Safe. That’s what you want your cute JPEGs and dog coins to be. Safe so you can sleep soundly at night.

If you had some jewellery that you wanted to keep safe, you’d put your items in a… safe, you got it! So, it shouldn’t come as a surprise that the key to keeping your digital items safe, is to also use a Safe.

Well, a digital one. Let me explain.

I’ve built custody infrastructure for a large crypto custodian that to this day has not been hacked. We used Shamir’s Secret Sharing, Hardware Security Module servers, georeplicated in highly secure data centers, multiple air-gapped laptops, lengthy key ceremonies, physical and digital key shares backed-up in multiple locations… and more. The point is, it’s a lengthy and costly process that only makes sense if you plan to custodize billions and have many potential attack vectors. That’s probably not you. If it is, this article is not for you.

If you simply want to sleep well at night and custodize thousands to early-millions, I’ve got the setup for you. In order to be able to explore everything the Ethereum ecosystem has to offer, I’ve settled on three tiers of custody, with most assets being stored on the later tiers:

1. I like to live life on the edge.

   This tier is basically for anything that you don’t mind losing. Like, completely okay with losing. You might ask why it even exists then? I would say two reasons. Firstly, sometimes you want to be a degen and a hot wallet is needed so you can quickly execute some transactions. Secondly, if you are developing a dapp, a hot wallet is much easier to use for testing. To be clear, you should move any assets you actually care about to a more secure tier of custody after your degenning.

   Recommendation: On desktop, MetaMask still reigns king here. It is simply the most battle tested hot wallet. Rabby gets an honorable mention due to its much nicer UX and I am personally testing this out (with a new mnemonic of course). Although it doesn’t support Firefox yet which is very annoying. On mobile, I’ve been enjoying Rainbow due to its UX and security. It uses react-native-keychain which means that on modern phones your private keys are encrypted with a key in a hardware security module. For most people, this is probably more secure than MetaMask or Rabby.

2. What if there is a bug in a smart contract wallet?

   If you have Parity multi-sig PTSD, I get it. While I think Safe maintains an admirable software-development lifecycle, there is simply just an extra layer of dependencies involved when using a smart contract wallet.

   For this reason, I recommend to also just have some assets stored on a highly-reliable hardware wallet. This could also be used in cases where a website doesn’t support smart contract wallets.

   Recommendation: Ledger with Frame. While Ledger customer data has been compromised in the past, I think the hardware security and UX they offer is best-in-class. If you want to avoid being in their customer database, I have a tip. Provided you can attend a conference, Ledger often has a booth where they sell Ledgers. Or, you could buy one from a well-known reseller. Or, you could use a PO box and crypto directly on Ledger’s website. It’s important to know of ways to avoid providing personally-identifiable information.

   @joshie_sh reviewed this article (much love) and recommends Trezor, especially for their well implemented passphrase and hidden wallet features. There are many debates online between Ledger and Trezor. The reality is, the hardware of choice is probably not going to be the weakest link in your custody setup and so going with either is fine today.

3. Wow, who knew smart contract wallets were so powerful?

   Me, I knew! And, so will you shortly. See, with a smart contract wallet we can combine the security and convenience of all of the above tiers. Imagine your computer gets hacked and your MetaMask keys get stolen. Now, imagine simultaneously your phone gets hacked and your Rainbow keys get stolen. And, wow, what a hacker they are, they also managed to find a zero-day on Ledger. Quite hard to imagine all of those happening together, right?

   Smart contract wallets allow us to have multiple signers and a threshold. These signers are simply other wallets. The threshold is the amount of signers that need to agree on a transaction. I recommend setting up a Safe with three signers and a threshold of two:

   1. MetaMask / Rabby

   2. Rainbow

   3. Ledger

   Two of these would need to be simultaneously hacked in order to get your assets from a Safe. As you can see, this is already much more secure than having your assets in a single wallet. However, you may find it annoying that you need to always sign with two wallets. Spending limits can come to the rescue here. You can allow one signer to spend a certain amount of a certain token in a defined period. Personally, I have given my Rainbow wallet a small allowance to spend daily from my Safe and this works really well.

Between tiers 2 and 3, I actually don’t think it’s possible to say one is simply safer than the other. Instead, they have different attack vectors and risks. This brings me to my biggest point:

Diversify your assets, anon. You want to diversify all possible attack vectors while minimizing the effort of accessing your funds.

If you’ve followed my setup, you now have at least three mnemonic phrases to worry about. This can be pretty annoying, but it doesn’t have to be. I’m not going to go into too much detail on how to protect these, rather I will write another article that goes into detail on this. With that said, here is the TL;DR of what I recommend which you should be able to follow if you are an advanced user and cannot wait for my next article:

• Multiple USB drives in different locations

• Two Veracrypt partitions with different keys (VeraCrypt hidden volume) on these USB drives

• MetaMask key in the first partition which can be given in distress situations

• Rainbow and Ledger keys in the hidden volume which should never be given up

• All setup with an airgapped-laptop

1. OMFG, why doesn’t this website support smart contract wallets?

   I’m looking at you OpenSea. But you’re not alone on this. Lens Protocol (of which I am a big fan) currently has minimal support for smart contract wallets but I think that will change soon.

   With that said, you should look for alternative dapps which do support smart contract wallets. Castle is building a NFT Marketplace with first party support for smart contract wallets for example. Otherwise, in these cases, your MetaMask or Ledger can come in handy here.

2. Safe on other chains

   Be careful when providing your Safe address to others. This address is only valid on the chain you deployed it on. It is possible to get the same address on other chains, but it’s quite an involved process.

3. Death

   In this scenario, you don’t want your family to miss out on your hard earned dog coins, right? This will be tackled in my next article.

I am a Safe Guardian which means I’ve been awarded some $SAFE tokens. With that said, I’ve been a big proponent of Safe for a long time and have personally used it long before a token was even considered. It’s just simply the best smart contract wallet that exists today.