A Guide to Crypto Cold Storage
9 Minutes
Oct 10th, 2022 - 10:49 am
The concept of cold storage may seem daunting at first. This guide is meant to make the process less overwhelming, help you understand the concept of cold storage and provide a quick overview of best practices to secure your tokens.
A. Why should you get a hardware wallet?
B. You got your hardware wallet. Now what?
C. Nervous about transferring tokens to a new address? Try a redundancy test.
D. Seed phrase/secret recovery phrase management.
E. Cold storage conceptual FAQs.
F. Common issues encountered while using your hardware wallet with Metamask.
A. Why should you get a hardware wallet?
The short answer is: you substantially increase your security when having your tokens in a hardware wallet (also called cold storage). In order to ensure authenticity and avoid corrupted hardware, only purchase hardware wallets from the official company’s website.
The main security feature of hardware wallets is keeping your private key offline. When you transact in any way with your Ethereum address, what enables you to approve and sign such transaction is your private key. When you have a hot wallet, such as the default wallet in Metamask, your private key is stored online and may pose a security issue. Hardware wallets increase the security of your tokens by keeping your private key offline in the device itself. Since your hardware is kept physically with you and offline, hacking it will be significantly harder, to a point not worth attempting.
Another safety feature of a hardware wallet is that it acts as a “2 Factor Authentication” in which no one will be able to transact unless they physically hold your hardware wallet and enter the pin (assuming your seed phrase is not compromised). As an example, imagine your computer gets stolen. The thief could open your browser and see your Metamask, but if he/she does not have your physical hardware wallet, the thief will not be able steal your tokens.
A natural second question would be, “which wallet is right for me?”. This is a totally personal choice. You should be aware that all Trezor and Ledger products have similar degree of security. If you are a involved in multiple blockchains and plan to use your hardware for several coins such as Bitcoin, Litecoin, Doge and others, paying up for the pricier models may be wise as they can support more cryptocurrencies. But if you only plan to use it for Ethereum and perhaps one or two other cryptocurrencies, the cheaper models are perfectly fine. I personally use a Ledger Nano S and is more than enough for me.
A Boring Security Ledger Concept Designed by AlexMarks3D
B. You got your hardware wallet. Now what
If your hardware wallet just arrived and you feel overwhelmed or not sure where to start, these suggestions will help you ease the process. Treat this as a checklist rather than a step by step guide on setting your hardware wallet.
I. When you do the initial set up of your Ledger/Trezor you should enjoy the process. Don’t rush it, and if you don’t understand some of the concepts during the set up, do not get frustrated. Many concepts are covered in this guide.
II. During the set up process, you will generate a seed phrase. Please read the Seed phrase management section of this article. Never enter this seed phrase anywhere online and do not share this phrase with anyone. Also, never store it on your computer or phone in any digital form including screen shots.
III- As you set up your hardware wallet, a new ETH address is created. This will be your new cold storage address. If you are new to cold storage you may want to do a redundancy test so you may feel more confident about your ability to use and recover your hardware linked wallet. This step is optional, but recommended to boost your confidence and knowledge of hardware wallets. Please read the redundancy test section of this article.
IV- Linking your hardware wallet to Metamask is an important step if you plan to use your hardware wallet to transfer, trade, and/or sell your tokens. If you are having issues connecting your Ledger to Metamask, please refer to the last section of this article: Common issues encountered while using your hardware wallet with Metamask.
V- If you are using your hardware wallet to store NFTs, another item you will want to take care of is creating your Opensea/Rarible profile. This can only be done if you opted to connect your hardware wallet to Metamask.
VI- The most important step will be transferring your tokens to your newly created ETH address. The easiest way is to transfer them using OpenSea.
The ‘Transfer’ button on OpenSea
VII- Once all these steps are completed, you can now connect and verify yourself in the different apps/websites such as Discord, Uniswap, BAYC’s bathroom, etc.
C. Nervous about transferring tokens to a new address? Try a redundancy test.
The test consists of transferring some ETH to your hardware wallet, reseting your hardware wallet so you can try the process of recovering your hardware wallet, and ultimately sending the ETH back to your old wallet.
If successful, the redundancy test will prove that you actually control your hardware ETH address, and most importantly it will ensure you can recover your tokens using your seed phrase in case something happens to your physical hardware wallet. On the flip side, in case this redundancy test goes wrong, you will probably lose 0.01 ETH and a bit of gas, but it will potentially save you a headache down the road and most importantly save you from potentially losing your tokens forever…
Here is the step by step guide of completing the test once your Ledger/Trezor is set up:
1- Send a small amount of ETH from your old ETH address to the hardware ETH address (the new Ledger/Trezor address). Sending 0.01ETH should be enough.
