Open in app

Sign in

Write

Sign in

Unchained Capital Verification as of September 2020

Don’t Trust. Verify. What’s in your vault?

Vicarious Drama
Coinmonks
Published in
8 min readSep 28, 2020

--

by @vicariousdrama

644428–648834

Introduction

Unchained Capital describes itself as a bitcoin native financial services company offering collaborative custody multisignature vaults and loans for bitcoin holders.

Unchained Capital has a YouTube channel where they cover some of the capabilities of their service from a marketing and user perspective. This article enumerates features I tested in September 2020. A lengthier 50+ page version of these results exists which I may post as a separate article. At the very least, reading through the bullet points may give you an idea of what to look into when verifying these features for your own needs.

Within, you’ll see ✔️ indicators for a feature that was verified, and ⬜ which indicates a feature that should be available, but I did not verify as I lack sufficient testing hardware to do so. There were no failures.

The presence of ⚠️ is used to alert you to aspects you should be aware of should you choose to use Unchained Capital that may represent privacy concerns, bugs or possibly confusing aspects.

The Test Bed

For this testing, I’ve used only Trezor One and Ledger Nano S. According to the website, they do not support Coldcard at this time. Most testing is done through the web browser using Chrome or a Chrome derivative (e.g. Brave). In some instances I used Electrum and Caravan. All testing is done on mainnet/production.

Website Signup and Privacy Concerns

✔️ I was able to create an account with username, password, email, and phone

⚠️ To create a vault (or a loan), more KYC information is needed (first and last name, date of birth, photo identification, address information)

⚠️ Website calls are made to the following fully qualified domain names

⚠️ Common to all multisig providers, Since Unchained Capital needs the xpubs for devices to facilitate creation of transactions and derivation keys, they can see all transactions associated with the wallet(s).

Vault Creation

✔️ The derivation path used for all keys by default is m/45'/0'/0'.

✔️ You can specify a custom derivation path. For example m/45'/0'/1'.

✔️ Setup Key with Ledger Nano S.

✔️ Setup Second Key with same hardware wallet (Unchained Capital does not recommend doing this)

✔️ Setup Key with Trezor One

✔️ Setup Multisig Wallet (Vault #1) using 2 devices

✔️ Setup Multisig Wallet (Vault #2) using 1 device but 2 different derivation paths (Unchained Capital does not recommend doing this)

⬜ Setup Key with Ledger Nano X

⬜ Setup Key with Trezor Model T

⚠️ Dependence on third party website without dead link or content verification

⚠️ Keys that you create don’t “remember” what type of device they are associated with. This is left up to the user for all future transactions and may result in confusion.

Verifying Receive Addresses

✔️ Can verify Ledger Nano S has ownership to address

✔️ Can verify Trezor One has ownership to address

✔️ Premade Backup File with important details to recover wallet

⚠️ Full Derivation path has a depth of 6 which is nonstandard.

⚠️ Unchained Capital doesn’t automatically see transactions it didn’t broadcast

⚠️ Unchained Capital will recommend reuse of the same address for deposits

⚠️ Unchained Capital effectively has a gap limit of 0 and only appears to monitor the current deposit address, while skipping already used addresses

Caravan

✔️ Wallet file is compatible with Unchained Capital’s Caravan product

⚠️ Default BIP32 path in Caravan doesn’t match Unchained Capital default scheme

Electrum

✔️ Can setup, sign, and send transactions using Electrum

⚠️ Wallet file can not be directly imported into Electrum (but easy to convert)

Signing Transactions

✔️ Able to prepare transaction, sign, and send funds to another address

✔️ Send dialog permits nearly full control over the fee rate

⚠️ Fee rate must be greater than 0 and less than 1000 sats per byte.

⚠️ Send dialog link for Fee Estimator goes to https://bitcoinfees.earn.com, an external website, that does not consider recent blocks, but days as a whole.

⚠️ Send dialog has no way to specify amount in satoshis. Recall sats are at 8th decimal place

⚠️ Send dialog permits an amount with more than 8 decimal places but does validate before allowing you to move next

⚠️ Unchained Capital doesn’t monitor more than the current address

⚠️ Wallet will only reflect balance based on the current address

⚠️ No UTXO management when there are multiple addresses with a balance

⚠️ Links for reviewing transactions are all external to https://blockstream.info with no ability to define your own node

⚠️ All transactions prepared through the web interface are broadcast through Unchained Capital servers, with no ability to define your own node

⚠️ Transaction ID is not revealed until after broadcast

⚠️ Vault will skip addresses that have a transaction associated but wont include in overall balance

⚠️ Must wait until a transaction is confirmed before beginning another transaction in a vault. This can be problematic if a low fee transaction is never included in a block. To resolve, do RBF using external wallet software.

