Quiz: Wallets, Custody, and Personal Security

Multiple Choice

Question 1

What does a cryptocurrency wallet actually store?

A) The user's cryptocurrency coins or tokens B) A copy of the relevant blockchain transactions C) Private keys that prove ownership of assets on the blockchain D) Encrypted copies of the user's transaction history

Question 2

In the BIP-39 standard, a 24-word mnemonic phrase encodes how many bits of entropy?

A) 128 bits B) 192 bits C) 256 bits D) 512 bits

Question 3

What is the purpose of the checksum in a BIP-39 mnemonic?

A) To encrypt the seed phrase so it cannot be read by unauthorized parties B) To detect errors in transcription — ensuring the words were recorded correctly C) To add additional entropy beyond the initial random number generation D) To bind the mnemonic to a specific hardware wallet device

Question 4

In the BIP-44 derivation path m/44'/60'/0'/0/3, what does the 60' represent?

A) The account index (60th account) B) The coin type (Ethereum, registered as coin type 60) C) The address index (60th address) D) The derivation depth (60 levels of key derivation)

Question 5

What is the primary security advantage of a hardware wallet's secure element chip?

A) It makes transactions faster by performing cryptographic operations in hardware B) It stores the private key in tamper-resistant silicon that is designed to never export the raw key C) It provides an internet-connected backup of the user's seed phrase D) It encrypts all blockchain transactions before they are broadcast to the network

Question 6

Which of the following is a scenario where a hardware wallet does NOT protect the user?

A) Malware on the connected computer attempts to extract the private key via USB B) The user enters their seed phrase into a phishing website that claims to "verify" wallets C) An attacker sends a malicious USB device that impersonates the hardware wallet driver D) Clipboard malware replaces cryptocurrency addresses in the system clipboard

Question 7

In a 2-of-3 multi-signature wallet, what happens if one of the three keys is permanently lost?

A) All funds are permanently locked and inaccessible B) The remaining two key holders can still authorize transactions and migrate to a new multi-sig setup C) The wallet automatically reverts to a single-signature wallet using one of the remaining keys D) The blockchain network performs a key recovery procedure to restore the lost key

Question 8

What distinguishes social recovery wallets from multi-sig wallets?

A) Social recovery requires all guardians to approve every transaction; multi-sig requires only a threshold B) In social recovery, guardians can only participate in key rotation during recovery — they cannot initiate or approve regular transactions C) Social recovery stores keys on social media platforms; multi-sig uses hardware wallets D) Social recovery is more secure than multi-sig because it uses more advanced cryptography

Question 9

In a SIM swap attack, what does the attacker gain control of?

A) The victim's hardware wallet PIN B) The victim's seed phrase stored on the SIM card C) The victim's phone number, enabling interception of SMS-based two-factor authentication codes D) The victim's cryptocurrency private keys stored in the phone's secure enclave

Question 10

What is an ERC-20 token approval exploit?

A) A vulnerability in the ERC-20 standard that allows tokens to be minted without authorization B) An attack that exploits previously granted unlimited token allowances, allowing a malicious or compromised spender contract to drain the victim's tokens C) A flaw in Ethereum's consensus mechanism that allows double-spending of ERC-20 tokens D) An exploit that creates fake ERC-20 tokens indistinguishable from legitimate ones

Question 11

How does Multi-Party Computation (MPC) differ from traditional multi-sig in custody solutions?

A) MPC requires more signers than multi-sig for the same security level B) MPC distributes shares of a single private key so the complete key is never assembled in one place, while multi-sig uses separate complete keys C) MPC is less secure than multi-sig but more convenient D) MPC only works on Bitcoin, while multi-sig works on all blockchains

Question 12

Which of the following is the BEST defense against phishing sites that impersonate DeFi protocols?

A) Using a VPN to mask your IP address B) Only using DeFi sites bookmarked directly from verified sources, never clicking links from social media or messaging apps C) Using the most expensive hardware wallet available D) Keeping your operating system updated to the latest version

Question 13

Why are paper wallets considered a largely deprecated practice?

