How to take custody of your crypto assets with a multi-sig wallet
A deep dive into crypto self custody, what it means, why you should care, and how to take custody of your eth with a Gnosis multi-sig wallet
Dear frontrunners,
The fear, uncertainty, and doubt (FUD) traversing crypto-twitter is fierce. Rumors related to Coinbase’s insolvency, Binance’s questionable proof of reserve practices, and crypto auditors withdrawing audit attestations make it difficult to ascertain what is fact versus fiction. Take a moment and watch this 1-minute 38-second interview with Binance’s CEO and ask yourself, “is my crypto safe on Binance, Coinbase, or any centralized exchange?”
Can we blame new crypto entrants and normie outsiders for exercising caution when the CEO of the world’s largest crypto exchange fumbles at the most basic questions related to solvency risks and attestation goals? Of course not. We should not fret, crypto traders new and old are finally seeing the light. Exchanges like Binance have been taking it to the chin over the quarter with outflows in excess of ~$300 million per day….
…..while self-custody pay-to-play hardware solutions like Ledger have seen a 300% increase in annualized sales and free solutions like multi-sig wallets powered by Gnosis have seen a 42% increase in the past 30 days alone.
In this guide, we outline what it means to take custody of your crypto and how to do it. If you have a meaningful amount of crypto sitting in a centralized exchange, now is the time to act. I hold my crypto in a series of multi-sig and hardware wallets and encourage you to do the same.
📚 This guide will cover
What it means to take custody of your crypto
Multi-sig wallets
How to deploy a multi-sig wallet on Gnosis Safe
🧰 Tools you will need
What it means to take custody of your crypto
Taking custody of your crypto means having possession of your wallet’s private keys. Securing your wallet’s private keys proves that you own the funds held within the wallet. A normal Ethereum wallet is made up of a cryptographic pair of keys: public and private. The pair proves that a transaction was actually signed by the sender and prevents forgeries.
Your public key is what you share with other people to receive crypto assets.
Your private key is what you use to sign transactions and send crypto assets.
Your private key grants you custody over the funds associated with your account.
You never really hold any “crypto”, you hold private keys – the funds are always on Ethereum's ledger.
Centralized exchanges like Binance, Coinbase, FTX, Gemini and Kraken are all trust-based services that hold crypto on our behalf. Exchange operators are responsible for securing private keys to safeguard our crypto.
We must trust these operators to act with integrity and objectivity, similar to what we expect with cash deposit accounts at Bank of America or Chase. Unlike Bank of America, crypto exchanges operate with zero regulatory oversight and are not backed by the faith and credit of the United States Federal Deposit Insurance Corporation, an agency of last resort with a single mandate to protect depositor funds.
Moreover, exchange auditors withdrawing their existing attestations isn’t the vote of confidence we expect from operators responsible for billions of dollars in depositor funds.
Given that the current landscape of crypto centralized exchange has no lender of last resort, is not backed by the faith and credit of any government regulator, and lacks a self-governing system of checks and balances, we are left with one solution: to take custody of our crypto by holding our private keys.
This process is simple. Buying a trezor or ledger hardware wallet or creating a metamask wallet is the first step of crypto sovereignty. When you create a wallet with one of the aforementioned products, you are provided with a seed phrase and private key. If you lose access to your wallet, your seed phrase is used for recovery.
