rogerwilko (OP)
Newbie
Offline
Activity: 14
Merit: 2
|
|
February 22, 2019, 05:32:45 PM |
|
So I am hoping I can get some advice for a change. My "day job" is trading FIAT, not only for myself but also for clients. For the past couple of months, I have been persuading a couple of clients to "invest" in bitcoin and Ether and basically HODL. So the idea is I trade FIAT as normal, at the end of the month, when I would usually transfer the funds to their bank accounts, I buy BTC and/or ETH, instead, and transfer to their wallets.
These aren't small amounts that will be deposited each month, for one client it could be anywhere between 10-20 BTC per month or 350-500 ETH per month, so I need to be able to make sure they are secure. I have thought about hardware wallets (Ledger/ Trezor) which I use myself BUT I just don't think they are the best solution for non-technical people.
So, I would like your opinion on my solution to this. For bitcoin use a multisig Electrum Wallet. The client holds 1st co-sign part on his computer and I hold the 2nd co-sign on a computer that never links to the internet, so effectively its an ice cold wallet.
For Ether I thought of using GNOSIS for the multisig wallet. To be honest, though I have only played around with this wallet on the Rinkeby testnet, so looking for advice on what people make of it (i,e how secure is it that funds cant be locked like with the Parity Multisig wallet a couple of years ago)
Now the likelihood is one client will only ever need to use the co-sign wallet maybe once per year (he plans to HODL long term) whereas a second client might want to move funds around and have cosigned transactions monthly.
This cosign option seems (in my head) to work equally well for both clients.
I already have a PoA (power of attorney) if anything happens to me, they can get their funds back, so I can just add a codicil covering the Private Keys etc - and have those stored in a Safety Deposit Box, so I am not worried about that. I want your opinion on the method I am looking to implement and whether you think its a good option.
Persuading traditionally conservative clients to dip their toe in the crypto water, has/is a hard uphill struggle even though there are huge benefits for them, I just want to make sure I have covered all the bases and I am offering them a solution that is the "best in breed"
Obviously, its something I can charge my clients for, but that's not a motivating factor,, it's about keeping my clients BTC/ETH secure.
I would really appreciate any comments/suggestions.
|
|
|
|
odolvlobo
Legendary
Offline
Activity: 4494
Merit: 3402
|
|
February 22, 2019, 06:50:25 PM |
|
2-of-3 multisig is a good solution. You hold one key and your client holds two, one of which is kept in a secure location. This setup prevents anyone with your key as well as anyone with only one of the client's keys from stealing the coins. This setup requires both you and your client to approve any movement of the coins, though the secured key ultimately gives the client full control over the coins if they need it. These people can help you: https://thirdkey.solutions/
|
Join an anti-signature campaign: Click ignore on the members of signature campaigns. PGP Fingerprint: 6B6BC26599EC24EF7E29A405EAF050539D0B2925 Signing address: 13GAVJo8YaAuenj6keiEykwxWUZ7jMoSLt
|
|
|
magneto
|
|
February 22, 2019, 11:19:39 PM |
|
Wait - if you are transferring them their BTC by the end of each month, why do you need to hold funds for them? I'm terribly confused.
But if you do need to hold funds for them, I think that they will obviously appreciate control over their funds to the fullest possible extent. Multisig in this instance could certainly work.
I still think that a hardware wallet should be discounted. I don't think that it's that technical intensive given ledger/trezor's intuitive UIs. In this case, you'd only have to worry about sending the BTC to the correct address at the end of each month, instead of actually holding a key in a multisig. They would have full responsibility of securing the BTC which I don't know if they would be comfortable with. Please do correct me if I got your scenario totally wrong.
