👋 gm accountants
In the dynamic and evolving landscape of web3, robust wallet management policies are essential for securing digital assets and ensuring efficient operations.
Often, CFOs or accountants working in the web3 space are preoccupied with daily operations and may neglect to document the processes for creating, storing, and backing up private keys, as well as identifying authorized on-chain signers. However, having a comprehensive wallet management policy is crucial for maintaining robust internal controls, and auditors will closely scrutinize this aspect.
This article aims to provide a comprehensive overview of critical considerations for drafting a wallet management policy, tailored specifically for web3 CFOs and accountants. While not exhaustive, it highlights vital components to establish secure and effective wallet management practices.
More specifically, this article will cover;
- What is a wallet management policy
- Wallet Hygiene - Why is it Important?
- Wallets for institutions
- Key Components of Wallet Management
⁉️ What is a Wallet Management Policy?
A wallet management policy is a set of guidelines and procedures designed to manage digital wallets securely and efficiently. These policies are crucial for safeguarding digital assets, streamlining transaction processes, and minimising risks associated with digital asset management.
For web3 organizations, where digital assets are central, a well-defined wallet management policy is crucial. Given that wallet addresses and their activities are visible on-chain to the public if the wallet address is known, having a robust policy is even more essential.
💭 Wallet Hygiene - Why is it Important?
Wallet hygiene refers to the practice of keeping digital wallets organised, secure, and efficient. Each wallet should have a specific function, such as operational, treasury, or investment purposes, and the flow of funds between them should be clearly defined.
Good wallet hygiene helps prevent unauthorised access and reduces the risk of financial loss. It also aids in tracking and auditing transactions, making it easier to manage finances.
[fs-toc-h2]Wallet Hygiene Best Practices
- Strong Authentication: Implement multi-factor authentication (MFA) to add an extra layer of security, including the likes of Yubikeys for MPC wallets and hardware wallets for a multisig signer for instance.
- Routine Internal Review: Conduct regular internal reviews/audits of wallet activities to detect and address any suspicious activities or incorrect authorisation promptly.
- Access Controls: Limit wallet access to authorised personnel only and regularly review access permissions.
- Purpose and Direction: Assign specific purposes to different wallets, such as operational, treasury, or investment wallets. This helps in understanding, managing treasury, and implementing detective and preventive controls, especially for larger finance structures.
- Database Management: Maintain a database that tracks the purpose of each wallet, authorised signers, spending limits, and other relevant details This is a useful resource for audit purposes see our article on the audit of digital assets here.
Below is an example of how wallet hygiene looks in practice, with each wallet having a purpose:
🏛️Wallets for Institutions
Institutional wallet management differs significantly from individual wallet management due to the scale, complexity, and collaboration involved. Institutions often handle larger volumes of transactions and require higher security measures.
For these reasons, solutions like Safe for multisig (multi-signature) wallets and Utila for MPC (Multi-Party Computation) wallets are recommended. These solutions offer enhanced security features suitable for institutional needs.
[fs-toc-h2]Safe Multisigs
Safe (previously Gnosis Safe) is a popular multisig wallet solution on EVM chains that requires multiple signatures to authorise a transaction. This significantly reduces the risk of unauthorised transactions by ensuring that multiple trusted parties must approve each transaction.
A Safe is configurable, allowing institutions to set the number of required signatures and define specific roles for each participant. There are, however, challenges with not being able to set limits and thresholds on the same multisig smart contract with regards to the number of required signatures, as one can do with an MPC. This, at times for smaller and less important transactions, requires a high level of review which may not be the ideal means in every scenario.
[fs-toc-h2]Utila for MPC Wallets
Utila offers MPC wallets, which provide a high level of security by distributing private key control among multiple parties. Unlike multisig wallets, MPC wallets do not require multiple on-chain transactions for approval, making them more efficient. MPC technology ensures that no single party has full control over the private keys, reducing the risk of key compromise and enhancing overall security. For more information on MPC wallets versus multisig wallets, refer to this guide from Utila.
