You own your ENS name completely—no one else can change or take it from you. This means you must protect your wallet keys from phishing scams—if you lose your name, we cannot recover it. Use the multi-wallet strategy below to help prevent theft.
The Recommended Setup
Role | Wallet Type | Why |
Owner | Cold wallet | Never connects to apps or websites, eliminating phishing risk. |
Manager | Warm or Hot wallet | Expected to be connecting and signing permissions on several apps, sites, etc |
ETH Address | Hot wallet | Receives funds |
By seperating ownership into a cold wallet, if your hot or warm wallet is compromised, your ENS name stays safe.
How to Set It Up
Go to app.ens.domains
Connect your wallet
Search for your name → Ownership tab
Click Edit Roles
Update
Store the name (
Owner) in your cold walletSet
Managerto your hot walletPoint
ETH Addressto hot walletSet Primary Name on hot wallet
Related Articles
Additional Information on Wallet types.
You can further add security to your names by using a mix of wallet types:
Wallet type | Details |
Cold wallet | Stores your valuable assets offline. You rarely access it. |
Hot wallet | Your daily wallet for transactions. Only hold small amounts here. |
Hardware wallet | A physical device that keeps your private keys offline and secure |
Multi-Sig wallet | Requires multiple wallet approvals for any transaction. No single point of failure. |
Multiple wallets | Using multiple wallets of any of the above types |
About the Cold wallet
Interacting with contracts can be risky, but necessary. A good idea is to keep a Cold wallet where you store assets you want to keep safe while using a Hot wallet for your day-to-day contract interactions.
ENS names have unique properties that make holding them in cold wallets easy, namely that you can have one wallet be the ownerOwner of it while having another wallet be its record administrator.
By pointing the ETH Address and Manager records to your hot wallet, you can use the ENS name from your day-to-day hot wallet just as if it was in that wallet, except if that wallet is compromised, you won't lose your ENS name.
This two-wallet setup ensures that even if a malicious actor compromises your hot wallet, the actual ownership of your ENS name remains safe in your cold wallet.
Cold wallets don't directly protect against interacting with a malicious contract or token approval scams, they only do so indirectly by not using them to interact with them. If your wallet is compromised and contains ENS names, transferring ownership to a secure wallet should be prioritized.
For maximum safety, always transfer ENS ownership to a cold wallet or hardware wallet that is not used for regular transactions. Additionally, double-check all transactions, particularly when transferring ownership or making modifications to records, to avoid costly errors.
About Hardware wallets
A Hardware wallet is a device that improves your wallet security by keeping your private keys off your phone and computer. The keys are kept on the external device itself, and for each transaction you make you'll have to connect and approve the transaction on the device.
This gives added protection against many (but not all) types of scams and security issues:
Viruses
Fake MetaMask login websites
Fake wallets
Token approval scams / interacting with malicious contracts
Compromised seed phrase
Physical access
About Multi-Sig wallets
A Multi-Sig wallet is a smart contract wallet that provides security by only allowing transactions to be performed if they're approved by several different wallets, thereby distributing the security responsibility between different keys or even different people.