Self custody strategies for small volunteer orgs with rotating staff? \ stacker news ~bitcoin

pull down to refresh

Self custody strategies for small volunteer orgs with rotating staff?

1987 sats \ 26 comments \ @SimpleStacker 23h bitcoin

I'm on my church's finance committee and I'd be interested in exploring getting the church to accept bitcoin donations.

I need to have a good understanding of how custody is going to work, and the associated risks.

I am thinking a 2 of 3 multisig setup where the senior staff pastor (a paid employee of the church) holds 1 key, and two elders (laypersons not paid by the church) hold the other keys.

A tricky thing is that the lay elders rotate every 6 years. So every 6 years, one elder is going to have to pass the keys to a new one.

Would it make more sense to create new keys for the new elder, and move the bitcoin to a new 2/3 multisig address instead of transferring the old keys?

A second question is regarding the tech stack. Having never done this before, I don't know what wallets and key storage solutions would be best for this kind of thing.

Would you recommend that each key holder have their own hardware signer?
What wallet software would work best for this? Sparrow?

Lastly, thoughts on whether self custody even makes sense. I imagine that as it gets started, the amounts will be small. Would it make more sense to simply use a custodial lightning wallet to start?

view all related items

232 sats \ 2 replies \ @optimism 17h

I am thinking a 2 of 3 multisig setup where the senior staff pastor (a paid employee of the church) holds 1 key, and two elders (laypersons not paid by the church) hold the other keys.

Who handles the fiat?

A tricky thing is that the lay elders rotate every 6 years. So every 6 years, one elder is going to have to pass the keys to a new one. Would it make more sense to create new keys for the new elder, and move the bitcoin to a new 2/3 multisig address instead of transferring the old keys?

Yes. NEVER give a key to someone, because then 2 people know it. Rotate the keys, move the funds.

Lastly, thoughts on whether self custody even makes sense.

Yes, brave new world.

0 sats \ 1 reply \ @SimpleStacker OP 16h

Fiat is handled by a finance elder (always a layperson) and a finance committee (also laypeople). Only a handful of people have the ability to make payments from the bank account, but it does not require multisig. So I do think for bitcoin a single sig setup should be fine to start with.

30 sats \ 0 replies \ @optimism 16h

Only a handful of people have the ability to make payments from the bank account

(A subset of) these same people would be your targets to hold keys.

So I do think for bitcoin a single sig setup should be fine to start with.

That puts all power with one person. Think about 1-of-n if you're operating on trust (and transparency, because bitcoin)

57 sats \ 5 replies \ @DarthCoin 23h

I'm on my church's finance committee

Be their LN bank. Tools that you can use easily with sub-accounts

LNbits
Lightning.Pub
Alby Hub

Multisig with elders = recipe for getting rekt, they don't know where they put their car keys and you want them to use multisig? hahahaha

0 sats \ 4 replies \ @SimpleStacker OP 23h

Be their LN bank.

Do you have an article on this idea?

I think adoption might be lower if we start with lightning instead of on-chain, since on-chain is easier for most people to understand

But an even bigger problem is knowledge transfer. When I roll off a leadership position, someone else is going to need the knowledge to take over. But I guess they can be trained.

Multisig with elders = recipe for getting rekt, they don't know where they put their car keys and you want them to use multisig? hahahaha

This is a legitimate concern. Though elders =/= elderly (elder is almost just a term for board member, and most of the elders are in their 40s/50s). But I think lost keys would be a significant risk.

30 sats \ 2 replies \ @DarthCoin 23h

Do you have an article on this idea?

This is an advanced guide, but you can simplify it just with running an alby Hub or Lightning.Pub. Super easy to install and manage. Not even need to be a public node.

Alby Hub and Lightning Pub works perfectly fine on any simple PC. Not even need to open ports etc. Buy some channels liquidity and done. Once you fill up the channels, swap out using any swap service. Alby Hub already have integrated swaps.

Make some sub-accounts and connect their phones apps with NWC to that node. Done. No complications. Client Apps you could use with NWC: Alby Go, Shock Wallet, Zeus and some others.

But I guess they can be trained.

yes, take the younger and smarter one and train it.

0 sats \ 1 reply \ @softglitter2d 22h

Question right there, is Rizful an alternative for those kind of projects? Also seems very easy to run

76 sats \ 0 replies \ @DarthCoin 22h

Nope. Rizful yes is easy, but is custodial and do not offer a way to create sub-accounts. OP wants to have like a LN bank, not just a node, offering some wallets to its users, but somebody knowledgeable to be in control.