Seed phrases are your wallet’s recovery key
It is a mnemonic code consisting of 12-24 words that is used to recover your wallet
If a hacker obtains it they now have access to your entire wallet and its composition of public/private keys
One seed phrase corresponds to many private keys
Never share your seed phrase with anyone for any reason
This includes keeping a paper copy of your seed phrase in your wallet. It’s like having your social security number, date of birth, and bank account information in one document. Imagine if that piece of paper got into the hands of the wrong person:
Private keys are used to sign transactions
Public keys can be derived from private keys
If a hacker has your private keys they can sign transactions on your behalf and liquidate your wallet
One private key corresponds to one public key
Never share your private keys with anyone for any reason
Public keys are used to receive tokens like Ethereum
It is OK to share your public key with the general public
A public address is a shortened and hashed version of your public key
In Ethereum land its the “0x” prefix
Additionally, hardware and web wallets may offer an additional layer of application-specific security:
Metamask offers an additional “password” layer which is used to secure access to the metamask application
Trezor and ledger hardware wallets include a “pin” also used to secure access to the hardware wallet UI
For those who need a more detailed explanation of seed phrases, private keys, and public keys, I’ve included additional links at the bottom of this note. Do not take custody of any crypto asset until you can articulate the differences between a seed key, private key, public key, and public address.
Again, when you use a tool like metamask, you are downloading a piece of software that provides you with a seed phrase and one or more private/public key pair combinations.
This is conceptually called a “wallet” in that it is where you keep your private keys. Your wallet does not hold any crypto, it holds a private key used to sign transactions. The individual funds are on the Ethereum ledger.
Despite taking custody of your crypto via a web or hardware wallet, there are still vectors of risks specifically related to the single point of failure associated with private key-controlled accounts: losing or compromising a private key will automatically result in a loss of all funds controlled by the account.
Multi-sig wallets solve this problem.
What is a multi-sig wallet?
In plain speak, A multi-sig wallet is a wallet controlled by a smart contract. It requires more than one person to approve any outbound transaction from the wallet’s address.
📚 A more thorough explanation (you should not skip this part!) is as follows:
There are two types of Ethereum wallets: Externally Owned Accounts (EOAs) and Contract Accounts.
Wallets controlled by a single private key are EOAs.
Your metamask wallet is an EOA.
Wallets controlled by a smart contract are Contract Accounts.
Multi-sig wallets are contract accounts.
From our previous analysis of Ethereum wallets:
EOAs are controlled by users. This control occurs often through software such as a web wallets. Externally owned accounts are simple accounts without any associated code or data storage. This type of Ethereum account is controlled by and cryptographically signed using a private key in the "real world."
A contract account is controlled by code executed by the Ethereum Virtual Machine. It is also referred to as a smart contract. Contract accounts have associated code and data storage, but not private keys. They "control themselves.” These accounts do so in the way determined by their smart contract code.
The two types of wallets are depicted below.
The biggest point of differentiation is contract accounts don't have private keys. Instead, they are controlled by the logic of the smart contract code, which is initiated by an EOA.
Here is an example:
0x6f is an EOA - it is a generic metamask and/or hardware wallet interacting with 0xddc
0xddc is a multi-sig smart contract account
0x6f initiated a transfer from 0xddc to 0x8fc for .01 eth
Note 0x6f did not send .01 eth to 0x8fc, it initiated a smart contract at address 0xddc which in turn sent .01 eth to 0x8fc.
In addition to a multi-sig wallet being a contract account controlled by a smart contract, multi-sig wallets earn their name “multi-sig” from their underlying smart contract function: requiring multiple parties to confirm a transaction before it can be executed.
Multi-signature wallets are contract accounts that require multiple parties to confirm a transaction before it can be executed. Each party is represented by a unique Ethereum account address and defined as multi-signature wallet owners in the smart contract.
Only when a predefined number of these owners confirm a transaction, will the transaction be executed. This eliminates the single point of failure associated with private key-controlled accounts: losing or compromising a private key will no longer automatically result in a loss of all funds controlled by the account.
How to deploy a multi-sig wallet on Gnosis Safe
Gnosis Safe is the leading multi-sig provider on the Ethereum blockchain and my personal choice for self-sovereignty. It is a smart contract that requires a minimum number of people to approve a transaction before it can occur (M-of-N). If for example, you have three main stakeholders in your business, you are able to set up the wallet to require approval from 2 out of 3 (m = 2, n = 3) people before the transaction is sent. This assures that no single person could compromise the funds.
