Avoiding Single Points of Failure (SPoFs) in digital asset management
Definition
In business and technology, a single point of failure (SPoF) is one flaw or malfunction in the design or operation that could lead to a catastrophic breakdown of the entire system and a subsequent loss of assets.
Types of SPoFs
Here are a few examples of SPoFs in managing cryptocurrency as an asset class, and just how detrimental the damages could be.
# Single physical storage: In 2013, James Howells accidentally threw away his hard drive containing 7,500BTC (worth US$246mil today). As you are reading this, he is still on the desperate and costly mission to retrieve the drive from the Newport, UK city garbage landfill using X-ray and AI technology.
# Single financial custodian: The world’s largest and perhaps most notorious crypto-platform hack to date is that of Japan-based Mt. Gox in 2014, where 850,000BTC were stolen from the exchange, leading to its bankruptcy. Victims have still been attempting to recover funds through litigation for years, even to this day.
# Single human treasurer: When Quadriga CX CEO Gerald Cotten allegedly died in 2018, his clients at the Canada-based exchange completely lost access to US$250mil in their accounts. As the sole treasurer, Cotten reportedly had made substantial transfers into his personal account prior to his death. It is but one example of many alleged ‘exit scams’, including last month’s disappearance of the Cajee brothers alongside US$3.6bil worth of crypto loss from Africrypt.
# Single information flow: In July 2020, France-based crypto-wallet Ledger database was hacked. The hackers subsequently released the information of Ledger’s 272,000 customers, subjecting them to subsequent fake wallet invitations.
In short, if you store your bitcoin using a single private key and lose it, you’d lose your coins. And if you leave them to a third party like an exchange or asset manager who exhibits any of the above SPoF pitfalls, you’d lose your coins.
Our solution
A direct solution to SPoFs is multisig technology. Multisig wallets like Nunchuk require signatures from multiple keys for access, effectively addressing multiple types of SPoFs, be it for individual or organisational usage. How so?
# Separation of duties: No single person could gain unauthorised access to the wallet with only one key. A corporate treasury using 2-out-of-3 multisig cannot be spent without the signatures from the two authorised individuals, e.g. the CEO and the CFO.
# Levels of redundancy: The presence of the back-up key(s) means that in the off-chance of the loss of one primary key, the funds could still be recovered safely. With a proper recovery SOP, the issue could be timely diagnosed and a new set of multisig keys is generated, ensuring business continuity.
# Audit mechanism: Nunchuk provides you with a complete audit and activity log for your wallet to uphold transaction transparency and integrity.
# Privacy protection: Ensuring the integrity of your in-app information and communication flow is essential in protecting your assets from data thefts. Nunchuk’s upcoming release will address this issue first-hand, so keep a lookout!
Give us a try!
Download the latest Nunchuk version and let us know what you think.
*About Nunchuk: Launched on October 31, 2020, our mission is to bring multisig technology to as many people as possible, and Nunchuk is the first step. Visit our website at https://nunchuk.io or follow us on Twitter @nunchuk_io.
