Custody 101 gave you the basics: write the seed phrase down, store it on metal, never type it into a webpage, never share it with "support." For balances under €5,000 that's enough. For balances above that — and especially for balances you plan to hold for years — the consequence model changes shape, and so does the discipline that prevents disaster.
The 301-tier consequence model
Three failure modes get more dangerous as your custody scales.
1. Single-key compromise. A single seed phrase is one secret. If it's exposed once — by a phishing site, by a colleague who shoulder-surfed at a coffee shop, by a laptop seizure at an airport — your entire balance is gone. At €1,000, painful. At €100,000, life-altering. Multisig (next lesson) eliminates this category by requiring multiple, independently-stored secrets to authorise a transaction.
2. Single-point recovery. If you wrote your seed on one piece of metal in one drawer, you have a single point of failure: house fire, flood, robbery, divorce, dementia. Custody 101 mentions a backup; 301 makes you commit to a recovery plan with at least two geographic locations and at least one trusted human who can act on your behalf if you can't.
3. Time. Most retail losses don't happen in one event — they happen because nobody touched the wallet for two years, the device firmware rotted, the metal plate corroded from a roof leak, the recovery phrase was written in a brand of ink that fades, and by the time the holder went to use it, the recovery couldn't be done. Long-term custody is a maintenance discipline, not a one-time setup.
What changes at 301-tier
The shift from 101 to 301 is from one-person, one-secret, hope-for-the-best to multiple-people-or-places, multiple-secrets, drill-it-annually. Specifically:
| Concern | 101 approach | 301 approach |
|---|---|---|
| Authorisation | Single-sig wallet | 3-of-5 multisig (or 2-of-3 for solo high-net-worth) |
| Recovery | One metal plate | Shamir-split shards across ≥ 2 locations + 1 trusted human |
| Device | Hot wallet + maybe a Ledger | Two distinct hardware wallets from different vendors |
| Routine | None | Annual drill: print fresh copies, test signing, rotate one signer |
| Phishing | Wary | Architecturally immune (no single key can lose everything) |
The boss of this branch is called the Sealmaster — the named risk is not theft, it's being unable to access your own funds when you need them. Most 301-tier losses are self-inflicted: forgotten passphrases, lost shards, signer keys held by people who moved abroad and stopped responding. We design against the entropy, not the thief.
When you should NOT bother
There's a real risk of overdesigning here. Custody 301 is appropriate when:
- You hold more than €25,000 of value in self-custody, OR
- You plan to hold for more than 5 years without active use, OR
- You are the custodian for someone else (family trust, small business treasury).
If neither applies — you have €3k in XRP, you trade it actively, the keys are on your phone — a 101-tier setup is appropriate. Overdesigning the custody of a small balance is one of the easiest ways to lock yourself out. Don't add Shamir shards to a wallet you log into twice a week. Match the discipline to the threat model.
The rest of this course assumes you've made the decision to commit, and walks you through the four pieces of the discipline: multisig, hardware, social recovery, and the annual drill that keeps all three honest.