The Future of Bitcoin custody

Bitcoin needs a network of keys

Why Unchained is building markets for collaborative custody
Dhruv Bansal

For many bitcoin holders, custody comes down to one of two choices: do it yourself or trust a custodian. If you do it yourself, you maintain full control of your funds but take on all the risk of custody yourself. If you entrust a custodian to hold your bitcoin for you, you lower your own obligations but create a single point of failure and lose control.

Unchained offers clients a third choice: collaborative custody.

Collaborative custody builds on bitcoin’s native multisig capabilities to distribute the risks & responsibilities of protecting private keys across multiple parties.  Platforms such as Unchained remove single points of failure formalize the process of social key recovery for participants.

Clients using Unchained’s collaborative custody vaults hold two keys themselves while Unchained holds the third key. These vaults use 2-of-3 multisig, so clients retain control of their bitcoin. But if a client loses a key, they can request that Unchained sign a recovery transaction rescuing their funds.

When we coined the term “collaborative custody” in 2018 we had a vision for how bitcoin custody should develop, but we knew many challenges were ahead of us. Standards for public keys, wallets, and transactions weren’t widely agreed upon. Hardware wallets were less capable and there were fewer companies making them. Collaborative custody was a new idea and it took time for the market to understand it.

Today, billions of dollars of bitcoin are held in collaborative custody by thousands of people and organizations worldwide.  Platforms such as Unchained protect more bitcoin than the vast majority of major global exchanges. Thousands of bitcoin have been saved from loss or theft through social key recovery. Collaborative custody has succeeded.

But there is still a long way to go. Most bitcoin is still not in collaborative custody.  Exchanges and custodians remain single points of failure for too many bitcoin holders. Investors with a small amount of bitcoin (relative to their net worth) may not feel the need to invest in better custody solutions.  But many bitcoiners with significant holdings continue to use exchanges and custodians.

Why?

Holding keys is scary

The most common model in collaborative custody is for clients to hold a majority of the keys in multisig wallets coordinated by a given platform.  The platform provider holds a minority of keys and serves as a “key agent” to the client, signing transactions at their request.

Clients in collaborative custody retain control over their bitcoin while also being able to rely on their key agent(s) for recovery. This control comes with a corresponding risk: clients who allow multiple keys to be compromised simultaneously can lose their bitcoin.

Many people and businesses just aren’t comfortable with the risk of holding a majority of their keys.  They don’t want to—or can’t—be in a position where an attack on them or a mistake they make could lead to their bitcoin being lost.

New models for collaboration

Collaborative custody doesn’t require that any one party hold a majority of keys.  By operating a minority of keys in their wallet, and delegating the rest to key agents, clients sacrifice control in exchange for lowering the burden of key management—without creating a single point of failure.

Clients who hold a minority of keys—even just a single key—in a multisig wallet can still verify addresses, transactions, and balances. They can sign transactions, cryptographically endorsing their intent to the key agents they collaborate with. But, if such a client’s key is compromised, this would not lead to the loss of their bitcoin.

Clients who hold no keys at all can still benefit from collaborative custody. Instead of relying upon a single custodian, and creating a single point of failure, clients can delegate custody among multiple key agents in collaborative custody.

Over time, as they develop the capability, clients holding no keys can start to hold a minority of keys – perhaps eventually even a majority – all while remaining within the same familiar platform.

More flexible key management models will make collaborative custody accessible to clients who aren’t yet ready to operate a majority of keys themselves.

A network of keys

Most collaborative custody models today involve just two parties: the client, who holds a majority of keys, and the platform provider, who typically holds just one key and serves as a key agent to the client.  This is hub-and-spoke collaborative custody—each platform provider is a hub, serving as a key agent to thousands of clients separately.

Current hub-and-spoke collaborative custody is mostly made up of single platform providers serving many individual clients separately

If clients begin by holding a minority of keys, delegating the remainder to the control of their existing key agent (the platform provider) would create a single point of failure. This takes us back to the centralized custodian problem. Instead, collaborative custody platforms must be built to incentivize additional third party key agents to hold keys for clients who cannot hold a majority of keys themselves. And the collaborative custody platform itself must be built according to native bitcoin multisignature standards so that it does not become a point of failure if the platform coordinator runs into problems. The incentive to build and manage a platform like this is that there is a growing demand for key agency across different market segments.

