Listen closely this Halloween, and you’ll be able to hear moans and wails rising from old laptops and USBs tucked in basements and closets around the world. They share a single lament, that haunts crypto users old and new:
“If only I hadn’t lost access to that crypto wallet!”
These are the ghosts of wallets past, and this Halloween, they have risen from the grave to share one important message with you: how to make sure you never lose access to your wallet again.
It’s easy to joke about, but it’s true that losing access to your wallet is a widespread problem in crypto. It’s been estimated that 20–25% of the world’s Bitcoin supply is locked away in lost wallets, either because people lost their private keys or misplaced their hardware wallets. And that’s just Bitcoin. Imagine how much EOS, Telos, or WAX has been lost this way.
So how did we get here?
Why It’s So Easy to Lose Access to Your Crypto Wallet
To understand why lost wallets are such a problem, we need to know the basics of how crypto wallets work. Every wallet has at least one set of keys: a public key that operates like a bank address, which anyone can use to send tokens to the wallet, and a private key that allows the wallet owner to perform transactions with the tokens that are in the wallet.
This private key is often just a string of random letters and numbers, although it can also be a set of words or a whole phrase. Regardless of exactly how the key is formatted, though, all private keys are cryptographically secure.
Or, to put it another way, your private key is impossible to guess — because there’s more possible private keys than grains of sand on earth. This is good, because no one is ever going to get into your wallet just by guessing at your key. But it’s also bad, because if you lose your key… there’s no way you’re going to be able to guess it either.
You Can’t Lose What You Never Had
With a custodial wallet, the private key is kept by the institution (usually a crypto exchange) that issued you the wallet. This means the institution has full access to your funds and could stop you from withdrawing or using them under certain circumstances — similar to the traditional banking system. The one upside to a custodial wallet is that you’ll never lose your private key, because you never had access to it in the first place. If you forget your password, the institution that holds your keys will be able to help you, just like if you forgot your bank password. But it requires a lot of trust between you and the institution, because you need to believe both that they’ll keep your funds safe from hackers and that they won’t cut off access to your wallet in other ways.
But You Can Lose What You Own
In contrast, non-custodial wallets give you your private key, which also means that you have full control of your wallet and any funds in it. Many crypto users prefer this option, because they always have access to their funds and they don’t need to trust a centralized institution. But with great power comes great responsibility, because if you ever lose your private key, two things can happen:
- If you don’t find it, you’ll be locked out of your wallet forever, AND
- If someone else finds it, they can drain all the funds in your wallet
The company that issued you the non-custodial wallet can’t help either, because they can’t retain a copy of your private key — that would make them custodial by definition. So when you hold your private key, the buck stops with you.
This leads to a lot of crypto users who are extremely motivated to keep their private keys both safe from everyone else and accessible to themselves. People use a range of different tactics, from memorizing their private key, to putting it onto a hardware wallet, to using cold storage. But none of these tactics are infallible, which still leads to some wallets being lost at the end of the day.
All These Lost Keys Are Why We Invented the Owner Key Certificate
Look, we’ll say it up front: there’s no way to 100% eliminate the risk of losing your private key. But there are ways that both wallet companies and individuals can minimize the risk. For instance, a private key that’s formatted as a string of words has a much lower margin of error than a string of random letters and numbers. This is because even if you misspell a word when you originally write down the key, you can probably figure it out. But if you left out a letter or can’t read your handwriting in a string of random letters and numbers, then you can kiss your wallet goodbye.
We put together all the best practices for private keys for Anchor (our non-custodial wallet for Antelope chains), and the result is the Owner Key Certificate:
With Anchor, your private key is made up of 34 unique words. Only 28 of these are printed on the Owner Key Certificate, and you need to write down the last 6 words.
Even though most of the key is already printed on the certificate, those last 6 words are enough to keep the key cryptographically secure on their own. In fact, we’re so confident about this claim that the Owner Key Certificate above is for a real wallet. Back in 2020, we invited the community to try and hack into it to claim a 1000 EOS tokens. The bounty remained unclaimed for a full year before we ended the challenge and removed the tokens from the wallet.
