Question for the masters of self custody around here. Let's say I do a 2 of 2 multisig with my HWW and a phone wallet like BlueWallet, and in a few years BlueWallet gets hacked or turns evil or ceases to exist. Can my seed I created in BW be recovered in a different software wallet that has the same multisig functionality?
Discussion
Yes. It should work with any software wallet which supports your seed phrase (most probably support the BIP-39 seed you’ll likely have generated)
I personally would also recommend 2 of 3 multisig, as you wouldn’t even have to worry about this potential issue. 2 of 2 just seems like having to keep track of double the seeds and double the hardware wallets, for very marginal security benefits.
Remember, you’re much more likely to lose your own keys then you are to have them stolen or hacked.
This 100%. More #bitcoin lost than stolen by a mile. 2 of 2 increases your chances of losing your bitcoin. 2 of 3 reduces your chances of losing while also providing protection against kidnapping or stolen devices.
I am planning on a 2 of 3 distribution of my seed phrases to cover loss. See my other reply for the whole plan.
I was thinking 2 of 2 sigs, but still having a 2 of 3 distribution of my seed phrases between myself and two trusted family members in different locations for recovery. If one is stolen they won't have enough information and I can still recover from the other two.
The reason I'm thinking 2 of 2 sigs is because I would only need one HWW. If I did 2 of 3 I would need to get a second HWW to be sure there weren't enough keys that connect to the internet. I could have my Passport and BlueWallet on my phone as the two signers. The passport ensures the airgap and BW makes access convenient. My only concern was if either becomes inaccessible and I have to recover with a different software if I'll still be able to.
You could technically do 2 of 3 multisig using just one hardware wallet and one hot wallet.
Use the hardware wallet to generate the first seed, copy that seed onto paper or metal, then delete it. Then use the hardware wallet to create another seed, and leave that one on the wallet. Then use your third hot wallet provider and you’re good to go.
You could sign transactions with your hot wallet and your hardware wallet as 2 of the 3 keys, but if something happened to one, you would still have the third key which the hardware wallet also generated as backup.
I’m not a big multisig fan in general, and I think one hardware wallet with multiple secure seed backups in geographically dispersed locations is good enough for 99.9% of people. 2 of 3 is still much better than 2 of 2 because with 2 of 2, if you lose one key or have one key destroyed, you’re done. You’ve just lost all your coins. That risk is very serious and decently likely to occur for most people, irregardless of their technical abilities.
Hadn't thought of generating a second seed on the same device. Smart.
Don't you need another trusted party for a total of 4? Then you would have 2 backups of each seed, only 1 at each location.
I would divide my 24 words into groups of 16 like this:
Party 1: words 1-16
Party 2: words 9-24
Party 3: word 1-8 and 17-24
Or groups of 8 for a 12 word phrase.
Boom. 2 of 3 recovery plan.
If someone has 16/24 of your words, or 8/12 of your words, your seed could (fairly) easily be brute forced.
Also, if you have 2/2 multisig, wouldn’t you have 48 words, or two sets of 24?
In which case I suppose you could distribute those words across multiple 3rd parties the same way you did here, but you be subject to the risk of
1. Someone losing their set making your coins impossible to access
2. Two of the holders colluding and putting the words together to steal your coins
If you’re really set on having a third party help you with multisig, why not use a company like Unchained? Make a 2/3 multisig setup where you have a HW wallet, a Hot wallet, and they have the third key in their custody product? It has trade offs too, but at least it would be a professionally managed solution which fits your wallet needs and isn’t overly complicated.
Damn hadn't thought about brute force either. I definitely don't want to be brute forced, so I will not divide my seed in that way.
The reason for having family members do it is because I trust them enough not to collude. I am close enough with them that I know they wouldn't try to screw me like that. If I ever have doubts in the future I can just move my stash.
I'll look into unchained, but I would like to "keep it in the family" if I can. It's not only a recovery plan, but also a way for them to recover my coins if something were to happen to me. I'm sure unchained has that covered too, but this is also a good way for me to teach them something about Bitcoin.
My plan is to provide both of them with a sealed will/recovery document containing instructions on how to recover my Bitcoin together if needed. If the document were to get lost or stolen I would immediately move my coins and create a new setup. I will make it clear to them that if something happens to it they will need to let me know right away.
I guess I will do a 2 of 3 and have each of us hold a different key.
You’re doing the right thing by thinking through your security and setup now, rather than later (or god forbid not at all). I also can respect wanting to keep it in the family - I do the same, and I think part of life is learning to trust some of the people you care about with some level of responsibility.
I wish you all the best in your journey and hope you find a good setup which works well for you. There are lots of good resources to help you (podcasts featuring #[5], #[6], #[7] have huge amounts of useful and valuable information) and tools will only continue to improve into the future. Safe stacking! ⚡️
Thank you 🙏
Yep. But don’t trust verify. Get another wallet and load your seed in to prove it. Then you will know for sure and can sleep at night. Don’t trust verify
Use the seeds from your HW wallet and export the xpub to a software wallet not the other way around