Read on Twitter
The news about $Sushi being migrated and implementing multisig is a hot topic right now.
But what is multisig exactly?
A THREAD (and a little story!)
But what is multisig exactly?
A THREAD (and a little story!)
1/ In 2017/18 I was blessed to be part of a team who were heavily involved in undertaking Fundamental Analysis for high net worth individuals and later institutional investors.
2/ At that time it mostly involved studying ICOs for safety, viability and potential returns.
As time went on more institutional investors were approaching us to advise on whether there was a path to them being able to get exposure to crypto markets.
As time went on more institutional investors were approaching us to advise on whether there was a path to them being able to get exposure to crypto markets.
3/ Unsurprisingly, the concerns that the “smart money” has before investing are very different to us lowly retail (yep, the “dumb money”) investors.
4/ Some of the major concerns were:
- Security
- Asset chain of custody
- Legal and tax issues
As a team we had a wide range of skills and backgrounds.
From Technical, VC Advisory, Hedge Fund analyst, and well known market participants.
- Security
- Asset chain of custody
- Legal and tax issues
As a team we had a wide range of skills and backgrounds.
From Technical, VC Advisory, Hedge Fund analyst, and well known market participants.
5/ We ended up partnering with a couple of security firms; one of whom does on chain analysis for 3 letter agencies and another who set up a security consultancy after leaving his position as head of the Red Team for a major world power.
6/ I’ll never forget sitting in a room, watching this guy “live hacking” a random laptop someone had supplied.
It took literally less than 3 minutes between him sending an infected PDF attached to a spoofed email that the person opened on their machine
It took literally less than 3 minutes between him sending an infected PDF attached to a spoofed email that the person opened on their machine
7/ (and which passed all virus checks) and he had full control - all files, keystrokes, webcam - everything.
8/ The things that most people think are only possible in movies are not only possible but probably even crazier in real life.
9/ Through this process I came to learn that according to these experts the majority of the exchange “hacks” occurring over that period were in fact inside jobs, not outside hackers, despite the narrative being presented.
10/ The majority of these inside jobs broke down into bad actors (people inside the organization who purposefully stole funds) and social engineering (a method of getting close enough to insiders to get access to sensitive information).
11/ It was during this period when the market was exploding and hacks were happening regularly that many exchanges started to implement multisig security on their assets.
What is Multisig?
What is Multisig?
12/ It is short for “multi signature” and it a method of signing crypto transactions that requires more than one signature for the transaction to be submitted to the blockchain.
The most well known version of this is called “M-of-N”.
The most well known version of this is called “M-of-N”.
13/ The M represents the minimum number of signatures required, the N the total number of valid signatories.
A simple form of this that many people are probably used to seeing is joint bank accounts.
A simple form of this that many people are probably used to seeing is joint bank accounts.
14/ When the account is opened you are generally able to choose whether 1 person alone can withdraw funds (M-of-N of 1/2) or both signatures are required (M-of-N of 2/2)
15/ These “signatures” can be assigned to different people, different institutions or even different devices (just as when using Google Authenticator you need both a password and passcode from the app, an m-of-n of 2/2)
16/ What are the advantages of Multisig?
The main advantage is to remove the issue of having a single point of failure.
The more signatures required, the less likely it is funds can be stolen by compromizing only one person, or one device.
The main advantage is to remove the issue of having a single point of failure.
The more signatures required, the less likely it is funds can be stolen by compromizing only one person, or one device.
17/ In recent times Multisig has been increasingly written into smart contracts
For example, many of the DeFi projects have mutlisig wallets for things such as the Dev allocation, meaning that M-of-N of the holders must sign a transaction allowing a release of the tokens within
For example, many of the DeFi projects have mutlisig wallets for things such as the Dev allocation, meaning that M-of-N of the holders must sign a transaction allowing a release of the tokens within
18/ This is a form of project governance that is still in its relatively early stages, and time will tell how it plays out in the long term in the markets as a small group of people are trusted to act on behalf of all token holders.