A) Paper wallets cannot store more than 1 BTC B) Paper degrades, generating them securely requires an air-gapped computer, and spending partial amounts requires importing the key to a hot wallet C) Paper wallets were banned by Bitcoin Improvement Proposal 39 D) Paper wallets do not support Ethereum or any ERC-20 tokens

Question 14

What is the BIP-39 passphrase (sometimes called the "25th word")?

A) An additional word appended to the mnemonic that is required for all wallets B) An optional password that, when combined with the mnemonic, produces an entirely different set of keys and addresses C) A word chosen from a separate wordlist that serves as a second-factor authentication D) The password used to encrypt the hardware wallet's firmware

Question 15

A financial institution managing a $500 million cryptocurrency fund is evaluating custody solutions. Which of the following is the MOST appropriate choice?

A) A single Ledger Nano X stored in a bank vault B) MetaMask connected to a Ledger with a BIP-39 passphrase C) A regulated institutional custodian with insurance, multi-sig or MPC infrastructure, SOC 2 certification, and compliance with the SEC Custody Rule D) A 2-of-3 multi-sig Safe wallet managed by three employees of the institution

True/False

Question 16

True or False: If you lose your hardware wallet but have your seed phrase, you can recover all your funds by restoring the seed phrase on a new device.

Question 17

True or False: A 12-word BIP-39 mnemonic is less secure than a 24-word mnemonic, but 128 bits of entropy is still computationally infeasible to brute-force with current or foreseeable technology.

Question 18

True or False: Multi-sig wallets eliminate the risk of social engineering attacks because multiple parties must approve each transaction.

Question 19

True or False: Clipboard malware can be fully defeated by verifying the pasted address on a hardware wallet's screen before confirming a transaction.

Question 20

True or False: If all cryptocurrency were held by regulated custodians, the blockchain would still function identically from a technical perspective.

Short Answer

Question 21

Explain the difference between "hardened" and "non-hardened" derivation in BIP-32 HD wallets. Why does BIP-44 use hardened derivation for purpose, coin type, and account, but non-hardened derivation for change and address index?

Question 22

A user has a 2-of-3 multi-sig wallet. One key is on a Ledger at home, one key is on a Trezor in a bank safe deposit box, and one key is held by a key management service (e.g., Casa). Describe the user's procedure for:

a) Sending a routine transaction b) Recovering if the Ledger at home is stolen c) Recovering if Casa goes out of business

Question 23

Describe three specific actions a user should take immediately after discovering that their seed phrase may have been compromised (e.g., they accidentally photographed it and the photo was synced to a cloud service).

Question 24

Explain why "unlimited token approvals" exist as a UX pattern in DeFi despite the security risk they create. Propose one protocol-level and one user-level solution to reduce the risk without significantly degrading the user experience.

Question 25

Compare the regulatory implications of self-custody wallets versus custodial wallets from the perspective of anti-money-laundering (AML) compliance. Why do some regulators view self-custody wallets as a challenge, and what technical measures (if any) could address their concerns without eliminating self-custody?

Answer Key

Multiple Choice

  1. C — Wallets store private keys, not the cryptocurrency itself. Coins exist as entries on the distributed blockchain ledger.
  2. C — A 24-word mnemonic encodes 256 bits of entropy plus an 8-bit checksum (264 bits total, split into 24 groups of 11 bits).
  3. B — The checksum detects transcription errors, ensuring the recorded words correctly represent the intended entropy.
  4. B — In BIP-44, the second level represents coin type. Ethereum is registered as coin type 60 in SLIP-44.
  5. B — The secure element's core function is to generate and store the private key in tamper-resistant hardware that refuses to export the raw key material.
  6. B — A hardware wallet cannot protect against a user voluntarily entering their seed phrase into a phishing site. The seed phrase bypasses all hardware security.
  7. B — With 2 of 3 keys remaining, the threshold is still met. The key holders should immediately sweep funds to a new multi-sig address to restore the 2-of-3 threshold with three fresh keys.
  8. B — In social recovery, guardians participate only in key recovery (rotating the signing key). Under normal operation, only the single signing key is used for transactions.
  9. C — SIM swapping gives the attacker control of the victim's phone number, enabling them to intercept SMS codes used for two-factor authentication on exchanges and other services.
  10. B — Token approval exploits abuse the ERC-20 approve function. If a user previously granted an unlimited allowance to a contract that is later compromised, the attacker can call transferFrom to drain the approved tokens.
  11. B — MPC distributes key shares across multiple parties and performs collaborative signing without ever assembling the complete key in one location. Multi-sig uses separate, complete keys with on-chain threshold verification.
  12. B — Bookmarking verified URLs and never following links from external sources is the most effective defense against phishing, as it eliminates the primary vector (deceptive URLs).
  13. B — Paper wallets have multiple practical weaknesses: physical degradation, the difficulty of secure generation, and the need to import the full key when spending partial amounts.
  14. B — The passphrase is an optional input to the PBKDF2 function that produces an entirely different seed (and therefore different keys and addresses) from the same mnemonic words.
  15. C — A $500M fund requires a regulated custodian with insurance, compliance infrastructure, and multi-party authorization — not individual hardware wallets or small multi-sig setups.

