What is a bitcoin key agent?
Securing private keys is fundamental to owning bitcoin. As the ecosystem matures, collaborative custody is gaining traction for its ability to eliminate single points of failure. This is critical when managing risk for significant bitcoin wealth held by individuals and organizations. By distributing responsibility across multiple keys, collaborative custody minimizes risks associated with theft and loss of individual keys. Within this framework, a new type of institutional security partner is emerging: a key agent.
A ‘key agent’ is an entity tasked explicitly with securing and operating one of the multiple keys within a collaborative custody framework. There are multiple different types of key agents, from professionals serving enterprise clients to peer-to-peer key agency among friends and family.
Key agency has existed informally for many years, with companies like Unchained, Coincover, Kingdom Trust, BitGo, Nunchuk, and Casa acting not as a custodian but as a collaborator in their clients’ custody. Bitcoin self-custody enthusiasts, too, have been securing keys for their family and friends in multisignature setups for many years.
Where a typical bitcoin custodian is solely responsible for securing a majority or all of the keys to their clients’ bitcoin, a key agent is responsible for a minority of the keys. This allows you to include a team of experts in the security of your bitcoin, but does not make that team of specialists a critical point of failure for your bitcoin. In contrast, a custodian can lose their clients’ bitcoin through a variety of attack vectors. And many have.
So what then is a key agent doing? Why are they valuable? And how is each key agent different? This article will outline the differences between a bitcoin custodian and a bitcoin key agent, why you should consider hiring key agents, and how different key agents may structure the access to their key.
Why you need bitcoin key agents and not a custodian
As of this article’s publish date, over $4.6 billion of bitcoin and crypto-securities has been lost due to custodian and exchange hacks. The model where a centralized custodian secures client funds exclusively has been repeatedly demonstrated to be insufficient with immutable, programmable money built for the internet.
Instead of centralizing all control with a single party, it’s bitcoin’s programmability that allows multiple key agents to collaborate in the custody of bitcoin. Individuals and organizations can choose to control all the keys to their bitcoin, or can choose to include key agents to participate in the security of bitcoin, with multiple trade-offs in between.
Holding a majority of your keys and inviting a minority of key agents in a collaborative custody arrangement gives you the benefits of permissionless access to your wealth, but with the benefit of a technical partner who can assist if anything goes wrong. There’s nothing that your partner can do to abscond with or lose your wealth if you have a majority of the keys.
On the other hand, certain enterprise organizations are not able to hold keys to their bitcoin due to regulatory and compliance requirements, in which case they can delegate key control to multiple key agents. This way, even if a single key agent runs into issues, no bitcoin is lost because the other key agents can collaborate to move funds on behalf of their clients.
The centralized custodial model is made outdated by using a collaborative custody network with a custom arrangement of key agents.
Markets for key agents
Key agents typically serve different markets, and each of these segments will look for different levels of operational security and accreditation to feel confident that their key agent is following best-practices for key security.
A key agent serving enterprise clients is typically a larger company with rigorous key management operations that focuses on key security as a primary function of their business. This type of key agent is known for enterprise controls and certifications, such as SOC I & II certifications, ISO, NIST, and Cyber Essentials certifications.
Key agents serving the enterprise market are often qualified custodians, which means they are licensed and regulated under a more rigid regulatory framework, but are at the same time, held to a higher standard of excellence. They may also have insurance for their key, but it’s important to read the details of the insurance before assuming that everything is covered.
Good examples of key agents serving the enterprise market are companies like Unchained, Coincover, BitGo, and Kingdom Trust. Enterprise key agents will typically charge based on the amount of assets that they are helping to secure, with much higher minimum fees than the typical retail key agency.
A key agent serving small businesses or on a professional level for retail clients is typically a start-up, a business such as a registered investment advisory, or a law firm that holds keys on behalf of their clients, but does not have all the regulatory and compliance requirements of a key agent serving enterprise clients. They’re likely not qualified custodians and may not have all of the controls that come with a SOC or Cyber Essentials certification.
While the key security and operations of an agent serving this market may not be quite as advanced as one serving enterprise clients, these key agents are an excellent choice for those looking to secure personal savings or for those working with an investment advisor who wants to hold keys. For larger organizations securing thousands or hundreds of thousands of bitcoin, these key agents are likely not the right fit.
Peer-to-peer key agency is a great way for friends and family to collaborate in the security of each others bitcoin, but it does not offer nearly the same guarantees of a professional key agent serving the small business or enterprise markets. Peer-to-peer key agents might just be an experienced bitcoiner you know who secures their key with a hardware wallet.
Peer-to-peer key agents are a good choice for do-it-yourself multisignature for small to medium amounts of wealth. For generational wealth and above, it’s usually more secure to work with a professional key agent so that you are certain that a team of experts will be there for you when you or your heirs need their help.
How key agents work and how they’re different from custodians
All of this might sound great in theory, but how does it actually work, and is it as user-friendly as a single custodian?
With a custodian, you typically log into a website much like you would with a legacy investing account, with an email, password, and two-factor authentication.
When you hire key agents, you have many different ways to include them in your multisignature wallet. On the Unchained platform, for example, you log into your Unchained account exactly the same way you would log into your custodial account, but then you have the ability to select 1 or more institutional key agents when you are constructing your segregated bitcoin vault, each with different capabilities and functions.
Other key agents might give you access to their key through a mobile application or a desktop application. While there are a few more steps to gaining access to a key agent’s key, the steps are all very straightforward, you typically just need to sign up for an account with whichever key agent you want to work with and collaborate in building a bitcoin vault.
The main differences between key agents and custodians are how you choose to interact with your key agents’ keys. With a custodian, they’ll typically have a hot wallet that automatically withdraws funds when you ask for them. This is great for moving quickly to cold storage, but it isn’t ideal for long-term savings.
With key agents, you get to decide what type of key you want to include. You can select keys that are designed specifically for use in recovery only, for daily transactions, and you could even select a key agent with a hot key that automatically signs transactions when you request them to. Even having a key agent with a hot key as part of your collaborative custody vault can enhance the security of your funds over single signature, particularly if you plan to sign transactions frequently, but it’s recommended to use all cold-storage keys for your long-term savings.
Certain key agents will lean into technology and automation, whereas others might try to add as much manual human intervention as they can. The trade-off with the latter is that signatures from these key agents will take much longer to receive (sometimes days!), so they are typically the recovery-only key agents for use in emergency situations.
At the end of the day, there is likely to be a key agent or a group of key agents with keys that will meet your security and operational needs.
Unchained as a key agent
Unchained is building the largest collaborative custody network of key agents and has already included multiple enterprise key agents as part of the new private wealth and enterprise custody offering.
For retail clients, Unchained offers access to its enterprise key in a multisignature quorum where clients can control a majority of their keys. Over the last 6 years of uninterrupted operation, Unchained has continued to invest millions of dollars and dedicate thousands of hours of our experts’ time to upgrade our key’s security and management. Over that same time period, it has helped secure and transact billions of dollars worth of bitcoin.
Key agency in bitcoin is a newer concept, but it is the only way to secure bitcoin without introducing single points of failure from a single company or person. By hiring key agents, you can ensure that your bitcoin is secure for generations and that your heirs will be able to recover bitcoin with the help of an expert when the time comes.