A huge security problem with Bitcoin wallets is they don't protect your funds if keylogging malware exists on your computer.

I recently launched a "cosigning as a service" company, TrustedCoin, to mitigate this threat.  The way it works is:

• User creates 2 different keys (on 2 different devices, if you want to be extra careful).
• TrustedCoin creates a 2-of-3 multisig P2SH address, where the user owns 2 of the 3 keys.
• When anyone tries to spend coins from this address, TrustedCoin will email and SMS the user with details of the transaction, and give the user time (say, 24 hours) to cancel before signing and broadcasting it.

So if your computer gets infected with malware, the worst it can do is spam you with spending attempts.  If this should happen -- or if TrustedCoin were to disappear -- the user can combine both keys and instantly transfer funds to a new address.

Is there anyone interested in integrating our cosiging APIs into Electrum?  We also offer a 70% rev share on all transaction fees (0.0005 BTC per transaction) to the wallet developer.

API Documentation: https://api.trustedcoin.com/#/docs

Reference web wallet implementation: https://api.trustedcoin.com/wallet

Reddit commentary of this product: http://www.reddit.com/r/Bitcoin/comments/1zhief/id_like_to_present_a_bitcoin_wallet_thats_safe_to/

Thanks,

Josh

A huge security problem with Bitcoin wallets is they don't protect your funds if keylogging malware exists on your computer.

I recently launched a "cosigning as a service" company, TrustedCoin, to mitigate this threat.  The way it works is:

• User creates 2 different keys (on 2 different devices, if you want to be extra careful).
• TrustedCoin creates a 2-of-3 multisig P2SH address, where the user owns 2 of the 3 keys.
• When anyone tries to spend coins from this address, TrustedCoin will email and SMS the user with details of the transaction, and give the user time (say, 24 hours) to cancel before signing and broadcasting it.

So if your computer gets infected with malware, the worst it can do is spam you with spending attempts.  If this should happen -- or if TrustedCoin were to disappear -- the user can combine both keys and instantly transfer funds to a new address.

Is there anyone interested in integrating our cosiging APIs into MultiBit?  We also offer a 70% rev share on all transaction fees (0.0005 BTC per transaction) to the wallet developer.

API Documentation: https://api.trustedcoin.com/#/docs

Reference web wallet implementation: https://api.trustedcoin.com/wallet

Reddit commentary of this product: http://www.reddit.com/r/Bitcoin/comments/1zhief/id_like_to_present_a_bitcoin_wallet_thats_safe_to/

Thanks,

Josh

My friend and I recently launched a service

https://api.trustedcoin.com/#/

and we're looking for feedback on how it could be made more useful.

Quick example of how it works, if you call:

Code:

curl --header 'Content-Type: application/json' --data-binary 
        '{"primary_key": "0345fb7c9a8eb70e9c83d5695cf6d93c5453ed83456badf166ebb77bf8b923e74f", 
          "policy": {
                       "type": "latency", "delay_in_seconds": 86400, "contacts": [
                                 {"email" : "joe.random@example.com"}, 
                                 {"sms" : "+14923922934"}]}}' https://api.trustedcoin.com/1/cosigner

We will give you a multisignature P2SH address with the following properties:

• You have one of the private keys, we have another, so any theft would have to compromise both our servers to succeed.
• When you ask us to sign a transaction from this address, we will alert "joe.random@example.com" as well as "+14923922934" and allow 24 hours to cancel the transaction.

Our goal is to make it easier to build secure Bitcoin applications by allowing people to express policy logic around how their bitcoins can be spent.

Please let us know your thoughts!

Thanks,

Josh