The market of bitcoin holders consists of different segments with different needs.  Public companies holding billions of dollars of bitcoin in treasury have different requirements and budgets for a key agent than a private individual holding a relatively small amount of bitcoin.

For some clients, the best key agents will be companies like today’s bitcoin custodians.  For others, the best key agents will be their financial advisor or their friends and family.  Clients benefit from a market where they can collaborate with the key agents that best meet their own needs.

Current hub-and-spoke collaborative custody is mostly made up of single platform providers serving many individual clients separately

Collaborative custody platforms that build these markets will evolve past hub-and-spoke configurations to become more interconnected networks of keys.  Each link in this network represents a cryptographic relationship between private keys but also a real-world relationship between people or businesses practicing collaborative custody on the platform.

A network of keys is thus also a scaffold for distributing financial services that benefit from trusted relationships.  Trading, lending, insurance, inheritance, and payments are all easier to orchestrate when counterparties are in the same network.

From global hubs to local neighborhoods

Networks are multiscale.  They have tiers consisting of global hubs, regional centers, and local neighborhoods.  A network of keys will have similar structures.  Different kinds of key agents will be appropriate for the different scales of bitcoin holders that populate these tiers.

Custodians must become key agents for large holders

The global hubs of the network are key agents that service clients that hold millions of dollars in bitcoin.  Examples of such clients include (U)HNW individuals, trusts and family offices, public companies and other large enterprises or non-profits, and operating businesses that deal with bitcoin such as exchanges and funds.  These clients aren’t numerous but they collectively hold most bitcoin and have unique needs compared to other market segments.

These clients are accustomed to managing traditional assets where questions of custody are already settled.  Banks such as BNY Mellon, JP Morgan, and State Street have strong reputations and long histories and already custody “systemically important” fractions of US wealth.  When choosing a custodian, if some banks are considered “too big to fail”, why would you trust anyone else to hold your assets?

Clients at this scale seek bitcoin custodians that look as much like the traditional banks they’re used to dealing with.  They look for healthy financials, qualified custody, insurance policies, licenses, and audits because these are indicators of the maturity of a traditional custodian’s infrastructure and processes. This leads them to choose one of a few major US bitcoin custodians who they trust to protect – to control – their bitcoin holdings.

Clients applying this reasoning should remember that bitcoin is very different than the US dollar, and in bitcoin, no one is too big to fail.  There is no government or money printer capable of restoring lost coins, so there are no bailouts.  Trusting a single company, no matter their qualifications, to protect your bitcoin creates significant counterparty risk.

Some people ignore, rationalize, or accept this counterparty risk.  Others attempt to mitigate it by splitting their bitcoin holdings among multiple custodians: putting their eggs into multiple baskets.  But bitcoins aren’t eggs!  Bitcoin is programmable digital money –unlike the dollar, it isn’t restricted to being in a single basket held by a single custodian.

Unchained's Delegate model

Current hub-and-spoke collaborative custody is mostly made up of single platform providers serving many individual clients separately

Instead of balancing counterparty risk across multiple custodians, Unchained’s Delegate model allows clients to balance risk across multiple key agents.

If a particular key agent fails or their key is compromised, no bitcoin is lost – clients can choose another key agent and sweep bitcoin to new wallets.  In contrast, if a client is relying on multiple custodians, and a particular custodian fails, the bitcoin that custodian was protecting is now at risk.

Collaborative custody is built on multisig, a basic capability of the bitcoin blockchain, and uses open standards such as HD keys and PSBTs to define wallets and transactions.  In contrast to bespoke MPC-based methods, wallets protected through collaborative custody can be recovered in a variety of open-source tools that are not proprietary to a given company.  If Unchained or our platform itself fails, key agents can use these open-source tools to recover client bitcoin.

Reach out to us at info@unchained.com if you are interested in learning how you can benefit from collaborative custody and our Delegate model.

From Delegate to Partner

We hope our Delegate model will attract clients who can’t yet hold their own keys away from custodians.  But our ambition is to help these clients eventually transition to using our Partner model.

