As soon as you starts to actively interact with the Ethereum blockchain, you realize that one wallet is not enough, even if it’s a hard wallet. I started out with an account on a hard wallet that I had some Eth in. This felt nice, since I could self custody my coins and I had the protection of a hard wallet. However, the blockchain is a dangerous place and even if you have your assets on a hard wallet with a protected private key, you can get attacked. One of the most common way I’ve seen in the community is people are tricked into signing malicious transactions that gives the attacker the ability to control your funds.
For me, the minimum security setup is as follows,
One or multiple hot wallet for real degen activity, to have the threshold for activity as low as possible.
One main public account for “log in with Ethereum” activity. This account will hold your public ENS address that you use as your handle. I would assume that this account it doxxed even if you have not doxxed yourself, since it will be your public profile and connected to your online activity. Here it’s best to not have huge amounts of funds or valuable assets. There are two main reasons for this. First, you will use this account actively and the risk is high that you will be tricked into signing something that you are unsure of. You don’t want to be worried all the time, using your main account. Second, since Ethereum is public, it’s unwise to flash your bank account since it may potentially get you targeted more easily.
One assumed doxxed asset account. You would not want your precious NFTs and small amounts of funds to always be compromised in your daily activity. This is why you can have these assets on another account. However, this account will also have to be assumed to be doxxed since it may hold profile pictures and other assets connected to your public account. This account will also be the main account from were you send funds from CEXes, which hold private information about you.
One non-doxxed private account is always best to for long term storage. You can use Tornado cash or Swirl to send private transactions from your doxxed asset account. This account can store NFTs, but only if they never have interacted with any other account, but keep in mind that NFTs can potentially link you to different online communities and associations.