How do the wealthiest bitcoin holders secure their bitcoin?
Originally published on the Unchained blog.
If you want to hold a large amount of bitcoin securely, it makes sense to investigate how the wealthiest bitcoin holders handle this task. While wealth doesn’t cause infallibility, these entities have the most to lose from making a mistake. They should be highly motivated to put substantial thought and research into the security of their bitcoin.
Identifying the wealthiest bitcoin holders can be difficult, and asking them to reveal the full details of their security is unlikely to be successful. However, the bitcoin blockchain provides us with some valuable information. The transaction history and balances of all bitcoin addresses is publicly-available knowledge.
What information can we gather?
If an entity (person or group) owns a lot of bitcoin, it’s possible that they keep their bitcoin spread across many different addresses, each with a smaller-sized balance. Those addresses wouldn’t necessarily stand out from the crowd. In some cases, it’s impossible to associate different addresses with the same wallet or owner. In other cases, association between addresses requires blockchain analysis, often relying on advanced techniques and assumptions which are not guaranteed to provide accurate information.
Although it’s challenging to definitively identify the wealthiest entities in terms of bitcoin, and precisely how much bitcoin they own, it’s trivial to identify the wealthiest bitcoin addresses. There are a few websites that track these addresses in real time. The nature of these addresses can provide a lot of clues about how the bitcoin is secured.
For example, if you are familiar with address types, you’ll know that any address that begins with a “1” is a P2PKH address, and therefore must be a singlesig arrangement. Similarly, any address that begins with “bc1q” and has a length of 42 characters is a P2WPKH address, and must also be a singlesig address. Bitcoin held by one of these address types isn’t utilizing multisig protection. Using SSS or MPC would be the only way to achieve institutional-grade security, as discussed in our article covering thresholds.
Meanwhile, any address that begins with a “3” is a P2SH address. Any address that begins with “bc1q” and has a length of 62 characters is a P2WSH address. These address types have the possibility of utilizing multisig. However, only after bitcoin has been spent out of these addresses will the custody structure be revealed. Some P2SH addresses are actually singlesig, a structure that was temporarily popular while SegWit was being initially adopted. Therefore, if one of these address types has never been spent out of, the custody structure is unknown.
Looking at the data
Let’s take a look at the 81 addresses which each hold more than 10,000 bitcoin, as of January 30, 2024. Altogether, these addresses hold more than 2.5 million bitcoin.
*Likely lost
**Not using MPC
Out of these 81 addresses, at least 6 of them are holding bitcoin that is likely to be lost (179,302 BTC). Those addresses were created by their owners in 2010 or 2011, when bitcoin had a much smaller value and was not taken as seriously as it is today. Five of those six addresses have never been spent from, and the other one made its last withdrawal in July of 2010.
The remaining 75 addresses use a variety of custody structures. Let’s break it down:
As explained in our article discussing institutional-grade threshold security, it’s likely that the 53 singlesig addresses are using either SSS or MPC. Two of the addresses, however, are unlikely to be using MPC, because they were created before 2018, when the first-ever MPC threshold protocols for ECDSA were invented. It’s possible that these addresses are using SSS instead.
The 16 addresses that we know are using multisig have all been spent out of, and in doing so they have revealed their specific quorum structure. There is a wide assortment of quorums:
4 instances of 3-of-5
3 instances of 2-of-3
2 instances of 2-of-2
1 instance of 3-of-9
1 instance of 4-of-8
1 instance of 3-of-8
1 instance of 4-of-6
1 instance of 3-of-6
1 instance of 2-of-6
1 instance of 3-of-4
The 2-of-2 quorums stand out as the only quorums in the list which don’t offer inherent protection from single points of failure. While a distributed 2-of-2 multisig can protect against theft, it requires other methods to protect against loss (such as each key using distributed SSS or MPC shares). You can read more about how different quorums protect from theft and loss to varying degrees, in our broader multisig article.
Conclusions
After looking at the data, at least one thing is clear. Among the owners of the wealthiest bitcoin addresses—some of whom include the biggest cryptocurrency exchanges and even the U.S. Department of Justice—there is no consensus on the best method to secure bitcoin.
Some of these entities use multisig addresses, with typical quorums like 2-of-3 and 3-of-5, but there are several unusual quorums as well. Many entities use singlesig addresses, which could be utilizing SSS or MPC. The details surrounding SSS or MPC threshold quorums are never publicly recorded on the blockchain, limiting the extent of this investigation. It’s possible that some of these singlesig addresses are not employing any threshold security at all, which would mean that certain stashes of bitcoin currently worth more than $400M are notably under-secured.
As we covered in a recent article, multisig always has a higher security ceiling than singlesig. When a singlesig address is used (as is the case with at least 70% of the addresses holding more than 10,000 BTC) there is a missed opportunity for additional security. While singlesig does provide some benefits for spending convenience and transaction fees, one might expect these benefits to be less important than security, for an entity holding bitcoin worth millions or billions of dollars.
The truth behind why singlesig addresses are so commonly found at the top levels is unclear. It may amount to a lack of education, or a historical lack of products and services leveraging the combination of SSS and MPC alongside multisig. Luckily, Unchained has pioneered a simple path to access these combinations, unlocking the highest levels of security obtainable. For private wealth and enterprise clients, we offer a vault product built with a foundation of multisig, and keys that can be spread amongst institutional key agents. Each of these key agents can deploy their own threshold security using SSS or MPC. Book a free consultation!