This solution allows for a further level of configuration which does not compromise security, but adds an additional layer of efficiency that would align with the company's policies. With Utila, there are additional features that allow for dedicated wallets for suppliers and also gas spend management across all wallets, which would allow for effective implementation of wallet hygiene, should these be able to integrate with a sub-ledger as seen in our tools resource center.
📖 Key Components of Wallet Management
Private Key Management
Private keys are the cornerstone of digital asset security. Effective private key management involves generating, storing, and using private keys securely. Best practices include using hardware wallets or dedicated key management systems to safeguard private keys from unauthorised access and physical damage.
[fs-toc-h2]Private Key Storage in Practice
Secure storage solutions are essential to protect digital assets from theft and loss. Options include hardware wallets, cold storage, and secure cloud storage solutions. Each option has its pros and cons, and the choice depends on the organisation’s specific needs and risk tolerance.
In a company setting, private key storage involves multiple layers of security and careful planning. Here’s a detailed look at how private key storage can be practically implemented in a company:
- Hardware Wallets:
- Usage: Hardware wallets such as Ledger or Trezor are used to store private keys offline. These devices are secure because they are not connected to the internet and thus are less vulnerable to hacks.
- Setup: During the setup, a recovery phrase (seed phrase) is generated. This phrase must be securely stored and should not be shared with anyone.
- Access Control: Only authorised personnel should have access to the hardware wallets. Typically, these wallets are used for storing a company’s long-term holdings or treasury funds.
- Physical Security: Hardware wallets should be stored in a secure, physically protected environment, such as a safe or a secure office area with restricted access.
- Cold Storage:
- Usage: Cold storage involves keeping private keys in an offline environment, such as a computer not connected to the internet or a physical document stored securely.
- Setup: Private keys are generated and stored offline. This method is highly secure but requires careful handling to ensure that the keys are not exposed during the generation and storage process.
- Physical Security: Cold storage devices or documents should be kept in secure physical locations, such as vaults or safety deposit boxes, with limited access to authorised personnel only.
- Secure Cloud Storage:
- Usage: For less sensitive keys or for backup purposes, secure cloud storage solutions can be used. These solutions should be chosen for their strong encryption and security measures.
- Encryption: Private keys stored in the cloud must be encrypted using strong encryption algorithms. Only authorised personnel should have access to the decryption keys.
- Access Controls: Implement strict access controls and logging to monitor any access to the private keys stored in the cloud.
[fs-toc-h2]Recovery & Backup
A comprehensive recovery and backup plan is crucial for ensuring access to digital assets in case of loss, theft, or technical failures. This includes maintaining secure backups of private keys and critical wallet information in multiple, geographically distributed locations.
[fs-toc-h2]What Happens if You Lose Your Ledger?
If you lose your Ledger (a type of hardware wallet), your digital assets are not necessarily lost as long as you have your recovery phrase. The recovery phrase, also known as the seed phrase, is a set of 24 words generated when you set up your Ledger. This phrase can be used to recover your wallet and its contents on a new device. It is crucial to store this recovery phrase securely and never share it with anyone.
If you lose your Ledger, you can simply purchase a new one and restore your wallet using the recovery phrase. This process ensures that you regain access to all your digital assets.
It is important to know that if you think your recovery phrase is compromised, you should not use the associated generated wallets and instead generate new phrases and wallets accordingly. This would allow you to transfer assets and signing roles to the new wallet as there is a chance the wallet and the role could be used maliciously.
[fs-toc-h2]Transaction Initiation & Approval
Implementing a robust transaction initiation and approval process helps prevent incorrect/malicious transactions. This process can involve either multi-signature (multisig) wallets or MPC (Multi-Party Computation) wallets, each having its unique approach to security and approvals.
Multisig Wallets
In a multisig wallet setup, multiple signatures are required to sign a transaction. Here’s how the process typically works:
- Transaction Generation: A signer generates a transaction proposal. This proposal includes all the necessary details of the transaction, such as the amount, recipient address, and purpose.
