Secure Your ENS by Moving to a Hardware Wallet

February 01, 2022

2 min read

Recently, I’ve seen a few wallets get hacked on Twitter. Someone lost her ENS domain which freaked me out, since I initially bought mine with a hot wallet & don’t want to lose it. So I finally moved it to my Ledger and wanted to share — it’s surprisingly easy.

First, a few quick terms to get a baseline understanding of ENS:

  • Primary ENS Name — Your global username. When you connect to a dapp, they can find the ENS associated to your wallet if you have your Primary ENS set up.

    • Note: You can only set the Primary ENS for your wallet if the record address (defined below) is pointing to your wallet’s address.
  • Registrant (1) — The owner of the ENS name. This piece is the most important, since it has control over everything else.

  • Controller (2) — Allows you to manipulate different parts of the ENS domain: change the controller address itself, add subdomains, & edit records.

  • Record Address (3) — Points the ENS name to a specific wallet address. This is how you can send funds to a wallet by entering amaan.eth instead of 0x...d2

The image below shows which is which (numbered accordingly). Registrant and controller don’t have to be the same address, but initially are set up to be the same.

ENS Name

So here’s my setup: I’ve moved the registrant to my hardware wallet, while the controller is tied to my hot wallet. That way, if I ever need to edit records or add subdomains, I don’t need the inconvenience of using my Ledger.

The benefit of this is that if my hot wallet ever got hacked, I could simply use my Ledger to change the controller, and then use the new controller to edit the records once again.

If you have an ENS name that’s owned by a hot wallet, the only thing you need to do is change the registrant to be your hardware wallet’s address.