What is bitcoin multi-institution custody?
With the slew of massive bitcoin exchange and custodian hacks that have occurred over the last 15 years, enterprises seeking to avoid the pitfalls of centralized bitcoin custodians have coalesced around a new form of bitcoin custody: multi-institution.
Multi-institution bitcoin custody is where a network of bitcoin key agents each secure a minority of keys on behalf of a client, and a quorum of those key agents must collaborate with each-other in order to move the bitcoin.
This model has significant advantages over single bitcoin custodians, where a single mishap at the custodian or a client’s account getting breached can cause a loss of funds. In multi-institution custody, multiple companies would have to be breached and tricked into using their key to move bitcoin. This isn’t slightly more difficult for an attacker to execute—it’s orders of magnitude more difficult. Additionally, an issue at any single key agent, such as a loss of their key or the company going out of business, does not prevent the bitcoin from being moved and recovered seamlessly by the other key agents.
This article will highlight some of the benefits of multi-institution custody, the basics of picking the right key agent(s), and some of the different flavors of multi-institution custody that are currently available.
Benefits of multi-institution custody
As an individual, controlling the private keys to your bitcoin is the only way to ensure that you have eliminated counterparty risk. But for companies and private wealth clients, controlling all the private keys is sometimes not feasible due to legal or regulatory restrictions.
Historically, the only option for bitcoin custody at the enterprise level was giving up complete control over the keys to the bitcoin, but with the advent of multi-institution collaborative custody, a form of bitcoin custody introduced by Unchained in 2018, now companies and individuals can select multiple institutional key agents to secure keys on their behalf.
The proliferation of multi-institution custody means there’s now an entire network of institutional keys companies and individuals can access to build secure bitcoin vaults.
The primary benefit of this model is that there is no way for a single key agent to move or lose bitcoin. This is the critical difference between working with a custodian or using multi-institution custody.
On top of that, it’s possible to have bitcoin vaults in multi-institution custody achieve the qualified custody status, which is an important legal distinction for certain companies. companies can still participate in the security of their bitcoin by controlling a minority of keys and have their bitcoin secured with a qualified custodian.
Flavors of multi-institution custody
Multi-institution bitcoin custody comes in different varieties to meet clients’ exact needs. Most platforms only allow one of these options, but some, such as the Unchained enterprise custody network, allows for all three of these models at the same time.
From delegating key control to separate companies entirely to participating in the security of one or more keys, there is total flexibility with how to secure bitcoin in a multi-institution arrangement.
Delegate key control to multiple key agents
In this model of multi-institution custody, a client can hire multiple key agents from the network to secure keys on their behalf. A client is required to place the most trust in third-party key agents with this model because they do not control enough keys to move their bitcoin. You, as a client of this model, have to trust that:
- Your key agent(s) are securing their keys up to your standards: Is the key cold storage or accessible via an API? Has any other company ever had the option to see the private key? How does signing and operations work?
- The multi-institution wallet is yours: Can you gain access to the multisig file to verify your bitcoin balances on your full node? Are you able to recover your bitcoin using non-proprietary tools in the event that a key agent runs into an issue?
- The key agent will sign transactions only for you: How does each key agent verify that it is you when you are asking them to sign a transaction? Is the key used automatically to sign transactions, or are there additional controls in place?
This model is great for enterprises and individuals that are not able to take control of their bitcoin keys because there is still no way for a single key agent or counterparty to lose the bitcoin, but there are still many questions that a prospective client should be asking before trusting that this model is right for them.
Partner by securing a single key
When you partner with your key agents to secure a single key in a multi-institution custody arrangement, you have significantly enhanced verification and audit options at your disposal. The primary benefit to securing a single key in a multi-institution arrangement, even when it is a minority, comes down to cryptographic guarantees, which is slightly more trust-minimized.
With this model, you can:
- Confirm your address is yours: When holding a single key, you have the ability to cryptographically verify that the bitcoin is going to your wallet. In other models, you have to trust that the wallet provided to you is yours. With the best multi-institution platforms, clients can confirm they own the vaults and bitcoin addresses using non-proprietary open-source tools and verify that the addresses displayed on-screen are controlled by that key. This is available due to the inherent wallet cross-compatibly that comes with following bitcoin implementation standards.
- Eliminate jurisdictional regulatory environments as a threat: By securing even a minority of keys, you can choose the regulatory jurisdiction in which to secure the key. This protects you from government or criminal threats if you are concerned about the available jurisdictions where your key agents reside.
- Gain the benefits of different financial products and services: You can have qualified custody and still secure a key, use the bitcoin in an escrow arrangement, and use this multi-institution model for bitcoin-backed loans, since you do not have full key control over the bitcoin.
Holding a single key in a multi-institution vault isn’t a gimmick. It offers categorically superior security by allowing clients to cryptographically verify their holdings.
