Multi-signature wallets are extremely common for organizations that hold any significant amount of cryptocurrency. They are special cryptocurrency wallets that require two or more keys to authorize the movement of funds.
“Multi-sig” has become standard among custodial cryptocurrency services due to the strong and simple protections these wallets provide. These special wallets work by designating authority to several people, thus creating the need for cooperation between key holders to sign a transaction.
If you decide to use a multi-signature wallet for the exchange’s cold storage, you can select any number of authorized people to sign off on a transaction. When movement of funds is required, a threshold of key holders are required to come together and coordinate a transaction.
The most common multi-signature wallet is a 2-of-3 scheme. That is to say there are a total of three key holders and any two of them are required to sign a transaction. If a key is lost, it shouldn’t matter so long as the remaining two keys are secure. An organization can choose to use any m-of-n designation; e.g. 1-of-2 or 5-of-10, or 2-of-2 (although the last option won’t help for this scenario).
If an exchange owner decided on a 2-of-3 setup, the owner could hold one key, and the two other keys could be entrusted with employees of the company.
There are several benefits an organization can gain from using a multi-signature wallet. For starters, with each key in the hands of each authorized person, the risk of theft is smaller, as a potential thief would need to gain access multiple keys — which is not an easy task if we assume the keys are stored in different places, and a theft of one key will alert the other keyholders to take extra precautions.
Another advantage comes with the threshold scheme. Should one of the keyholders pass away, there will be no repercussion to the unlocking of the funds as there are still two keys available.
This sounds like an obvious one. Say I run a company that safeguards the funds of my clients. The funds are stored in an impenetrable vault and only I know the combination of the vault’s lock. If I die, the funds will remain locked in that vault forever. How can I prevent this from happening? Well, entrusting somebody else with the combination in the event of a crisis is a good start. However, it’s hard to find somebody to trust with a key to hundreds of millions of dollars.
A simple idea is to create a backup of your wallet and keep it in contents of your will. However, this is unsafe and not recommended because your lawyer — and whoever else has early access to your will — has the ability to copy the key and pull off a heist. Another idea is to give a backup to a trusted family member, but that carries the same risk. Unless there is somebody you have absolute trust in to hold the funds, and perhaps more importantly, somebody you trust to protect themselves from external theft, then sharing a complete backup with a specific person is a bad idea.
A much better idea is to use a less well-known technique: secret sharing. Shamir’s Secret Sharing Scheme (SSSS) is a powerful tool which allows you to split a secret into, say, 10 key parts, which you’ll distribute among trusted friends and relatives.
Each individual key part is useless alone, but together the key parts can be combined to recover the original secret (i.e. the backup key to the wallet). The magic of SSSS is that not every single key is required to recover the original. Similar to m-of-n multi-signature wallets, the SSSS backup could require, for example, 7-of-10 key parts to recover the backup. The m-of-n threshold is customizable when first generating the key parts.
Shamir’s Secret Sharing is a secure way to ensure the accessibility to the vault in the event that you, as the custodian, are no longer around.
So far, these two reviewed methods have one thing in common: they require trust in other people. Whether sharing a copy of his key, splitting it into several pieces, or setting up more keys and entrust them to others, you need to believe in these people. But what if you don’t want to trust anyone?
If trust is the root of the issue, can we remove it? Can we use a “trust-less” solution to avoid all the hassles while ensuring your users have access to their funds?
Enter non-custodial technology. Non-custodial exchanges (better known as “decentralized exchanges” or “DEXs”) are exchanges that never take custody of users’ funds. Instead of accepting user deposits, users on a decentralized exchange have full control over their cryptocurrency at all times. This means that regardless of the exchange’s status (whether it goes down for maintenance, or suffers a cyberattack), user funds will remain safe and accessible because it’s the users themselves who hold the keys to their own wallets.
If you operate a decentralized exchange, you don’t need to concern yourself with wallet security, for the obvious reason that there are no funds for you to protect.
If QuadrigaCX had been a decentralized exchange, the press wouldn’t be talking about how hundreds of millions of dollars in crypto, kept in cold storage of a trusted exchange were rendered lost forever because of a forgotten password.
There may still be some hope left for QuadrigaCX customers. Kraken, an exchange company investigating the rumours surrounding Gerald Cotton, recently offered a $100,000 reward to anyone with information leading to the return of the lost C$250 million.
Unfortunately, as we know from the alarming number of previous exchange hacks, thefts and scandals that remain unsolved, the probability that victims will see their investments again is slim.