Call me Frost Kim

That is a pen name. The reason is uncomplicated: crypto has a track record of people being doxxed and harassed over publishing under their legal name, and I would rather spend my hours on the handbook than on managing that. "Frost" comes from the most important idea in crypto custody — keep your private keys on devices and media that never touch the network. Almost everything in this handbook, in one way or another, is about how to keep your coins genuinely cold.

I came in during 2016. That year I had been working for two years and had saved a small amount; a coworker dragged me to look at Bitcoin, which was around USD 600 at the time. I hesitated for three months and ultimately bought a tiny position. I have not left the space since.

Across the past ten years, I have lived through:

  • The 2017 bull run — what it actually feels like to see something move 10×.
  • The 2018 winter — what "paper gains are not money" actually means in practice.
  • DeFi Summer 2020–2021 — my first impermanent-loss tour in an LP pool.
  • The 2021 NFT mania — watching a community collectively lose its mind.
  • The 2022 triple collapse of LUNA / Three Arrows / FTX — finally understanding that centralized exchanges can have no floor.
  • The quiet 2023–2024 — when I started rethinking why I was doing any of this.

I have been on the wrong side of nearly every category of attack: approval phishing, account hijacks, ponzi pitches, and yes, money parked on an exchange that later vanished. None of the losses were severe enough to push me out, but every one became muscle memory of the "do not let this happen again" kind. Most of this handbook is built from that muscle memory.

Why a handbook, not a blog

Because I have read enough of "BTC moved 8% today, here is what we think." Crypto does not lack news, market commentary, or airdrop tutorials. What it lacks is a coherent answer to "I already hold some coins — how do I survive the next ten years with them?" That question has a long time horizon. It needs a handbook, not a blog: something you can come back to, something not tied to the news cycle, something that keeps every correction logged on a public page.

So this site does one thing: cover custody, security, risk, and incident response in depth. No price commentary. No predictions. No event-chasing. If you finish the handbook and think "this is really just about those four things," that is the point.

How I write

Each article takes me two to three weeks. The process:

  1. Topic selection. Sources are reader email, requests from the crypto Telegram groups I read, and real long-tail queries that show up in search. I do not run an editorial calendar; I write when enough people have asked.
  2. First draft. I run the workflow myself first. For the hardware-wallet matrix I bought three devices, flashed firmware, and used each for two weeks. For the phishing atlas I sent a test wallet at known phishing sites and watched what happened.
  3. Fact check. I let the draft rest a day or two, then re-read every claim and ask: can I personally verify this?
  4. Reader preview. Important pieces go out to a few long-term readers in a small group; their confusions and pushback get folded back into the text before publication.
  5. Publication. Nothing is frozen. Any reader who emails in a correction gets a response, and the change is logged on the corrections page.

What "I tested" means

Every article carries at least one section labeled tested. That section is not the conventional advice circulating online, and it is not lifted from exchange documentation. It is what I did, by hand, while writing the article — with real funds, the actual workflow, and the actual outcome.

Some of these tests succeed. Some fail. I write up the failed ones too — readers need to know where the workflow breaks down more than they need a polished tutorial.

Where the money comes from

I would rather over-explain this than under-explain it. Where a crypto site's revenue comes from will directly decide whether it bends content to please advertisers.

My income sources are two:

  1. Out of pocket. Hardware wallets, node hosting, the test-wallet float — all funded by me up front.
  2. Binance referral. I recommend Binance to readers (with my referral code BN16188). If a reader signs up through my link and trades, Binance pays me a referral commission per their published rules, and the reader receives the trading-fee discount Binance assigns to the program. Full mechanics on the disclosure page.

The second is the larger of the two. I do not hide that — and precisely because it is the larger one, I am extremely strict about what I will recommend. The handbook currently endorses exactly one exchange. Hardware wallets, password managers, and node services come up by name, but those are open-source tools or mainstream brands I use myself, with no commercial relationship attached.

Why no display ads

A lot of crypto display advertising sells scams or pump-and-dump projects. Running ads would contaminate the credibility of the entire site. Beyond that, the presence of an advertiser tends to subtly steer topic selection away from anything that would upset them — I do not want that constraint.

Why I run this with no Twitter / no LinkedIn

Most independent crypto sites list their author's Twitter handle, LinkedIn, GitHub, sometimes a Telegram. Hodler's Handbook deliberately doesn't. Three reasons, in order of weight:

  1. Crypto Twitter shapes incentives I don't want. Once an author writes for "engagement on X," the editorial calibration shifts toward what gets retweets — sharp takes, hot opinions, scary screenshots. That subtly drags long-form security writing toward newsy commentary. I'd rather keep the work in the long-form column.
  2. A doxxed author with $5K worth of social-media followers is a worse threat model than a pseudonymous author with $0 followers. Crypto holders who write under their real names get targeted — for phishing, for SIM swaps, for occasional in-person harassment when their home address leaks. Pseudonymity is operational security.
  3. I want the writing judged on the writing. No credentials to look up, no past job titles to lean on. Either an article holds up to a reader's own verification, or it doesn't. The corrections page below tracks where it hasn't.

If a reader needs to verify a specific factual claim, the structural defense is the corrections page — every factual error raised by a reader is logged there with date and context. That's the audit trail. PGP fingerprint for sensitive correspondence is available on request via privacy@wechibi.com.

How to reach me

  • Email: privacy@wechibi.com — the single inbox for fact-checks, corrections, and reader feedback. I read every message; I reply to the substantive ones.
  • Reader group: readers who have supported the handbook for three consecutive months get invited to a small group. I take questions there, share drafts early, and collect feedback.

I do not run mainstream social accounts. The distribution mechanics of those platforms reward emotional content; that is the opposite of what a handbook is for.

Where I want this to go

New articles ship monthly, but I do not force the cadence. What already exists gets more of my attention than what comes next — major revisions once a year, minor revisions once a quarter, opportunistic updates whenever a real event demands them.

Three to five years from now, if this is the site that holders read in their first year and still come back to in year three, the project worked.