Lead by controlling a majority of keys
It’s possible to secure bitcoin in multi-institution custody and control a majority of the keys to the bitcoin. Even while holding a majority of keys, you can select institutional key agent(s) to control a minority of keys. This gives you the benefits of self-custody with the benefits of one or more technical key agent partners. The best key agents will assist you or your company in generating and securing private keys in a way that eliminates the possibility of the key agent ever seeing your key.
The primary advantages of controlling a majority of keys are:
- Total control: Never lose access to your bitcoin regardless of what happens to the key agent. This is only possible if you have access to your multisig file and know how to use it with non-proprietary tools to recover without the key agent, but these workflows are simple with some brief training.
- 24/7 access: Key agents typically have a signing process that could take days (on purpose). But sometimes you need to move bitcoin during non-business hours. If you control a majority of the keys, your bitcoin can be settled at your destination in roughly 10 minutes.
- Minimized counterparty risk: A collapse of your key agent does not result in a loss of any bitcoin or even in a disruption in operations. When you control the keys you can move bitcoin whenever you would like.
Multi-institution bitcoin custody partners typically only offer one of these options for clients, but Unchained offers all three options with multiple enterprise key agents, and from within the same platform. This flexibility allows clients to find the perfect custody solution for their evolving needs.
Questions to ask a potential multi-institution key agent
When investigating multi-institution bitcoin custody, the biggest risk to the bitcoin secured is with how the individual key agents generate and manage their private key. While there is no perfect key agent solution, since different key agents will optimize for different bitcoin use-cases, there are a few best-practices that all key agents should follow.
You shouldn’t be able to get all the information about their private key policies and procedures due to security concerns, but you should get a good sense of how sophisticated the key agent is by asking the following questions:
- How was your key generated?
- Was your company the only company involved in the generation of the key?
- Does your company control and maintain the dedicated hardware where your key was generated and transactions are signed?
- How do you ensure that the key is still secure if an employee leaves the company?
- How is your key operationalized?
- Is your platform architecture bitcoin-specific or generalized for broad cryptocurrency support?
- Who can access the key, and how do they use it to sign transactions?
- How long does it take to sign transactions?
- How do you verify that I’m the one requesting a signature?
The answers to these questions will help you understand the technical and operational expertise of the key agent, such as if they are even securing their own key at the end of the day. They might simply be an intermediary, and contracting with another company to provide the security of the key. This might be okay with you as a client, but it’s important to understand the trade-offs and ensure you’re evaluating the team that will be securing the private key, and thus your wealth, versus just another third party in the custody arrangement.
Multi-institution custody with Unchained
Unchained has served as a key agent in multi-institution custody arrangements since 2018. We have helped secure and process billions of dollars worth of bitcoin in our years of operations, with no degradation of our key operations or security during that time. Our goal is to help bitcoin holders progress on their bitcoin journeys, which is why we offer all three flavors of multi-institution custody to our clients with reduced fees for clients that take on the additional risk of controlling one or more of their keys.
What differentiates Unchained as a multi-institution key agent? Our platform, key security, and operations were built in-house and much of it is open-sourced for all to see and use. This ethos informs how we build everything. From our vaults, where clients can take the multisig files and verify bitcoin balances and the cryptographic segregation of the wallets using open-source tools in a trust-minimized fashion, to best-in-class technical support and hardware wallet support which ensures clients that their keys and their bitcoin have not been compromised.
With the new release of the enterprise custody network, Unchained clients, from one account, can create vaults:
- Where key agents are distributed worldwide
- Where all key agents are in the US
- Where clients control a majority of their keys
In arrangements where the client holds a minority of keys, they have the option to incorporate a qualified custody framework. Large institutions and bitcoin holders can get the regulatory assurance of qualified custody without the risks of custodians like Prime Trust or Fortress Trust, who were both subject to massive losses of bitcoin.
This flexibility comes with bespoke service from each key agent selected to help secure bitcoin. Each time a client creates a new vault, they enter into a contractual agreement with the selected key agents, which are committed only to the client and have no responsibility directly to Unchained, which serves as the platform provider and key agent. Unchained’s role is to connect clients with vetted key agents, and leverage the tools we’ve built and iterated on since first launching collaborative custody in 2018, to coordinate multsig wallet creation, communication between parties, and transaction staging, signing and broadcasting with best practices in mind.
Every enterprise key agent follows a set of key security and operational standards we vet. Most importantly to the client, each key agent does not sign at the direction of Unchained but performs independent validation of the signature request before completing the signature. Key agents are programmatically prohibited from staging or broadcasting transactions on the Unchained platform. Both of those functions solely belong to the client.
The flexibility and technical superiority of the product make the Unchained enterprise custody network the standard for bitcoin custody. Try it out today by scheduling time with us.