|
|
|
|
pooya87
Legendary
Offline
Activity: 3626
Merit: 11010
Crypto Swap Exchange
|
|
February 23, 2019, 03:25:52 AM |
|
you don't need to store cryptocurrencies "for" clients because unlike fiat, transferring cryptos is easier, fast and a lot cheaper. and that would be also a lot safer. since you already claim it is to "buy and hold" then you must ask for their addresses and pay them right away. then it is their responsibility to learn how to properly secure their coins. if i were you i would worry about more important matters such as getting involved with altcoins that can get dumped hard since they are pump and dumps even though they may seem like a big deal!
|
|
|
|
elda34b
|
|
February 23, 2019, 03:43:14 AM |
|
I already have a PoA (power of attorney) if anything happens to me, they can get their funds back, so I can just add a codicil covering the Private Keys etc - and have those stored in a Safety Deposit Box, so I am not worried about that. I want your opinion on the method I am looking to implement and whether you think its a good option.
I tend to believe you should not hold their key. As other mentioned, your clients only need to make an address and then you can simply tansfer the money there. If you want to make sure they can secure it, I suggest encourage them to educate themselves about bitcoin and etc. That should be able to potect their funds quite well.
|
|
|
|
rogerwilko (OP)
Newbie
Offline
Activity: 14
Merit: 2
|
|
February 23, 2019, 08:41:11 AM |
|
you don't need to store cryptocurrencies "for" clients because unlike fiat, transferring cryptos is easier, fast and a lot cheaper. and that would be also a lot safer. since you already claim it is to "buy and hold" then you must ask for their addresses and pay them right away. then it is their responsibility to learn how to properly secure their coins. if i were you i would worry about more important matters such as getting involved with altcoins that can get dumped hard since they are pump and dumps even though they may seem like a big deal!
Thanks for the response but where in my post does it mention other altcoins? I am not interested in shitcoins. Seriously though, my client really isn't interested in learning about bitcoin - that's why I made my post.
|
|
|
|
rogerwilko (OP)
Newbie
Offline
Activity: 14
Merit: 2
|
|
February 23, 2019, 09:03:09 AM |
|
Wait - if you are transferring them their BTC by the end of each month, why do you need to hold funds for them? I'm terribly confused.
But if you do need to hold funds for them, I think that they will obviously appreciate control over their funds to the fullest possible extent. Multisig in this instance could certainly work.
I still think that a hardware wallet should be discounted. I don't think that it's that technical intensive given ledger/trezor's intuitive UIs. In this case, you'd only have to worry about sending the BTC to the correct address at the end of each month, instead of actually holding a key in a multisig. They would have full responsibility of securing the BTC which I don't know if they would be comfortable with. Please do correct me if I got your scenario totally wrong.
I don't want to be responsible for their seed words. Plus I need a safety net in case my client ( who isn't technically minded) gets phished or dodgy browser extensions or malicious software on his computer ends up stealing his coin. I know using a hardware wallet its unlikely BUT.. I guess I am saying I don't trust my client to keep his seed words safe for himself and want to make sure there is another step required to move his coin. he isn't technically minded enough to deal with firmware updates etc etc. One of the big factors for this to work, is to minimise any work required for him. It needs to be simple and straightforward from his perspective, even if its more technical behind the scenes I have been working with one client for over 5 years, and we have a great trust relationship (and I earn a shit load of money for him and me) I wouldn't want to blow that trust (and him lose money/coin) just because he isn't technically minded enough to understand about keeping his seed words etc safe. (This is the type of guy who has his Black Amex card PIN written on the back of a photo in his wallet !!!!!)
|
|
|
|
buwaytress
Legendary
Online
Activity: 2982
Merit: 3691
Join the world-leading crypto sportsbook NOW!
|
|
February 23, 2019, 09:05:27 AM |
|
Wait - if you are transferring them their BTC by the end of each month, why do you need to hold funds for them? I'm terribly confused.
But if you do need to hold funds for them, I think that they will obviously appreciate control over their funds to the fullest possible extent. Multisig in this instance could certainly work.
