Wondering what people's thoughts are on collaborative custody 2 of 3 multisig. Seems like it's the best option by far for long term storage and peace of mind, and I'm surprised it's not recommended more.

Read below, let me know what thoughts / objections you have, or if perhaps you never heard of this.

TL;DR – you're completely in control of your wallet/funds there's no single point of failure

Here's the setup:

  • You keep 2 hardware wallets. One close by in a safe, the other at a secure offsite location
  • You keep the seed phrases for the wallets on metal backups (1 for each). One close by in a hidden location, the other at another offsite location
  • The third party (most likely a company like Unchained) keeps the third private key in their vault.
  • The third party keeps you xpubs stored in your account so they can keep track of your transactions / generate new public keys
  • You keep digital backups of the xpubs in case the third party goes under, which is highly unlikely.

Here are the key points:

  • The third party does not have any access whatsoever to your funds. "Not your keys not your bitcoin" does not apply here – you have 2 of 3, you're simply using the third party as a secure backup location.
  • You essentially have 4 items to secure and keep track of. 2 hardware wallets and their backups. To LOSE access to your bitcoin, you'd need to lose 3 out of 4 of those items
  • If you lost one of your private keys (both the hardware wallet and the backup), you can simply contact the third party and restore access to your funds and set up a new wallet
  • You don't have to do any memorization. You don't need to passphrase protect your wallets, because if someone steals one, they still can't access your funds. Using a passphrase only increases your chances of losing access to your wallet. (This is actually huge – fun fact, most bitcoin is lost due to forgotten passphrases)
  • It's extremely difficult for an attacker to steal your funds – they'd have to steal from two separate locations without your knowledge
  • It's easy to go completely air gapped with this method
  • With a bit of step-by-step guidance, this is ideal for people that aren't good at keep track of things. (Hint – that's a LOT of people)

The only trust you have to have in the third party:

  • If you lose one of your private keys, they could hold your third private key hostage. However, this would ruin their reputation and end their company.
  • They could get hacked or someone could pose as you to steal your backup. But, if that happened, the attacker would not have gained access to anyone's funds. Plus, in the case of Unchained, the ID verification process is far more rigorous than most banks. It's a 24-48 hour process than includes sending video footage of yourself. Getting around this would be a highly unlikely / fruitless attack
  • They have your xpubs, so they can see your transaction history when you might want to keep that private. If that were compromised, it would also ruin their reputation.
  • KYC, but 99% of us have been KYC'd already. You basically have to stay all the way off the internet if you want to completely avoid that, unless you're a cyber ninja that's constantly jumping through hoops. It's not practical to avoid KYC imo.

submitted by /u/frstdrgn
[link] [comments]

Leave a Reply

Your email address will not be published. Required fields are marked *