Operational security and the identity layer
In 2022, federal authorities recovered $3.6 billion in stolen Bitcoin—the largest financial seizure in US history.
How did they find it? The thieves stored their private keys in cloud storage. Plain text. The blockchain never forgets, and neither did iCloud.
This case captures both sides of self-custody: the assets were stolen because the original owners trusted an exchange (Bitfinex, hacked in 2016). The thieves lost them because they trusted cloud storage. Everyone in this story made custody mistakes.
Part 1 covered what keys are. Part 2 covers how to actually protect them—and what happens when your wallet becomes your identity.
Theory is easy. Execution is where people lose money.
Don't put everything in one place. A common setup: hot wallet (MetaMask, Phantom) for small amounts and daily use, cold wallet (Ledger, Trezor) for larger holdings that never connects to risky sites, and deep cold storage for long-term holdings that's rarely or never accessed.
The logic is simple: if your hot wallet gets drained by a malicious contract, you lose spending money. Not your savings.
Most theft doesn't come from cracked encryption. It comes from users approving transactions they didn't understand.
Before signing anything, read what you're actually approving. What contract is this? What permissions does it want? Verify the URL—phishing sites look identical to real ones. Question unexpected requests. Legitimate protocols don't DM you asking to "verify your wallet." And revoke old approvals periodically. Token approvals persist forever unless you remove them. Sites like Revoke.cash let you audit what you've approved.
The Seth Green incident from Part 1? He signed a transaction. That's all it took.
Your mnemonic phrase is a physical security problem, not a digital one.
Write it on paper or etch it in metal for fire and water resistance. Store it in a safe or deposit box. If you're paranoid, split it across multiple locations.
Never screenshot it. Never store it in cloud services. Never email it to yourself. Never type it anywhere except your wallet's official recovery flow.
The $3.6B recovery happened because investigators got a warrant for cloud storage. Don't make it that easy for anyone—federal agents, hackers, or otherwise.
Your wallet address is more than a payment endpoint. It's becoming identity infrastructure.
Every transaction is permanent and public. Your address accumulates a history: assets held over time, protocols you've used, NFTs owned, governance votes cast. This creates reputation without requiring personal information.
DAOs check wallet history before allowing participation. Protocols airdrop tokens based on past behavior. Your address is your resume.
Raw addresses are hostile to humans. 0x47bb4cCA98FC49B971d86c5t26562c86E6284CeD means nothing to anyone.
Domain services fix this. ENS gives you yourname.eth on Ethereum. Bonfida gives you yourname.sol on Solana. These names resolve to addresses, work across many apps, and create consistent identity across the ecosystem.
Owning yourname.eth is like owning yourname.com in 1995—except it points to your wallet instead of a server.
One caveat: some exchanges still don't support sending directly to ENS names. Always verify before large transfers.
Self-custody enables pseudonymous participation—activity under a persistent identity that isn't linked to your legal name. Your financial activity isn't automatically shared with banks or employers. You can't be discriminated against based on nationality or credit score. You can keep different activities in different wallets with different identities.
But pseudonymity isn't anonymity. Sophisticated analysis can link wallets to real identities through exchange deposits, behavioral patterns, or metadata leaks. If privacy is critical, it requires active effort—not just using a wallet without KYC.
Self-custody versus custodial isn't binary. Most sophisticated users operate at multiple points on the spectrum simultaneously.
Full self-custody means you control all keys. Maximum sovereignty, maximum responsibility. Good for significant holdings or if you have jurisdictional concerns.
Hybrid approaches reduce single-point-of-failure risk while preserving meaningful control. Multisig requires multiple keys to sign a transaction. Social recovery lets trusted contacts help you regain access. Smart contract wallets add programmable rules for access and recovery.
Custodial services—exchanges holding your keys—offer familiar UX, customer support, and sometimes insurance. Counterparty risk comes back, but for small amounts or frequent trading, that tradeoff often makes sense.
Many people use all three: exchange account for trading and fiat conversion, hot wallet for DeFi and daily transactions, cold storage for long-term holdings.
Self-custody isn't about ideology. It's about threat modeling.
What are you protecting? $500 in ETH? Exchange is probably fine. $50,000 in diversified holdings? Consider cold storage. Life savings in an unstable jurisdiction? Self-custody might be essential.
From whom? Exchange insolvency? Self-custody protects you. Your own mistakes? Custodial services might be safer. Government seizure? Depends on the government and the specific custody arrangement. Hackers? Both approaches have vulnerabilities, just different ones.
The question isn't which approach is better. It's which tradeoffs you understand and which ones you're accepting without realizing it.
