. So what is the best way to keep your crypto safe? Is self-custody really the most reliable option? In this video we discuss the nuances of crypto storage with James Chek, lead on-chain analyst at Glassnode. I'm Giovanni. On this show we challenge the ideas that are shaping the world of crypto. In each episode we challenge a crypto narrative, a price outlook, or a potentially disruptive technology. Only the most solid ideas will make it to the other side. This video is presented by our sponsor Web3 Antivirus, a security solution that helps protect users from online threats and scams on the decentralized Web. Okay, James, let's start from the basics. So what is self-custody according to you and why it is important? Sure. I mean, the concept of self-custody is essentially taking ownership of these, you know, bear assets. When people who are brand new to the digital asset space kind of ask me this question, I think the best analog is it's like holding physical cash. It's like holding physical gold. And the reason why it's important is that it's really one of the key innovations of Bitcoin being a bearer asset, a bearer hard asset that you can actually hold outside the system. And as we've seen over the course of 2022, there were several instances where we had centralized entities who are the custodians, who over-leveraged, lent out customer assets or just otherwise gambled them away. So in all of those instances, if you're not holding your own assets, then you are essentially liable. They are a liability on someone else's balance sheet. And you know, these people, you know, many of them ended up with zero. So in many ways, it's one of these few, the first time that we've had a digital asset that you can hold in your own keys in a bearer format. And really, it overcomes one of the largest problems with gold, which was that it naturally centralized by design, because gold coins are just really hard to move around. A few days ago, we saw that a Bitcoin core developer was a victim of a hack in which he lost control of his Bitcoin. So he was doing self-custody. And he had 3.5 million worth of Bitcoin stolen in a hack. So we don't exactly know for sure what happened, what are the details of this. But what I want to focus on is the reaction that these events sparked specifically on crypto Twitter. Basically, a lot of people were saying that if a Bitcoin core developer couldn't handle self-custody, wasn't able to self-custody, then how would an average user do it? People say that this is too complicated and risky for the average user. So what is your comment to those type of reactions? Yeah, I mean, I completely disagree that having a core developer losing their coins as unfortunate as it is. At the end of the day, I'm also an average person and I've managed to do self-custody. If you have gold in your vault, if you have cash in your wallet, it's the same concept. You need to exercise a level of responsibility. So understanding what those attack vectors are, and in many instances, you know, 24 words or 12 words, which is your ultimate seed phrase. That is essentially no different to saving your password for a password manager, right? Or a password for your bank account. So it's the exact same concept. Yes, there are risks, but at the same time, we as humans, our job and what we do is assess risks. There are no solutions, only trade-offs, and the trade-off is you're removing that liability on third parties, but you have to look after a 12 or a 24-word seed phrase. The designer Udi Wertheimer makes a case specifically against seed phrases. He says that this list of words is very difficult to keep safe for years and learn how to do it is also very difficult. He recommends to use custody solutions that don't require to handle the seed phrase yourself. What do you think about these statements? I think the example he's probably alluding to is things like collaborative custody, like unchained and some of these companies who give you a two or three or three or five, whatever your setup is, they can provide you with a collaborative custody solution. They're absolutely a fantastic solution. I'm glad that they exist. But if your weakest link is somebody getting into your email account to do the social recovery for you, they can do a reset password, they get the link, suddenly they get your funds. So it's one of those things where collaborative custody is important. It solves a certain problem. But you open up a different attack vector, which is what happens if you lose the passwords, your email account. So at the end of the day, all of this actually boils down to what is the weakest link in your security setup? And there is no correct answer. It is a process that people need to go through. It's a personal decision at an individual level. It's the same as all privacy, all security online. What is your weakest link? If somebody can get into your master email account and reset all of your bank passwords and access your social recovery, then you may as well have had 12 words written down a book in the back of your cupboard. So at the end of the day, identifying what is the weakest link, it's not a difficult process. It's just a process people actually need to do the work for. And it's no different to whether you're doing social recovery or a pure self-custody type setup. At the end of the day, it comes down to education and spending the required hours to look after the wealth that you're putting into this wallet. If you're not willing to put more than five minutes into it, then don't put more than five dollars into it. If you're willing to do 100 hours, now you can start talking about doing your significant sums of savings. So again, everything scales with the use case. So when you talk about these weak links, what do you mean exactly? Can you give us a practical example? So let's say you have a password manager and you put your 12 words inside your password manager and then you post your password manager's password to your Dropbox. Somebody getting into your Dropbox is the weakest link because that is the pathway by which they will access. You kind of look at us like a flow chart. If your seed phrase is locked in a vault and that's the only place that it exists, then somebody breaking into your house and stealing that 12 words, that