LNCM
Lightning Network Chiang Mai

TwitterGitHubGitterDockerNPMMastodonGitLab

How to keep your coins safe: solutions for crypto custody problems

Posted 2022.01.16

Crypto custody is an important issue. Crypto traders and hodlers are increasingly targeted by organised crime and other evildoers. These attacks may involve threats of violence, or worse. This means secure custody of your coins is not just about protecting what you own, but also about protecting yourself and those around you.

There are a lot of different wallet guides out there. Unfortunately, they usually don't talk about ensuring that you can't be forced to give up your coins, if someone tries to use brute force or other unpleasantness.

Therefore, this document describes different tools you can use protect your crypto holdings against robbery and coercion. It is not a detailed how-to: the detailed design of a secure access protocol will (probably) be unique to your situation.

This page is a work in progress, and it is constantly being updated. For comments or additions, join our Matrix or Telegram groups and let us know your thoughts. You can also submit a pull request to our Github repo.

Multi-signature tools

Most custody systems will involve some form of multi-signature security, where 2 of 3 private keys (or 3 of 5, etc) must be present to make a transaction. For more, see here and here.

Free/open-source solutions for self-custody

  • Electrum multisig wallets: Electrum supports N of M multisig by default.
  • Bitcoin native multisig: Bitcoin natively supports multisig addresses.
  • "Poor man's multisig" where you divide up a seed phrase into 3 parts and store copies such that you need key material from 2 of 3 storage sites to reconstruct the seed phrase. This allows you to produce "multisig" functionality for nearly any crypto storage device or paradigm.
  • Specter DIY hardware wallet. Their YouTube channel documents how to use Specter DIY as part of a 2-of-3 multisig setup.
  • Seedsigner Raspberry Pi-based air-gapped multisig wallet hardware device
  • Sparrow Wallet is a Bitcoin desktop wallet targeted at advanced users, which supports multisig, has an integrated Samourai Whirlpool coinjoin client, and has extensive PSBT support

Commercial self-custody devices and products

Commercial services using multisig to provide some combination of self- and external-custody

Self-custody usually means that you are entirely responsible for your keys. External-custody means someone else (a company with extensive security precautions) holds your keys for you, and signs transactions when certain conditions are met. Most of these services fall somewhere in the middle.

For example, you might have a 2-of-3 multisig setup where you hold one key on your device, another key far away in a secure but inaccessible location, and the 3rd key is held by a commercial service on your behalf (where the service provides additional security features).

  • Casa: Commercial service that helps you set up secure multi-sig self-custody
  • Bitgo: offers both self- and full-service custody, US based, has been around for a long time.
  • Qredo: decentralised custody (?). If you can concisely summarise what they do, please let us know...
  • Fireblocks: institutionally-focused custody platform with an API, suited to DeFi and token traders as well
  • Unchained Capital: Commercial service that helps you set up secure self-custody

Full-service external-custody (fiduciary) service providers

Primarily targeted at large investors. Usually insured against loss.

  • Knox: Canadian Bitcoin custodian
  • Bitgo: offers both self- and full-service custody, US based, has been around for a long time.
  • Coinbase Custody: US-regulated institutional custody service for hedge funds and large investors

Knowledge and theory

⬅ Back to Projects