XDRIPACADEMY
Sign in

Lessons·Blockchain security·10 min·Intermediate

Onboarding a team to crypto safely

Most business losses in crypto are not clever hacks. They are one employee, one key, one approval, with no policy behind them. Here is how to bring a team on safely.

When an individual loses crypto, the cause is usually a single mistake. When a business loses crypto, the cause is usually a missing system: no clear roles, no policy, one person holding everything, and no plan for the day that person leaves or gets phished. The good news is that the fixes are organizational, not technical, and a small team can put them in place in a week.

This lesson is the framework for doing that.

Start with the principle: no single point of failure

Everything below is one idea applied in different places. No single person, key, or device should be able to lose the company's funds or be the only thing standing between you and disaster. Whenever you find a place where one of something controls everything, that is your next thing to fix.

Key takeaway

The goal of secure onboarding is to remove single points of failure: the lone admin, the single key, the one person who knows the recovery phrase, the forgotten approval. Find each one and split it, back it up, or write it down safely. That principle, applied consistently, prevents the great majority of business losses.

Company funds: use a multisig

Personal self-custody can run on one hardware wallet. Company funds should not. They belong in a multisignature wallet, a setup where moving funds requires several approvals out of a defined group, for example three of five named signers.

A multisig gives you several things at once:

  • No single person can move the money, which protects you from both a rogue actor and a compromised individual.
  • No single lost key is fatal, because the threshold still leaves enough signers to recover.
  • Approvals create a natural record of who authorized what.

Decide the signers and the threshold deliberately, document who holds each key, and make sure the keys live on separate hardware wallets held by different people. A multisig where one person controls three of the keys is just a single point of failure wearing a costume.

Roles and least privilege

Not everyone needs access to everything. Give each person the least access their job requires, and no more.

  • Separate the people who can initiate a transaction from those who must approve it.
  • Keep day-to-day operational wallets small and separate from treasury holdings.
  • Limit who can deploy contracts or change critical settings, and never let that be a single unchecked person.

This is ordinary operational hygiene, the same separation of duties any business applies to bank accounts and accounting. Crypto just makes the consequences of skipping it faster and more permanent.

The human layer is the real target

Attackers rarely break the cryptography. They target your people. Every employee with access is a potential entry point, and the scams aimed at them are now polished and personalized, as we cover in the AI Security pillar.

So onboarding has to include the humans:

  • Train the team on the non-negotiables: seed phrases are never shared or typed into any site, support never asks for them, and urgent requests get verified through a separate channel.
  • Set a verification rule for money movement that cannot be skipped for urgency, even when the request appears to come from a senior person. Voice and video can be faked now.
  • Make it safe to report mistakes. People who fear blame hide errors, and a hidden compromise is far worse than an admitted one. The first person to say "I think I clicked something bad" should be thanked, not punished.
Offboarding is part of onboarding

The day someone leaves is a security event. Have a written checklist: rotate or remove their signing keys, remove their access to wallets and dashboards, update the multisig signer set, and revoke any approvals tied to them. A former employee who is still a signer, or whose key was never rotated, is a live risk you forgot about.

Write it down: a one-page policy

The single highest-value artifact for a team is a short, written policy that says, in plain language:

  • Which wallets exist and what each is for.
  • Who the signers are, and the threshold for moving funds.
  • The verification steps required before any payment.
  • The approved tools, and the rule that confidential data and keys never go into unapproved ones.
  • The onboarding and offboarding checklists.

It does not need to be long. It needs to exist, to be known by everyone with access, and to be followed. Most teams that lose funds never wrote any of this down, so each decision got made in the moment, under pressure, by whoever happened to be there.

The pattern across all of it is the one we teach everywhere: decide your defenses in advance, remove the single points of failure, and make the safe path the default path. Do that before you hold serious value, not after you lose some.

Key takeaway

Onboard a team the way you would set up company bank access: funds in a multisig with keys held separately, least-privilege roles, a verification rule for moving money that urgency cannot override, real training on the human-targeted scams, and a one-page written policy that includes offboarding. The controls are organizational, and a small team can stand them up quickly.

Track your progress

Create a free account to mark lessons complete and unlock pillar discounts.

← All lessonsReading a smart contract before you sign it