How to Segregate Your Crypto Assets
|— Keeping your private keys offline is the security baseline for crypto – but that doesn’t protect you from every risk.|
— When you sign certain transactions, you let the smart contract interact with everything in that account – this means if you make a mistake, all of those assets are at risk.
— Mistakes happen, and it’s up to you to ensure your losses are mitigated if you fall foul of a scam.
— The only way to mitigate your risk is to segregate assets into three accounts with three different purposes; for minting, selling and vaulting your assets.
Crypto asset segregation is an essential part of your crypto management strategy. Here is how it works with your Ledger device.
You all know the drill – keeping your crypto safe means keeping your private keys offline!
But not all threats to your crypto rely on hacking. In fact, increasingly, crypto is stolen by exploiting another vulnerability – you.
Asset Segregation: Your Responsibility
Keeping your private keys offline and avoiding all risks is sort of like hiding inside your house and locking the door. Sure, you’ll be completely secure, but you’ll also be cut off from all interaction with the outside world. Interaction is the whole point, right?
The fact is, sometimes you need to open the door.
Web3 is built on smart contracts, and when exploring dApps and DeFi, what we’re really doing is giving their smart contracts permission to interact with the contents of our wallet, sort of like inviting them into our house. Your key is still offline, but you’re permitting a given platform to have some level of access to your assets.
In this situation, the gatekeeper is no longer the wallet itself, but the person opening the door – you. This sounds like an easy question – just don’t let any bad guys in, right? But, as with most things in life, it’s more complicated than that.
Crypto Scams: The Little Red Riding Hood Approach
In Web3, you’ll encounter smart contract transactions, messages, and pop-ups on a very regular basis. You’ll see them in all sorts of contexts: from listing your assets on NFT marketplaces to interacting with DeFi liquidity pools, and even simply confirming you’re the owner of a given wallet, as you register for an allow list.
Web3 UX is still unfamiliar to many people (plus the space is more or less unregulated). Meaning it’s easy to miss telltale signs of a malicious smart contract scam. A great example of this in July with the now famous PreMint scam: here, thousands of people were duped into losing their NFTs and crypto because they signed a well-disguised, malicious transaction, which gave the scammer access to everything in their wallets.
With more Web3 degens opting to keep their private keys offline. Scams like this are becoming more common. As scammers need to find creative ways to get you to open the door to your wallet. This is why it’s so vitally important to organize your crypto in a way that mitigates your losses. If you do fall victim to this type of scam.
So how might this look in real life?
Crypto Asset Segregation: An Example
Larry, an experienced Web3 enthusiast, is using a hardware wallet, knowing it’s best to keep his keys offline. Today, he’s busy registering for an upcoming mint and is interacting with the registration site to be in with a chance of getting onto the allow list for his favorite project.
What Larry doesn’t know is that a scammer has managed to hack the minting registration site, creating a “pop-up” that appears to be an innocent part of the sign-up process. It seems normal, so Larry signs the pop-up.
Big mistake – in reality, doing this gives the scammer access to the entire contents of Larry’s wallet, and there is no way of reversing it. It’s an innocent mistake that could happen to anyone. But in the world of Web3, this type of scenario is something all of us need to anticipate.
The ending of this story really depends on how Larry organized his assets when he first set up his wallet. This mistake could mean a HUGE loss, or it could be a small, controlled one.
So what’s in Larry’s wallet?
Unfortunately for Larry, he had been keeping all of his NFTs in the same wallet he used to sign this transaction. Like many degens, this little mistake cost him dearly, as all of those NFTs can now be spirited out of the wallet by the scammer – Larry opened the door, after all.
But this didn’t need to be the case. In an ideal version of this scenario, losses from this type of mistake would be minimal. By segregating your crypto assets, you can insure yourself and your collection against this type of mistake.
How To Segregate Crypto Assets
To segregate your crypto assets in the most secure way possible, it’s recommended to have three separate accounts for three distinct occasions. A minting account, a selling account, and a vault account. This system means that even if you sign a malicious transaction with your mint account, your sell and vault accounts, and everything in them, remain secure. Since they each have a different role, it’s important to distinguish one account from the other. Luckily, you can have all 3 accounts on your ledger device and label each of them clearly on the Ledger Live App.
So, let’s explore the role each of these accounts has and why.
A Mint Account
Your Mint account’s address should never contain too much value. A good rule of thumb is less than 0.1ETH. Then, if you must interact with untrustworthy sites or unaudited smart contracts, and something goes horribly wrong, you never lose too much.
This account is perfect for minting new NFTs or trying out new platforms, however, it’s important not to keep any valuable asset at this address or you risk a malicious smart contract draining your funds.
Some people who trade on untrustworthy sites more often even prefer to have several mint addresses often called “burner wallets”. To use these, owners will only mint from one smart contract from each address and then immediately transfer assets out of the wallet and into a vault account for extra security.
A Sell Wallet
This is the account you use to buy and sell crypto assets from trusted platforms and smart contracts. For example, you might set approvals for your favorite NFT Marketplaces and Decentralized Exchanges with this account. However, you will not keep the bulk of your collection here either. Rather, you’ll only send the assets you ABSOLUTELY need into it, as and when you need them. This minimizes the risk of exposure to scams using marketplace bugs and saves you from setting trade approvals for assets you’d rather keep.
A Vault Wallet
Finally, you have your vault account. This is the crypto account that should never sign any transactions or make any approvals of any kind. This ensures that the account remains isolated from external threats, and is therefore a fortress for your digital assets. Vault accounts are also known as cold wallets, but cold wallets are not the same as hardware wallets. To understand fully, read the Ledger Academy article on cold vs hardware wallets. But in short, a hardware wallet is indeed cold when you buy it. However, if you allow it to interact with a smart contract, it’s no longer cold.
The only signatures a vault account should execute are ‘gasless signatures’. You can think of these signatures as proof of identity checks rather than approvals.
Revoke Your Permissions
No matter which of your accounts you might be using, it’s important to stay on top of your permissions. That means knowing exactly what permissions (on and off-chain) are active at a given time. Revoking anything unnecessary to avoid a surprise down the line.
Services like Revoke.cash enable users to inspect all of the open contracts you’ve authorized to spend money on your behalf and revoke access for the ones you no longer need – a tool that can be used across the range of DeFi platforms on Ethereum.
Mitigating the Mistakes, Limiting Any Losses
Scams are a fact of life, especially in a nascent environment like Web3. But making a mistake does not mean you need to compromise the security of your entire collection.
Having a Ledger means YOU are in control. Each Ledger device can secure as many accounts as you choose to create, meaning that with a little forward-thinking, and a firm understanding of how scams work, you can protect your collection, and determine your own Web3 experience.
So keep on learning, know your enemy, and above all – segregate assets! This is your opportunity to protect yourself, don’t miss it.