Rizful is good for something else:

0 sats \ 0 replies \ @senf 21h

Mormons call people Elder at 18 years old. 😆

30 sats \ 3 replies \ @Car 23h

cc @Ge

330 sats \ 2 replies \ @Ge 21h

I would recommend probably yourself to be an over watcher or the keys till a system is developed the 2 of 3 sounds good 👍 not hard to make at all the problem is ever 6 years new people..I'd think u have to switch up the wallet every time which might now be a bad thing better security practices? First just get them moving into self custody get it in the churches possession first then explain how to use to trusted folk

25 sats \ 1 reply \ @SimpleStacker OP 21h

I'm sort of leaning towards a single-user managed model for now, only moving to multi-sig after the amounts are larger and/or people become more technically proficient with bitcoin

130 sats \ 0 replies \ @Ge 20h

Yeah better things will come out as time goes on and thats noble of you as a trusted member of the church who isn't leaving why not u especially if ur "tech savy" this is why we created a physical space Alamo Labs in San Antonio to be a trusted source not leaving here to stay. I want to be the bitcoiner I wish I had when I was new. There's several ways u could do it could even give 1 person 1 thing each wallet the login the microsd if airgapped and u keep the keys idk so many options how'd u get them on board or u doing it for them until they come around?

30 sats \ 0 replies \ @ihatevake 15h

Another good idea would be to maybe use degrading timelocks, now available in Nunchuk or Liana wallet, so that if one of the keys is lost, after a period of time, the remaining keys can move the money.

30 sats \ 3 replies \ @BeeRye 22h

just start with something way simpler, like a lightning address setup with rizful or something, imo. Then, graduate to something more complicated if the need arises, but don't start with multi-sig, especially if they are not experienced with how bitcoin keys and wallets work.

55 sats \ 2 replies \ @SimpleStacker OP 22h

I think the thought behind multisig was to make it harder for a single person to steal all the funds. But when I looked at other aspects of the church finances, multi-sig sign-off is not required for other types of (fiat) spending. So there's definitely an assumption of trust already built in, so maybe it's fine to use single sig / single user managed LN node for now.

30 sats \ 1 reply \ @BeeRye 20h

you can go single sig but have multiple people with access to the xpub. That way if some bullshit is going down, people will know as you can see everything going on in the wallet.

55 sats \ 0 replies \ @SimpleStacker OP 20h

Yeah I think that's the way to go at first.

85 sats \ 1 reply \ @DarthCoin 22h

adding a joke here, just for fun

nevent1qvzqqqqqqypzp0snrmscpdh9fppzccqy6089llmc42vt2klu5fc2frlrlhl3ptmuqqs026dsn394zj9nadmnfq50qh6vmy3m0c5a85tvlkemxwnnhpnajrsjyef5n

0 sats \ 0 replies \ @SimpleStacker OP 22h

Actually met a 70 year old who lost 2+ BTC because of this kind of scam

0 sats \ 2 replies \ @Solomonsatoshi 21h

All you need is for the pastor to be trusted and for him to learn how to set up Electrum cold storage. A view only version of the cold wallet could be available to all church members/public even. A Bitcoin Treasury seems a reasonable step as Bitcoin is far more consistent with the Bibles (frequenly ignored) prohibitions upon usury but why do you need LN? What use cases are there for actually spending Bitcoin by the church? And in what way will you account for and pay taxes due on capital gains when spending sats to comply with taxation? If you really want/need LN capability then again maybe need to trust the pastor to operate it.

6 sats \ 1 reply \ @SimpleStacker OP 21h

A Bitcoin Treasury seems a reasonable step as Bitcoin is far more consistent with the Bibles (frequenly ignored) prohibitions upon usury

Without commenting on usury specifically, part of my desire is to help the church members understand why bitcoin is a better money more consistent with biblical principles.

What use cases are there for actually spending Bitcoin by the church?

There aren't, but it's a better savings vehicle than cash and bonds which are the only assets we currently hold.

And in what way will you account for and pay taxes due on capital gains when spending sats to comply with taxation?

Our church is exempt from taxes so we don't have to worry about that

30 sats \ 0 replies \ @Solomonsatoshi 21h

So given there are no use cases for spending all you need functionally is a cold wallet on L1 for Treasury. Electrum can potentially provide that without any third party HW gadget required. https://electrum.readthedocs.io/en/latest/coldstorage.html https://itsfoss.gitlab.io/post/how-to-install-linux-os-on-usb-drive-and-run-it-on-any-pc/

Great if you can increase understanding of how usury has become embedded into our entire monetary system via fiat money. Unquestioning acceptance of debt slavery via fiat money has been almost universal and is a great thing to try to overcome.

0 sats \ 1 reply \ @Solomonsatoshi 21h

Don't you trust the pastor of your church?

10 sats \ 0 replies \ @SimpleStacker OP 21h

We do, but we also practice good governance, recognizing that individuals are fallible and imperfect. For example, the pastors don't have direct access to the records of giving of church members, and they don't set their own salaries.

0 sats \ 0 replies \ @spiderman 11h

Brave venture, but the way I am thinking, if those custodians are totally clueless (fiat normies) when it comes to Bitcoin, never handled their own sats or not much clue about what exactly those keys represent, is it a smart choice to trust them with the key management?

M of N custody setup is great, but should not you choose those N based on their trustworthiness and also whether they are already managing their own sats (in some capacity)?