New: Wallet recovery made easy with Ledger Recover, provided by Coincover

Get started

Up your Web3 game

Ledger Academy Quests

  • Test your knowledge
  • Earn POK NFTs
Play now See all quests

The Classroom

PATHWAY K) Launch a Crypto Project Securely: Wallets, Socials, and Protecting Your People

chapter 4/5

Securely Managing Your Crypto Project’s Wallets and Treasuries

Read 8 min
Beginner
KEY TAKEAWAYS:
— Your community represents a target for attackers to monetize. Protect them.

— Setting up a multisig? Consider implementing Standard Operating Procedure docs!

— Securing your artist profile and behaviors properly from the get-go can keep your community safe!

Ever thought about launching your own web3 community? Join Ledger Academy and Boring Security in this series, exploring all the things you need to know to launch a token, platform, or DAO securely. Make sure you take the Ledger Quest to prove your knowledge at the end of the module!

This is the fourth article in the series, so if you missed them, you can find parts one, two, and three here.

Imagine you hire a developer who turns out to be malicious. Imagine a whale of your DAO token or a key person in your DAO is compromised and pushes a malicious governance proposal to give the project’s treasury to themselves.

If you hold any degree of power in your community (be it as a moderator, marketer, multisig signer, or known influencer), then you are a TARGET. These are not just imagined threats but real and tangible. They are also, thankfully, preventable.

But what are the risks associated with managing community wallets and treasuries?

Risks Crypto Project Wallets and Treasuries Face

Losing Access to the Treasury

Do your project funds suffer from Key Person Risk? The nature of self-custodial crypto means that if folks were to pass away, go rogue, or simply become uncooperative, securing access to the funds to continue the project could be anywhere from a challenge, to downright impossible.

Malware

From malicious games, downloads, documents, and even screensaver files, targeting the user’s secret recovery phrase is top of mind when seeking to compromise user funds.

Social Engineering

What if you click malicious links, allow apps to connect to your social media accounts, etc. that take them over? They may be used to influence folks who have control of project funds to send them to an attacker. 

So now you know the risks involved, let’s dive into managing a project treasury multisigs securely, and how to avoid these possible pitfalls.

Securing Your Project Wallets

As a project leader, the bare minimum you owe your community is robust security for your project funds, NFTs, and contracts surrounding your mints and tokens. While that last one is somewhat out of the scope of this article, expensive audits and secure development practices go right out the window if your seed phrase is compromised or if your multisig wallet signers are socially engineered to sign away your treasury!

Many project leaders have raised millions only to see simple security failures result in dramatic losses for themselves and their communities. 

Protecting the Art Creator or Contract Deployer Wallet Address

As a solo operator, NFT artist, or single individual, you are the sole bearer of the community’s and project’s responsibility to security. So here are some must do’s to get you started.

Use a Hardware Wallet

If you’ve made it this far, you’re probably familiar with hardware wallets, but this should be the first thing you set up. Migrating artist identities after the fact can be both annoying and costly. Already set things up on a software wallet? See the last section of this article for migration instructions!

Set up a Marketplace-only Wallet Address

NFT artists should utilize a “marketplace wallet address” that represents their artistic identity, and that address should be protected by a hardware wallet that never connects to other non-marketplace services. Doing this reduces the risk of accidentally signing malicious transactions, which may steal your artwork, tokens, or worse.

This also protects the provenance of the artist, ensuring no loss of valuable accounts that are selling assets in a myriad of NFT marketplaces, and that your artistic reputation remains solely within your control.

Use a Web3 Domain

You can name your wallet using web3 domain services such as the Ethereum Name Service. These tokenized wallet identifiers are a significant and powerful branding tool that enables your fans to identify your original works, and they are easily transferred between EVM wallets (even your multi-signature wallet, should you need one)!

How To Manage Your Community Treasury


Multi-sigs rely on multiple “voting” wallet addresses. These require a predetermined quorum of these voters to execute a transaction. For example, a 3/5 signature scheme means that 3 out of 5 total voting wallets must vote to approve a transaction.

