I am not a user, but I looked at their website just now. They look very similar to BitGo, and have a similar business model from an operations perspective.
They appear to be a new company, receiving only $2.3 Million in
seed money in March 2018.
Based on my reading and understanding of their website and documentation, you will use their App on your phone that serves as one of three signing keys to a 2-of-3 multi signature wallet. Two of the signing keys will be on a hardware wallet and on your phone. They will have the third signing key, but it is unclear how they sign any transactions for you.
I found some security practices I believe are bad reading their
FAQ-If you sign up for one of their paid plans, they will ship a hardware wallet from their office. Hardware wallets such as Trezors and Ledgers should be received directly from the manufacturer.
-Backups of signing keys intended to be on your phones App will be stored in the cloud:
The mobile key is stored within the secure enclave of your phone and encrypted with a another key from Casa.
Your encrypted mobile key is then uploaded to your iCloud or Android cloud account.
<>
This means we don’t have access to your private key in any way, but you can recover your key using your iCloud or Android account + the Casa app.
<>
Lost your phone? Don’t sweat it, you can recover your Mobile Key with Casa.
First get another phone. If you had an iPhone it needs to be a new iPhone. If you had an Android, it needs to be an Android phone.
Log into your iCloud or Android account on your phone. Log into Casa. Go to the mobile screen and select “recover mobile key”. The app will direct you from here.
I prefer to not have any backups stored on my iCloud account, even if encrypted.
-They instruct users to not keep backups of a hardware recovery seed:
DO NOT write down your seed phrase while setting up a Trezor with Casa multisig.
You should write down your recovery seed when generating a seed on a hardware wallet, and store it in a safe/secure location, preferably in a safety deposit box, or a fire safe in your house.
-They can restrict access to your money:
In the help tab you’ll notice a big red button that says Emergency Lockdown. Beginning at the Gold membership level, you have access to this feature. Press this button if you ever feel like you’re in a dangerous situation where your funds could be at risk. This will freeze any activity across your account indefinitely. Contact us to verify your identity & safety and we’ll unlock you within 48 hours.
I believe this to mean they have the ability to restrict your access to your mobile key available on their App. It does not appear they can access this key, but you will be unable to spend any coin if they restrict access to this key. They would still have access to the third key. This will leave you vulnerable to them restricting access to your mobile key unless you sign a transaction sending some coin to them with your hardware key.
My opinion is you are better off buying a hardware wallet to secure your coin. If you want to use a multi sig setup, you can buy multiple hardware wallets, from multiple manufacturers if you wish.
