Home << Known Issues << Hosted << Casa

Known Issues: Casa

Privacy Alert!

Any third party service that can participate/coordinate multisig transactions will have access to your balance and transaction history. They may be forced to share your records with multiple government agencies, and often be legally unable to disclose their compliance with requests. Of course most bitcoiners buy their coins on exchanges that follow KYC/AML procedures, so this may or may not be a factor for your use-case.

Casa is unique in that they do not perform traditional KYC, and it is even possible to signup without sharing your name. Customers can pay anonymous with bitcoin or prepaid cards. Their privacy policy is intentionally very customer-friendly.

Could Reintroduce Single Points of Failure

While proper multisig allows you to have no single points of failure (see section title Why Multisig), it still requires that you take some control of your financial sovereignty. Users who rely on third-party services may accidentally reintroduce a single points of failure. For example, if a 2-of-3 service holds 1 of your keys and mails you 1 (malicious) hardware wallet they are in a trusted position as they could control a majority of your keys!

More realistically, were a multisig service provider to be hacked they might be able to exploit the trust users have for it. We’ve seen similar attacks on the popular Electrum Client for many years. This might might take the form of an invalid receive address (if using a stateless hardware wallet with limited defenses) or an invalid change address (if using a hardware wallet that can’t detect it).

No Cobo Vault Support

This means that properly verifying a receive address is only possible for advanced users (instructions here or here). This will hopefully change soon.

Coldcard Implementation Doesn’t Verify Cosigner Wallets

Casa recommends you trust PSBTs of your cosigner wallets (meaning don’t verify them). In the event Casa were compromised, this leaves you at risk of loss when transacting.

1 Key Kept on Phone Hot Wallet

Software hot wallets are inherently less secure but they have a better UX and offer one less device to buy/configure/update. You can export your mobile key from the app for sovereign recovery purposes (instructions here).

Seedless

Casa is Seedless, meaning that by default there are no seed backups from your hardware wallets (the mobile and Casa keys are backed up automatically). This has some UX benefits that may improve security, but can also increases the risk of loss.

Outdated Firmware

Casa recommends users don’t update their firmware. This is likely to prevent hardware wallet vendors from being able to make breaking changes like this one. This will hopefully be resolved naturally in the future as hardware wallet vendors have strong incentives not to jeopardize access to user funds.

Sovereign Recovery Is Very Hard

While you can leave their service (or recover your coins if they go out of business), the process is likely only possible for expert users.


Evaluate Casa in Totality

This page is about known issues, not positive attributes. No setup is 100% secure.

Hosted multisig providers make multisig much more accessible/easier for less technically savvy HODLers. They will likely continue to improve over time and have an incentive to push best practices onto their users.

Some noteworthy benefits of using Casa: