Fintech

What are the dos and don’ts of a non-custodial wallet?

blog author avatar

Helghardt

September 10

6 min read
What are the dos and don’ts of a non-custodial wallet?

Our deep dive into n0n-custodial wallets is gaining momentum, and we’ve added this section to emphasize two crucial aspects: the heavy responsibility of self-custody on users and the challenge for UX designers in simplifying the experience while ensuring users follow best practices.

For non-custodial wallets to succeed, users must securely manage their assets. This places a tremendous burden on individuals, requiring them to understand the dos and don’ts of crypto security. However, the real challenge for designers is making this experience seamless without overwhelming users with complexity.

Dos

  • Do secure your seed phrase: Write down your seed phrase and store it in a secure, offline location. Consider using a fireproof and waterproof safe to protect it.
  • Do use hardware wallets for large holdings: For significant amounts of cryptocurrency, use a hardware wallet to keep your private keys offline and safe from online threats.
  • Do enable two-factor authentication (2FA): If your non-custodial wallet supports 2FA, enable it for an additional layer of security.
  • Do verify addresses before sending funds: Always double-check the recipient's address before sending any transactions to avoid phishing scams.
  • Do regularly update your wallet software: Ensure your wallet software is up-to-date with the latest security patches and features.
  • Do use strong, unique passwords: Protect access to your wallet with a strong, unique password that is difficult to guess.
  • Do back up your wallet: Regularly back up your wallet’s data to ensure you can recover your funds in case of device failure or loss.
  • Do educate yourself about scams: Stay informed about common scams and phishing tactics in the crypto space to avoid falling victim.
  • Do test with small transactions: When sending funds to a new address or using a new wallet, start with a small test transaction to ensure everything works as expected.
  • Do consider multi-signature wallets: For added security, especially in business or group scenarios, use a multi-signature wallet that requires multiple approvals for transactions.

Don’ts

  • Don’t share your seed phrase: Never share your seed phrase with anyone, no matter how convincing their request may seem.
  • Don’t store your seed phrase digitally: Avoid storing your seed phrase in digital formats like cloud storage, emails, or note-taking apps where it could be hacked.
  • Don’t ignore phishing warnings: Be cautious of emails, messages, or websites that ask for your private keys or seed phrase. Always verify the authenticity of the source.
  • Don’t use public Wi-Fi for transactions: Avoid accessing your wallet or conducting transactions over public Wi-Fi networks, which can be insecure and susceptible to hacks.
  • Don’t reuse passwords: Never reuse passwords across different accounts or platforms, especially for your wallet and email associated with it.
  • Don’t forget to log out: Always log out of your wallet when you're finished, especially when using a shared or public device.
  • Don’t leave large balances in hot wallets: For security reasons, avoid keeping large amounts of cryptocurrency in a hot wallet (connected to the internet). Use cold storage instead.
  • Don’t rush transactions: Take your time to verify transaction details to prevent mistakes, such as sending funds to the wrong address.
  • Don’t install untrusted wallets or extensions: Only download wallet apps or browser extensions from official sources to avoid malicious software.
  • Don’t fall for ‘recovery services’: Be wary of any service that claims to recover lost crypto funds for you, as these are often scams.
  • Don’t store private keys in the cloud: Like seed phrases, private keys should never be stored in cloud services due to the risk of hacking.
  • Don’t trust unsolicited support requests: Ignore unsolicited help offers or support messages, especially if they ask for your wallet details or private keys.
  • Don’t use the same device for multiple wallets: If possible, avoid using the same device for multiple wallets to reduce the risk of a single point of failure.
  • Don’t forget to check fees: Always check transaction fees before sending funds, as they can vary widely and affect your transaction speed and cost.
  • Don’t leave your wallet unattended: Never leave your wallet, especially if it’s a hardware wallet, unattended in an insecure environment.
  • Don’t mix personal and business funds: Keep your personal and business cryptocurrency funds in separate wallets to avoid accounting and legal issues.
  • Don’t store all assets in one wallet: Diversify your holdings across multiple wallets to spread the risk in case one wallet is compromised.
  • Don’t be complacent about updates: Don’t ignore wallet update notifications, as updates often include critical security patches.
  • Don’t skip reading the wallet’s terms: Always read the terms and conditions of the wallet provider to understand their policies on security and recovery.
  • Don’t assume you’re immune to hacks: Always be vigilant about security, even if you believe your wallet is well-protected. Hackers constantly evolve their tactics.

What does that mean for UX design?

As you can see, the responsibilities are significant, and this complexity underscores the importance of thoughtful design. Here are three critical UX considerations for creating effective non-custodial wallets:

  1. Value proposition - Like anything, you need to start with the user profile and use case. The two extremes are high networth individuals looking for a secure long-term storage solution vs the everyday user looking to split a bill. Targeting a specific audience and use case will help you position your product better for word-of-mouth referrals and build a strong brand. Currently, the generic Web 3 wallets like Coinbase Wallet, Trust Wallet, and MetaMask are primarily positioned for Web 3 early adopters looking to do things on chain. They leave a lot of self-education to the user where you have to choose between 10+ chains, 10K+ tokens, and over a dozen DeFi protocols to interact with. This brings us to our second point.
  2. Onboarding and education - For mainstream use cases is very important to optimize educating your users without losing them. You don't want to bombard users with everything they need to know right off the bat. Instead, you want to guide them through important concepts while making them feel comfortable that they don't need to know everything to get started, which brings us to the next point.
  3. Minimize error - You must protect the user from themselves. The nature of non-custodial wallets puts a lot of responsibility in the hands of the user, but you want to make sure the user can't make mistakes. The most important touch point is how the user manages their private key. A second challenge is around transactions, whether it is making sure the user is transacting on the desired chain, conveniently confirming recipient details, or approving signature requests.

By focusing on a tailored value proposition, thoughtful onboarding/education, and robust error prevention, you can create a non-custodial wallet that not only enhances user confidence but also builds trust in the long-term viability of decentralized finance. The future of self-custody depends on making these wallets accessible and secure for everyone—not just crypto enthusiasts.


Follow along and let us know if you have any further questions. Check out our non-custodial deep dive here.

More from our blog