reply on: How do Organizations Self-Custdy their sats stash? \ stacker news ~bitcoin

pull down to refresh

5 sats \ 7 replies \ @DarthCoin 12h \ parent \ on: How do Organizations Self-Custdy their sats stash? bitcoin

Just use any wallet app that support multisig. Nunchuck, Liana, Electrum, Sparrow, Specter, Bitcoin Safe and so on... There are quite some (no, I didn't write a guide about that because are already a lot of guides).

I found @Andreasgriffin work with his Bitcoin-Safe #939847 a really interesting project.

For using LN is a bit more difficult. So a business with many employees managing funds, they will have to delegate / trust somebody to do the daily payments over LN if is necessary. But that you can "fix it" easily with a LN sub-account (LNbits, AlbyHub, NWC etc) and give them limited access to the whole node funds. For daily LN payments you don't really need multisig, it will be a hell of job, but for onchain cold reserves, I think is a must, especially when more people must access those funds.

Please from now on refer to my github page with guides. The substack one is not updated anymore: https://darth-coin.github.io/beginner/be-your-own-bank-en.html

21 sats \ 6 replies \ @supratic OP 12h

for onchain cold reserves, I think is amust, especially when more people must access those funds.

That's what I'm talking about, especially when in the organization there are changes of directors or other possible threats to the cold reserve. It is a hell step learning curve for those that focus on doing and managing business, Especially if until yesterday they were relaying on banks to keep their funds safe. Today they can do themselves, not easy t learn how, especially if there isn't much guidance and documentation on it

0 sats \ 5 replies \ @DarthCoin 12h

Yes, is not easy do manage the funds. I saw it myself in that company, where were 3 managing directors and a financial director.

But as you very well mentioned my guide, they must change the mindset and THINK like a bank. Keeping that 3 levels stash scheme is a must (cold, cache, spending).

0 sats \ 4 replies \ @supratic OP 12h

3 level of security make sense and should be used by everyone, 100% on it. On the cold-storage level, do you think there should be any change in the process when setting up a 3-of-2 vs a 7-of-10 multisig? With process, I mean security practices before and after the multisig setup.

41 sats \ 3 replies \ @DarthCoin 12h

Keep it simple. Think about practicality when is about to sign a tx. Why would you need 7 keys to sign ? Oh you want to be sure that at least 3 signers are available from 10 (maybe most of them are in vacation and cannot sign), then ok, make 3 of 10. But having 7 people to sign for a damn tx is too much and you complicate it enormously.

Also keep in mind that signing an onchain tx will be rarely, only when massive amount must be moved from a long term cold storage into a CACHE level. All the rest must be in the CACHE level, where medium managers/signers can deal with smaller amounts and less important multisigs or singlesig.

0 sats \ 2 replies \ @supratic OP 10h

Keep it simple make sense, but a 2-of-3 can't apply or satisfy to all cases. How do you see multisig applied at different levels, for both cold storage, transactional and cache?

The cold storage with a 2-of-3, will always be predominantly receiving predefined UTXO let's say at 0.1BTC (only if the business is profitable obviously). A transactional account could have another 2-of-3 multisig to manage extra expense but also receive payments bigger payments from clients. And a third cash level to where, as you suggested, medium managers/signers can deal with smaller amounts and less important multisigs or singlesig.

Would this setup decrease risk of exposing the cold storage and distribute assets and responsibilities following the merkle tree each organization already has?

45 sats \ 1 reply \ @DarthCoin 9h

You can apply this scheme on many different levels you need or your business flow request it. It's up to you how you organize the size of the levels.

That's why is important to have a cache level (mid-level) where somebody is doing all the management and funds allocation.

To reduce the risk, the best way is to compartmentalize the access, if you have more people managing at daily basis the funds. I learned this when I worked as IT systems guy in a bank, long time ago (that's why also my guide is named "think like a bank).

Multiple wallets, on multiple levels, with different access level. Is not easy, I know, but you are limiting a lot the leaks and losing funds.

The income txs is simple: always use xpubs (read-only wallets). In this way, anybody without signing keys can manage the accounting without having any option to move them (or steal).

view all 1 replies