Exercises: Wallets, Custody, and Personal Security

Conceptual Questions

Exercise 36.1: Wallet Misconceptions

A friend tells you: "I have 2 Bitcoin stored on my Ledger hardware wallet." Explain precisely why this statement is technically inaccurate. What does the Ledger actually store, and where do the Bitcoin exist? Your answer should reference the relationship between private keys, public keys, addresses, and the blockchain ledger.

Exercise 36.2: The Entropy Foundation

Explain why the quality of the random number generator is the single most critical component of wallet security. Describe a scenario in which a weak or predictable RNG would compromise every subsequent layer of security — seed phrase, private keys, and addresses — even if all other security practices were perfect.

Exercise 36.3: BIP-39 Checksum Purpose

A 24-word BIP-39 mnemonic includes a checksum derived from the SHA-256 hash of the entropy. Answer the following:

a) How many bits of checksum are included in a 24-word mnemonic? b) What specific property does the checksum verify? c) If you randomly choose 24 words from the BIP-39 wordlist, what is the probability that they form a valid mnemonic? Express your answer as a ratio and as a percentage. d) Does the checksum provide any security benefit, or is it purely for error detection? Justify your answer.

Exercise 36.4: Derivation Path Analysis

Given the BIP-44 derivation path m/44'/60'/2'/0/7, identify each component:

a) What does the m represent? b) What does 44' indicate? c) What does 60' tell you about the blockchain being used? d) What is the account index? e) What is the difference between the 0 and 1 values in the change field? f) What is the address index, and how many addresses were generated before this one in the same account/change combination?

Exercise 36.5: Passphrase Implications

Alice creates a wallet with the seed phrase "apple banana cherry ..." (24 words). She sets up two configurations: - Configuration A: No passphrase - Configuration B: Passphrase "MyS3cretP@ss"

a) Do Configurations A and B produce the same master seed? Explain why or why not. b) Do they produce the same set of addresses? c) If an attacker obtains Alice's 24-word mnemonic but not her passphrase, can they access funds stored in Configuration B? d) If Alice forgets her passphrase, is there any way to recover the funds in Configuration B? e) Describe a scenario where the passphrase feature could be used for plausible deniability under physical coercion.

Analysis and Comparison Exercises

Exercise 36.6: Hardware Wallet Threat Model

For each of the following attack scenarios, indicate whether a hardware wallet (properly used) protects the user, and explain why or why not:

a) Malware on the user's computer intercepts the clipboard and replaces cryptocurrency addresses. b) A phishing site requests the user's seed phrase for "wallet verification." c) An attacker gains physical access to the hardware wallet but does not know the PIN. d) A DeFi protocol requests an unlimited token approval, and the user confirms without reading the details on the hardware wallet screen. e) An attacker performs a SIM swap to intercept 2FA codes for the user's exchange account. f) A nation-state actor serves a legal order compelling the user to unlock their device and transfer funds.

Exercise 36.7: Multi-Sig Configuration Design

Design multi-sig configurations for each of the following scenarios. For each, specify: the M-of-N threshold, who holds each key, what devices store the keys, and what the recovery procedure is if one key is lost.

a) A married couple with $500,000 in cryptocurrency who want joint control and inheritance protection. b) A startup with 4 co-founders managing a $2 million company treasury. c) A DAO with 15 core contributors managing a $50 million treasury, where contributors are distributed across 8 countries and 5 time zones. d) A single individual with $200,000 who wants maximum security without relying on any third party.

Exercise 36.8: Custody Tradeoff Analysis

Complete the following table by rating each custody solution on a scale of 1-5 (1 = worst, 5 = best) for each criterion. Justify your ratings in a brief paragraph for each solution.

Exercise 36.9: Social Recovery vs. Multi-Sig

Compare social recovery wallets (as proposed by Vitalik Buterin) with multi-sig wallets across the following dimensions:

a) Day-to-day user experience (signing transactions, interacting with dApps) b) Recovery process when the primary key is lost c) Attack surface (what must an attacker compromise to steal funds?) d) Guardian/signer requirements (technical sophistication, availability) e) On-chain costs f) Adoption barriers

Conclude with a recommendation: for which user profile is social recovery preferable to multi-sig, and vice versa?

Practical Exercises

Exercise 36.10: Approval Audit

Using a block explorer (Etherscan for Ethereum, or the equivalent for another EVM chain), perform the following analysis on a public wallet address of your choosing (you can use a well-known DeFi protocol's governance address or a random address with visible activity):

a) Navigate to the "Token Approvals" section. How many active approvals does the address have? b) Identify any unlimited approvals (where the approved amount is the maximum uint256 value). List the token and the approved spender contract. c) For each unlimited approval, research the spender contract. Is it a well-known protocol (Uniswap, Aave, etc.) or an unknown contract? d) If this were your wallet, which approvals would you revoke immediately, and why? e) Write a brief security policy (3-5 rules) for managing token approvals going forward.

