We released the Liana wallet nearly a year ago, finally allowing for recovery, inheritance and safer (timelocked!) backups for bitcoiners. But with all these users, came feedback and questions we didn’t have a perfect answer for. Here are some of these recurring doubts:
Self custody risks
I’m just scared of self custody, I don’t trust myself enough. But I also don’t want to be rug-pulled!
For many users, using a custodian is their “peace of mind”. One less thing to stress about. But the reality is that these custodians are security risks: not your keys, not your coins! Can we give them the best of both worlds?
What if i need to run away, and don’t have time, or CANNOT, travel with anything on me.
This one is much more extreme. Brain wallet are cool, but also risky… and not everyone has the time, means or will to set up secure geo-distributed backups.
Inheritance users
Will my family manage to recover my coins, by themselves? Are the coins lost if they don’t figure it out?
Until now the answer was to have an extra recovery option (after the inheritance key), maybe with a solicitor or other trusted party. Fine, but not good enough for many users. We also have the inheritance package where we offer technical support to the family, but that’s assuming we will be around when the time comes, that we speak their language, etc.
What if I die… in 20 years? What if they lost their backup?
People move, things get lost, misplaced, et caetera. Maybe the backup(s) will be destroyed, who knows. Or maybe impossible to get access to, for a reason or another.
Corporate users
We want self-custody, but only if it comes with true disaster recovery.
The default choice for most corporates is to go for the biggest custodians: someone else to blaim if something goes wrong. While we don’t hear much about companies losing everything, the trend sadly is to keep their treasury at a 3rd party. ETFs, company treasuries, mining pools and mining farms… very few have control over their coins! They are too afraid of taking the blame if something happens.
Dispute resolution, for example against deadlock: directors cannot agree, funds are locked
This is very important for any company with significant bitcoin holdings in proportion to the rest of their assets. If a dispute arises and funds end up being stuck or locked, it is important to have a dispute resolution mechanism. While this can be done easily by adding a recovery path with keys held by the board, some companies might prefer using the outcome of an arbitration or corporate court.
These are very good points and definitely should be answered better than “well, you need to be more careful with your backups”. In the fiat world, when something is considered unacceptable to lose, we insure it. It’s not a protection against loss per se but against an eventuality. Bitcoin is scarce though and its price still fluctuates a lot. Insuring it might be doable given significant effort (shout-out to our friends at Anchorwatch working on this), but we believe preventing loss fixes the problem by itself.
We want people to feel good about self custody. To not be scared. Even when your set up is as good as it gets, you sometimes wonder “is it still there? Can I still access my backups? Do they work?”. And so the answer is quite simple: add a last resort option, in case everything else fails. This is the Safety Net.
Safety Net - the ultimate protection against loss
Ultimate as in last, not as in perfect. Safety Net allows a Liana user to add a custodian key (or a multisig of custodian keys) that will only become valid AFTER all their other recovery options have failed.
You can build a pretty advanced Liana set up like (arrows represent delayed activation timelocks):
“My key” -> “My recovery key” -> “My family inheritance key” -> “Safety Net”
where it would be extremely unlikely for your funds to ever require the Safety Net activation, but it’s still there instead of facing a catastrophic loss (= losing your coins). I suppose the most likely use-case is inheritance, where the family either lost or cannot manage to recover the wallet themselves: instead of panic and despair, they can just wait a little longer and claim the funds back when the Safety Net key becomes valid. Of course, it’s also a very attractive value-proposition for users who currently use custodians: they can now become sovereign without fear. Safety Net will be there for them, just in case they actually lose their keys and backups. Like an insurance policy, but with their own coins.
A closer look: where does the Safety Net key come from?
Wizardsardine does not touch funds, or key, ever. We are not the provider of the Safety Net, we don’t want to deal with the regulator. We are a Bitcoin security company, not a financial firm. Instead, we are building a marketplace of custodians who can provide keys to our users. While in early access, our current default provider is Hodling, a Swiss Bitcoin company. We are welcoming any legit custodian, from any jurisdiction, to join. Please reach out!
The Safety Net keys are generated offline and stored in actual cold storage until needed, if ever. They are professionally safe-kept, and cannot access your funds (they are timelocked) as long as you use the wallet.
Going further, next steps
The most obvious first step is to have enough providers to offer different redundancy and security options to the Safety Net clients. Having a multisig of providers, of your own choice, and without them even knowing about each-other is the number 1 priority. Up to you to decide if you just want redundancy in case some of them disappear over the years (1-of-3 maybe?), or if you want more security against a provider trying to steal the money (2-of-3?, 3-of-5?).
Second important step is more privacy. Taproot-miniscript was just added to Liana in v5.0, and this will allow to hide the recovery paths entirely. Your Safety Net providers won’t know anything about your UTXOs, about your other recovery paths, and about other Safety Net providers. Pretty cool heh?! Also, it will make every spend the same price as a normal transaction, the number of recovery paths and keys won’t impact transaction costs.
Then we can finally open the marketplace as it should be: letting each provider set their own price, security tiers, and recovery options (KYC or not, in person or not, etc).
For now though, we are open for business with early access pricing, MUCH cheaper than custodian and semi-custodian solutions out there, and safer. Safety Net add-on