Treasury Management

Hardly a month goes by without someone making it into the news because a hacker managed to steal their private key. Just last month the billionaire investor Mark Cuban lost $870k worth of crypto because he downloaded and used a compromised version of MetaMask. And earlier that month the Australian crypto casino Stake made it into the news for losing $41.6 million worth of crypto, which has been attributed to a private key leak.

Managing private keys can be tricky, even more so when multiple parties are involved, as is often the case with organizations managing treasury wallets. There are a couple of common solution for securing treasury funds that organizations tend to utilize these days.

Multi-sig Wallets

The Ethereum and BSC blockchains currently don’t have a built-in concept of multi-sig wallets, so multi-sig wallets on these chains are implemented as smart contracts. While the exact implementation may differ, a multi-sig wallet contract is usually created with a set of participants, and some threshold value that indicates how many of the participants have to approve each transfer from the multi-sig wallet. Each participant has their own private key that they must use to approve transfers from the multi-sig wallet, and it is the responsibility of each participant to secure their private key.

For example a 2/3 multi-sig wallet would require each transfer of funds from the wallet to be approved by at least 2 of the 3 authorized participants. If one of the 3 participants gets lost in the Amazon jungle and is never heard from again the remaining 2 participants can still move funds from the multi-sig wallet. On the flip side if one of the participants gets hacked and the hacker obtains their private key the hacker would not be able to unilaterally transfer funds from the multi-sig wallet.

Multi-sig wallets on Ethereum have a pretty good track record, Gnosis Safe is probably the most well known open-source multi-sig wallet solution, and they’ve streamlined the multi-sig wallet creation so it’s a relatively straightforward process. The main drawback of multi-sig wallets is that each of the authorized participants has to approve the funds transfer by submitting an on-chain transaction, which can get expensive and slow during times of high-congestion on Ethereum.

MPC Wallets

Secure multi-party computation (MPC) has been an active field of research in cryptography since the early 1980s. The basic concept is that two or more parties can jointly compute the output of an arbitrary function, without sacrificing the privacy of their respective inputs. What this means in practice is that it’s possible to generate a private key for a wallet and then split that key into two or more parts. Each of the participants authorized to access the wallet will need to securely hold one part of the key, but no one will have access to all the parts, so a single participant cannot unilaterally move funds from the wallet. When the participants wish to transfer funds from the wallet they have to use an MPC protocol to sign a transaction in a distributed manner without ever reconstructing the original private key.

While MPC itself isn’t a new concept, MPC wallets have mostly been utilized by organizations, which tend to use solutions built by the likes of Fireblocks or Blockdaemon. The general public has had a fairly limited exposure to MPC wallets thus far, though that’s likely to change with Coinbase launching an MPC-based wallet.

Our Approach

We’re currently using an in-house wallet service to manage transfers from the LOOM treasury wallets, this service runs on a secure server on an internal network with no access to the internet. Each wallet managed by the service has a unique private key, but similarly to MPC wallets each key is split into multiple parts as soon as it’s generated, and the full key isn’t stored anywhere. The key parts are distributed to the authorized parties within Loom Network, and are securely stored on devices issued specifically for this purpose.

Any transfer from the treasury wallets has to be authorized by multiple people using their own parts of the wallet’s private key. With that in mind these are the steps required to transfer any funds from a treasury wallet:

1. An authorized person signs into the wallet service from their designated device and creates a new transaction proposal. The proposer must provide a suitable nonce, and gas price themselves.
2. The proposer asks the other authorized parties to review the proposed transaction.
3. Each reviewer signs into the wallet service from their designated device, reviews the transaction details, and approves it.
4. As soon as a sufficient number of authorized parties have approved the transaction the wallet service retrieves the key parts from the devices of the people that authorized the transaction, and reconstitutes the private key from its parts just long enough to sign the proposed transaction. At this point the service generates what’s commonly known as an offline signed transaction.
5. The proposer copies the signed transaction generated by the wallet service and submits it to Ethereum or BSC.

Future Improvements

We’re planning on migrating to a full fledged MPC-based solution that generates signed transactions without ever reconstituting the private key from its parts. This will allow us to do away with offline transaction signing, and allow the authorized parties to approve transactions from anywhere in the world. At the moment we’re still evaluating the available open-source and institutional solutions.

Loom Network is building a Metaverse platform backed by an ecosystem of public blockchains to allow developers to create unique Metaverse experiences with blockchain-backed digital assets, virtual items and NFT-based privilege systems. A key part of this platform is our Basechain network — already live in production, audited, and battle-tested.

New to Loom? Start here.

Want to stake your LOOM tokens so you can earn rewards while helping secure Basechain? Find out how. You can also save a bunch in transactions fees by staking LOOM from Binance Smart Chain, more on that here.

Got experience running Linux servers, and interested in running a Basechain validator node? Reach out to us in our Telegram channel and we’ll tell you all about the current requirements.

Would you like to join us in building the core infrastructure of the blockchain-powered Metaverse? We’re always on the lookout for good Golang, Solidity, and Javascript/Typescript developers, so please email us at hiring@loomx.io if you’re interested.