Exercise 36.11: Phishing Detection Challenge

Examine each of the following scenarios and determine whether the interaction is legitimate or a phishing attempt. Explain your reasoning for each.

a) You receive a Discord direct message from "MetaMask Support" offering to help with a failed transaction. They ask you to visit metamask-support.io to "resync your wallet." b) You navigate to app.uniswap.org using a bookmark you saved six months ago. The site asks you to connect your wallet and approve a token swap. c) You receive an email from security@ledger.com stating that your device firmware has a critical vulnerability. It includes a link to download an update from ledger-update.com. d) You see a Google ad for "Uniswap" at the top of search results. The ad URL shows uniswap.org but clicking it redirects to app-uniswap.exchange. e) A Twitter account with a blue checkmark and the display name "Vitalik Buterin" announces a surprise ETH giveaway: "Send 1 ETH, receive 2 back." The account handle is @VitalikButerln (with a lowercase L instead of an I).

Exercise 36.12: Seed Phrase Backup Plan

Design a comprehensive seed phrase backup plan for an individual holding $50,000 in cryptocurrency. Your plan should address:

a) Physical format of the backup (paper, metal, or both — justify your choice) b) Number of copies and their geographic locations c) Protection against fire, flood, and physical theft at each location d) Whether to use a BIP-39 passphrase, and if so, how the passphrase is stored e) Inheritance plan: how a designated heir would access the funds if you were incapacitated f) Verification schedule: how often and how you confirm the backup is still intact and usable g) Cost of your plan (itemize: metal backup device, safe deposit box rental, etc.)

Code and Technical Exercises

Exercise 36.13: BIP-39 Wordlist Properties

The BIP-39 English wordlist has 2048 words. Using the official wordlist (available at https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt):

a) Verify that no two words share the same first four characters. Why is this property important for usability? b) Find the shortest word and the longest word in the list. What is the character range? c) Calculate the entropy in bits represented by a single word from the list. Show your calculation. d) If you wanted to create a valid 12-word mnemonic by hand, describe the process you would follow, including how to compute the checksum. Why is "by hand" generation strongly discouraged in practice?

Exercise 36.14: Multi-Sig Simulation

Using the Safe (Gnosis Safe) interface on a testnet (Goerli or Sepolia):

a) Create a 2-of-3 multi-sig wallet using three addresses you control (can be three MetaMask accounts). b) Deposit some testnet ETH into the Safe. c) Initiate a transaction to send ETH to another address. Note: only one signature is submitted initially. d) Switch to a second owner account and confirm the transaction. Observe when the transaction executes. e) Document the gas costs of: creating the Safe, initiating a transaction, confirming a transaction, and executing the transaction. How do multi-sig gas costs compare to a simple EOA transfer?

Exercise 36.15: Attack Vector Mapping

Create a threat model matrix for a user who holds $25,000 in Ethereum across the following setup: - MetaMask browser extension (hot wallet): $5,000 - Ledger Nano S Plus (cold wallet): $20,000 - Seed phrase for Ledger written on paper in a desk drawer - No multi-sig - SMS-based 2FA on Coinbase exchange account (used for on-ramp)

For each component, identify: (a) the attack vectors it is exposed to, (b) the likelihood of each attack (low/medium/high), (c) the potential loss if the attack succeeds, and (d) one specific mitigation for each attack vector.

Present your analysis as a table and conclude with the three highest-priority improvements this user should make.

Critical Thinking Exercises

Exercise 36.16: The Paradox of Self-Custody

The cryptocurrency movement was founded on the principle of eliminating trusted third parties. Yet as adoption grows, an increasing percentage of cryptocurrency is held by custodians — exchanges, ETFs, and institutional custody providers.

a) Why do most cryptocurrency users choose custodial solutions despite the mantra of "not your keys, not your coins"? b) Is the trend toward custodial solutions a failure of the cryptocurrency movement's original vision, or a natural maturation of the technology? c) Could MPC wallets and social recovery wallets resolve the tension between self-custody and usability? What would need to change for these technologies to achieve mainstream adoption? d) If 80% of all Bitcoin is eventually held by institutional custodians, does Bitcoin still fulfill its promise as decentralized money? Defend your position.

Exercise 36.17: Regulatory Implications of Self-Custody

Several governments have proposed or implemented regulations that could restrict self-custody wallets (sometimes called "unhosted wallets"). The EU's Transfer of Funds Regulation (TFR), for example, requires identity verification for transfers between self-custody wallets and regulated exchanges.

a) What is the stated regulatory justification for restricting self-custody wallets? b) What are the counterarguments from the cryptocurrency community? c) Is it technically possible to enforce a ban on self-custody wallets? What would the enforcement mechanism look like? d) Compare the regulatory treatment of self-custody wallets to the regulatory treatment of physical cash. Are the regulatory positions consistent? e) Design a regulatory framework that balances anti-money-laundering requirements with the right to self-custody. What compromises would each side need to accept?

Exercise 36.18: Ethics of Key Recovery

A family contacts you for help. Their father recently passed away, and they believe he held approximately $2 million in Bitcoin on a hardware wallet. They have the hardware wallet device but not the PIN or the seed phrase. They have found a company that claims it can brute-force the PIN using a known vulnerability in the device's microcontroller.

a) Is it ethical to attempt to crack the hardware wallet? Consider: the family's ownership claim, the manufacturer's security guarantees, and the precedent set by demonstrating the vulnerability. b) If the vulnerability is real and the crack succeeds, should the family notify the manufacturer so the vulnerability can be patched? c) How does this scenario differ from a traditional safe that a locksmith could open for the next of kin? d) What inheritance planning steps could have prevented this situation entirely?