Cryptocurrency wallet: non-custodial and custodial wallet
How to secure crypto? After discussing noncustodial wallets, we will also devote an in-depth look at custodial wallets.
Again, the focus will be on securing one’s cryptocurrencies. We will look at those few (but essential) practices to put in place to significantly reduce the dangers of a custodial wallet.
Clearly, whether we are talking about Binance, Crypto.com or Coinbase, the following applies to any centralized finance service (CeFi).
Before we get into the subject, however, we need to brush up on the concepts of noncustodial and custodial wallet, so that we can perfectly frame the subject and avoid confusion.
The noncustodial wallet leaves the private keys in the hands of the user. It owes its name to the fact that there is no party holding them outside the user, who is solely responsible for the deposited assets.
The great advantage lies precisely in the total control of one’s cryptocurrencies. We will not be exposed to the risk of attacks on CeFi platforms, as well as financial issues such as insolvency and bankruptcy.
The other side of the coin, however, is liability. We will have to take utmost care of seed phrase, avoid the many scammers who dominate the scene, and be aware that there will be no customer service ready to assist us.
Example of the category: MetaMask, whether wallet app or browser extension.
The custodial wallet is different. It is provided by cryptocurrency exchanges, lending platforms and everything that falls under centralized finance.
In this case, the private keys are guarded by the company, leaving the customer the right to do as many transactions as he or she wishes.
We imagine this type of crypto wallet as a bank account, where the institution is responsible for the security of our assets. There is one big difference, however: the funds on the CeFi are not insured.
Pros, cons, and risks of noncustodial wallets are the subject of this article. We just have to get started!
Index
Cos'è un wallet custodial?
Binance wallet, Crypto.com wallet and in general wallet exchanges: how many times have we heard about them or dealt with them?
Every reference to them leads back to a precise category: custodial wallet.
As mentioned in the introduction, the custodial wallet puts the customer of a CeFi platform in a position to trade their cryptocurrencies. One has the ability to buy them, sell them, trade them, annuitize them, and send/receive them to/from another crypto wallet, whether custodial or noncustodial.
Private keys, that is, what gives access to the deposited assets, are guarded by the company and not left in the hands of the client.
Exchange and other CeFi platforms must offer custodial wallets. Otherwise, you would not have a medium through which to conduct transactions.
What are the pros and cons? Let’s find out right now.
Pros and cons of a custodial wallet
Let’s start with the pros of the category.
Custodial wallets give the ability to perform a variety of operations without having to worry about seed phrase custodial, configure extensions or apps, set up blockchain, and import new coins and tokens.
The custodial wallet is immediately available after signing up for the platform. We will not even notice its existence, precisely because simplicity is its main workhorse.
Since this is a service offered by a company, we will also havecustomer support available . Of course, quality and timeliness of response varies quite a bit depending on the situation, however, we know that someone could help us if we need it.
It should also be noted that custodial wallets usually allow people to annuitize their coins and tokens intuitively and effortlessly.
Let’s say that the custodial wallet puts the user at ease and is perfect for those who are new to the crypto world, or have no special needs.
However, there are also cons, as well as risks.
First, ease of use limits operations. If we wanted to invest in DeFi, import an NFT or buy a LAND, we will need a noncustodial wallet; or, if supported, we will need to know the specific features of the custodial wallet in use.
Then come the risks.
A custodial wallet shields us from typical noncustodial ones. The price to pay, however, lies in new category-specific dangers such as:
- Theft of our login credentials.
- Company financial problems.
- Platform attacks.
Fortunately, the risks can be minimized by following some simple rules. They may seem trivial to some, but we know that many people operate without following them. So let’s see how to reduce the dangers of a custodial wallet.
"The custodial wallet is not immune to specific dangers, which can be limited by a few simple tricks"
Crypto wallet password
Well yes: let’s start with something as “trivial” as the password. The quotation mark is a must because it is so important when dealing with a custodial crypto wallet.
The password should always be a strong one, chosen wisely, whether it is for Email or to have access to one’s cryptocurrencies. Clearly, in the second case one should be even more scrupulous.
Opt for a long password. Okay, maybe not 20 characters but not even 4/5; in any case, by now all platforms impose minimum criteria to be met (usually 8 characters).
We alternate numbers, letters (lower and upper case) and symbols.
We avoid choosing simple passwords, such as might be Hello123! or Password456-. An example of an effective password might be Oy_481Er@! (don’t use it, set your own!).
At this point we have a secure password. However, our work is not yet done.