- Sharing the Proposal: The generated transaction proposal is then shared with the other signers. This is often done through a secure link or directly through the wallet interface when logged on. The company would have its own processes on how best to share this information and support.
- Approval: Each signer reviews the transaction proposal. If they approve, they add their signature to the transaction.
- Execution: Once the required number of signatures is obtained (as defined in the wallet’s policy), the transaction is executed. This multi-step approval process ensures that no single party can unilaterally move funds, adding a layer of security.
This means that there are limitations that could cause inefficiency which should be noted. Such as the need for a signer to raise the transaction and also the same amount of signatures needed even for urgent transactions.
For a beginner’s guide on how to use Safe, refer to our article on ‘How to authorize a multisig payment using Safe’.
If you’re looking to use Safe’s multisig with better UI that enables any member of the organization to create a transaction or avoid the limiting FIFO transaction management on Safe, you should check out Coinshift.
MPC Wallets
In MPC wallets, private key control is distributed among multiple parties, and cryptographic techniques are used to approve transactions without requiring all parties to be online simultaneously. Here’s how the process typically works:
- Transaction Initiation: A transaction is initiated by one of the authorised parties.
- Distributed Approval: Instead of collecting physical signatures, MPC protocols coordinate among the distributed parties to cryptographically approve the transaction. Each party contributes their piece of the private key without revealing it to others.
- Execution: Once the cryptographic approval process is completed, the transaction is executed on the blockchain.
MPC wallets offer additional solutions, such as customizable rules for view-only permissions, raise-only permissions, and the ability to connect exchange accounts directly. These features provide enhanced customization for companies looking to scale.
Below transaction hash 0x2d17fe830df6e6c90b2b11f0fc5efa64ee48d57adaed3038bd1b69a8e178a43f is an example of an MPC wallet transaction. The difference between a transaction hash carried out from a Safe multisig is that here, we can only see the ‘from’ address, which looks like an EOA wallet address.
Whereas on a Safe multi-sig transaction hash, you would see ‘from’ (the signer’s EOA address) and ‘to’ (the Safe account’)
[fs-toc-h2]Process for Creating New Wallets
A standardised process for creating new wallets is essential for consistency and security. This includes:
- Purpose Assignment: Defining the purpose of the new wallet.
- Authorization: Specifying authorised signers and their roles.
- Spending Limits: Setting spending limits appropriate to the wallet's purpose.
- Documentation: Recording all details in the wallet management database.
[fs-toc-h2]Wallet Documentation
Proper documentation of wallet management procedures and policies ensures that all team members are aware of and adhere to best practices. This includes documenting the creation, use, and disposal of wallets, as well as any changes to wallet management procedures.
[fs-toc-h2]Incident Response Plan
Having an incident response plan in place prepares the organisation to quickly and effectively address any security breaches or other incidents, minimising potential damage.
[fs-toc-h2]HR Leaving Checklist
When an employee leaves the organisation, it is crucial to update wallet access controls to maintain security. The HR leaving checklist should include:
- Removal of Signer: Ensuring that the departing employee is removed as a signer from any wallets.
- Access Revocation: Revoking all access permissions associated with the departing employee.
- Database Update: Updating the wallet management database to reflect these changes.
Others
Other considerations for wallet management include regular training for staff on security best practices, continuous monitoring for suspicious activities, and staying updated with the latest advancements in wallet security technologies.
🏆 Conclusion
You are now equipped to assess and implement valuable improvements within your organization and wallet management policy.
Remember that in the world of web3, staying proactive and informed is your best defense. Start today and secure your digital operations with confidence!
Umar, a Chartered Accountant and previous External Auditor at Deloitte & BDO, is the creator of The Accountant Quits.
By educating accountants about crypto accounting, Umar aims to help accountants upskill themselves for new career opportunities in Web3.