Best Wallet Practices and the Importance of Self-Custody in DeFi

Ethereum is not a “dark forest”, it is a city at night… Protect your valuables, and you’ll pass through without fright.

The dark cities of DeFi that never sleep

Table of contents

1. Introduction
2. The Importance of Self-Custody in DeFi
3. Choosing the Right Wallet for Self-Custody
   -Hardware Wallets
   -Software Wallets
   -Smart Contract Wallets
4. Best Practices for Wallet Security and Self-Custody
5. Getting Involved

Introduction

A bewitching dark forest analogy, inspired by a science fiction novel, describes Ethereum (and DeFi at large) as the equivalent of a free-for-all environment in which detection means sudden death at the hands of predators. Detection, in the DeFi context, could mean anything from malicious MEV bots preying on unprotected transactions to the exploitation of one’s sensitive wallet information.

However, that article was written in 2020. Like the Cheela in Robert L. Forward’s classic novel Dragon’s Egg, DeFi evolves at an exponential rate. One hour of development in DeFi often feels equivalent to hundreds of hours in TradFi. Today, luminous cities with advancements in UI, custody, and security have been built where the dark forest used to stand. While weaving one’s way through these urban jungles of DeFi, the pitch black alleys increasingly punctuated by shafts of light from protocols and marketplaces, knowing how to protect one’s digital assets in a safe and secure wallet is essential street smarts.

Nighthawks at the DeFi Protocol

DeFi is an ever-evolving ecosystem and along with it, projects like Gro DAO continue to empower users with innovative products built upon the pillars of self-sovereignty, accessibility and decentralised governance. To maximise the DeFi experience, users must remain up-to-date with the fundamentals of self-custody. Otherwise, while passing between networks and through tunnels of hooded strangers, users may unwittingly find their private keys to have been pick-pocketed.

This article will delve into the best wallet and custody practices, while highlighting some of the latest developments in wallet technology to help readers understand that the future is not gloomy, but optimistic — wallet experiences are improving, and users need not fear the dark when they are equipped with the right knowledge and tools.

The Importance of Self-Custody in DeFi

DeFi’s core principles envision a world where users can access financial services without the need for intermediaries. Self-custody allows users to have full control and responsibility for their assets, reducing reliance on centralisation (thus avoiding involvement in events such as the FTX saga).

As crypto users have witnessed too often in the past few years, leaving the custody of one’s assets in the hands of another “trusted” party may come back to haunt you. This is true in all financial sectors, and the crypto space is no exception. Stories of centralised exchanges and custodial services falling victim to hacks, fraud, or mismanagement have resulted in significant losses for affected users. These are stark reminders of the risks associated with entrusting assets to third parties, including supposedly decentralised protocols that have suffered as a result of security vulnerabilities.

By embracing self-custody and being cautious in one’s activity on the blockchain, users can mitigate these risks. However, there is a skills gap between recognising the importance of self-custody and the difficulty of managing this oneself. Some crypto users are uncomfortable with managing their own assets, instead preferring to leave their assets in the hands of centralised exchanges and other entities for the sake of convenience. While this is not an ideal future for crypto and arguably defeats its purpose, it is an understandable dilemma that crypto builders need to solve for.

Decisions, decisions

The next section of this article will explore wallet solutions that aim to provide the wallet-averse crowd and new participants with simple, customisable tools where the difficult parts are handled beneath the surface for them.

Choosing the Right Wallet for Self-Custody

Better safe than sorry

A crypto wallet allows users to securely store, send, and receive digital assets. (Most) contain private keys that are used to access and manage a user’s crypto assets on a blockchain network.

A crucial step in practising self-custody is selecting the right wallet to manage your assets. There are various types of wallets, such as hardware, software, and even paper wallets. When choosing a wallet, users should consider factors such as security, user-friendliness, and compatibility with different dApps and DeFi platforms.

Hardware Wallets: A Secure Option for Self-Custody

For enhanced security

Hardware wallets are physical devices that securely store private keys offline (as they are disconnected from the internet), protecting users from most online threats. As a result, they are considered one of the safest options for self-custody. Popular hardware wallets like Ledger and Trezor can be used to manage digital assets across various DeFi platforms, as well as interact with dApps.

Software Wallets: Convenience and Accessibility

Zeal, an example of a software wallet

Software wallets are digital applications that store private keys on your computer’s web browser or app on your mobile device and are therefore connected to the internet. While they provide easy access and convenience, they can be more vulnerable to online security breaches if not used in tandem with a hardware wallet. Examples of reputable software wallets include Zeal and MetaMask, both of which can be used for interacting with DeFi protocols and are integrated with popular hardware wallets.

Smart Contract Wallets: Enhanced Customisation and Security

Why not both?