is your weakest link. So it's about identifying if the attack vector is that you're going to lose your 24 words, what are the multiple pathways that somebody could use to actually get to those 24 words? And essentially identifying what is the weakest part of that puzzle that will essentially give them up. Another point made by Vertheimer is that different types of crypto use require different type of custody. So he makes the point that, yeah, holding your coins in a hardware wallet is a good solution if you are storing your wealth for the future, for future generations or for anyway, for the long term. But if you use your crypto for swapping NFTs 10 times per day or for on-chain trading, then holding your crypto on such a hardware wallet is not the most user-friendly, comfortable solution. Don't you think that it depends also on the usage that you are making of that crypto? Of course. And it's about having the right tool for the right job. You know, in my personal setup, I have cold storage. I have warm storage, which is coins that I have on my mobile, but I cannot just send with my mobile. You still need a hardware device to actually send them. You've got cold storage that's completely separated from the internet at all times, and it's very secure. And then I have a hot wallet, which is if I need $100 to $100 to just move around or do an intermediary transaction, then you have a hot wallet that's just a wallet on your phone, right? It comes down to the right tool for the right job. And with all of these things, you have different levels of security. Vartimer points out that third-party custodians are not always bad. For example, he makes the example of Michael Saylor. So Michael Saylor stores his crypto apparently in a third-party custodian, and he said that if he does it, then why wouldn't the average user wouldn't do it? And then he also says you can put part of your holdings on different third-party custodians, on different, for example, exchanges in order to minimize the risk. What do you think about this solution as an alternative? Yeah, I mean, you know, I'm going to disagree with Udi on this one, because if you think about it, so let's just take the Michael Saylor approach. I'm quite positive that the custodial set up that Michael Saylor and Michael and MicroStrategy have. If the bill from Coinbase or whoever their custodian is, if the bill came to you and I, it would send us broke, right? The amount of money that he would be paying in order to obtain that level of custody and that whole solution, it's not feasible for the average person. So really what Udi is saying there is that people just deposit across all these exchanges. OK, so what is the weakest link? Well, the weakest link is you now have, let's just say, for example, five exchanges. You've split your deposits one-fifth in each. Now you have to manage five different passwords and five different two-factor authentication methods. So when you actually peel back that onion, the solution that Udi is proposing is far worse because you have more passwords, more two-factor, and you still have third-party custodial risk. Yeah, that makes sense, although having to remember those passwords is not so critical as when you have to remember your seed phrase because I think there are retrieval systems in case of exchanges in third parties while there are no retrieval systems in the case you lose your seed phrase. So that's not exactly an equivalent. Of course, but it comes down to trade-offs, it comes down to hardware. There's mitigation solutions even within that framework to make it really, really difficult for you to lose your coins. When that accident happened, you pointed out on Twitter how you would recommend an average user to approach self-custody. So can you guide us through this process? As I mentioned, it is a learning journey. When you start with your first buy, just downloading an app in terms of Bitcoin wallets, like a nunchuck or a green wallet or any of these self-custody wallets, they give you the 12 words. They're very, very simple to set up, and you can start storing coins there. Very, very simple, all supported by exchanges. Really, even in the modern era, pretty hard to get wrong. So you can start with a mobile wallet. Everyone's got a mobile phone, fairly simple. As you start to build up your holdings, you've got some kind of meaningful wealth, a couple of thousand dollars. It's starting to get meaningful while investing in $120 ledger or a cold card or something to just give you that extra security is really the next logical step. Now, the ledgers and treasures are super, super easy from a user interface perspective. People who have multiple coins, then these things offer you a really clean user interface. Again, once they're set up, and you've done the initial setup with the 12 words, so you're used to this, the transfer across to a hardware wallet is a pretty basic next step. You're not scaring yourself by going all the way to a multi-sig with six devices. You're just starting with 12 words, mobile app, hardware wallet. And then once you get beyond that, the next step is really start thinking about, if you've got a meaningful amount of wealth, you can start to think about, do you have multiple hardware devices? Do you move to something like a cold card? It gives you more options in terms of passphrases. Do you actually have multiple signing devices? Is that actually keeping it simple, or are you making it too complex for yourself? So, find experiment, find the software, find the wallet, try different things, try different hardware vendors. You know, I've been in this industry for almost six years now, and I've used most hardware wallets, right? You buy one version of each one, and you just play around with it, see what works. And eventually you settle on, I like this, this makes sense, I understand it, here's my process. And again, it scales with your holdings. $100, who cares? 100 grand, different story. Awesome. Yeah, I think that was a great overview of the different approaches that people can use for this. And hopefully people watching will be able to think about it and choose their own personal solution for self-custody. So, yeah, thanks a lot, James, for coming on our show. And happy new year. Thank you, happy new year.