Yesterday we had a planned service upgrade on our platform to improve our multisignature security and add new transaction features to your wallet. BitOasis multisig wallet is now supported by wallet security provider, BitGo, where your second multisig key will be securely stored. We have also improved our dynamic transaction fees allocation to make sure your transactions won’t get stuck again on the bitcoin network or have you overpay on fees.
The following are some of the new features added to your wallet:
– SMS multisig transaction confirmation: We will no longer initiate a call confirmation to your personal mobile number to confirm your transaction and sign with your second key. Starting today, outgoing wallet transactions and sell trades that require user confirmation will now be confirmed via SMS. Once you initiate a transaction an OTP code will be sent to you via SMS. Once you receive it you will need to type in the code on your screen to sign with your second key and send out your bitcoins.
– New transaction thresholds: You now have a daily limit of 0.2BTC of transactions above which your wallet will initiate an SMS confirmation to your mobile to allow you to sign with the second key (OTP code confirmation explained above). Any transaction below the 0.2BTC limit will not trigger an SMS confirmation. In the future we will be allowing you to set your own daily limit that you’re comfortable with.
– Dynamic transaction fees: We’ve introduced dynamic transaction fees to our users to make sure you pay just the required amount for your transaction to be processed by the network without unexpected delays. This is in response to the increase in transactional volume on the network and the unexpected delays some of our users have been experiencing during high congestion period. With dynamic fees bitcoin transactions will be processed in a more predictable way with no unexpected delays. Fees will typically be below standard during times of low network activity and higher during period of high network congestion.
We also would like to confirm that our fully distributed 2-of-3 multisig wallet setup hasn’t changed. In this case we’ve partnered up with BitGo to securely store users second key. You will also have the ability to recover your funds through your recovery key.
If you have any questions, please don’t hesitate to reach out to me at [email protected] and you can sign up for a new BitOasis wallet at bitoasis.net.
Note: our iOS mobile app wallet will be upgraded by next week, we will keep you posted on the status through our social media channels and newsletter. Follow us on twitter @BitOasis and like our page on Facebook.
Security is crucial for the growth and maturity of the Bitcoin space; however, some companies still underestimate the importance of security as a main pillar in any Bitcoin product and still expose their users to risks of losing their funds.
In 2012 we’ve seen the early adoption of multisignature transactions. Three years after, multisignature technology has become increasingly more important for the fast growing Bitcoin space as more companies started adopting it as a security standard for wallets and vaults.
Photo: State of Bitcoin 2015 – CoinDesk
How do Multi-Signature transactions work?
Traditional Bitcoin wallets rely on a simple send-receive system, which is the standard transaction to Bitcoin address (pay-to-pubkey-hash). This means for every Bitcoin wallet there’s one 34-character wallet address, which is a hash of the public key, associated with a 64-character private key that the user would have to be able to spend their bitcoins. Private keys need to be kept safe and only accessed when a user wants to sign a transaction. In these wallets, so long as you keep this single private key safely secured you’ll be fine. However, once this safety is compromised and hackers gain access to your key, they can easily empty your funds out of your wallet.
Multisignature transactions (pay-to-script-hash) are more complex than the scenario explained above. In a multisignature transaction, addresses can have various number of private keys associated to them such that you need any number combination of these keys to be able to spend the funds. This is what’s referred to as n-of-m multisig. The most standard combination of keys for multisignature wallets is 2-of-3 where you need 2 private keys out of 3 to be able to execute a transaction. Hence, even if the safety of one of your private keys was compromised the hacker still can’t steal your bitcoins as they need to gain access to the second key to sign off transactions out of your wallets.
While multisignature transactions have been standardized in the Bitcoin protocol since 2012, it didn’t see much traction until early 2014 with more wallets providing multisig security and adopting BIP32 Bitcoin protocol.
HDM wallets and BitOasis Multi-Signature structure
At BitOasis, we understand that security is a priority for any wallet solution and we have built a Hierarchical Deterministic Multisignature (HDM) wallet to provide the highest level of security to our users.
The deterministic characteristic in BitOasis HDM wallet allows it to automatically generate random new Bitcoin addresses on each transaction using a specific algorithm from a single seed, providing higher levels of privacy and easier wallet backups from the seed rather than manually keeping and updating a backup file that can be lost if your hard drive goes corrupted.
The hierarchical characteristic allows the generation of billions of addresses and accounts from a single seed. Think of it like a tree, where you have a single node (key) that have branches and each of these branches have other branches and so on. The HD wallet characteristics combined with a 2-of-3 multisignature setup is a powerful combination to create a wallet with the highest level of security, without compromising usability, and that’s what we aspired for.
Three keys, three distributed locations
BitOasis multisig has three private keys in distributed storage in three different geographical locations:
The first key is secured by BitOasis under the control of the user and protected by a strong password and 2-factor authentication.
The second key is secured by implementing a trusted third party oracle, provided by CryptoCorp, that co-signs user transactions after examining the transaction to detect any potential wallet compromise or fraud.
The third key is a recovery key that is secured and held in cold storage by an independent legal entity for recovery in case of any service compromise.
How do BitOasis Multi-Signature transactions work?
When you log onto BitOasis and try to spend your bitcoins, you sign with the first key and automatically forward your transaction to CryptoCorp to co-sign.
Before it signs the transaction, CryptoCorp performs the necessary security and fraud detection checks to make sure the transaction was truly initiated by you and counter-signs with the second key. In the case of suspicious activity, CryptoCorp initiates an automated call or text to your cell phone to verify the outgoing transaction with you before signing it.
Once you confirm that the transaction is initiated by you, CryptoCorp would sign the transaction with your second key.
Once the transaction is signed by the second key, your funds are now spent and your transaction is broadcasted to the Bitcoin network for confirmation.
CryptoCorp’s oracle acts as trusted third party that only signs transactions when certain determined conditions are met, by that providing an extra layer of security that doesn’t compromise the usability of BitOasis’ HDM wallet.
Vetting all transactions to prevent fraud
Each transaction is vetted to protect BitOasis users from theft, fraud and risk without having control on user funds. Transactions are pre-classified into different risk weights and when certain risks, anomalies or wallet compromise cases are identified, the user will receive an automated call from CryptoCorp and will be presented with the three options below:
Enter number 1 to confirm that the transaction is initiated by you, and then CryptoCorp would sign with the second key
Enter number 3 to cancel the transaction, and hence CryptoCorp wouldn’t sign the transaction and in turn, it will not go through.
Enter number 9 to notify CryptoCorp and BitOasis that the transaction wasn’t initiated by you. This would put your account and all transactions on hold until you decide on next action.