So you have an ICO scheduled at a date soon to come, and everything is in place: Your whitepaper was a hit, your press releases have been polished and sent out to media outlets, and your customer service team is active on all of your social media channels to build up and maintain support for the launch.
If you’re in with a strong chance of raising large sums of money, now is a crucial time to think about how you will handle it securely after the raise, and whose responsibility it will be to manage the funds going forward.
With tens of millions of dollars potentially at stake, here are a few top tips on how to handle your cryptocurrency wallet in a secure and transparent fashion.
1. Review providers to choose a safe, compatible wallet system
For those wanting to receive tokens, wallet providers like MyEtherWallet may be a good choice. But storing tokens post-ICO requires a more tailored solution.
The most secure way to store tokens is with a hardware wallet. Up until a year ago, there was little support for Ether cold storage through hardware wallets, but now a handful Bitcoin wallet manufacturers such as Ledger and KeepKey have also entered the Ethereum market. Being a physical item, hardware wallets can be taken offline and stored securely in, for example, a bank vault, giving you all of the security that such infrastructure was built to provide.
2. Restrict access to necessary cases only
A wallet holding tens of millions of dollars of tokens suddenly becomes an extremely attractive target to potential hackers. This means that you must do everything possible to reduce ‘attack vectors’: The channels that a malicious actor could use to try to steal your funds.
An important step towards this is to make sure that the funds in the primary wallet are only accessed when absolutely necessary. Move a chunk of money to a smaller wallet for your day-to-day transactions — like your bank’s current account — and leave the main wallet offline except when absolutely needed.
3. Set up a multi-signature account
If your company is to be accountable, no one person on the team should be able to unilaterally move a large sum of money. That’s where a multi-signature wallet comes in. In order to release funds, a multisig wallet needs more than one set of private keys — for example, if your company has three founders, you might agree that at least two out of three must sign a transaction in order for money to be released.
Even if your main wallet is in cold storage, your working wallet(s) will still have large sums of money in them, which should only be accessible through a multi-signature process.
There are various tutorials online explaining how to set up multi-signature wallets, but be careful — at time of publishing, popular web wallet provider Parity (recommended in the linked tutorial) has suffered an attack which specifically freezes coins held in multi-signature wallets, so should not be used for this function until further notice.
4. Be transparent with your funders
In some cases, companies that have launched successful ICOs may lose the trust of their backers by failing to communicate clearly where the money raised will be stored and how it will be moved around — even if nothing untoward is happening.
Try to lay out clearly how you have planned to store the money raised and what outgoing transactions anyone monitoring the ICO smart contract address should expect to see in the days and weeks after the ICO. Doing this will protect you from any misunderstandings about how the funds are being used, and give everyone who bought your token more peace of mind.