Security with the control of self-custody & the benefits of a managed financial service
Why use collaborative custody?
Collaborative custody gives bitcoin holders greater transparency and security when they use a financial services provider. Participants share in key management of a multisig quorum designed for each product with keys always held in cold storage.
Reduce risk of loss from hacks
Maintain transparency of assets
Share control only as necessary
Protect funds from exchange insolvency
Reduce single point of failure risk
Our collaborative custody models for vaults and loans
Distributing keys across multiple parties
Used for vaults.
This solution makes accessing and administering multisig easy for the individual.
The client controls 2-of-3 private keys, retaining ultimate sovereignty.
Unchained acts as both a backup or an active co-signer, providing both redundancy and transactional services.
Used for loan collateral security and.
In this 2-of-3 model, keys are held by three separate parties: a customer, Unchained, and a designated third-party key agent.
Our key agent only signs a transaction in the event of a liquidation, reducing the risk of trust in any one party.
Protection from the common risks of traditional third-party custody
Frozen accounts or withdrawals
When you don’t possess any keys, your exchange account or transactions can be frozen just like a bank account.
Proof of reserves
Without unique keys and addresses, exchange funds are often commingled and at risk of loss in the case of insolvency.
Assets held by third parties are at risk of unauthorized transfer in the event that a client’s login details are compromised.
As high-value targets for theft and fraud, exchanges are frequent victims of hacking attempts which result in a client’s loss of funds.
Core security principles of collaborative custody
Reduce single point of failure risk
Create threshold redundancy
Industry-standard best practice
Improve operational security by sharing key management burden across multiple parties
Avoid co-locating keys sufficient to spend in one geographic location
Reduce risk of monkey-wrench attack
Multiple sources of entropy
Multisig with segregated funds
Create fewer honey pots
Improve transparency & customer auditability
Limit service provider solvency risk
Materially reduce attack vectors
Difficult to compromise remotely
Prioritize physical security
Account and system controls amplify protocol strengths
Active monitoring for suspicious activity
Identity and intent verification
Managed service, including offline co-signing
Compatible with the most-trusted hardware wallets
Choose devices from Trezor, Ledger, or Coldcard, and get started with Unchained today!
Our best-in-class financial security practices
Our systems use unique per-customer, multisignature P2SH addresses. With vaults and multi-institution loans, these addresses are partially derived using a customer’s extended public keys. (We never have access to user private keys, ever.) All Unchained keys use hierarchical deterministic (HD) wallets that are cold-stored on hardware devices, including offline air-gapped machines. We use well-tested, industry-standard open source software to author and audit transactions.
Operational and physical security
We maintain an internal security policy and ensure that includes personnel training. We store our hardware devices in geographically separated, physically secure locations that require identity verification for access. We store wallet seeds in physically secure locations separate from the wallets they restore. We never store devices or seeds at Unchained corporate offices.
We employ high-level security throughout our IT infrastructure in accordance with PCI-compliance standards. We operate within a secure, private, firewalled network. We encrypt all data to, from and within our environment (in motion and at rest) using industry-standard AES-256 encryption. We require two-factor authentication (2FA) to access all sensitive resources. Our centralized identity management infrastructure uniquely identifies employees. All access to systems are limited, minimal, and controlled by this infrastructure. We aggressively monitor all traffic to, from and within our environment, and we retain access, system, and application logs indefinitely (with user/system/employee identifiers).
Identity & intent verification
We help our customers achieve a higher degree of security by offering a cosigning service. If requested by customers, we will verify both the identity and intent of a customer transaction prior to cosigning. A customer has the option to record a video verification of their identity that Unchained uses to validate transaction signing requests and 2FA resets. This opt-in feature is only active if requested and includes the option to set transaction amount thresholds for active identity and intent verfication. This service helps high-net-worth customers enhance the operational security of high-value transactions.