> Rather than write down the seed phrases, Prime Trust opted to laser etch them into a piece of steel ... which ... it lost
So, someone or someones have the steel piece(s) with the seed phrases on them.
And that person or persons will be able to retrieve the funds at a future date, when the timing and location seems suitable. Maybe in say, Switzerland, when the prices for ETH, Bitcoin (etc) are high.
I rarely lost any object in my life. The state of being lost is not easy to reach because it means the object cannot be found anywhere you went; I sometimes have to search for an object that I think I lost in my own home, most of the time when the object cannot be found it is the case that someone else is involved : the persons you share your house with would then, after a phone call, tell you they took your keys this morning by inadvertence or whatever.
Most of the time when the object cannot be found it begins to sound like if the rules of reality did change and I am really amazed by the fact that I'm inclined to retry things that were unsuccessful in the finding of the object, like opening a drawer for the third time, or searching the same pocket of my bag, just to check I didn't miss anything. I sometimes tell to myself, out loud, "That's impossible, I searched everywhere !". And that's right, that's totally impossible.
I'm a believer that lost generally equals stolen (or taken away by mistake, or hidden in a really weird place like when people put their home keys under a stone in their garden so that they have a way to enter in case they lose another set of key).
From my own humble experience (not trying to prove anything), the only times where the object wasn't taken away by mistake, were the time the object in question was in such an obvious place that I didn't find it. For example, I'm pretty sure it happened to you at least once to search for or to see someone searching for a hat/cap that they/you were already wearing on their/your head.
One other possibility would be to destruct the object, or to throw it somewhere, letting the randomness of diverse events act toward the disappearance of it. This is when you truly lost something. Truly lost means that you cannot find it anymore, due to the fact it's buried deep in the ocean or it has fallen into a volcano.
In every other meaning of the word, the reasons the object cannot be found is due to a the actions of a peer or is due to inattention.
It seems weird to think one could possibly bring such a precious object in a place where it would be truly lost.
I believe the object is already found or will be found by someone: stolen, consciously or not.
No one etched the actual password into anything for them, they bought a product[1] that includes a bunch of steel disks or tiles with letters engraved on them. You then assemble the pieces - either by sliding the tiles into the grooves of a card-like thing, or by putting the disks onto a spindle that you put into a tube (depending on the version you get).
It seems cool, but the site spends a lot of time talking about how difficult to destroy they are, which makes me wonder how much of a PITA it would be to destroy the left over tiles/disks (so no one going through your trash could figure out which letters you used).
I’m reminded of the dotcom bubble when companies would proudly show off their “we’re in the big boy club” server rooms with millions of dollars in Cisco and Sun hardware, Oracle and BEA licenses, etc. and hope you wouldn’t notice that they had three customers and no sysadmins. Around the time you’re paying someone to metal etch your encryption keys, anyone with a shred of ethics should be asking whether that’s anything but marketing to the gullible – or a sign that your underlying technology isn’t a good choice.
This is a solved problem in crypto and having even a billion in a single wallet is fine. That’s why multi-sig were created, it’s used more as a redundancy mechanism than a voting one.
Even with multisig, each individual key holder has to manage their device, and the steel backup for that device. And there exists possibility of collusion between n of m of the multi sig holders against the other holders. Seems like it would still keep me up at night (though with SVB, standard bank accounts are starting to look shaky too).
Having not worked for a crypto company, curious what the standard best practices are for securing the "keys to the kingdom" (literally).
There is no collusion, that’s the point of multi-sig, it’s akin to voting powers.
You can use multisig yourself too: ie you can use a key you remember, or the one in your safe. Along with a key in your phone. So two out of three. If someone gets the key in your safe, he can’t access your coins (he’ll need your phone too).
I was super paranoid, and bought one of these metal stamping tools(https://www.amazon.com/gp/product/B07ZFB5J15), and made my condo neighbors angry for one evening :) but hey, completely airgapped!
multi-sig addresses one aspect of the problem but not everything. The underlying problem is that the system is brittle rather than robust, and multisig only helps with a specific challenge (“I don’t want a single key loss to lose everything, but don’t want to make copies of the same key”). It doesn’t help with many common scenarios: “I was compromised”, “my employee abused access to my keys”, “someone made a typo in a transfer”, “I am choosing not to comply with a court order”, “our CFO died unexpectedly”, etc.
Contrast this with how easily this could have been resolved in the financial systems which are actually used and you get an immediate appreciation of how valuable it is to have a way to handle human error in systems used by humans.
> Prime Trust pitches itself as a crypto fintech company designed to help other startups offer crypto retirement plans, know-your-customer interfaces, ensure liquidity, and a host of other services.
A crypto pension plan administered by this lot? Sounds like a recipe for multiple heart attacks.
24 comments
[ 2.8 ms ] story [ 64.8 ms ] threadSo, someone or someones have the steel piece(s) with the seed phrases on them.
And that person or persons will be able to retrieve the funds at a future date, when the timing and location seems suitable. Maybe in say, Switzerland, when the prices for ETH, Bitcoin (etc) are high.
That's pretty incredible.
Most of the time when the object cannot be found it begins to sound like if the rules of reality did change and I am really amazed by the fact that I'm inclined to retry things that were unsuccessful in the finding of the object, like opening a drawer for the third time, or searching the same pocket of my bag, just to check I didn't miss anything. I sometimes tell to myself, out loud, "That's impossible, I searched everywhere !". And that's right, that's totally impossible.
I'm a believer that lost generally equals stolen (or taken away by mistake, or hidden in a really weird place like when people put their home keys under a stone in their garden so that they have a way to enter in case they lose another set of key).
From my own humble experience (not trying to prove anything), the only times where the object wasn't taken away by mistake, were the time the object in question was in such an obvious place that I didn't find it. For example, I'm pretty sure it happened to you at least once to search for or to see someone searching for a hat/cap that they/you were already wearing on their/your head.
One other possibility would be to destruct the object, or to throw it somewhere, letting the randomness of diverse events act toward the disappearance of it. This is when you truly lost something. Truly lost means that you cannot find it anymore, due to the fact it's buried deep in the ocean or it has fallen into a volcano.
In every other meaning of the word, the reasons the object cannot be found is due to a the actions of a peer or is due to inattention.
It seems weird to think one could possibly bring such a precious object in a place where it would be truly lost. I believe the object is already found or will be found by someone: stolen, consciously or not.
(They probably requested the company shred the files or whatevs but given the overall low level of due diligence I'd say it's worth a shot).
It seems cool, but the site spends a lot of time talking about how difficult to destroy they are, which makes me wonder how much of a PITA it would be to destroy the left over tiles/disks (so no one going through your trash could figure out which letters you used).
[1]https://cryptosteel.com/
Having not worked for a crypto company, curious what the standard best practices are for securing the "keys to the kingdom" (literally).
You can use multisig yourself too: ie you can use a key you remember, or the one in your safe. Along with a key in your phone. So two out of three. If someone gets the key in your safe, he can’t access your coins (he’ll need your phone too).
Contrast this with how easily this could have been resolved in the financial systems which are actually used and you get an immediate appreciation of how valuable it is to have a way to handle human error in systems used by humans.
Just wait a few years and suddenly we’re rich!
A crypto pension plan administered by this lot? Sounds like a recipe for multiple heart attacks.
thus solving the problem of paying out pensions