Chia Blog

Chia Signer, Multi‑Signature Custody, and Real‑World Safety: Part 1

by Justin England

As digital assets become more prevalent and represent more value, the threat landscape around custodying, protecting, and using those assets continues to expand. We’ve moved beyond simple malware and phishing. Criminals increasingly target people, not just systems, through coercion, extortion, kidnapping, and “$5 wrench attacks.” In the last 24 months alone, dozens of headlines have demonstrated examples of attacks on holders of large crypto wallets, and of people or the families of people, known to trade in large volumes of blockchain assets. In particular, the rise in direct violence to key holders, in the form of home invasions and kidnappings is something we’re actively tracking at Chia. 

With this series, I intend to provide a perspective that is based on experience about the risks and issues facing security, and the challenges and necessary diligence required to meet regulatory compliance, protect employees, and mitigate risk. 

Currently we mitigate these risks by using secure locations and partners to manage the physical custody of keys with coordinated access for the people doing the signature work. We believed this to be the safest possible solution. Unfortunately, the truth is that a single private key with the ability to move funds instantly remains a mortal safety risk for individuals and teams alike. This pattern changes fundamentally now that we have the Chia Signer Application available.

So how do we solve this challenge? Must the custody and movement of digital assets always be dangerous? Not necessarily. We believe the combination of Chia Vaults and the Chia Signer App provide the most protection and safety for those with digital assets.  

With policy driven multi‑signature custody (along with clawback and timelocks), Chia Vaults and the Chia Signer App shift the balance of power back to defenders. The Chia blockchain’s architecture makes this offering unique, enabling protections at the protocol level, not by add‑on contracts or custodial services. Everything that a vault smart contract executes to keep you and your assets safe, takes place on layer 1, directly peer-to-peer (all rules are evaluated on chain at the base layer, by peers), without any surface area to inject central control on censorship into your workflows. 

Because of my specific role at Chia, the guy in charge of both digital and physical security, I see the gaps in other solutions as glaringly, dangerously obvious. I’ve first-hand experience, as we secure a few bitcoin wallets and other crypto assets as part of our treasury. The delta of the risk profile for the solution securing the prefarm (our last gen solution, not even Chia Vaults yet) and other blockchains is massive. So much so that our custody protocols for everything outside of the Chia ecosystem mandate armed guards or firearms to protect those in custody of these keys. 

The next few pieces I’m writing will deep dive on the account model, its flaws, why we use the coinset model, and how that works in practice with our Chia Vault and Signer technology.