I still think that a hardware wallet should be discounted. I don't think that it's that technical intensive given ledger/trezor's intuitive UIs. In this case, you'd only have to worry about sending the BTC to the correct address at the end of each month, instead of actually holding a key in a multisig. They would have full responsibility of securing the BTC which I don't know if they would be comfortable with. Please do correct me if I got your scenario totally wrong.
Exactly my thoughts. You want to advise your clients to buy and HODL. Please teach them to use their own wallets (ledger/trezor as magneto says, come on 5 minutes is all they need), I would recommend you charge them only to teach them how to use it, and perhaps to monitor their holdings using watch only, so you can provide full reports and updates. You don't want to diversify into custodial services, not if you're doing this on your own. Multisig is a workaround but I seriously don't recommend it - why do you need control over their funds? Seems like a drawback to me.
|
|
|
|
Tamilson
|
|
February 23, 2019, 09:25:52 AM |
|
And your clients agree on this? I mean if I am the client I won't permit this, I don't want there's someone that can interfere my account, though not totally but I'll be worried. I suggest encourage them to educate themselves about bitcoin and etc. That should be able to potect their funds quite well.
It's sad that they don't know the risk of it and just rely everything on OP, good thing OP seems trusted.
|
Happy Coding Life
|
|
|
Pursuer
Legendary
Offline
Activity: 1638
Merit: 1163
Where is my ring of blades...
|
|
February 23, 2019, 09:42:20 AM |
|
with the way you are describing your "clients" here it seems to me like you are dealing with a bunch of elderly incapable of making their own decisions while having money they don't know what to do with! which makes me wonder whether they should even be investing in cryptocurrencies in first place! you see one of the first things about bitcoin is the fact that it gives the person full control and if they give that up then why are they even bothering getting involved with bitcoin? there are less riskier investments out there.
|
Only Bitcoin
|
|
|
xWolfx
Member
Offline
Activity: 322
Merit: 20
Donating 10% to charity
|
|
February 23, 2019, 09:59:13 AM |
|
So far the comments are not understanding your point of view but i do.
The security online is a really tricky subject this days and they are paying you precisely for you to do all the learning and tests so they can be comfortable and just give the money they want to invest. I understand how VIP services work.
I personally don't think that you are on the wrong approach in that aspect since it's the nature of the service you provide, rich people moves different than everyone else and if they are not interested in learning about Bitcoin it's your responsibility to offer them a solution and you seem pretty good at it.
One thing you could do is when they have a determined amount of time(decided by your observations in their reactions with their assets inside Bitcoin or Ethereum) when they kinda notice how that kind of market work you could see if some of them is interested enough in learning and when the time comes, you can tell him/her that they can store a part of their coins inside a hardware wallet if they would like to use it for some transactions and one part for security.
They better know how unstable it is. The whole point of it is for any of them interested in learning more to do it. That is the kind of people with a lot of resources who can bring the market up.
That is just one idea for you to think about it. Your approach even when criticized is extremely good for Bitcoin's future and you better know that you're helping shape that future.
|
|
|
|
rogerwilko (OP)
Newbie
Offline
Activity: 14
Merit: 2
|
|
February 23, 2019, 10:21:11 AM Last edit: February 23, 2019, 10:49:32 AM by rogerwilko |
|
They are NOT going to learn or educate themselves about bitcoin. I am not going to teach them either. For the average Joe bitcoin is too technical, and for a HNWI he really isn't going to be interested in being technical. As I have said, he probably has someone dial numbers on his mobile for him.
|
|
|
|
NeuroticFish
Legendary
Offline
Activity: 3850
Merit: 6583
Looking for campaign manager? Contact icopress!
|
|
February 23, 2019, 10:23:37 AM |
|
I would really appreciate any comments/suggestions.