Operational security and the identity layer
In 2022, federal authorities recovered $3.6 billion in stolen Bitcoin—the largest financial seizure in US history.
How did they find it? The thieves stored their private keys in cloud storage. Plain text. The blockchain never forgets, and neither did iCloud.
This case captures both sides of self-custody: the assets were stolen because the original owners trusted an exchange (Bitfinex, hacked in 2016). The thieves lost them because they trusted cloud storage. Everyone in this story made custody mistakes.
Part 1 covered what keys are. Part 2 covers how to actually protect them—and what happens when your wallet becomes your identity.
Theory is easy. Execution is where people lose money.
Don't put everything in one place. A common setup: hot wallet (MetaMask, Phantom) for small amounts and daily use, cold wallet (Ledger, Trezor) for larger holdings that never connects to risky sites, and deep cold storage for long-term holdings that's rarely or never accessed.
The logic is simple: if your hot wallet gets drained by a malicious contract, you lose spending money. Not your savings.
Most theft doesn't come from cracked encryption. It comes from users approving transactions they didn't understand.
Before signing anything, read what you're actually approving. What contract is this? What permissions does it want? Verify the URL—phishing sites look identical to real ones. Question unexpected requests. Legitimate protocols don't DM you asking to "verify your wallet." And revoke old approvals periodically. Token approvals persist forever unless you remove them. Sites like Revoke.cash let you audit what you've approved.
The Seth Green incident from Part 1? He signed a transaction. That's all it took.
Your mnemonic phrase is a physical security problem, not a digital one.
Write it on paper or etch it in metal for fire and water resistance. Store it in a safe or deposit box. If you're paranoid, split it across multiple locations.
Never screenshot it. Never store it in cloud services. Never email it to yourself. Never type it anywhere except your wallet's official recovery flow.
The $3.6B recovery happened because investigators got a warrant for cloud storage. Don't make it that easy for anyone—federal agents, hackers, or otherwise.
Your wallet address is more than a payment endpoint. It's becoming identity infrastructure.
Every transaction is permanent and public. Your address accumulates a history: assets held over time, protocols you've used, NFTs owned, governance votes cast. This creates reputation without requiring personal information.
DAOs check wallet history before allowing participation. Protocols airdrop tokens based on past behavior. Your address is your resume.
Raw addresses are hostile to humans. 0x47bb4cCA98FC49B971d86c5t26562c86E6284CeD means nothing to anyone.
Domain services fix this. ENS gives you yourname.eth on Ethereum. Bonfida gives you yourname.sol on Solana. These names resolve to addresses, work across many apps, and create consistent identity across the ecosystem.
Owning yourname.eth is like owning yourname.com in 1995—except it points to your wallet instead of a server.
One caveat: some exchanges still don't support sending directly to ENS names. Always verify before large transfers.
Self-custody enables pseudonymous participation—activity under a persistent identity that isn't linked to your legal name. Your financial activity isn't automatically shared with banks or employers. You can't be discriminated against based on nationality or credit score. You can keep different activities in different wallets with different identities.
But pseudonymity isn't anonymity. Sophisticated analysis can link wallets to real identities through exchange deposits, behavioral patterns, or metadata leaks. If privacy is critical, it requires active effort—not just using a wallet without KYC.
Self-custody versus custodial isn't binary. Most sophisticated users operate at multiple points on the spectrum simultaneously.
Full self-custody means you control all keys. Maximum sovereignty, maximum responsibility. Good for significant holdings or if you have jurisdictional concerns.
Hybrid approaches reduce single-point-of-failure risk while preserving meaningful control. Multisig requires multiple keys to sign a transaction. Social recovery lets trusted contacts help you regain access. Smart contract wallets add programmable rules for access and recovery.
Custodial services—exchanges holding your keys—offer familiar UX, customer support, and sometimes insurance. Counterparty risk comes back, but for small amounts or frequent trading, that tradeoff often makes sense.
Many people use all three: exchange account for trading and fiat conversion, hot wallet for DeFi and daily transactions, cold storage for long-term holdings.
Self-custody isn't about ideology. It's about threat modeling.
What are you protecting? $500 in ETH? Exchange is probably fine. $50,000 in diversified holdings? Consider cold storage. Life savings in an unstable jurisdiction? Self-custody might be essential.
From whom? Exchange insolvency? Self-custody protects you. Your own mistakes? Custodial services might be safer. Government seizure? Depends on the government and the specific custody arrangement. Hackers? Both approaches have vulnerabilities, just different ones.
The question isn't which approach is better. It's which tradeoffs you understand and which ones you're accepting without realizing it.