Everyone is familiar with the term HODL in the crypto space, but what is the right way to do it securely? There are different HODLing techniques that have evolved over the last 10 years, each different from the other in terms of technical acumen requirements, ease of accessibility and the security of the funds.
Though both accessibility and security are important factors, there always tends to be a trade off between both. It is up to you as a user to decide, what works for you the best. We will try to list down the most commonly used ones and address the problems with each.
Exchanges: The exchanges do try their level best to secure their assets, but having a centralized architecture makes it worth the time of hackers trying to crack it. They work for small amounts but definitely not recommended for HODLing large amounts.
Hot Wallet: They are constantly connected to the internet, in most cases, which may be susceptible to a malware attack. Secondly, for a successful HODL position, the user should have no to minimum interaction opportunities with the funds. Hence it is not advisable to keep the funds in a hot wallet on a smartphone or a PC which is usually very interactive.
Hardware Wallets: This is the most preferred way to HODL today but certainly not the best HODL strategy available. HODLers would usually put away the wallet into a locker and the recovery phrase into another locker (maybe even the same). That works for most of the users if the size of their portfolio is not very large for them. Both the recovery phrase and the hardware wallet has a single point of failure and hence there is a possibility of data loss or data theft. Secondly, unlike Hardware wallet that is tamper-resistant, the recovery phrase is even more susceptible to attacks since they are there in plain text probably on a piece of paper.
Multi-sig Wallet: In an ideal scenario, this is what every HODLer should use today. It requires some technical know-how to setup and requires you to use multiple wallets, if you are not choosing to buy a service for the same. Multi-sig setup is definitely one of the most secure ways to protect your assets but unfortunately there are still many blockchains that still do not support Multi-sig or there is a lack of standard implementation of Multi-sig in different Blockchains. Currently, it is just too much of a hassle especially if the user needs to do multi-sig with many coins, since they would need to configure their wallets accordingly.
Access Distribution To The Rescue
Based on observation, some striking similarities can be drawn out between storage of physical assets like cash and gold and Blockchain based digital assets today. The common behaviour of keeping physical assets in a secure storage vault can be observed as a practice being followed for securing digital assets too. In fact, that is what the current hardware wallets enable, but they face the same single point of failure problem (
data loss or data theft
) that physical assets face.
A hardware wallet is a great solution if you have to protect small to medium amount of your portfolio and need to use those funds relatively frequently. But the current generation of hardware wallets does not provide a complete cryptocurrency storage and security solution, since the user needs to put a stronger emphasis on protecting their recovery phrases as these are always left exposed in plain text. The seed phrase/recovery phrase is generally written on a piece of paper which opens the same set of problems with paper wallets that hardware wallets initially intended to solve. For a more thorough understanding of the problems, we would recommend checking out our other blog.
One solution for protecting the seed phrase has been to use metal sheets and engrave the seed words on it. This is considered a safe and durable way to store the words but there has been proof that it doesn’t work sometimes. Apart from metal sheets not being durable and having a single point of failure, storing the most crucial seed phrase information in plain text defeats the whole purpose of securing it safely. Choosing to encrypt the seed phrase before storing them on the metal plate is also not effective, as the user has to now secure the encryption key instead.
The best way to protect the seed phrase is to use a Shamir Secret Sharing algorithm. This method has 3 benefits-
i. The seed phrase is completely encrypted and split into multiple shares.
ii. The original seed phrase can’t be reconstructed without a minimum threshold of shares thus preventing a single-point-of-failure.
iii. Effectively tackles the $5 wrench problem.
We believe that everyone has the freedom to choose their crypto community and everyone has the choice to create their own blockchains if they want. Moreover, crypto is about freedom of choice. So instead of solving the HODL issue with single-sig & multi-sig, it is better to create a tamper-resistant off-chain solution to keep the information offline, which is somewhat similar to multi-sig, but can support all the digital assets and at the same time does not have a single point of storage like single-sig.
Fig. Asset Distribution
For securing the physical assets, the best method people resort to today is asset distribution, i.e, storing assets in remote locations to reduce the risk of losing those assets. This leads us back to the question — “how to secure cryptocurrency safely and reliably?” . The answer to this lies in
ensuring a single-point-of-failure doesn’t exist while storing the private keys.
Fig. Access Distribution
So, instead of asset distribution what if we did access distribution? That would mean the assets remain at a single location but, to access it, you would need multiple access points. This is somewhat not feasible with physical assets since they need to be stored in a single location, but definitely possible with digital assets since they are intangible in nature. This makes distributing the access keys to digital assets an optimal solution to prevent a single point of attack. As far as Blockchain based assets are concerned, access distribution is possible through Multi-sig or Shamir Secret Sharing.
Steps to Remember while HODLing
So now that we have discussed about various techniques that can be used to HODL cryptocurrencies, it is important to focus on some essential practices to ensure the security of the funds irrespective of the technique you prefer. Here are some important steps that can be considered to ensure a safe HODL experience:
Keep the watching address separately (usually the extended public key). Use open source tools like the Blockchain Public Address Manager Chrome Extension, a notepad document or any other cloud service to keep your watching public keys and addresses at a single place. This helps in keeping your address handy for accumulating the funds without the need to access the private keys. Note that, even if your watching public keys are stolen or hacked, it does not result in the lose of funds.
Keep the private keys as far as possible from yourself. Greater the separation, better is the security.
Do not overcomplicate the security of the funds since increasing complexity means increasing the difficulty to recover and inherit the assets in the future. A great resource around inheritance planning is Cryptoasset Inheritance Planning by Pamela Morgan.
Always use a threshold scheme like multi-sig or Shamir Secret Sharing to secure your assets. If you can handle the complexity of multi-sig and can judge the code base of the multi-sig implementation of assets that have multi-sig support on their Blockchains, only then think of setting up a multi-sig wallet using multiple hardware wallets of different manufacturers. On the other hand, if you want to keep using a hardware wallet, at least secure the seed phrase of the wallet using Shamir Secret Sharing to avoid a single point of failure on the recovery phrase.
Many HODLers usually operate with a watch-only address and send all their long-term investments to this address. In such situations, the private keys are not used often since the address is accessed only rarely.
At Cypherock, Shamir Secret Sharing Scheme is used in Cypherock X1 to create cryptographic shares to ensure that the private keys of a wallet is split among different tamper-resistant hardware to have an effective mechanism for wallet recovery and fund storage. You can geographically distribute the X1 cards which have encrypted shares or give them to a trusted set of people without worrying about getting hacked or losing their funds since each card has PIN protection just like your hardware wallets. Any 1 out of the 4 X1 cards along with the X1 wallet are needed to recover the funds. The seed phrase is hence protected through access distribution rather than the traditional asset distribution.
If you are someone who prefers a single-sig wallet like a hardware wallet for HODLing, Cypherock X1 will be useful to secure the seed phrase of the wallet. Infact, it can secure multiple seed phrase of different wallets in a single product. But if you are someone who wants similar security properties of a multi-sig wallet but find multi-sig daunting or if multi-sig does not support the Blockchain asset that you want, then Cypherock X1 can be used to secure the assets with similar security properties of an onchain multi-sig.
It intends to solve the key management problems with cryptocurrencies and wants users to have the same peace of mind and confidence in holding their own Crypto that they have (*assume to have) with their fiat money in the banks.