We do not share our login credentials, ever. If someone contacts us posing as a CeFi’s customer care, we ignore the message: real customer care people will never ask for our password.
In case we want to transcribe the password somewhere, we stay away from computer media. Also not recommended to let the web browser store the data.
Better a nice piece of paper, kept then safe from prying eyes and danger.
As always, beware of links received via message or email: they may contain malicious software capable of detecting our credentials while accessing a platform.
By taking these simple measures, we will already be safer than average. But now we need to take one more step: enable two-factor authentication.
Two-factor authentication and custodial wallets
Two-factor authentication is a somewhat tedious procedure, we know. However, it does allow us to raise the security bar quite a bit.
Without two-factor authentication, also known by the acronym 2FA, a username and password would suffice to access a CeFi. However careful and thorough we might have been, we would still be at risk.
The 2FA adds an additional step: to gain access to the platform, we would have to enter a code generated with specific applications, received via SMS or Email. In this way, a solid barrier is in place to protect our custodial wallet.
To give an example, access to Binance requires first username and password and then the OTP code generated by a software such as Google Authenticator.
In case we then arrange a transaction, think of a withdrawal, we even have to enter OTP code, code received via message and code received via email. A miscreant would then have to have our phone, email access and credentials as well.
Therefore, while it is a bit annoying to have to complete such a procedure every time, 2FA should always be on: better to have a few minor annoyances than to take avoidable risks.
CeFi platform status
Here we come to the absolute biggest risk regarding custodial wallets: the strength of the CeFi platform.
From malpractices to outright theft, history teaches us how several companies in the industry are anything but reliable.
When a CeFi business goes into crisis, the user’s assets are at serious risk. The nature of wallt custodial leaves no way out: the company can unilaterally decide to block withdrawals, and the customer would have no way to regain possession.
This scenario happened several times. The common factor lay in the lack of liquidity and the imbalance between reserves and liabilities. More or less large holes in the balance sheet determine the damage suffered by users, which is difficult to recover over time.
How can we protect ourselves? The truth is ugly: there is no way. If a company goes under and goes bankrupt, the remaining deposited capital goes into the long legal process that follows, with no guarantee for customers.
However, we should not think that we are passive and powerless: there is something we can do.
The first action to take consists of a simple reflection: why should I leave my cryptocurrencies deposited with a CeFi (and thus in a custodial wallet)? If we could not find a concrete motivation, such as “I trade crypto,” we should opt for a noncustodial wallet, preferably a hardware wallet such as Ledger.
If we wanted to take advantage of the passive annuity features offered by exchanges and other platforms, let’s weigh the risks and benefits. Which APY would justify the risk? 10, 30, 50% or more? Only you can know.
After that we could move on to investigating the various companies.
We make use of all the elements at our disposal: audits and certifications, Proof of Reserves, reports and surveys by journalists or specialized sites, experiences of other users…
We try to identify the most transparent companies with a solid corporate balance sheet and a track record that confirms their goodness. We stay away from players that are either smoky and known for manipulating data, or too swaggering in the markets.
For example, Coinbase is a publicly traded company, thus subject to strict specifications. This does not mean that it cannot fail, however, it offers greater guarantees than the latest entrant among exchanges. Among other things, the company offers the Coinbase wallet, a really interesting noncustodial product. This solution is increasingly being adopted by other exchanges, such as Crypto.com with its Crypto.com DeFi Wallet.
Back on the rails, only by doing careful research will we be able to minimize risk. However, we will have to be on guard and always be ready to move funds, knowing that we may fail to do so in the event of a sudden and unexpected crisis.
"Ricerche, dati a disposizione, opinioni degli utenti: messe insieme, queste informazioni ci aiutano a contenere i rischi"
Attacks on platforms
An additional danger of CeFi wallets is that of being subjected to external attacks.
Indeed, hackers can identify vulnerabilities and drain customers’ accounts, especially if they lack robust credentials and 2FA. However, even these attentions may not be enough to prevent the damage.
We choose exchanges known to be robust and cybersecurity-oriented. A quick Google search is enough to find out who has suffered attacks and who has managed to limit the damage.
If we were to opt for realities that have been the protagonists of an exploit, we give confidence to those that have promptly reimbursed their customers as well as technically remedied the problem. To err is human, the important thing is not to repeat oneself.
We have come to the conclusion. If you have also read our article on noncustodial wallets, you are able to make an informed choice about which cryptocurrency wallet is best for your needs.
Remember that risks will always be there: assess which ones you are willing to take and do everything you can to keep them to a minimum.