I’m using the following burner addresses for those who want to follow along on etherscan:
Owner 1 (safe creator) - 0x62d5EFC03e5fe556fCef224CcF98b05208aE9D69
Gnosis Safe - 0xcB977d1100a2506E247C826FdAE7e661b9b05819
Receiver address - 0x216Af6d5c0549Bc700b60D6C2CC414DA25503e72
Deploying a safe is straightforward:
Go to gnosis-safe.io/app/welcome and connect a wallet
Note: the addresses used to approve transactions must be able to log in directly to the Gnosis Safe website. Centralized exchange addresses where you do not control your private keys (coinbase, binance, kraken) will not work.
Moreover when defining signatories a key risk vector to avoid is having multiple keys which correspond to a single seed phrase. This is because if the seed phrase is compromised your hacker has access to all private keys assoicated with that wallet.
Click the + Create a new safe button and ensure you’re on the right deployment chain (i’m using Ethereum)
On the next screen define the number of signature owners required to complete a transaction
Consider: Having a minimum threshold approval of 2/3 (2 signatures required from a pool of 3 signatures) and making one of the approvers is a hardware wallet like trezor or ledger.
Finally, review the owner details, then press the Create button and you’ll next be prompted to complete the deployment transaction — at the time of writing, the gas for deploying on Ethereum was 0.0045eth or ~$5.
The output of this safe creation workflow is Ethereum contract account wallet address 0xcB977d1100a2506E247C826FdAE7e661b9b05819.
What wasn’t generated was a private key, because multi-sig wallets are contract accounts which don't have private keys. Contract accounts are controlled by the logic of the smart contract code!
We clicked some buttons in a web browser, but what transactions were performed on the blockchain?
Creation transaction
Let’s look at the safe on etherscan: 0xcB977d1100a2506E247C826FdAE7e661b9b05819
What we’re able to ascertain from the creation transaction is…
The new address is a contract account
It was created by 0x62 which was owner 1 in our safe creation workflow
A contract called “Safe Proxy Factory 1.30” was initialized to facilitate the contract creation
…when we explore the individual transaction hash 0xb9b3edac5d1073376961afb00dca0bbf137920049960f58796daf152850c7c24 we’re affirmed that a contract was created via owner 1 “0x62”…
Transferring funds out of a multi-sig wallet
Transferring funds into a multi-sig wallet requires no special treatment. Exchanges, end users, DeFi apps have no preference for EOAs vs contract accounts. Just share your multi-sig public wallet address with the sender/deFi app and you’ll receive the assets as normal. The challenge is transferring funds out of a multi-sig wallet.
We’re using multi-sig 0xcB977d1100a2506E247C826FdAE7e661b9b05819 for this example and we can see it has $5.01 (baller) of eth:
If I want to transfer this eth to any other ERC20 wallet, even on a centralized exchange, we’d initiate a new transaction to the target address. In this example, we’ll move the $5.01 of USD to a centralized exchange (coinbase) wallet address 0x216Af6d5c0549Bc700b60D6C2CC414DA25503e72 initiated by 0x62 (owner 1)
Initiate a new transaction by clicking the “new transaction” button in the aforementioned picture.
You will be presented with the option to send a token or an NFT. In this example, we’ll transfer ETH, but take note of how multi-sig safes can be used to store NFT as well. Moreover, initiating a transaction can be performed by any of the three safe owners, but will not be authorized until the 2/3 approval threshold is met.
Specify our target address (0x216), asset, and amount to send:
After hitting next, we can review the confirmation screen…
and take note of the following before hitting submit:
Source is the safe wallet address 0xcb9
Target is the coinbase burner wallet address 0x216
No gas fees have been paid to initiate the transfer
The term ‘nonce’ is how Gnosis ensures a transaction is only executed once. From the Gnosis transaction queue FAQ:
Every time a new transaction is created, the nonce is incremented by
+1and assigned to the transaction, essentially determining the position in the queue of transactions for a given Gnosis Safe account.Only transactions that have a nonce of
last executed transaction +1can actually be executed at any given time. Transactions with a higher nonce are staged for execution in the queue. So whenever a transaction gets executed, the next transaction in the queue will be made available for execution, given it has collected enough signatures.