True/False

  1. True — The seed phrase deterministically generates all private keys. The hardware device is just an interface; the seed is the wallet.
  2. True — 128 bits of entropy provides 2^128 possible combinations (approximately 3.4 x 10^38), which is computationally infeasible to brute-force.
  3. False — Multi-sig reduces but does not eliminate social engineering risk. An attacker could target multiple signers individually, or a single entity might control multiple keys (as in the Ronin hack).
  4. True — If the user verifies the full recipient address on the hardware wallet's screen (which displays the actual transaction data, independent of the computer), clipboard malware's address substitution is detected.
  5. True — The blockchain itself operates based on valid transactions signed with valid private keys. Whether those keys are held by individuals or custodians does not affect the protocol's technical operation, though it significantly affects the decentralization and censorship-resistance properties of the network.

Short Answer

  1. Hardened derivation uses the parent private key as input, making it impossible to derive the child key from the parent public key alone. Non-hardened derivation uses the parent public key, allowing child public keys to be derived from the parent public key without the private key. BIP-44 uses hardened derivation for purpose, coin type, and account to ensure that compromising one account's keys cannot lead to derivation of other accounts' keys. Non-hardened derivation is used for change and address index to enable watch-only wallets (which know only the public key) to generate new receive addresses without accessing the private key.

  2. (a) The user signs with the Ledger at home and sends the partially-signed transaction to Casa, which co-signs. Two of three signatures are collected, and the transaction executes. (b) If the Ledger is stolen, the attacker has only 1 of 3 keys — insufficient to move funds. The user uses the Trezor (safe deposit box) and Casa to sweep all funds to a new 2-of-3 multi-sig address, then sets up a new third key. (c) If Casa goes out of business, the user still holds 2 of 3 keys (Ledger + Trezor). They can authorize transactions independently and migrate to a new multi-sig with a different third-party key holder.

  3. (1) Immediately transfer all funds from compromised addresses to a new wallet with a freshly generated seed phrase — do this before anything else, as speed is critical. (2) Delete the photo from the cloud service and all synced devices (though you must assume an attacker may have already accessed it). (3) Revoke all token approvals associated with the compromised addresses to prevent future draining of any tokens that were not moved.

  4. Unlimited approvals exist because requiring a separate approval transaction before every swap adds friction and gas costs. Protocol-level solution: Implement ERC-20 permit (EIP-2612) with time-limited approvals that expire automatically, or adopt approval amounts that match only the current transaction. User-level solution: Use a wallet that defaults to limited approvals (approving only the exact amount needed) and provides a one-click interface for revoking approvals after use.

  5. Self-custody wallets challenge AML compliance because there is no intermediary to perform Know Your Customer (KYC) checks or file Suspicious Activity Reports (SARs). Regulators view this as a gap in the AML framework. The cryptocurrency community argues that self-custody is analogous to holding cash and is a fundamental property right. Technical measures that could partially address regulatory concerns include: on-chain analytics (tracking fund flows without requiring identity), travel rule compliance at the exchange on-ramp/off-ramp points (where self-custody wallets interact with regulated entities), and zero-knowledge proof-based compliance (proving regulatory compliance without revealing identity). None of these fully resolves the tension.