Current Method:
At Pocket Rockets Casino we have a system for securing funds in wallets that differs quite a bit from other gambling sites.
The majority of funds, at least 90% of the total invested funds, are in a cold storage investors wallet.
There's also a hot wallet that has a small amount in it so people can have instant withdrawals.
Instant here can mean up to 1 minute if enough funds are available but if not then users can expect it to be less than 12 hours.
The main difference from other sites is deposits do not go to the hot wallet but a separate player funds wallet that is also in offline cold storage.
This was a choice I made about 2 years since if someone deposits 100+ Bitcoin I didn't want that to be in any hot wallet system.
This is a reason why the hot wallet can be short of funds more frequently. I thought it was a safer compromise.
The investors wallet and the funds wallet were both created using Armory on an offline computer.
Armory allows signing of transactions offline. Usually through USB but I wrote a program to do so via QR codes to be safer.
I wish they could build this in to the software.
Finally these wallets have an encrypted paper backup stored in multiple secure locations off premises.
This can lead to slow withdrawals of large amounts as I don't have easy access to funds.
New method:
The main reason for change is to have:
- Multi-sig wallets
- Multiple wallets with less funds in them
- Investors be signatories
I would want to continue using Armory for this. They support multi-sig via their lockbox feature.
The plan would be to have many multi-sig wallets with 5 signatories, 3 needed to sign a transaction.
Each wallet would have around 200-300 Bitcoin in it.
4 of the 5 signatories would be investors.
No 2 investors can be signatories of more than 1 wallet at the same time.
The signatories of each wallet will remain private, no players or other investors would know who has a key to any wallet.
Addresses would only be used once then a new multi-sig wallet would be created.
Steps to setup:
Bootup a Linux usb key on a new offline computer. Create an encrypted volume to install armory and generate a wallet.
View the paper backup root. Encrypt this and then write it down twice.
Ensure you can restore from this backup on a fresh boot.
Store this encrypted backup in 2 separate secure locations.
Store the encryption key in 2 other separate secure locations (not the same locations as the paper backup).
All investors who wish to be signatories would need to do the above steps.
I would then generate enough lockboxes (multi-sig wallets) to hold all funds with my own secure offline wallet.
Backup these lockboxes (no extra encryption needed)
Test restore of all these lockboxes on fresh boot.
Send each lockbox (it is a public object that cannot be used to spend funds) to the relevant investors to get them to add their signature via their wallet. I'd use qr code to get this off of the offline computer.
Send existing funds to these lockboxes.
Pros:
- More security
- Addresses are more anon if only used once.
- No single wallet has a huge amount of funds in it.
- No risk of site closing with investor funds.
Cons:
- No guarantee that investor followed the steps to secure their wallet used to sign lockbox.
- No guarantee that investor backs it up properly.
- Very unlikely but if 3 investors of the one wallet were to go awol then there's 200-300 Bitcoin lost forever?
- Risk of investors finding ways to band together and steal all funds from these wallets. Again unlikley but not 0% chance.
- Many wallets and investors needed.
- Investors need to use Armory.
What do you think of this method? Any major flaws or improvements?
Is it maybe better to do a totally different thing? Maybe not use Armory or not have investors as signatories?
Or instead use only a few of the top investors with fewer wallets?
If I have glossed over any details let me know and I'll clear them up.
Thanks