Holding even just a single key allows clients to verify the addresses, transactions, and balances Unchained exposes using their own private keys.  They can sign transactions using their key, which is a strong indicator of their identity & intent to other key agents they are collaborating with.

Managing a private key is challenging for individuals.  There are many decisions to be made about devices and backup strategies with conflicting sources of advice.  Businesses have an ever harder time.  Retail hardware wallets are designed to be used by one person, not by a treasury management team within a public company.  And organizations, unlike individuals, must deal with staffing changes among those with access to private keys.

Unchained, as a business with a long history of operating keys in collaborative custody since 2018, understands how to solve these problems for individuals and organizations.  We offer consulting & training to help our clients build secure key management programs of their own.  Reach out at [CALL TO ACTION] if you want to explore how we can help you learn to protect your own key.

But we don’t just want to help you learn how to hold keys, we want to incentivize you to do it, so we price our Partner model below our Delegate model.  By managing a key yourself, you are decreasing the risk other key agents bear and deserve a lower carrying cost.

We hope this acts as an incentive for our clients to take on the challenge of learning to hold their own keys.

Expanding the marketplace

Unchained’s platform today offers clients three choices of key agent: Coincover, Kingdom Trust, and Unchained ourselves.  Each key agent has years of experience protecting bitcoin private keys and using them to securely sign bitcoin transactions on behalf of clients.

  • [COINCOVER LINK]
  • [KINGDOM TRUST LINK]
  • [UNCHAINED LINK]

In addition to our launch partners Coincover and Kingdom Trust, we are already in conversations with several other major custodians, trust companies, and bitcoin companies to join our platform as additional key agents.  Look out for coming announcements from us on this front and reach out to us at [CALL TO ACTION] if you are a current bitcoin custodian who is interested in exploring being a key agent on Unchained’s platform.

Our vision is to build a marketplace where companies who excel at operating bitcoin private keys can compete to win clients.  This creates incentives for key agents to have good security and allows clients to manage risk the way they see fit.

Clients driven by cost may choose the key agents with the lowest rates while clients who want to maximize their security may choose key agents with more sophisticated key management programs.  Some clients may prefer to work only with US-based key agents; others may demand a global quorum of key agents from the US, EU, and China.

A marketplace allows clients and key agents to segment by price and feature and the Unchained platform ensures that all key agents are operating on the same, shared open standard.

Professionals and small firms are key agents for the middle market

The regional centers of the network are key agents that service clients holding $100k – $1M of bitcoin.  Examples of such clients include individuals, operating businesses, non-profits, and smaller funds.

Clients at this scale have the same concerns as the clients of global hubs, albeit with smaller budgets.  It’s no surprise that many small businesses thus follow in the footsteps of larger organizations and trust centralized custodians.  Unfortunately many clients in this segment don’t want to pay the fees for a top-tier custodian and wind up relying on second-rate custodians or, worse, exchanges.

The counterparty risk for these clients is also more severe.  They can seldom afford the cost or time required to spread their portfolios out across multiple custodians.  They are also less capable of recovering from a loss induced by the collapse of their chosen custodian.

Clients in this segment often retain the advice and services of professionals such as financial advisors, accountants, estate planners, and attorneys.  Most of these professionals do not know much about bitcoin and, what they do know, they often don’t like – or aren’t allowed to like by their firm.

But just as the population of bitcoin holders is growing, the number of professionals and firms who understand and engage with bitcoin is also growing.  Professionals and firms that can advise their clients about bitcoin have an edge in the market – they are certain to be recommended from bitcoiner to bitcoiner.  As adoption grows, professionals and firms that have a history of working with bitcoin will accrue even more clients.

We see a valuable market opportunity in enabling professionals to serve as key agents for their own clients.  Clients who have retained a trusted advisor for years have also developed a relationship with that person that is difficult for attackers to subvert.  If you trust your financial advisor to manage your investments, or your attorney to execute your will, would you trust them to hold a key to your bitcoin?

For clients who aren’t ready to hold one or more keys in their wallet, involving a trusted advisor can be a great way to reduce their operational and security burdens while still retaining the benefits of collaborative custody.