No single voter can act without the others, so if one wallet is compromised, the funds are still safe. If there are issues with the wallets or the managers controlling them, managers can refuse to sign transactions or vote to remove the offending wallet entirely. 

If you’re unfamiliar with these types of wallets, read this article on Multisig wallets to get caught up!

But essentially, Ledger is all about secure self-custody, and as such, recommends you use a non-custodial solution for multi-sig wallets. Solutions such as SAFE (Ethereum Ecosystem) or Snowflake (Solana Ecosystem) allow multiple team members access to propose transactions, and, if enough agree, the transaction will be executed. 

How to Set up a Multisig Wallet

There is a range of multi-sig wallets from which to choose. Typically, each chain will have a handful of options. One of the most popular multi-sig options for the Ethereum network is SAFE.

SAFE makes explicit recommendations on how to set up a project-owned multi-signature wallet, beginning with three questions:

  1. How many owners? (total votes)
  2. What threshold? (votes required to execute transactions)
  3. Which owner wallets to use? (which wallets will vote)

In terms of ownership, SAFE recommends multiple owners to create multiple factors of authentication. This ensures that no single account can manage and control the funds.

The threshold is one of the most important elements of setting up your multi-sig. It determines precisely how many owners must agree to validate a transaction. That said, it is only the beginning. A few other big considerations beyond those listed above are:

  • How do transactions get proposed and signed? Can any telegram account related to project staff dictate transactions without actually building it? What if that account gets compromised? 
  • Are there rules and thresholds for what kind of transactions can be made, and what protocols can be used?
  • Do people just blindly sign everything without reading it? Signers should use Wallet Security Extensions and/or read the transaction simulation if available.
  • How do users get added and removed? Are there active and emergency signers?

We discuss all these and more in the Boring Security Multisig Standard Operating Procedure template document. If you operate a multisig that has significant value being protected, you owe it to yourself and your community to implement the rules outlined in this document! Using your Ledger as a multisig signer is highly recommended, and if you run into some snags, the SAFE help docs have got you covered!

Migrating an Artist Profile

A common mistake for newcomers in the space is to tie their artist profile to a software wallet. This is not ideal for the long term as software wallets are vulnerable to malware. Therefore, you should migrate your assets from a software wallet to a hardware wallet when possible. 

Though this can be a burden, a few solutions to transfer and maintain your artist identity across the platforms securely are:

  1. Migrate your ENS profile to a hardware wallet or SAFE Multisig wallet. Learn how to migrate ENS to your Ledger device here.
  2. Consolidate Artist Profiles: Often, your artist profile on an NFT platform is tied to your existing wallet address. Consult the docs of your chosen platform to learn how to consolidate your profiles.
  3. Inform your followers and collectors! If you’re migrating profiles, deployer addresses, or anything like that, publicly stating it is crucial, as the technically savvy collectors might get worried!

In conclusion, the security of your community’s treasury is in your hands! With a Ledger, you can set up a multi-sig wallet and rest assured your private keys stay offline and away from malware. But that’s just one piece of the pie. With self-custody, the final barrier is you. As long as you follow the guidelines we outline here on how to keep your community safe, you’re one step closer to building out your secure community.

This article was written by Intelligence On Chain for Boring Security. Follow IoC on X here, and check out Boring Security’s X account, Discord server, and official website for more information.

Finally, stay tuned for the final article in this series where RedZin dives into what you should do if your community is hacked. And, of course, don’t forget to prove your knowledge via Ledger Quest!


Stay in touch

Announcements can be found in our blog. Press contact:
[email protected]

Subscribe to our
newsletter

New coins supported, blog updates and exclusive offers directly in your inbox


Your email address will only be used to send you our newsletter, as well as updates and offers. You can unsubscribe at any time using the link included in the newsletter.

Learn more about how we manage your data and your rights.