A smart contract wallet is an application that lets users customise the way they manage their digital assets more easily, through the use of programmable contracts. This is a newer category of wallet, spurred on by the recent release of an Ethereum standard called ERC-4337. This standard introduces a concept called account abstraction, which in short allows for a higher layer structure for completing transactions that decouples wallets away from some of the complexity involved in traditional wallets. Smart contract wallets leveraging account abstraction offer users enhanced personalisation, customisation and control over their assets, making them an increasingly popular choice for self-custody in the DeFi space. For example, such wallets can enable social recovery and bundled transactions (which can help save on gas fees and minimise incidents of human or smart contract error).

There are three primary approaches to account abstraction, each with a set of tradeoffs:

1. EOA and Relayer Approach: Wallets like Safe use an EOA (externally-owned account) and a transaction relay service to bundle and process transactions. This offers greater customisation in transaction confirmation methods and account recovery options, enhancing self-custody practices. However, it still relies on third-party relayers, which can introduce centralisation risks.
2. Layer-2 Native Account Abstraction: Wallets like Argent have partnered with ZK-Era to provide native account abstraction through its scaling (layer-2) solution. This offers built-in, though currently limited account abstraction functionality for users who transact on their network. While convenient, there are concerns regarding the security and dependency of the layer-2 smart contract responsible for settling deposits and withdrawals, as well as the reliance on third-party paymasters.
3. ERC-4337 Account Abstraction: This approach uses a new (ERC) standard of transaction messaging that sends user operations to a bundler and could accordingly offer a more decentralised version of what relayers do, aligning with the self-custody principles in DeFi. However, the alternative mempool structure of ERC-4337 accounts (see the diagram below) and associated actors are still very much in the early stages. Furthermore, ERC-4337 introduces two new MEV-extracting entities to the supply chain, namely paymasters and bundlers. These new MEV vectors are true to an extent in each of the above approaches.

It is worth noting a related category called MPC wallets, which use multi-party computation technology and smart contracts to split shares of a single private key between multiple owners without revealing the shares to the other owners. There are some unique advantages to them — most importantly, the removal of a single point of failure (the private key) and transactions appearing in the same format as private-key wallets, providing some privacy. MPC wallets tend to be used by larger organisations or users who are looking for an escrow service with a hybrid custodial approach, since they have limited integrations in DeFi. Account abstraction-based smart contract wallets are generally viewed as more functional and likely to see wider adoption with retail investors.

In conclusion, smart contract wallets have the potential to revolutionise self-custody practices in DeFi, bringing easier-to-use wallets to a new wave of users. While there is more work to be done before smart contract wallets see wider adoption, there is usable infrastructure being introduced day by day. Vitalik Buterin posted recently about the necessity of “everyone moving to smart contract wallets” in the future, and wallets needing to secure both assets and data for the tech stack to mature.

Best Practices for Wallet Security and Self-Custody

Stay vigilant

Users should follow best practices for wallet security and self-custody, such as:

1. Using hardware wallets: Securely store access to private keys offline with physical devices that are not connected to the internet, for enhanced safety.
2. Considering smart contract wallets: With the advent of account abstraction, smart contract wallets offer users increased customisation and control over their assets. This technology will become a more attractive choice in the future.
3. Verifying wallet address authenticity: Double-check wallet addresses when sending or receiving funds to prevent irreversible loss. There are tools like Tenderly (which is directly integrated with Zeal Wallet) that help mitigate transaction vulnerabilities and failures, by conducting a simulation of them first.
4. Enabling multi-factor authentication (MFA): Add an extra layer of security by requiring multiple forms of identification to access wallets.
5. Safeguarding backup seeds and private keys: Store them securely and offline, preferably using hardware wallets or even on pieces of paper (if you have to!).
6. Keeping a low profile: Don’t openly discuss cryptocurrency holdings associated with your wallet addresses online to avoid attracting potential attackers.
7. Avoiding public Wi-Fi networks when accessing wallets: Use secure, private connections to improve wallet security.
8. Be wary of phishing scams: Do not share your private keys with anyone and do not open links unless you are sure of their origin (even if the sender and URL appear to seem legitimate). Phishing scams often claim an urgent problem with the user’s account or offer a fake airdrop/ reward.

Getting Involved

Gro DAO aims to continue filling the gaps in DeFi. Its organisational structure is continuously decentralising, and you can join the journey of innovating and building products for different users and use cases. Reach out to the DAO on Discord and learn more about how you can help contribute and build right away!

Website | Discord | Twitter | Forum

DISCLAIMER: This article is for informational purposes only. It is not legal, tax, financial, or other advice. All of the products mentioned are involve risks. Refrain from taking action solely based on the information in this article. Please do your own research, make your own financial decisions, and/or seek independent financial advice from a licensed person. None of the information included in this article is an endorsement of the tools mentioned.

All software developed by Gro DAO are tools that can be used to access and/or operate various DeFi protocols. Accordingly, users of Gro DAO products continue to control their assets and decide how to manage them with the help of these tools.

Originally written by JP5 & Jaypow