Confirmation workflow
Back in the Gnosis Safe UI, we see the transaction queue now has a confirmation required at nonce 0:
Specifically, we see 2 confirmations:
Confirmation 1 was performed by 0x62 (owner 1) - the wallet address that initiated the transfer request, the approval is automatic.
Confirmation 2 needs to be performed by 0x0c (owner 2) or 0xde (owner 3)
Again, no transaction has been committed to the blockchain and we can review this in etherscan as proof:
Approver 2 - wallet 0x0c
Now we log in to the safe as 0x0c (owner 2), and we’re noted with a request to confirm. The last approver in the chain is responsible for gas fees. Any transaction (including confirmations) made with Gnosis Safe incurs transaction fees. This includes:
Asset transfers
Settings changes (adding an owner, changing the threshold, etc.)
DeFi Interactions (swapping tokens, locking funds in a DeFi protocol)
Multi-sig wallets are suitable for DAO treasuries and individuals who seek extra security as well as a long-term storage solution for their crypto and/or NFTs…
0x0c confirms the transaction to send $5usd of eth to address 0x21
…because transaction fees are required with a multi-sig wallet, solutions like Gnosis Safe are ideal for long-term storage solutions, not as a hot wallet used for daily defi transacting.
As the last approver in the chain, 0x0c must pay gas fees, which we acknowledge in the confirmation transaction screen
After agreeing to gas fees and submitting the confirmation for the transaction at nonce 0, we can see the transaction on etherscan at transaction hash: 0xb84707d0e0fb6a50fac7e29d7cea9d60f59a4f10fd85032c813d3975444207fb:
Note the transaction details align with our definition of contract accounts: a wallet calling a contract to send funds to another wallet.
EOA wallet (owner 2 in this safe) 0x0c is calling contract 0xcb (our safe)
That initiates a transfer from the safe to wallet address 0x21 (our target coinbase burner wallet)
Note how this is fundamentally different from two EOA accounts interacting with one another:
Transaction history in Gnosis
Last but not least, the Gnosis Safe UI will also outline the approval workflow and executing wallet…
..but our position is to always verify, never trust. By reviewing the transaction details in etherscan (or a block explorer of your choice) we now know we’re expecting an approval by 0x62 and 0x0c, which the UI confirms.
In closing
Crypto self-sovereignty, taking custody of your keys, “not your keys not your crypto”, be your own bank…. all mean the same thing: controlling your wallet’s private keys.
If you’re new to crypto, your digital assets are on a centralized exchange (CEX) like coinbase or binance. Soon you will begin to explore the arena of decentralized finance which includes downloading a web wallet like metamask. At this point you’ve unknowingly “took custody of your crypto”. As your crypto journey progresses you’ll realize the inherent risks of taking custody of your digital assets with a single wallet: if you lose your private keys, or it gets compromised, your assets are toast.
Multi-sig wallet providers like Gnosis solve this problem but also come with more responsibility: multiple wallet management and securely storing your private keys. I’ve included additional content related to securely storing your private keys at the bottom of this post for your review. If you’re storing your assets on a web wallet or CEX, I encourage you to follow this guide and explore the path of multi-sig wallet providers. Don’t wait until it’s too late.
Nonetheless, if you’re still reading this, take a moment to celebrate. You are one step closer to crypto self-sovereignty: taking possession of your private keys!
To knowledge and wisdom,
John Cook
December 23rd, 2022
San Francisco, CA
www.frontruncrypto.com
📚 For more information on taking custody of your crypto and multi-sig wallets, please reference the content below:
Metamask: Secret Recovery Phrase, password, and private keys
Ledger: Private Key and Recovery Phrase – What’s the difference
The only safe way to store crypto ←your goal!
Article cover generated by DALL-E: “A futuristic vault protected by barbed wire, sentry guns, and armed robotic guards”
