How we work, how we charge, and where the wallet fits. No marketing-speak — if the honest answer is "it depends", we say so.
Every engagement passes through the same four stages: Discovery (a confidential conversation and a written brief), Architecture (one or two custody designs with trade-offs spelled out — you choose), Implementation (hardware initialised, keys generated and distributed, every step witnessed), and Rehearsal & handover (controlled drills until your team can operate without us).
We design the custody, build it with you in the room, and stay until you can run it alone.
It depends on scope. A fixed-scope audit runs one to three weeks; a full architecture engagement, including implementation and rehearsal, typically runs two to ten weeks. We give you a realistic timeline after Discovery, not before.
Both. Discovery, architecture, and most documentation happen remotely. The sensitive steps — hardware initialisation, key-generation ceremonies, recovery drills — are run in controlled conditions, on site where the engagement calls for it.
Yes. The audit engagement is a written review of what you currently hold: signers, locations, redundancies, single points of failure, and recovery paths. You receive a redacted report and a prioritised remediation list. Many clients start here.
Start with the free 30-minute consultation. Write a few lines about what you hold and what concerns you; we'll tell you what your engagement should be — even if the answer is "you don't need us yet".
Scoped engagements like audits are fixed fee. Bespoke work — architecture, migration, succession planning — is quoted after Discovery, once we understand what you hold and what the design has to survive. You see the number before any work begins.
We keep a small book and serve it thoroughly. Accepting a limited number of engagements each quarter is how we protect the quality of the work and the confidentiality of existing clients. It also means we occasionally say no.
No. We are a consultancy, not a custodian. We never take possession of your Bitcoin, and the default architectures we design leave every key in your hands. Where a setup uses Coinhost Wallet, the optional recovery key lives in an HSM and only ever co-signs during recovery — and you can choose a design where we hold no key at all.
Never. We don't publish client names, logos, or case studies, and we don't use engagements as marketing. If you hear about us, it will be by introduction — not from a testimonial page.
We collect the minimum needed to do the work, keep it on a need-to-know basis within the engagement, and return or destroy working material on completion. Custody designs and reports are delivered redacted by default. Specifics are set out in the engagement letter.
No. Our practice is software-agnostic — we set up whatever is right for you, including coordinators and signers we don't make. For many engagements the right tool happens to be the one we maintain ourselves, but it is never a requirement.
Because for a large share of clients the cleanest tool is a 2-of-3 multisig built around the same principles as the consultancy: open standards, an exportable descriptor, no lock-in, and a recovery path designed for humans. It is the consultancy's thinking, shipped as software.
It's in private beta on public testnet, with mainnet targeted for Q2 2026 after the second external audit concludes. You can read the full security model on the wallet page and in Security.
You keep spending. A Coinhost Wallet vault uses standard descriptors — export yours and open it in Sparrow, Electrum, or Specter. Your coins live on-chain at the same addresses, with no migration and no involvement from us. Designing for that exit is the point.
A single-key setup has one failure mode that ends everything: lose the seed, lose the coins. A correctly designed 2-of-3 tolerates losing any one key without losing funds — and removes the operational burden of guarding a single irreplaceable secret. The phrase doing the work is "correctly designed".
Sometimes. Below a certain threshold, a well-run single-signer setup with a rehearsed backup is reasonable, and we'll tell you so. The case for multisig grows with the amount at stake, the number of people who may need to act, and how long the plan has to survive.
In most jurisdictions, yes — self-custody is what Bitcoin was designed for. A handful of countries restrict it, and we don't help anyone circumvent local law. For large holdings, corporate treasuries, or trust structures we work alongside your own legal counsel rather than in place of it.