At BitLift we take privacy and security pretty seriously. As you should, operating as your own bank and taking control of your hard earned money is wildly powerful and comes with great responsibility.
If you haven’t done so already, checkout Episode 4 and Episode 5 of The Bitlift Podcast where we break down the different types of wallets, different types of custodians and different ways to take custody and protect your private key. This is required listening. You can’t use crypto without understanding this stuff and operating on a strong foundation of privacy and security.
But as crypto continues to evolve, so must our processes.
Evolving Our Processes
NFT’s have brought a new dynamic to the cryptoverse, and they’re not going anywhere. In fact, I think NFTs and Web3 Social is going to play an even bigger and wilder role in the next bull market. So we need a good way to play, explore, tinker and even invest in these new technologies without compromising the security of our investment accounts and DeFi strategies.
Wallet & Address Privacy
As you know, most crypto addresses are anonymous, or rather pseudonymous. This means that the random string of text that makes up your address is unique and identifiable. For example, you can lookup an addresses balance in any block explorer like blockchain.com or etherscan.io to see: token balances, NFTs, recent transactions. Everything you’d want to know about that address is there.
But an address is not tied to your personal identity. It doesn’t display the name your mama gave you alongside your account balances. All you know is that an address holds 10 ETH, but not who who controls that address.
This all changed with NFTs
A lot of people screwed this up. They’d buy an NFT with the same wallet they use to store their ETH and invest in DeFi. Then, the second they showed their shiny new NFT to their friend, their friend could lookup that NFT on Opensea and easily see their entire wallet balance!
Even worse, ENS domains are NFTs that literally hold your identity information!
If you buy “yourname.eth” with same wallet you use to save and invest, you literally just dropped your name into your wallet. And now your name appears alongside your balances on the public blockchain
Even if you send that ENS domain to another wallet, the transaction is still there, stamped in an immutable ledger forever showing that your name is tied to this wallet. Forever.
NFT Security
You want to hold your primary ENS domain and your valuable NFTs on your hardware wallet, but you don’t want to be connecting that wallet to every random website with a countdown timer to the latest NFT drop!
And often times you’re on the go, sniping NFT’s from your phone at the beach. Again, not somewhere you should be taking your hardware wallet. But that doesn’t mean you shouldn’t be able to participate, so we need a solution that covers this as well.
So here’s a setup that takes all these privacy and security concerns into account without limiting your access to all the fun stuff going on in the metaverse.
Step 1 - How To Setup A Hot Wallet
We’re going to setup a hot wallet specifically for NFTs. If you don’t know what a hot wallet is, make sure and listen to the episode on choosing a crypto wallet. But the quick and dirty is that this is an insecure wallet, it doesn’t use a hardware device and we never want to store more than we’re willing to lose on this wallet.
Which is exactly the point. We’re going to be using this wallet for the sketchy degen shit you would never want your savings account connected to.
You can create this wallet using MetaMask and store the seed words in a password manager. You can also punch this seed into the MetaMask mobile app on your phone so you can use this wallet on the go or via the MetaMask browser extension on your desktop.
We’ll call this the “hot wallet”.
Step 2 - Funding Your Hot Wallet
BUT WAIT! We need to do this carefully. If you just send crypto directly from your cold storage wallet to your hot wallet, now the two wallets are linked! Forever… So instead we’re going to use a centralized exchange like Coinbase or Kraken as a mixer. You can either:
- Buy ETH on the centralized exchange and then withdraw to your hot wallet.
- Or you can send ETH from your cold storage wallet to the exchange, and then withdraw from the exchange to your cold wallet.
We never want our investment wallets and NFT wallets to interact with each other. If this ever happens, even once, your investment account is tied to your identity. It’s tainted. So we’re very careful about this.
We’re not going to send much. Maybe a few ETH max. Enough to buy a few ENS domains and mint a few NFTs. This ETH will be in your hot wallet so it’s susceptible to being hacked and stolen. So please, only keep small amounts here and top it up from the centralized exchange as needed.
Now obviously this isn’t protecting your privacy from the exchange. They will see both accounts, the cold wallet you deposited from as well as the hot wallet you withdrew too, but at least everyone on the entire internet won’t know these accounts are tied together.
There are options out there for doing this in a more private/decentralized fashion. You’re going to have to find solutions for that yourself. We could have recommended something like tornado.cash, but not anymore.
Step 3 - How To Setup Your NFT Vault
So we’ve got a hot wallet for with some ETH on it for buying NFTs, and now we need a cold wallet for storing your NFTs. A cold storage wallet is typically a hardware wallet. It’s called cold because unlike your hot wallet, a cold wallet generates and protects your private key offline. Anytime a key touches the internet, it’s hot.
