Unpopular opinion, multisig with 3rd party holding one key can result in leaked Xpub json file tied to your name…………
Solution-Sparrow multisig…………
Discussion
Ok, so this has been my main concern for some time. I felt crazy for not going along with the hype of otherwise stellar BTC-focused companies offering 3rd party key holder services. Now not so much.
Elaborate, please.
So for KYC this is absolutely correct. They cannot spend your #btc because they won't have two keys, however, they WILL know who you are, and have complete access to all your receive/change addresses.
If their security ever fails, your entire stack will be broadcast for the world to see. EVEN IF you buy non-KYC #Bitcoin if you send it to one of those multi-sig addresses, the xPub will reveal that you own it.
The only way to get anonymity again will be to either coin join to a new multi-sig setup, or you might be able to do it pegging into liquid then out of liquid. Still working through that one.
So, at least theoretically, the most secure setup would be a two of three (or equivalent ratio) multi-sig, geographically distributed in accessible and secure, but undisclosed locations, etc., etc.
Is there a selling point to institutional key holders that I'm not seeing? (outside of a holdover fiat mindset/need to have someone hold your hand)
Yes. The whole multiple companies in different jurisdictions, ie countries, so you're not subject to one country's laws and inheritance. You die tomorrow, your heirs can retrieve the #bitcoin. Just have to prove with death certificate and the companies will release the keys to your beneficiary.
Or use something like SeedHammer (are they on #bitcoin #nostr ?).
it splits the Xpub into multiple parts.
E.g. 2 out of 3 multisig with 3-part Xpub, 1 share on each plate so also any 2/3 plates can recreate the Xpub.
You can safely deposit such a plate at a 3rd party and they have neither access to the addresses nor the keys.
My understanding is that you need all three parts for the Xpub to recreate it. That is because the multisignature address holding your 🌽 is derived from all three of them.
I'm 99% certain that I reinstated a backup test watch only wallet on Sparrow once, using only the descriptors from 2 plates.
are you a fellow SeedHammer user? 🫡
You need two or three for signature, but always need all three xpubs for map.
2 of 3