The crypto custody conundrum – How to secure a Seed

From memory palaces to punching passwords into metal sheets, we look at solutions to the unique security problem posed by crypto’s promise to be your own bank.

‘Be your own bank’ it’s one of crypto’s most potent slogans. Unfortunately, taking custody of your crypto doesn’t involve hiding a safe behind a painting but a whole new level of personal responsibility most of us are unprepared for. Protecting a string of 24 unique words called a Recovery Seed.

As the name suggests, a Recovery Seed is like an extended password allowing you to recover your funds in case of emergency. 

If the sirens are going off and you need to scoop up your loved ones in a hurry, so long you have those 24 words, your crypto goes with you.

Unfortunately, seed security is asymmetric. Those 24 words are virtually impossible for a thief to guess, but lose them – whether through accident or hacking – and the funds are gone forever; good luck making a claim on your home insurance.

So the crypto self-custody conundrum comes down to a simple question – how should you secure your Seed?

Self-Sovereignty & Recursive Security

Over centuries, we’ve become conditioned to ceding control over wealth to higher authorities in return for protection behind city walls, moats or aircraft carriers. 

This bargain extended to the internet era, aka web2: Forget your password? Hit the reset button. Lose access to your bank account? Call customer service.

So the transition to web3, where that safety net is removed, is understandably a bit terrifying.

Where lost crypto goes to die

The perilous nature of self-sovereignty is illustrated by the scale of lost crypto.

Current estimates suggest that close to 20% of all Bitcoin are lost forever. Poor James Howells must be getting fed up with pulling his compo face after losing 8,000 Bitcoin in a Newport rubbish dump worth £280 million and rising. 

Newell’s mishap was back in the days when Bitcoin’s 256-bit security was represented by a 64-character hexadecimal string known as a Private Key – not the easiest thing to memorise.

b1b3dcf4a200ab01g8aeafb8d3cda3fd03401dd2413d169846959a8f7915fd2f

An update to Bitcoin’s rules, called BIP-0039 (Bitcoin Improvement Proposal), changed all that in September 2013 by creating a more user-friendly version – a Recovery Seed – looking like this (don’t bother importing it; it was created by ChatGPT at random).

oyster – liquid – tumble – duck – pretty – wear – choice – right – motor – glad – barely – target – idle – current – spell – auction – hurt – early – web – adjust – melt – garden – dirt – throw

Ever since BIP0039, crypto security has come down to protecting that random collection of words.

There’s general agreement about what not to do. To anyone old enough to remember, it sounds a bit like the warning at the start of Gremlins.

1. Don’t store your Seed anywhere online – Always assume you’ve been compromised
2. Don’t ever type your Seed out on your keyboard – See Rule 1
3. Don’t brag about your stack – This just increases your security woes
4. Keep away from water, fire and direct sunlight – See below

There’s less consensus on the most practical solution for securing your Seed.

• Read about another crypto conundrum – the hodler’s dilemma

Write your Seed on a piece of paper

The most popular solution hodlers employ for Seed protection is low-tech but practical – write the words on a piece of paper. 

You might describe this approach as the path of least resistance – it’s free and uncomplicated – but that description wouldn’t be wholly appropriate, given the nature of paper.

Like the instructions for looking after Mowgli, you have to keep paper away from water, fire, direct sunlight, insects and rodents.

Your Seed won’t breed Gremlins, but it might become unreadable, and a slip of paper is easy to lose or forget.

Nevertheless, hardware wallets used for offline crypto storage often ship with Recovery Seed sheets, reinforcing paper as the default approach (see picture above).

Engrave your Seed into a metal sheet

It didn’t take long for hardcore Bitcoiners to ditch Paper Recovery Seeds for something a bit tougher, like durable steel plates into which you punch the letters of your seed words. 

Though this might sound like it should only be attempted by metalwork enthusiasts in a prepper bunker, the process and options have been refined to bring it within the abilities of DIY novices. Aside from the technical challenge, there is the issue of cost.

The recursive nature of Seed Recovery security

Paper and metal sheets each have their advantages, but they share one problem in common – they can both be easily lost. 

One simple solution to guard against loss or damage is to store the Paper Recovery Seed Sheet or Metal Plate in a safe, which is harder to mislay.

Another solution is to add an additional passphrase on top of the 24-word Seed, so you worry less about exposing the paper or metal.

Unfortunately, both the safe and passphrase approaches just kick the can down an infinite road. You still have to protect the key/combination to the safe or have a failsafe for the passphrase.

Self-sovereignty is a recursive problem without an end – passwords all the way down.

Despite this unavoidable reality, the inventive folks within the crypto community have come up with some interesting and novel approaches to Seed Recovery. 

Two Steel Plates

Belgian hardware wallet vendor Ngrave has a product called Graphene featuring a two-plate Seed backup system.

You punch your seed through the top sheet, featuring a hexadecimal grid of holes, into the bottom sheet, which is blank. On their own, neither sheet reveals anything.

Though Graphene is a clever upgrade on a single steel sheet, you’re left with two things to secure. Though you can recover the upper plate from Ngrave, if you lose the bottom plate, you’re screwed. 

Novel Wallet – Hide your Seed in a book

Alex Cannon has proposed an unusual literary solution to Seed security. He created software that generates a novel where each chapter has at least 5,000 words, including one mention of the 2,048 unique Seed phrase options from BIP0039. 

You just have to devise a system for highlighting the 24 words that are in your Seed, which is sort of where this idea falls down.

