Use multisig, and use a form of multisig that allows you to prove to the world that you're using multisig.
I've done some consulting for exchanges/custodians holding very large sums of money, and I'd never approve a non-multisig-scheme. Security is hard enough as it is. Heck, with EC crypto there's always a chance that something just goes wrong due to a random bitflip and a nonce is reused, revealing your private key. Having multiple devices signing off on a transaction makes that (very) rare scenario not fatal.
It's a good start for them and must be encouraged. Your critic make sense but you have to understand these people are not that sofisticated yet, and they also said that they will evolve overtime.
A single sig wallet is a good first step foward better than no wallet at all to very. If I am not forgotting the Satoshi coins are also stored in similar addresses I think public not multi sig
This is a fund traded on the public stock market. They have a fudiciary duty to protect those funds in any way possible.
If they get hacked, it'll give the SEC the reason they need to ban Bitcoin permanently. Not to mention the turmoil it will cause across the financial sector.
My point is that at least they make the 1st step in proof of reserve that will force Blackrock to also do. The correctness you guys are argueing about are somewhat important but not urgent. Saying these types of addresses are bad is also saying Bitcoin is bad. Again the Satoshi coin are all publicly available to see from similar addresses and never got hack for 15years now so what's your point? Yes they need to upgrade to multisig but when they feel confortable with it, you have to remimber multisig is also complex and more likely to lose the wallet backup and keys therefore lose all the coin together.
Many or most -- AFAICT -- big custodians who are likely using actually-physical-hardware-based HSMs use legacy addresses rather than HD wallets. Possibly there exists already battle-tested software that is shared or shopped around in this sphere.
Its just weird to me that they wouldn't use the most economically incentivized address type. Do you think they're using Shamir secret sharing too? You think ANY fucking custodian out there actually follows the glacier protocol?
wisedecision