reply on: How do Organizations Self-Custdy their sats stash? \ stacker news ~bitcoin

pull down to refresh

0 sats \ 5 replies \ @DarthCoin 13h \ parent \ on: How do Organizations Self-Custdy their sats stash? bitcoin

Yes, is not easy do manage the funds. I saw it myself in that company, where were 3 managing directors and a financial director.

But as you very well mentioned my guide, they must change the mindset and THINK like a bank. Keeping that 3 levels stash scheme is a must (cold, cache, spending).

0 sats \ 4 replies \ @supratic OP 13h

3 level of security make sense and should be used by everyone, 100% on it. On the cold-storage level, do you think there should be any change in the process when setting up a 3-of-2 vs a 7-of-10 multisig? With process, I mean security practices before and after the multisig setup.

41 sats \ 3 replies \ @DarthCoin 12h

Keep it simple. Think about practicality when is about to sign a tx. Why would you need 7 keys to sign ? Oh you want to be sure that at least 3 signers are available from 10 (maybe most of them are in vacation and cannot sign), then ok, make 3 of 10. But having 7 people to sign for a damn tx is too much and you complicate it enormously.

Also keep in mind that signing an onchain tx will be rarely, only when massive amount must be moved from a long term cold storage into a CACHE level. All the rest must be in the CACHE level, where medium managers/signers can deal with smaller amounts and less important multisigs or singlesig.

0 sats \ 2 replies \ @supratic OP 10h

Keep it simple make sense, but a 2-of-3 can't apply or satisfy to all cases. How do you see multisig applied at different levels, for both cold storage, transactional and cache?

The cold storage with a 2-of-3, will always be predominantly receiving predefined UTXO let's say at 0.1BTC (only if the business is profitable obviously). A transactional account could have another 2-of-3 multisig to manage extra expense but also receive payments bigger payments from clients. And a third cash level to where, as you suggested, medium managers/signers can deal with smaller amounts and less important multisigs or singlesig.

Would this setup decrease risk of exposing the cold storage and distribute assets and responsibilities following the merkle tree each organization already has?

45 sats \ 1 reply \ @DarthCoin 10h

You can apply this scheme on many different levels you need or your business flow request it. It's up to you how you organize the size of the levels.

That's why is important to have a cache level (mid-level) where somebody is doing all the management and funds allocation.

To reduce the risk, the best way is to compartmentalize the access, if you have more people managing at daily basis the funds. I learned this when I worked as IT systems guy in a bank, long time ago (that's why also my guide is named "think like a bank).

Multiple wallets, on multiple levels, with different access level. Is not easy, I know, but you are limiting a lot the leaks and losing funds.

The income txs is simple: always use xpubs (read-only wallets). In this way, anybody without signing keys can manage the accounting without having any option to move them (or steal).

21 sats \ 0 replies \ @supratic OP 9h

This start making much more sense, at least bank have though us something!