To be fair to Alex, he isn’t pretending his Novel Wallet is the safest solution in the world, but it definitely gets full marks for creativity and may help spur further innovation.

Memory Palaces – A vision for web3 Seed security

If you’ve ever tried to improve your memory, you may have come across the concept of memory palaces, aka ‘the loci system’. 

A memory palace is an imagined location, generally corresponding to somewhere IRL, containing objects that act as prompts for remembering complex sequences of information.

Fans of novelist Robert Harris will know that fictional serial killer Hannibal Lecter used memory palaces.

When we are gone from this life, I will always have this place. My palace is vast, even by medieval standards.

Hannibal Lecter, Hannibal – Robert Harris

Hannibal references ‘medieval standards’ because the loci system was taught in English schools up until 1584 when Puritans decided the imagery was unholy. In truth, it dates back to the Greeks, but we digress.

Giordano Bruno, a Jesuit Monk, was a huge fan of mnemonics, imagining memory wheels that functioned like a metaphysical orrery linked to symbols of art, science and language.

Unfortunately, Bruno’s strange mix of astrology and esoteric symbolism didn’t go down well in a Puritan era dominated by strict religious doctrine. Bruno was burned at the stake, which would have been curtains for his paper Recovery Seed.

It’s always fun to conceive brands for innovators at the top of their game.

Together with @alexprice and his team, we created Open Innovation. Welcome to the future connection between humans and technology.

Brand ✅
Product ✅
3D ✅
Launch 🚀https://t.co/137d3sbsjD pic.twitter.com/Hk3vUzTB70

— MetaLab (@metalab) August 21, 2023

Memory Palaces in the Metaverse

The idea of memory palaces has, however, been revived by openinnovation.xyz, who, with the Metaverse in mind, are using virtual reality technology to create a much more usable form of a Seed Phrase.

The idea is to use a VR Headset to choose from 10 virtual rooms, within which are 100 objects which can be moved to 1,000 discrete locations with corresponding 3D coordinates.

Selecting an array of three objects per room creates the equivalent of 156-bit security – the odds of guessing that combination are like finding a specific grain of sand in the Sahara.

The memory palace VR solution is especially relevant given the expectation that web3 wallets like Metamask will secure our entire digital identity and wealth instead of those evil tech barons at Meta or Barclays, all protected by a Seed. 

Though the Memory Palace idea is a really clever innovation for Seed Recovery, it doesn’t solve the recursive problem at the heart of digital self-sovereignty. 

The headset would need to be air-gapped like a hardware wallet to avoid leakage, and regardless, some failsafe of your memory palace must exist because it’s extremely unwise to trust your memory. This is hinted at in the small print of the Whitepaper:

There may also exist some form of video backup available just as many users traditionally store written backups for their seed phrases.

Memory Palace Whitepaper, openinnovation.xyz

IBM’s Hyper Protect Offline Signing Orchestrator (OSO)

Private Key security isn’t just an issue for your average Joe. In the next few years, we’ll likely see a wave of tokenisation of everything from commodities to traditional financial products. So, fintech faces similar custody issues.

In December, IBM released their vision for how transactions might be securely managed with the catchily titled Hyper Protect Offline Signing Orchestrator (OSO). There’s a lot of technical detail to wade through, so here’s the TL;DR.

OSO operates a three-way comms system where transaction instructions are relayed from the sender to the wallet via a middleman that is never simultaneously connecting to both.

You can layer timelocks and transaction windows on top, which would theoretically stall fraudulent transactions. 

OSO sounds impressive, but the demo video shows it still relies on good ‘ol email approval and more importantly, it isn’t decentralised, so it kind of defeats the whole purpose of the web3 thing.

The idea that the safety of assets meant having 12 words that you can never lose, but no one else can ever access, is outdated and to a large extent has been holding back progress for actual user adoption.

Friederike Ernst, co-founder, Gnosis

The self-custody conundrum & the future of web3

Addressing the crypto self-custody isn’t just an interesting thought experiment. It is fundamental to the chances of broader adoption of the ideals of web3 – trustless self-sovereignty of your digital life and wealth. 

Unfortunately, humans are suckers for comfort and familiarity. In 2018, seven years after 2FA was implemented, Google software engineer Grzegorz Milka shared data showing less than 10% of users were using 2FA, even though it reduced hacking by 99%.

Your account is more than 99.9% less likely to be compromised if you use MFA.

Microsoft Director of Identity Security Alex Weinert

With the steep rise in cybercrime, Google is now moving to make 2FA mandatory, starting with Admin users, to combat this seeming ambivalence to security.

Given how reticent we are to implement even the most rudimentary security practices, which are proven to protect us, what hope is there for the dream or web3 given the burden of Seed security? 

The excitement over account abstraction

There is hope that Seed management might be a thing of the past, thanks to an innovation called account abstraction. It’s a complex subject, but in layman’s terms allows the creation of rules of engagement for your crypto funds.

Spending limits, a deadman’s switch for inactivity, and session access. Account abstraction may add nuance to crypto security, but it cannot decouple self-sovereignty from personal responsibility.

History shows us that when it comes to online security, we’re ultimately very lazy. So it’s unrealistic to expect us all to be punching the failsafe to our digital lives into a sheet of metal or memorising those precious phrases in a 3D version of Grand Theft Auto.

But given the recursive conundrum at the heart of self-custody, whatever the solution to security, if web3 is to thrive, for now, the buck, or Bitcoin, ultimately rests with you.