We designed the certificate this way for a very specific reason: because if you need to print it on a shared printer, or you’re on a public computer, or god forbid your phone or laptop was compromised when you created your account, your private key will still stay safe so long as those last six words are missing.
Ways You Can Use the Owner Key Certificate to Secure Your Wallet
If you have Anchor and you want to use the Owner Key Certificate yourself, all you need to do is print it out and write down the last 6 words of your private key. Then if you ever lose access to your wallet, you can simply scan the QR code on the certificate and enter your 6-word encryption key to regain access. You can also type out all 34 words to regain access, as a backup alternative to the QR code.
The Owner Key Certificate can also be used in situations beyond just forgetting your key. Let’s say that you had your Anchor wallet on your phone, but then your phone broke. You could use the certificate to set up your Anchor wallet on a new device.
Or what if you just lost your phone, and you’re not sure who might have access to it? Because EOS has the concept of active and owner key pairs, you can use the certificate to generate a brand new active key and invalidate all other keys, so that the key on your compromised phone no longer works.
In fact, you could take the security of your wallet even further, by using the Owner Key Certificate to generate different active keys for different devices for the same wallet. To explain how this works, imagine that you have Anchor on your phone and want to use the desktop version as well. You can use the same active key on both devices, or you can generate a new active key and use it on your desktop, allowing you to access the same wallet with a separate key. Then if one of those keys is ever compromised, you just shut down the wallet or key on that device, and you can still use it on the other one.
You could even use the Owner Key Certificate as a cold wallet, because it’s a record of your key (and hence a record of your wallet) that’s printed on paper and not connected to the internet.
Keeping Your Owner Key Certificate Safe
The Owner Key Certificate is designed to give you as many ways as possible to recover your wallet, so that you never lose access to it. But, that being said… it’s also just a piece of paper.
That’s why we suggest a few best practices when you create your Owner Key Certificate. If you print it, make sure to:
- Write down the 6 words with a pen that won’t smudge
- Store it with your other important documents, like your birth certificate or deed to your house
- Laminate it (after you wrote down the words!) if you want to be extra safe
- You could even make a copy and store it at a trusted friend’s house or in a bank safe
And if you save it as a PDF rather than printing it, make sure to:
- Edit the PDF to include the 6 words and save the version with the words
- Store it on a USB or other device that doesn’t have access to the internet
- Keep the USB somewhere safe, like with your other important documents
In general, the level of security you use for your Owner Key Certificate should be based on a) the amount of funds you keep in the wallet and b) your own risk tolerance. Long story short, just make sure not to lose it — otherwise your wallet will eventually become a wallet ghost itself.
How To Generate Your Owner Key Certificate
If all this sounds good to you and you want an Owner Key Certificate, you can generate one for any new Anchor wallet account during the account creation process. If you already have an account and opted to create the certificate later, then you can start the process in the settings.
We’ll show you exactly how it works if you want to create an Owner Key Certificate on an Android phone, but we also have guides that cover the process for iOS and desktop accounts on our Support Portal.
In this example, we’ve just finished creating a new account. All we need to do is hit the “BACKUP ACCOUNT” button to start the Owner Key Certificate creation process.
Up until the point where you generate your Owner Key Certificate, your private key will be stored on your device (in this case, your phone). Like we covered before, this can become a problem if your phone is ever lost, broken, or compromised in any way. When you hit the “CONTINUE” button on this page, Anchor exports your key to the encrypted certificate and removes it from your phone.
You can now choose to print out or save your Owner Key Certificate as a PDF. In general, we recommend printing it.
On this screen, you’ll get the words that you need to enter into the 6 empty spaces at the bottom of the certificate. Make sure to write them in the right order, and double-check that the spelling is correct.
Now that you’ve written down the words, Anchor will ask you to verify them in order.
Review how the certificate works and confirm that you understand, and you’re all done!
Wishing you a safe Halloween and a safer wallet,
The Greymass Team