Bitcoin user Callum McArthur’s house was broken into last month, and the burglars stole his hardware wallet and recovery words which stored his bitcoin stack. However, even though the criminals managed to get away with McArthur’s devices, they didn’t know that the keys they took were part of a multisig setup. As a result, the burglars couldn’t spend one satoshi, and McArthur’s stack was left intact.
“You have to diversify your security for your most important investments, it’s extraordinarily important. And that’s exactly what multisig is doing,” McArthur said while sharing his story on the By the Horns podcast. “Otherwise you’re generally talking about 10 to 15 years of your hard labor…and the possibility of that all being gone…you’re not getting those years back. Don’t skip on security.”
McArthur used a 2-of-3 multisig service from Casa, a bitcoin services company, in which he held the majority of the keys and had Casa function as a backup provider. The company was central to helping him deactivate the robbed key and switch his setup to restore complete control over his funds after the burglary.
“Provided that I purchase myself a new Ledger, deactivate that previous key, sync up my new key with Casa…I can get back to using my Ledger and my phone,” he said. “It’s an easy process, they walk you through every step of the way.”
Despite protecting against burglaries, multisigs and physical separation of keys are essential to protect against another attack vector — $5 wrench attacks. In this type of attack, the criminal leverages cheap tools to torture a victim until they comply and reveal the passwords or keys to access the funds.
Last week, a tech millionaire in Madrid had his bitcoin stack stolen after a group of criminals invaded his house and forced him to hand over control to an online account, Newsweek reported, effectively stealing millions in BTC.