2- Now that the ETH is in your new hardware ETH address, reset your Ledger/Trezor by incorrectly entering your pin/password several times. This will reset the hardware device to its factory settings.
3- Now, attempt to recover your ETH address by entering your seed phrase in your Ledger/Trezor (never enter your seed anywhere online). If you need help with this step click here for Ledger and here for Trezor.
4- Once you have recovered your hardware wallet, send the 0.01 ETH back to your old ETH address.
If all steps were completed successfully, you have proved that you control your hardware linked ETH address, and most importantly ensure that you can successfully recover your hardware wallet using your seed phrase.
D. Seed phrase/secret recovery phrase management
Unless you are an encryption expert, never keep your seed phrase in a device that has internet capabilities. That means, never anywhere in your computer, never anywhere in your phone, never anywhere in your tablet.
So where should you keep it? You may keep it written down in a physical location. Many users keep their seed phrase it in a piece of paper, but that piece of paper will degrade over time and may be hard to read down the road. Also, paper is not likely to survive a natural disaster or a fire. A smart choice could be to keep it engraved in a 304 stainless steel metal card. When you engrave, do it yourself with a cheap engraving kit. You may want to have 2 copies of your seed phrase in separate locations for redundancy.
If someone gains access to your seed phrase, they gain total control over your tokens. They can simply transfer all of your tokens from your address into their possession. This is why you never share your seed phrase with anyone. Also, you should never enter your hardware address seed phrase anywhere online.
E. Cold storage conceptual FAQs.
The following is a compilation of the most frequently asked questions I have encountered while helping others set up and understand cold storage wallets.
Where are your ETH/NFTs stored?
This question comes up frequently and it surprises people that no, your ETH/NFTs are not stored “inside” your Ledger/Trezor, nor are they stored “inside” your Metamask, they are always stored in your ETH Address in the blockchain.
Metamask and/or ledger is just the way you access your ETH address. They hold your private key, but not your actual ETH/NFTs.
What is the difference between seed phrase, secret recovery phrase, and private key?
Your seed phrase is the 12, 24 or 25 words you generated when creating your ETH address. Secret recovery phrase is just another way of saying seed phrase. They can be used interchangeably.
While you should know your seed phrase, it is very likely you don’t know your private key and that is ok. Your private key is derived from your seed phrase and is what enables you to sign transactions via your wallet. If you have a hot wallet such as the default Metamask ETH address, your private key is stored online while if you have a hardware wallet, the seed phrase is stored in the hardware itself.
Will the makers of my Hardware wallet know my seed phrase since they made the device?
No, when your Ledger/Trezor generates a seed phrase it uses a random number generator. The program used to generate the seed phrase has several sources of entropy (entropy is a fancy word for “surprise elements”, or nearly impossible hard to predict elements). This makes it extremely unlikely that they could have and/or guess your seed based on the RNG software they created and put in your device.
Will I still receive airdrops in my hardware wallet?
Yes, you can receive airdrops in your new hardware linked ETH address. Generally speaking, airdrops are just transfers into your account. Any valid ETH address can receive ERC-20 token, ERC-721 tokens(NFTs) or any other Ethereum protocol token. Your hardware linked ETH address is just like any other address. What differs is the way you access the address, which is via your Ledger/Trezor.
A Boring Security Grid Lattice Decal designed by AlexMarks3D - For Sale In Our Store Soon!
F. Common issues encountered while using your hardware wallet with Metamask.
These are the most common issues hardware wallet users encounter:
I am using Chrome and get an JSON-RPC error when trying to connect my Ledger to Metamask:
When using Chrome, you need to enable the ledger live bridge. To do so just go into your Metamask and find the settings button. Go to advanced settings and toggle on the “Use Ledger Live” section. Once this is completed try again. Many still get the JSON-RPC error, but after a couple of tries it goes away.
I am trying to transact using my Ledger, it does not prompt me to sign the message in my Ledger device.
This issue is usually solved by grabbing your Ledger device, opening your Ethereum app, going into settings, looking for “Contract Data” and selecting “ALLOW”. Once this is configured try again.
If the issue persists, restart your browser (force quit and re-open), have your ledger live desktop app open and try again.
I am trying to buy/sell/list/delist using my hardware wallet in OpenSea, and I get an error saying “user rejected the transaction”.
This is caused by a backlog of transactions usually due to failed hardware connection. To solve simply clear your browser cache. If the issue persists restart your browser (force quit and re-open) and try again.
Quick footnote
All topics and explanations were oversimplified in order for us to better grasp the concept. This was not meant to be a technical explanation of hot/cold storage. Have any questions or want to learn more about web3 security and stay up to date on the most current security information, scams, and tactics? Join us in our discord at https://discord.gg/boringsecurity .
