It is alarming to discover that Bitwise Asset Management is safeguarding a staggering half a billion dollars in Bitcoin with just a single private key. Indeed, the proof-of-address provided for their ETF, while laudable for its transparency, has revealed that the funds are managed with a single-key single-signature P2PKH address (starting with ‘1’). This revelation of inadequate and insecure custody practices is deeply concerning.

The gravity of this situation is magnified by the fact that Coinbase, a major player in the cryptocurrency industry, is providing such a suboptimal custody solution, further supported by Hoseki, and the Bitwise CTO even openly boasts about it.

This raises serious questions about the security standards within the cryptocurrency custodial space. Is this the same custody setup provided by Coinbase to BlackRock and other ETF issuers? Why is Grayscale Investments, the largest ETF with tens of billions dollar in Bitcoin, unwilling to provide proof-of-reserves?

The need for multi-signature custody with proof-of-reserves

For better security, multi-signature (multi-sig) should be used, preventing a single key, and therefore potentially one single actor, from controlling the funds. Additionally, multi-sig provides a level of redundancy: e.g., in a 2-of-3 multi-sig setup, the loss of one key of the three existing ones does not affect the control of funds, for which two signatures are enough and can be obtained with the other two keys.

Morever, for better transparency, proof-of-reserves should be preferred to proof-as-address: the latter only ensures that the funds are on a given address, but they could be lost forever if the associated private key(s) has(have) been lost. Proof-of-reserves, instead, proves the control of the private key(s) securing those funds.

Concerned about the security of the Bitcoin ETF ecosystem, CheckSig volunteers to offer to all ETF issuers, completely free of charge, a proper multi-signature proof-of-reserves custody solution. No reasons to settle for inferior solutions.

CheckSig is a crypto industry pioneer, being the first and currently the only custodian to provide public proof-of-reserves since 2020. Moreover, our custody protocol is public, offered as open standard, providing all stakeholders with a clear understanding of our security measures.

Learn more about our custody protocol and proof-of-reserves

TradFi standards can help too

Crypto can provide an impressive level of transparency, but audit and insurace guarantees are standards used in traditional finance that strengthen the crypto custody process.

Proof-of-address and proof-of-reserves cannot prove that the assets are enough to cover the liabilities. To achieve proof-of-solvency, proof-of-reserves should be combined with proof-of-liabilities. Unfortunately, a reliable cryptographic proof-of-liabilities is complex, always partial, hardly verifiable by clients and auditors. As a matter of fact, all known privacy preserving approaches do not provide easy independent verification for non-technical users.

Therefore, to ensure maximum transparency and accountability, a proof-of-liabilities is better delegated to external auditors. As example, bitcoins proved by proof-of-address or proof-of-reserves could have been borrowed from a third party to temporarily cover losses. Only an off-chain external auditor can detect this kind of shenanigans.

External auditors have been providing CheckSig with SOC1 Type II and SOC2 Type II attestations since March 2022, a milestone achieved before Coinbase obtained similar attestations. It is not clear or public what kind of attestations are required by ETF issuers and their custodians. Hopefully, the Security Exchange Commission will ensure that custodians are not manipulating proof-of-address or proof-of-reserves and ETF issuers are producing genuine matching proof-of-liabilities.

Last, but not least, insurange coverage can provide additional safety to a custody process: e.g., our insurance coverage is backed by a triple-A rated insurer, reinforcing our dedication to safeguarding assets. What kind of insurance has been obtained by the ETF issuers? To which degree they enjoy the insurance coverage of their custodians?

Some technical details for geeks

Admittedly, behind a single-signature P2PKH address (like the one used by Bitwise) there might be a Multi-Party Computation (MPC) setup. MPC combines multiple cryptographic secrets to reconstruct a single signing key at signing time, emulating a multi-sig setup. Compared to multi-sig, MPC is inherently lacking in security and accountability as it ultimately relies on a single key to control the funds. As such, while MPC can provide multi-sig emulation for coins without native multi-sig support, it is suboptimal for Bitcoin.

Even for coins like Ether, based on the Ethereum Virtual Machine (EVM) and without a native multi-sig support, a more secure approach would use smart-contract emulation of multi-sig, as this setup involves multiple and distict keys. So, at least for Bitcoin and EVM coins, MPC is to be considered an inferior solution adopted by lazy service providers taking shortcuts with a one-size-fits-all approach for every coins.

As last note, it has been noted that the P2PKH address used by Bitwise/Coinbase is also an old inefficient technical standard and people have been advocating for Taproot. Taproot’s privacy is good for users, not for a custody service that should be transparent; Taproot provides multiple ways (tap-leaves) to move the coins: when using one of them, the alternatives remain unknown and might hide weaknesses. A transparent custody requires multi-sig P2WSH; even Taproot with public tap-leaves does require a harder off-chain audit compared to the simpler on-chain audit for multi-sig P2WSH.

Caveat emptor

Proper understanding of crypto-asset security standards being rare, auditors and regulators have been paying little attention to them. Wise investors can rely only on their ability to assess custody solutions and discriminate among providers. CheckSig is provably providing state-of-the-art crypto custody.

Post Scriptum (February 15, 2024)

The Bitwise address has upgraded to SegWit P2WPKH. Shame on Bitwise and Coinbase for this security theatre: P2WPKH is still single-key security, i.e., unsecure single-sig or suboptimal MPC. If tech knowledge would be common, they would be both out of business.