The Zero-Trust Protocol: Ultimate Guide to Self-Custody
Being your own bank is a superpower. But remember: banks have vaults, guards, and insurance. You have a sticky note on your monitor. It's time to upgrade.
There is a mantra in crypto: "Not your keys, not your coins."
It's catchy. It's also terrifying. Because if you lose your keys, there is no "Forgot Password" button. There is no customer support. The money is gone. Burned into the digital void forever.
At Roylith, we believe in Sovereignty. But sovereignty requires competence. This guide is your crash course in operational security (OpSec). We are going to treat your laptop like a hostile environment.
01 // The Hierarchy of Storage
Not all wallets are created equal. You need to segregate your funds based on risk.
The Rule of Thumb: Never keep more money on an exchange or hot wallet (Metamask) than you are willing to lose in a bar fight. Everything else goes to Cold Storage.
02 // The Seed Phrase Doctrine
Your 12 or 24 words are not a password. They are the money itself. Anyone who sees these words owns your money.
-
No Digital Copies: Never take a photo of your seed phrase. Never type it into Google Drive, Evernote, or a Text file. Malware searches for these strings specifically.
-
Metal over Paper: Paper burns. Paper gets wet. Use a steel plate (like Cryptosteel) to punch your seed words into metal.
-
The Passphrase (25th Word): Add a custom "passphrase" to your seed. This creates a hidden wallet. If someone finds your 24 words, they still see an empty wallet without the password.
03 // The $5 Wrench Attack
Everyone worries about Russian hackers. You should be worrying about a burglar with a wrench.
The Scenario
An attacker breaks into your house. They hold a wrench to your head. They say: "Unlock your Ledger or I break your knees."
No amount of encryption stops this.
The Solution: Plausible Deniability.
This is where the "25th Word Passphrase" saves you. You keep a small amount of "dummy money" ($500) on the main wallet. You keep your life savings ($1M) on the hidden passphrase wallet.
When the attacker threatens you, you unlock the main wallet. They see the $500, take it, and leave. They never know the millions existed.
04 // The SIM Swap Nightmare
If you are using SMS (Text Message) for 2-Factor Authentication (2FA), you are begging to be hacked.
An attacker calls your phone provider (AT&T/Verizon), pretends to be you, and ports your number to their phone. Now they receive your 2FA codes. They drain your Coinbase account in minutes.
The Fix:
- Delete SMS 2FA immediately.
- Use an Authenticator App (Google/Authy).
- Better yet, use a Hardware Key (YubiKey).
05 // The Dead Man's Switch
Here is a grim reality: Billions of dollars in crypto are lost forever because the owner died and didn't tell their family how to access the keys.
If you get hit by a bus tomorrow, does your family inherit your wealth, or does it disappear?
The Protocol:
1. Do NOT put your seed phrase in your Will. Wills become public record (Probate).
2. The Split Key: Give half your seed phrase to your lawyer. Give the other half to your spouse/brother. They must collaborate to unlock it.
3. The Instruction Manual: Write a physical letter explaining how to use the device. Your family likely doesn't know what a "Ledger" is. Walk them through it step-by-step.
TRUST NO ONE.
We build tools to help you, but the final responsibility is yours. Verify everything. Secure your legacy.
Access Roylith Security