You might hear people talking about NFT Vaults. This is what they’re talking about. It’s simply a cold storage wallet for NFTs. We’ll call this wallet your "vault".
Hopefully you already use a hardware wallet for storing your investments, now we’re going to use the same device with the same private key for storing your collectibles. BUT, we’ll use a different address on your wallet. It will be a fresh, empty address with no transaction history. Not yet anyway.
What We're Protecting Against
If you search Twitter for “Seaport Drainer” or “Monkey Drainer” you’ll see what I mean. Hundreds of people getting their entire NFT collection drained. They visited a fake site to get some cool new NFT thing, and “accidentally” authorized the dApp to sell every NFT they own on Opensea for 0 ETH. It’s scary stuff. Which is why we have a vault which will never connect to these scams!
Using Your Hot Wallet & Vault Securely
Once we have a funded hot wallet and setup an empty vault on cold storage we’re ready to use them. But here’s how to use them securely:
- For all new exploratory things we’re going to use our Hot wallet.
- This includes all NFT minting and Web3 social networking type things.
- If you end up with something in your hot wallet you want to protect, you send it to your Vault!
- You can use Opensea or the MetaMask mobile app for transferring NFTs from your Hot wallet to your Vault.
- Use a dedicated profile in the Brave Browser specifically for interacting with DeFi and my NFT Vault.
- Bookmark all the dApps you visit with that browser profile.
- The only extension on that browser profile should be MetaMask.
- In the MetaMask Extension settings, you can set it to only work on specific sites, and white list the websites you want MetaMask to interact with.
You want to connect your Vault to as few dApps as possible! Only really well known dApps. For example, the ENS Manager and Opensea are a couple dApps worth whitelisting.
This may sound a bit overboard, but it’s pretty easy and this is what it takes to Be Your Own Bank and to securely protect your assets - which now includes JPEGs!
Giving Your Wallets A Name
One last thing we can do once we have a funded hot wallet, an empty vault on cold storage and a dedicated browser profile for interacting with your vault is you can name your wallets.
And by name I mean an ENS domain! For example, I use gerbz.eth. Why do you want an ENS domain?
- It makes it much easier to tell people about your wallet so they can checkout your NFT’s
- Makes it easy for people to send you money
- Makes it easier to transfer NFT’s between wallets so you don’t have to memorize the address
- It will also show up Etherscan and other block explorers that support ENS
- When you connect to most dApps, it will display your ENS domain so you know you’re connected with the correct account
You’ll want 2 ENS domains, one for your hot wallet and one for your vault. I have gerbz.eth in my vault and I created a subdomain (🔥.gerbz.eth) for my hot wallet. I’ve also seen people do the reverse, for example Kevin Rose has kro.eth as his hot wallet and krovault.eth as his vault.
Whichever makes sense for you just head over to the ENS Manager to buy your first ENS domain and watch this video to learn how to fill out the TXT records with a bio, avatar, twitter account, etc. and point your profile at 3bra.
Step 4 - Create A Vault ENS Domain & Hot ENS Subdomain
- Buy Your Vault Domain - Head over to the ENS Manager to buy your Vault's domain first (Example: gerbz.eth) using your hot wallet. You can also buy the domain on OpenSea if it's already taken.
- Update Vault Domain Text Records - Once you own it, watch this video to learn how to fill out the TXT records with a Bio, Avatar, Twitter account, etc. and point your profile at 3bra.
- Create A Subdomain - Click the Subdomains tab then click
+ Add Subdomain
and enter a label and hit Save. (Example: 🔥 if you want 🔥.gerbz.eth) - Update Subdomain Text Records - Now your hot wallet hodls both your Vault domain and your Sub domain, but the Text records don't transfer over to the subdomain, so be sure to update those as well.
- Set Subdomain As Primary Domain - Just jump over to the “My Account” page of the ENS Manager to set the subdomain as the “Primary Domain”.
- Transfer Vault Domain To Vault - Just go to the Vault domain in the ENS Manager and next to
Registrant
you’ll seeTransfer
. Punch in your Vault’s ETH address and Submit. - Set Vault As Primary Domain - Once your Vault hodls your Vault domain, don’t forget to set it as the Primary name of your Vault as well. You'll have to connect your Vault wallet to the ENS Manager, but this is safe.
That's all for today! If you follow this guide successfully be sure to tweet @bitlift your ENS domain so we can checkout your NFT's. Or if you bump into any questions let me know.
Written by: @gerbz Gerbz is the founder of BitLift and has been journeying down the crypto rabbit hole since 2013.