Your idea sounds pretty good, at least from Bitcoin point of view. Since your customers are not tech people and it's risky to handle the private keys, they can clearly see their funds based on the address, on any block explorer. So you can handle the keys as you think it's best. Because we talk about others' funds, a solution is 2-of-3 multisig, with key 1 at the owner, key 2 at you and key 3 in your testament. Or, if you are allowed to spend at any time, you can also have a copy of key 3.
|
|
|
|
rogerwilko (OP)
Newbie
Offline
Activity: 14
Merit: 2
|
|
February 23, 2019, 10:56:02 AM |
|
So far the comments are not understanding your point of view but i do.
The security online is a really tricky subject this days and they are paying you precisely for you to do all the learning and tests so they can be comfortable and just give the money they want to invest. I understand how VIP services work.
I personally don't think that you are on the wrong approach in that aspect since it's the nature of the service you provide, rich people moves different than everyone else and if they are not interested in learning about Bitcoin it's your responsibility to offer them a solution and you seem pretty good at it.
One thing you could do is when they have a determined amount of time(decided by your observations in their reactions with their assets inside Bitcoin or Ethereum) when they kinda notice how that kind of market work you could see if some of them is interested enough in learning and when the time comes, you can tell him/her that they can store a part of their coins inside a hardware wallet if they would like to use it for some transactions and one part for security.
They better know how unstable it is. The whole point of it is for any of them interested in learning more to do it. That is the kind of people with a lot of resources who can bring the market up.
That is just one idea for you to think about it. Your approach even when criticized is extremely good for Bitcoin's future and you better know that you're helping shape that future.
Thanks. I don't understand half of what you have written to be honest, its just words. As I said in the original post MOST clients will NOT be spending the coin, just HODL. I am not sure why I would have a hardware wallet & set up a co-sign wallet. That's just confusing, pointless and unnecessary IMO.
|
|
|
|
rogerwilko (OP)
Newbie
Offline
Activity: 14
Merit: 2
|
|
February 23, 2019, 11:08:32 AM |
|
I would really appreciate any comments/suggestions.
Your idea sounds pretty good, at least from Bitcoin point of view. Since your customers are not tech people and it's risky to handle the private keys, they can clearly see their funds based on the address, on any block explorer. So you can handle the keys as you think it's best. Because we talk about others' funds, a solution is 2-of-3 multisig, with key 1 at the owner, key 2 at you and key 3 in your testament. Or, if you are allowed to spend at any time, you can also have a copy of key 3. Why 2 of 3 multi-sig? What benefit does that have over 2 of 2 multisig? That's just adding an extra layer of effort and complications. Who would be the 3rd co-sign? Its just adding more potential cost and complication. No? The only benefit of using 2 or 3 that I can think of is in case my client loses his private key or seed words. But that would mean me being the custodian of the 3rd seed words or keys - which isn't problematic to store on a usb in a safety deposit box, but that would effectively give me full control over his wallet. probably not a major issue, but it's not ideal (perhaps) In that instance, I might as well just hold his coin on a hardware wallet on his behalf. Which again isn't ideal longer term, if I start doing this for multiple clients I have, I will end up owning and looking after a dozen or so hardware wallets for clients - hastag nightmare
|
|
|
|
rogerwilko (OP)
Newbie
Offline
Activity: 14
Merit: 2
|
|
February 23, 2019, 11:19:48 AM |
|
with the way you are describing your "clients" here it seems to me like you are dealing with a bunch of elderly incapable of making their own decisions while having money they don't know what to do with! which makes me wonder whether they should even be investing in cryptocurrencies in first place! you see one of the first things about bitcoin is the fact that it gives the person full control and if they give that up then why are they even bothering getting involved with bitcoin? there are less riskier investments out there.
