How Casa's ethereum vault works
In the two weeks since announcing our plans to add support for Casa members to self-custody ethereum in addition to bitcoin, there has been much speculation about the implementation details. Some have asked about whether the addition of ETH negatively impacts the security of BTC held with Casa. In this article, we will discuss why that is not the case.
I understand that any change can be disconcerting when it’s related to one’s finances. To be clear, security is our top priority. As a technologist, I have studied cryptographic protocols for more than a decade, and I am confident in Casa’s technical approach to helping members secure private keys. We would never allow the addition of new functionality that required degrading the security posture of our clients.
At Casa, we are focused on providing a superior self-custody experience to our customers that is built upon a highly secure architecture for managing private keys. We are in the business of implementing established standards and best practices in our products to provide guide rails that helps folks avoid the many potential pitfalls inherent to being your own bank.
Casa’s ethereum vault will be based upon the same principles as our bitcoin multisig:
- Multiple keys
- Secured by multiple dedicated hardware devices
- Distributed across multiple locations
The biggest difference is at the protocol level, because bitcoin supports multisig natively in its scripting language, whereas ethereum does not. As such, a bitcoin multisig locking script looks like this simple one-liner:
The use of on-chain multisig with ethereum requires writing a more complex smart contract that can be interpreted by ethereum’s virtual machine. Casa is not in the business of constructing novel security mechanisms, “rolling our own crypto,” or writing smart contracts. I had a front-row seat to see BitGo implement its own multisig smart contract back in 2017, which was a lengthy and scary process.
As such, Casa will be using a well-vetted, battle-hardened smart contract that has been in use for four years and is currently securing billions of dollars worth of assets: the Safe contract. You can find the source code for this contract on Github.
Another key difference is that not all hardware manufacturers supported by Casa for BTC also support ETH signing. For our initial launch, we only expect Trezor and Ledger devices to be supported for ETH.
What if I don’t want to secure ETH?
If you have no need to secure ETH, then no action is required on your part. In fact, anyone who does want to make use of a Casa ETH vault will explicitly have to take action in order to do so.
This is because Casa does not control your keyset — by design, Casa cannot unilaterally spend or freeze your funds. Similarly, Casa is unable to complete the steps necessary to initialize an instance of the Safe contract that is tied to your keys without your approval.
How can I secure ETH with Casa?
Casa members who use Ledger and Trezor devices will be able to use the same hardware devices for both their bitcoin and ethereum vaults. If you want to create an ETH keyset then you'll have to activate your keys to perform the necessary actions to initialize a vault for that purpose. If your BTC keyset includes devices that don’t support ETH, you’ll need to acquire some new Ledgers or Trezors in order to complete the setup process for an ETH vault.
Is Casa a single point of failure?
No, we have architected our ETH product to conform to the same principles we established years ago when we began securing BTC.
However, this is not to say that a BTC wallet and ETH wallet are exposed to the exact same risks. For example, ethereum users are exposed to additional smart contract risks if they interact with contracts other than the Safe contract that Casa deploys on their behalf.
How does Sovereign Recovery work?
Similar to how Casa clients can access their bitcoin via non-Casa software, they will be able to access their ether via Safe’s web interface. Once your wallet is initialized, you will receive personalized, step-by-step instructions for how to conduct a recovery that does not rely upon Casa software or infrastructure.
Will I be able to store my stablecoins, ERC-20 tokens, or NFTs?
No, members will be able to secure only ETH and/or BTC at initial launch. We are working with members to gather feedback on their needs for other ethereum-based assets and use cases, and we will keep them informed about our plans.
What if I deposit a token Casa doesn’t support?
Casa clients will also be able to access unsupported tokens via Safe’s web interface.
Is Casa supporting Gnosis Chain or the $GNO token?
No, our use of the Safe contract is completely unrelated to the Gnosis Chain and token.
Will Casa expand support to other networks?
Security is a discipline predicated on forethought and precision. Our team will continue to monitor other protocols for opportunities that provide more value for our members.
Casa was founded with the belief that private keys will eventually help us secure many aspects of our lives, even beyond cryptocurrency. We will approach future endeavors with that long-term vision in mind.
Private keys continue to be a powerful instrument for individual empowerment, and the principles of securing keys are largely indifferent to the base-layer protocols to which they are applied.
Your bitcoin will continue to be safe with Casa, and we will take the same methodical approach with ethereum and any additional efforts as private key management continues to mature. Vires in numeris.