back to FAQ index

Security


How do you secure my funds?

Coinkite is internally based on BIP32 Hierarchical Deterministic (HD) wallets stored in a Hardware Secure Module (HSM). Each new member receives a "welcome email" which contains the "xpubkey" (extended public key) for their deposits, and an encrypted copy of the corresponding xprivkey. The xpubkey can be used by the account owner to see all public keys associated with their account (both past and future, litecoin and bitcoin). Using the "audit" feature, you can fetch a list of all UTXO (unspent transaction outputs) associated with your account and verify the public key's subpath from the given xpubkey. Similarly, you can check the UTXO is correctly stored on the blockchain by checking its amount at a third party blockchain data service.

Coinkite has committed that in the event of the closure or other failure of the business, we will publicize the symmetric key protecting the xprivkey values that have been distributed to members. With that key, each user can recover their own funds by re-generating the private keys for each UTXO.

The founders of Coinkite understand the inherent risk in trusting a third party with the private keys for your bitcoins. We feel by using BIP32 HD keys in this way, we can help to address those concerns should the business disappear. We consider this system to be "full-reserve" since the users are in a position to verify that their funds are not being used for any other purpose than safe-keeping while on deposit at Coinkite.

We have recently added support for shared multi-signature accounts where the Coinkite member can have complete control and secrecy over their private keys. For those who like the convenience of our HSM, you have the option of using our HSM to store the keys used in shared accounts. Our multisig offering is based on P2SH/Multisig BIP32 HD wallets and has all the same privacy advantages as a normal Coinkite account.

If you want to know about the basics of Bitcoin and crypto-currencies go here.

I want to share control between myself and certain co-workers. Can I do this?

Yes! Use a shared (multi-signature) account for this. You can create an account which requires up to 15 different people to approve of withdrawals.

Often it's useful to have 3 possible signers, but require only 2 signatures to withdraw. This is 2-of-3 multisig, but we support many other combinations as well: everything between 1-of-1 up to 15-of-15.

The account is shared between all user who can co-sign (ie. those that are allowed to withdraw). The other Coinkite members can see transactions and create new receive addresses (which is important for tracking what's happening), but to withdraw, they can only "propose" a new transaction. The other users will have to login and authorize the transaction depending on the signing policy of the account.

Don't worry, we've made it really easy! Learn more and try it out starting here.

I've forgotten my password, what do I do?

It is our policy to never email a link that opens the door to your funds. The links in our emails will either point to a public page, or will require you to login before they can be viewed.

However, we can send you your password hint. If that's not enough, and you have two or more email accounts already setup on your Coinkite account, there are other options.

Our password policies are detailed here.

Sure, but I really don't remember my password!?

There may not be much we can do to help. However, if you shared some of your personal details ("shared secrets") with us (anything you want, like the name of your first pet), there is a manual process we can follow to try to retrieve your password. Please note that this process is intentionally difficult for your own protection.

If your account is empty, please create a new one.

How do you secure my password?

We use scrypt() to salt and encrypt your password. This is very secure, but we go a step beyond and encrypt almost our entire database. This allows us to operate without having to rely on any of our service providers.

Decryption of each row of the database can only be performed on machines that have access to our custom HSM (Hardware Security Module).

Does your hosting provider have access to the private keys?

No. All of our servers operate with full-drive encryption, so that we don't need to trust our hosting providers. Because the operating system is fully encrypted, even the most trusted employee of the VM hosting company does not have an advantage over an attacker coming in from the Internet.

Remember, even if our web servers were to be compromised, the private keys that protect the funds are not stored on those machines. The private keys for your funds are stored exclusively on our custom HSM (Hardware Security Module) which is carefully isolated from the web servers and the Internet.

Where are your servers located?

We proudly host everything related to Coinkite in Canada.

We do not use Amazon Web Services (AWS) or related Amazon services such as S3.

Cloudflare is used for DDoS protection but they are not a critical component of our system.

You can use Tor to access Coinkite as well.

Found a security issue?

Here is how to disclose it.

What is Full Reserve?

Traditional banks make huge amounts of money by using your deposits. Perhaps they lend them out, or speculate in the markets using your hard-earned money as working capital. This system is called fractional reserve banking.

Coinkite is full-reserve which means we don't do that. All of your deposits stay in place and we do not "play" with your deposits. Our business model is to generate revenues from offering useful and valuable services, not speculation.

You should also be wary of bitcoin startups which claim some percentage of your coins will be in cold storage. If you do not know the details of the public keys used, it will be impossible to know if this is true, or if they are using those amounts as play money.

With Coinkite, you can audit where all your funds are at any time.

Is this a wallet?

Not just a wallet. We aim much higher, and see ourselves more as a vault with a vertically integrated payment system.

Of course, you may keep as little or as much as you wish on Coinkite, but our focus is on keeping larger amounts safe and secure.