Well my clients (no speech marks required) certainly aren't elderly nor incapable of making their own decisions. Honestly, they don't have the time nor inclination to give a fuck about crypto as you or I would. They are only interested in it from "this is the future of money" POV. They haven't made their millions ( and I do mean millions) sitting around looking at the finer details of something. Do you think they ask me on a daily or weekly basis how I trade for them? No they couldn't give a shit as long as the return is there. That's how these people operate. They PAY PEOPLE TO MAKE DECISIONS FOR THEM. Do you honestly think HNWI understands everything they invest in? HINT: THEY DON'T. That's the whole point. So yes they should be investing in Crypto, why, because I have advised them to. The discussion isn't about whether my clients should invest in btc or not. It's how I should manage that for them. I appreciate that you took the time to reply to my post, but I don't think you have grasped it.
|
|
|
|
NeuroticFish
Legendary
Offline
Activity: 3850
Merit: 6583
Looking for campaign manager? Contact icopress!
|
|
February 23, 2019, 11:49:36 AM |
|
Why 2 of 3 multi-sig? What benefit does that have over 2 of 2 multisig? That's just adding an extra layer of effort and complications. Who would be the 3rd co-sign? Its just adding more potential cost and complication.
The benefit of the 3rd signature would be that it can stay sealed somewhere for emergencies (your death). Again, it's 2 of 3. So you can use the 2 signatures in the way you use now and the 3rd is for the case one of the usual signatures gets out of reach.
|
|
|
|
rogerwilko (OP)
Newbie
Offline
Activity: 14
Merit: 2
|
|
February 23, 2019, 01:17:39 PM |
|
Why 2 of 3 multi-sig? What benefit does that have over 2 of 2 multisig? That's just adding an extra layer of effort and complications. Who would be the 3rd co-sign? Its just adding more potential cost and complication.
The benefit of the 3rd signature would be that it can stay sealed somewhere for emergencies (your death). Again, it's 2 of 3. So you can use the 2 signatures in the way you use now and the 3rd is for the case one of the usual signatures gets out of reach. But who would hold the 3rd co-sign? If I die (as I have already stated) there is a PoA. I am leaning more towards a 2 of 3 multisig - but more in case my clients lose their keys or seed words. But that would mean me holding 2 out of the 3 co-signs. Unless I set up a company specifically for this or have my lawyer be a co-sign for all of my clients too. That way a 2 out of 3 is the best solution maybe.
|
|
|
|
NeuroticFish
Legendary
Offline
Activity: 3850
Merit: 6583
Looking for campaign manager? Contact icopress!
|
|
February 23, 2019, 04:50:35 PM |
|
Yes, you need a 3rd party. Either you get in the position you can't sign (illness, death, whatever), either the customer lose his key (good point!). The 3rd party has to be somebody you and your customer has access to. The lawyer is a pretty good option.
|
|
|
|
squatter
Legendary
Offline
Activity: 1666
Merit: 1196
STOP SNITCHIN'
|
|
February 23, 2019, 06:03:12 PM |
|
The benefit of the 3rd signature would be that it can stay sealed somewhere for emergencies (your death). Again, it's 2 of 3. So you can use the 2 signatures in the way you use now and the 3rd is for the case one of the usual signatures gets out of reach.
But who would hold the 3rd co-sign? If I die (as I have already stated) there is a PoA. I am leaning more towards a 2 of 3 multisig - but more in case my clients lose their keys or seed words. But that would mean me holding 2 out of the 3 co-signs. Unless I set up a company specifically for this or have my lawyer be a co-sign for all of my clients too. That way a 2 out of 3 is the best solution maybe. There's no ideal situation here. You can do 2-of-2 and hope that your client never loses their key/seed, but if they lose them, the money is gone. You can do 2-of-3 where you hold two keys (in separate physical locations to prevent compromise) and your client holds one, but this effectively places the funds in your sole custody. That raises liability issues if the funds are ever stolen. You can do 2-of-3 where you hold one key and your client holds two (in separate physical locations) but again, this opens the possibility that your client has his keys/seeds compromised. Whatever you do, I would avoid any liability in case things ever go awry. You don't want to be on the hook for a 20 BTC loss. You could also consider an institutional custody service like Bitgo. I'm not sure exactly how their setup and pricing works but lots of services use them for multi-sig storage.
|
|
|
|
|