The 101 for Crypto Asset Managers:

My friends sometimes ask me, "Gryph, what is it you do exactly?"

I usually answer that I write essays on crypto and mess around with the tech. I try not to talk about it too much or go into any detail because I find that their eyes usually glaze over as soon as I mention "blockchain protocols" or "yield farming on defi."

The reality is that I am what would traditionally be classified as an Asset Manager.

My focus is 100% in the crypto sphere. I do not touch traditional finance or investment because I am philosophically opposed to the centralised, permissioned and opaque nature of that world. Crypto is by far the most interesting and dynamic industry I have ever been in. 3 years ago I walked away from my 9 to 5 wage-slave job in IBM and it's been the best thing I ever did.

In this essay series I am going to give an in-depth analysis and exploration of what it is I actually do and what I use to do it. My hope is that they will give you the tools and knowledge you need to be successful as a crypto asset manager, whether you do it professionally or simply as a best practice for your own personal journey into the wonderful world of crypto.

As the crypto bull market enters its second year, the revolution shows no signs of slowing. Prices across the board continue climbing to new all-time highs, bringing a fresh wave of interest and investment into this burgeoning industry. Trading volumes and on-chain activity have ballooned in tandem, with decentralized applications (dApps) and protocols seeing unprecedented levels of usage.

This explosion in growth has undoubtedly accelerated the realization of crypto's promise to upend traditional finance and reshape our increasingly digital world. However, the rewards of progress always come paired with new risks that must be addressed. As the number of users, wallets, and tokens surge, so too do the vectors for attack - requiring vigilance and innovation from all players in this space.

Luckily, the community has shown itself more than up for the challenge. Over the last few years, the industry's understanding of vulnerabilities has markedly improved. Safety tools and best practices are now lightyears ahead of where they were during crypto's early Wild West days. If you are serious about becoming a Crypto Asset Manager, the first area you need to become familiar with is the safety tools available to you to help minimise those risks.

Crypto Wallet providers have rolled out new protective features to make private key management and transaction approval processes safer and more intuitive for users of all technical abilities. Blockchain analytics firms closely monitor all major chains for suspicious activity, helping to quickly identify potential theft or fraud. Meanwhile, new open-source security libraries like Embedded Security APIs are arming developers with turnkey defences to integrate proactively into their products.

Through continued progress like this, the crypto ecosystem edges ever closer to realizing the full promise of decentralized, trustless systems where individual empowerment and digital sovereignty can finally displace centralized control and censorship.

As the use of cryptocurrency becomes more mainstream, the importance of secure wallet management grows in tandem. For many new to the space, the concept of private keys and digital signatures can understandably seem complex - making education around proper "wallet hygiene" all the more critical. For those of you looking to enter the crypto asset management world this is a foundational requirement.

Keeping separate wallets designated for different purposes is perhaps the most fundamental principle. Valuable NFTs, large token holdings, or other high-value assets should always be isolated to wallets maintained with extra precautions (Cold wallets). More lightweight wallets (Hot wallets) can then be used safely for day-to-day spending or trading without risking larger balances.

Tools have also emerged to extend these protections even further for those assets requiring approval-based access. Services like delegate.cash allow delegation of signature authority from one wallet to a separate more secure one, creating additional layers of defence for sensitive keys. The delegated wallet can then interact as needed while keeping the original's private keys completely isolated - ideal for scenarios like community verification or airdrop claims.

Adherence to practices like using a multisig, hardware wallet, regular software updates and backup recovery procedures all bolster the multi-layered approach. With so much individual wealth now being stored digitally, taking proactive steps to safeguard private keys through separation and delegation will remain vital in protecting long-term holdings through any market cycle.

My top pick of wallet apps.

1- https://app.zerion.io/ (hot/software wallet)
2- https://metamask.io/ (hot/software wallet)
3- https://www.ledger.com/ (hardware/cold wallet)

While wallet hygiene helps safeguard digital assets, unforeseen threats may still emerge that demand a swift response. This is where the real-time transaction monitoring services that many wallet providers now integrate into their product have proven invaluable, providing an extra layer of oversight to catch suspicious activity before harm can be done.

By maintaining constant watch over all movements in and around a wallet, these tools act as a virtual bodyguard on the blockchain. Any sends, receives or contract interactions - both expected and unknown - are instantly reported via text, email or push notification.

This allows even nontechnical users to benefit from the same timely insights available to dedicated blockchain analysts. Unknown activity that may seem innocuous, like spam NFT airdrops, can be quickly discerned from potential red flags warranting further investigation. With fraudulent contracts or phishing attacks often relying on speed and obfuscation, these services help level the playing field by stripping away the advantage of stealth.

Browser extensions like Pocket Universe and Wallet Guard present transactions in a clear, digestible format prior to confirmation in the wallet. Contracts and permissions requested are decoded into plain language.

In this example a user is reviewing a transaction that is going to drain their wallet of valuable NFT's. WalletGuard has clearly flagged the risk and the user is given the option to reject the transaction before even sending it to their wallet for approval.

Meanwhile, wallets like Phantom have streamlined this process into its interface directly. Transactions now plainly illustrate the intended state change in an easy to parse visual format, avoiding reliance on esoteric details that require specialized knowledge. With risk assessments to flag unusual parameters, users of all backgrounds can confidently separate quality dApps from potential scams with just a quick review.

As the frontier of decentralized finance expands, so too must the Asset Manager's responsibility over personal information and funds. Understanding what you are signing before you sign it is supremely important. If you are like me and are reviewing and approving hundreds of transactions per day these tools are absolutely essential.

You are responsible in Crypto. There is no regulator or similar government agency that will save you if things go wrong.

One aspect that demands constant attention is oversight of the permissions you have granted to third-parties that could potentially access the assets you manage.

https://help.crypto.com

How do I manage approvals for my tokens and NFTs? | Crypto.com Help Center

Learn more about managing the approvals you grant to dApps that you interact with

Like physical house keys loaned to others, addresses and contracts given approval to send or swap tokens or NFTs remain valid unless revoked. Regular review and revocation of these permissions ensures that should a service you have interacted with become a risk due to a hack, the assets in the wallets that you manage are kept safe.

Services that scan wallet addresses will surface all active approvals with a simple address check, including details of approved permissions and abilities that the contract enables. More helpfully, some integrate risk analysis to flag problematic approvals based on usage and recipient profiles.

Walletguard and/or Revoke.cash are my go to apps for cleansing my approvals.

While the blockchain itself maintains integrity through decentralization, the various access points to web3 remain dependent on traditional internet infrastructure. As such, maintaining baseline online security practices is key, forming the foundation on which more advanced crypto protections are built.

Creating strong, unique passwords for all accounts and enabling multi-factor authentication wherever supported should be universal norms. For those with large holdings, a hardware security key can provide the strongest available authentication. Regularly monitoring and updating your devices and networks also helps eliminate potential beachheads before threat actors can exploit them.

Just as in the physical world, a layered defence strategy proves most effective. Digital assets are best protected by combining crypto-specific safeguards with information security fundamentals.

If you are serious about being a crypto asset manager then you need to take information security seriously. If you want your clients to be able to trust you to secure their assets and help them grow their wealth be diligent as well as vigilant.

If you have read this far, I thank you. If you found this content useful, please help to further the conversation by sharing and following for continued discussions on the cutting edge of finance.