⚠️ Vaults with pending deposit transactions cannot send (withdraw or transfer) funds until the pending deposit is completed. This is a possible denial of service attack vector.

Key Replacement

✔️ Able to create a new replacement key

✔️ Able to mark a key as lost or compromised needing replaced

✔️ Steps to walk through transaction work to reuse remaining key parts.

✔️ Able to replace a key with a new key on a vault.

✔️ Unchained Capital facilitates the key rotation incrementing the “account” or 4th of 6 position in the derivation path automatically

✔️ Prevented from re-creating the same key for a key actively in use

✔️ Prevented from re-creating the same key for a key marked as compromised

⚠️ Fees for moving funds to new key set cant be set

⚠️ No clear way to verify address that funds will be sent to (Though I wrote about how to do this in the article here: https://medium.com/coinmonks/address-verification-when-changing-keys-for-unchained-capital-vaults-268005e7563e)

⚠️ List of replacement keys includes keys that cannot be used for replacement.

⚠️ List of replacement keys is not sorted by name or creation date.

⚠️ Unable to replace a key while the vault has an unconfirmed transaction. This is a mixed result, but could result in denial of service on pending inbound transactions

⚠️ Unable to spend funds while the vault is being swept from key replacement.

Performing Health checks

✔️ Able to perform a Key Health Check

✔️ Verified website shows when a health check was last performed

✔️ Verified that health check on incorrect device does not trigger success.

Signing Transactions with Unchained Key

✔️ Able to setup a transaction that requests signing by Unchained

✔️ Able to control amount and fees of transaction being setup

✔️ Verified that Unchained signed the transaction

✔️ Able to control broadcast of signed transaction

⚠️ Not certain whether I owe Unchained $20 for signing the transaction and how that would be paid. Not integrated in web application. — As a follow up, Phil indicated that they are not yet charging for this service.

Managing Vaults

✔️ Able to create multiple vaults.

✔️ Able to mark a vault as closed.

✔️ A closed vault cannot be reopened.

✔️ Verified that Unchained doesn’t permit initiating new transactions from a closed vault.

✔️ A closed vault can be renamed

✔️ According to Unchained Capital, you can have an unlimited number of vaults

⚠️ Closed vaults remain in the list of vaults.

⚠️ By default, vaults may be sorted by the generated ID instead of name

Trust Minimized External Recovery

✔️ Able to import the generated wallet into Caravan

✔️ Able to see address history on the wallet with UTXOs

✔️ Able to create new transaction for sending

✔️ Send transaction gives full control over address, fees, amounts

✔️ Send transaction supports manual control of individual UTXOs to spend from

✔️ Each step of the transaction gives raw hexadecimal which can be verified externally

✔️ Signing with hardware devices supports the Trezor and Ledger devices I used previously.

✔️ The transaction can be fully signed and prepared for broadcast

✔️ The tool is capable of broadcasting the transaction

Website Account Management

✔️ Verified ability to change my account password

✔️ Verified ability to logout/login on website and app with new credentials

Conclusion

Unchained Capital provides a useful collaborative multisig service that is driven from their website and can dovetail into their loan product. While KYC is unnecessarily high, privacy is generally not at top of mind for any collaborative multisig product.

The greatest strengths of Unchained Capital are that they put excellent effort into the Trust Minimized External Recovery through their Caravan project. In addition, its easy to adapt for use with Electrum wallet.

There are several points within the application that I hope get improved, most notably guidance on verifying addresses, UTXO management, and ability to have more then one address being monitored at a time. Given the dearth of emails received, I wish there was a way I could toggle those off in account settings.

I recommend anyone considering Unchained Capital to do their own due diligence in testing the setup, and periodically reverifying as the service may be updated over time. It is critical that users always capture the external spend info anytime they create a new vault or replace a key. The derivation paths along with their device seeds, and the unchained capital xpub on the vault is essential to recover.

To reiterate — Do Not Trust what I have written in this article.

Verify it for yourself!

Use the information as you see fit as a jumping off point to run through your own scenarios based on your personal threat model.

Also, Read

Cryptocurrency
Multisig
Verification
Bitcoin
Ledger

--

--

Vicarious Drama
Coinmonks

Written by Vicarious Drama

32 Followers
Writer for

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams