Collaborative custody

A superior approach to security that combines the control of self-custody with the benefits of a managed financial service

What is collaborative custody?

Collaborative custody gives Bitcoin holders greater transparency and security when they use a financial provider. Participants share in key management of a multisignature quorum designed for each product with keys always being cold-stored.

checkmark

Reduce risk of loss from hacks

checkmark

Maintain transparency of assets

checkmark

Share control only as necessary

checkmark

Protect funds from exchange insolvency

checkmark

Reduce single point of failure risk

Collaborative Custody Models for Loans & Vaults

Our approach to custody emphasizes distributing keys across multiple trusted parties

Collaborative Custody protects against common risks of traditional full custody

1

Frozen accounts / withdrawals

When you don’t possess any keys, your exchange account or transactions can be frozen just like a bank account.

2

Proof of reserves

Without unique keys and addresses, exchange funds are often commingled and at risk of loss in the case of insolvency.

3

Compromised user account

Assets held by third parties are at risk of unauthorized transfer if a user’s login and 2FA are compromised.

4

Exchange hack

As high value targets for theft and fraud, exchanges are frequent victims of hacking attempts which result in a user's loss of funds.

Collaborative custody uses these core security principles

Multisig

‣ Reduce single point of failure risk
‣ Create threshold redundancy
‣ Industry-standard best practice

Distributed Keys

‣ Improve operational security by sharing key management burden across multiple parties
‣ Avoid co-locating keys sufficient to spend in one geographic location
‣ Reduce risk of monkey-wrench attack
‣ Multiple sources of entropy

Unique Addresses

Segregated Funds

‣ Create fewer honey pots
‣ Improve transparency & auditability for customers
‣ Limit service provider solvency risk

Cold-Storage

‣ Materially reduce attack vectors
‣ Difficult to compromise remotely
‣ Prioritize physical security

Trusted Partner

‣ Account and system controls amplify protocol strengths
‣ Active monitoring for suspicious activity
‣ Identify and intent verification
‣ Managed service, including offline co-signing

Our collaborative custody products are compatible with the most trusted hardware devices and wallets

More coming soon!

Our security practices ensure that we are your
most trusted financial services partner

Wallet Security

Our systems use unique per-customer, multisignature P2SH addresses. With vaults, these addresses are partially derived using a customer’s extended public keys (Unchained never has access to user private keys, ever). All Unchained keys use hierarchical deterministic (HD) wallets that are cold-stored on hardware devices, including offline air-gapped machines. We use well-tested, industry-standard open-source software to author and audit transactions.

Physical & Operational Security

We maintain an internal security policy and ensure that all personnel are trained to conform to it. Our hardware devices are stored in geographically-separated, physically secure locations and require identity verification to access. Wallet seeds are stored in physically secure locations separate from the wallets they restore. No devices or seeds are ever present or stored on-premise at Unchained corporate offices.

Network Security

We employ high-level security throughout our IT infrastructure in accordance with PCI-compliance standards. We operate within a secure, private, firewalled network. All data is encrypted en route to/from and within our environment (at motion as well as at rest) using industry-standard AES-256 encryption. We require two-factor authentication (2FA) to access all sensitive resources. Employees are uniquely identified within our environment by a centralized identity management infrastructure. All access to systems are limited, minimal, & controlled by this infrastructure. We aggressively monitor all traffic to/from & within our environment & keep access, system, & application logs indefinitely (with user/system/employee identifiers).

Identity & Intent Verification

We help our customers achieve a higher degree of security by offering a cosigning service. If requested by customers, we will verify both the identity & intent of a customer transaction prior to cosigning. A customer has the option to record a video verification of their identity that Unchained will use to validate transaction signing requests or for 2FA resets. This opt-in feature is only active if requested and includes the option to set transaction amount thresholds at which Unchained will actively verify identity & intent. This service helps high-net-worth customers enhance operational security related to high-value transactions.