[REEL OF UNCHAINED FRIENDLY PROFESSIONALS]

Professionals who believe collaborative custody is important have brought Unchained many clients over the years.  But many of these professionals also complain to us about the lack of support we offer them in viewing their clients’ holdings, managing their vaults, or holding keys for them.

We will soon be remedying this lack by adding the capability for professionals to obtain reporting and provide asset management & key agent services to their clients through the Unchained platform.  We will also be offering training & certification programs to professionals serving as key agents.

If you are a professional interested in providing these services to your clients, please [CALL TO ACTION].

Our vision is to enable the growing number of professionals, present in every major city, who understand bitcoin to become nodes in our network of keys, serving bitcoiners in their local community.

Friends and family are key agents for each other

Most participants in the network of keys will have less than $100k in bitcoin. Bitcoin holders at this scale may not be willing to pay for the services of a professional key agent but they still benefit from using collaborative custody. The right key agents for this tier of the network are other individuals – friends, family, and colleagues protecting each other in local neighborhoods of collaborative custody.

You can be the "bitcoin person" for your friends and family members, and when they're ready, they can be the "bitcoin person" for theirs!

Many of Unchained’s clients are already “the bitcoin person” for their family or friend group.  They are relied upon for advice on everything from where to buy bitcoin and how to protect it to using a hardware wallet and backing up keys.  As Unchained clients, they naturally want to see their friends and family eventually onboard into collaborative custody with Unchained.  But they recognize, correctly, that their parent or sibling or best friend may not yet be ready to hold a majority of their own keys.

As a result, vault names such as “Smith family vault” or “Alice and Bob’s vault” are common on our platform.  Clients use a single Unchained login and account but distribute the corresponding keys among multiple individuals in the real world.

We want to replace this informal, off-platform approach with a dedicated set of features for peer-to-peer collaborative custody.  We want clients to easily be able to onboard their friends and family into collaborative custody with Unchained, including serving as a key agent to them if it helps them get started.

Our vision is to grow collaborative custody virally, with existing participants growing the network of keys in each local neighborhood.

Future-proofing collaborative custody

Scaling collaborative custody into the future is one of the greatest challenges and opportunities that bitcoin faces, particularly with the rise of artificial intelligence and increasingly sophisticated social engineering attacks.

While we’d like to think that AI is going to be a massive boon for productivity and creativity, it may be the case that the killer app for AI is social engineering. AI-based social engineering is happening today and it’s only going to become a bigger problem. The predictable response from banks, regulators, and tech companies will be to implement tighter controls that make their systems more brittle and less usable. Withdrawal limits, increased verification through centralized identity providers, the deployment of counter-AI to “detect” bad actors through training them on ever-more information about us all. 

This will add friction that makes financial systems even harder for the global poor to benefit from. It will further centralize control and monitoring—and when these systems are inevitably subverted, bad actors will have even more data about us to leverage.

The biggest obstacle to stealing dollars is the existing tight controls on the banking and payments systems. This limits attackers ability to steal huge amounts of dollars in single heists without being noticed. It is far easier to steal large amounts in many small sums – one reason why the poor and elderly are often attacked first by scammers.

The Unchained office is located directly above a Capital One Cafe, a cafe and legacy bank where people can get a cup of coffee and learn about Capital One’s latest credit card offerings. In a bitcoinized world, we envision brick-and-mortar legacy banking locations being repurposed into bitcoin transaction authorization centers, where people can meet with their key agent(s) to physically authorize transactions, and if they are controlling keys, cryptographically authorize transactions with their keys (and hey, maybe even get a cup of coffee too). 

By moving back to more traditional and physical location-based services, a network of key agents will be able to avoid the social engineering attacks that are currently being executed on victims remotely. It will, in a lot of ways, be a return to the community banking offerings of the past, but built on sound money that isn’t being rehypothecated. 

If social engineering may be AI’s killer app, physical transaction verification via brick-and-mortar key agent locations is the best, most future-proof defense we have. But, a world where the thousands of physical bank branches that currently populate every major city and town are converted into bitcoin financial services centers, to me, is an interesting and exciting new opportunity that I’m personally motivated to make a reality. 

Want to upgrade your bitcoin security? Onboard today!