Introduction
Sayfer was approached by a medium-sized company seeking advice on managing their wallet in a self-custody environment. The company’s team had been dealing with cryptocurrencies alongside their fiat reserves and needed to ensure the protection of their digital assets. In this case study, we present our observations, recommendations, and best practices for safeguarding the company’s cryptocurrency holdings while maintaining usability for their day-to-day operations.
Company Background
The company in question has a team of 45 people, including 3 founders. They needed a wallet management solution that would cater to their security requirements, streamline their operations, and maintain accessibility for the team.
Their main requirement was a high-security standard with high availability and backup solutions to prevent funds lockouts when keys are lost.
Our Recommendations
There are multiple areas where Sayfer believes the company could implement improvements to achieve its own security objectives.
Warm Individual Wallets
For the trusted individuals managing the company funds, we suggested using warm wallets. These wallets strike a balance between accessibility and security, making them suitable for day-to-day transactions and operations. Hardware wallets like the Trezor Model T, which supports Shamir backups, can be used to store the private keys for the warm wallets.
Multi-Sig Company Wallet
We advised the company to implement a multi-signature (multi-sig) wallet, such as Safe (formerly Gnosis Safe), for storing the majority of the company’s crypto assets. This wallet requires multiple authorized signatures to approve transactions, enhancing security and control over the company’s digital assets.
Shamir Backups
To provide an additional layer of security, we recommended using Shamir backups. This method involves splitting a seed phrase into multiple parts, which are stored separately. We suggested distributing the parts to multiple trusted individuals and storing them on metal plates like Keystone.
Alerts
To help monitor the company’s crypto wallets, we proposed the implementation of a comprehensive alert system, such as Tenderly. This system would notify relevant personnel of unusual or suspicious transactions in real-time, enabling swift response and investigation.
Implementation Example
Based on the company’s size and structure, we recommended the following configuration:
- Company wallet: Safe multi-sig wallet with a 2/3 quorum
- Individual wallets: Each founder uses a Trezor Model T with 2/3 Shamir Backups, using Keystone, distributed in secure locations
- Set alerts via Tenderly to a dedicated Slack channel for individual and company wallets
Next Steps for Enterprises:
As the company’s cryptocurrency holdings grow, it is crucial to continuously reassess and improve security measures. Some potential actions include:
- Creating an additional cold wallet with private keys distributed via MPC or Shamir backup into multiple safe locations, such as bank safes
- Complex passphrases to create hidden wallets on top of the Trezor wallet
- Re-evaluating the thresholds for Shamir Backups and Safe quorum
- Distributing risk between more wallets
Conclusion
By implementing our recommendations, the medium-sized company can significantly reduce the risk associated with managing their crypto keys. While there is no bulletproof method, we believe these guidelines strike a good balance between security and usability, allowing the company to protect its digital assets while maintaining the accessibility needed for its operations.
Want to Hear More?
A free consulting meeting included.