How many bitcoins and litecoins can I withdraw at a time?

Full liquidity: all your funds are available to you at 24/7 with no limits! Unlike our competitors, we designed our security systems around dedicated HSMs and so we are able to let you have all your funds out at any time. Yes, that means no matter how much, you can withdraw 100% in a single transaction.

Can I send from a shared address for extra privacy?

Adding this feature has been on our to do list, but is not a priority at this time.

Does Coinkite use the blockchain to store value?

Yes we do. This means even when you move coins between two Coinkite users, there is a corresponding public transaction between two Bitcoin addresses.

This is an important feature of Coinkite and it represents our commitment to operating in the open.

You can actually audit all the coins we store for you in your account, thanks to the power of BIP32 HD Wallets.

In your welcome message, we sent you a copy of the extended public key for your Coinkite account. With that public key you can generate all of the Bitcoin addresses for all of your sub accounts and each transaction. Using public data sources, you can then verify the amounts held by each key.

Why does it matter that Coinkite uses BIP32?

Coinkite is internally based on BIP32 Hierarchical Deterministic (HD) wallets stored in a Hardware Secure Module (HSM). When you sign up you receive a "welcome email" which contains the "xpubkey" (extended public key) for your deposits, and an encrypted copy of the corresponding xprivkey. You can use the xpubkey to see all public keys associated with your account (both past and future, litecoin and bitcoin).

Using the "audit" feature, you can fetch a list of all UTXO (unspent transaction outputs) associated with your account and verify the public key's subpath from the given xpubkey. Similarly, you can check that the UTXO is correctly stored on the blockchain by checking its amount at a third party blockchain data service. We have committed that in the event of the closure or other failure of the business, we will publicize the symmetric key protecting the xprivkey values that have been distributed to members. With that key, you can recover your own funds by re-generating the private keys for each UTXO.

The founders of Coinkite understand the inherent risk in trusting us with the private keys for your bitcoins. We feel that by using BIP32 HD keys in this way, we can help to address those concerns should we be unable to continue operating. We consider this system to be "full-reserve" since you are in a position to verify that your funds are not being used for any other purpose than safe-keeping while on deposit at Coinkite.

What happens if one of the HSMs is stolen by a Super Villain?

The HSMs are secured against that. If they sense any tampering or power blips, the private keys are dropped from memory. And the only way to re-enable is with all the signing directors being present. It's essentially a very heavy paper weight otherwise.

Can I have my private key?

Your welcome message contains a copy of the root private key chain for your account. It's encrypted with our global vault key using AES-256-CBC.

In the unlikely event that we are unable to continue business, the global vault key will be publicized (via Twitter and other public forums) and everyone who has used Coinkite can move their funds into another HD Wallet (BIP32) provider. However, you will need that attachment containing the root private key chain as well as the global vault key to be able to do this, so your funds are still safe during the transition.

If you require access to your private key, you may setup a multi-signature account where you control the keys completely. For example, you can create a 1-of-1 shared multi-signature account without giving us the private key.

When you have access to your private key, you can move funds out of Coinkite using regular Bitcoin software. While this may give you more freedom to move around your Bitcoin, having your own private key will leave you vulnerable, and limits our ability to monitor and protect your account. We no longer offer hot wallet private key export due to attempted fraud.

Additionally, we will be soon offering a dedicated HSM for your account. All sensitive key values (required for sending funds, but not receiving) would be stored on your own HSM that would be under your physical control.

What does this all cost?

Our simple and fair pricing is here.

What are your transaction confirmation policies?

We allow you to accept Bitcoin payments immediately with zero confirmations, however, Coinkite enforces a minimum number of confirmations before it will use those funds in another transaction and show them in your available balance.

Crypto-currency # Block
Confirmations
Estimated Time
Bitcoin 4 40 minutes
Litecoin 12 30 minutes
Blackcoin 10 10 minutes
Testnet 6 Varies widely

All transactions are subject to variable confirmation times. Please consider the above to be only a guideline. Coinkite is not in control of the rate at which blocks are found. We rely on miners to find blocks at a consistent rate in order to provide these estimates.

In our opinion, it is safe to accept Bitcoin payments after just a single block confirmation (ie. about 10 minutes wait time, on average). For Litecoin and other less mature crypto-currencies, it seems like higher confirmations are appropriate.

Zero confirmation (immediate) transactions are risky, because there are a number of low-cost means to make valid-looking transactions that will never be mined. Those unconfirmed transactions will never be confirmed, and so the coins will never actually transfer to you. However, if you trust your customers, and/or are selling goods with relatively low value, it may be an acceptable business risk—and it certainly does speed up commerce.

Zero-confirmation payments are only supported with Bitcoin. Therefore we require at least one confirmation for all other types of coins.

Secure Wallet
Multi-Signature
Developer's API
Real Privacy

Coinkite is the most powerful bitcoin platform. Create Your Wallet