Security model

Security isn't a feature.
It's the entire design.

Coinhost is assembled from the most reviewed standards in Bitcoin custody — arranged so that no single failure, including ours, can cost you your funds. Here is what protects you, and exactly how it works.

What protects you

Six guarantees, each backed by a proven standard.

We don't invent security; we apply the practices serious custodians have trusted for years. Every claim below maps to a specific, auditable mechanism — no black boxes, no "trust us".

No single point of failure

Two keys move money. Never one.

Every vault is 2-of-3 multisig across your phone, your hardware wallet, and our recovery key. Any two authorize a spend — and no single key, including the one we hold, can ever move funds alone.

2-of-3 · P2WSH multisig
Open standards

Nothing proprietary. Nothing exotic.

Built only on primitives the careful custody world already trusts and reviews in the open — never homegrown cryptography you'd have to take on faith.

BIP48 · BIP67 · bitcoinjs-lib
Hardware isolation

Keys never touch the open internet.

Your keys live in your phone's secure element and on your own hardware wallet; our recovery key is generated inside a FIPS-validated HSM and is non-exportable by design.

Secure Enclave · FIPS 140-2 L3
Time as a defense

Nothing irreversible happens fast.

Recovery opens a seven-day window with daily alerts and one-click cancellation, and emergency lockdown freezes every vault on demand. Coercion needs time it doesn't get.

7-day cooling · lockdown
Sovereign exit

Your vault is yours to walk out with.

Export a standard output descriptor at any time and rebuild the vault in Sparrow, Electrum, or Specter. No lock-in, no migration, no permission required from us.

Exportable descriptor
Independently verified

Trust, but make us prove it.

An external security audit and a coordinated disclosure programme keep us honest — published and PGP-signed before launch, not merely asserted on a marketing page.

External audit · disclosure
Under the hood

For the technically inclined — every primitive, spelled out. If this isn't your language, the six guarantees above are the part that matters.

01  ·  Cryptography

The primitives.

Script type
P2WSH — native SegWit multisig. Taproot / MuSig2 is on the roadmap and gated on hardware-wallet support across vendors.
Threshold
2-of-3. Two of the three keys can authorize any spend. No single key controls funds — not yours, not ours.
Derivation
m/48'/0'/0'/2' on mainnet, m/48'/1'/0'/2' on testnet. The BIP48 multisig standard, unchanged.
Pubkey sort
BIP67 — the derived pubkey at each address is sorted by binary value. Descriptors are portable across compliant wallets.
Bitcoin engine
bitcoinjs-lib, version-pinned, with dependency hashes in lockfile. No dynamic code execution, no plugin surfaces.
Transport
TLS 1.3 with certificate pinning on mobile. No secret material ever crosses the wire in plaintext.
02  ·  Key storage

Where each key lives.

Mobile key
Generated on-device and stored in the iOS Secure Enclave or the Android Keystore with THIS_DEVICE_ONLY access. Biometric unlock required. The key material never enters the JavaScript heap in plaintext.
Cloud backup
An encrypted backup of the mobile key is written to your iCloud or Google Drive. The encryption key is device-bound and held in the enclave — neither Apple, Google, nor Coinhost can read the backup.
Hardware key
Never leaves the Trezor or Ledger device. Every signing operation happens on the hardware wallet's own secure element, after you verify the destination and amount on its physical screen.
Recovery key
AWS CloudHSM, FIPS 140-2 Level 3. The private key is generated inside the HSM and is not exportable by design. Every signature produces an append-only audit record with a correlation ID.
Seed phrases
None, ever. You will not be asked to write down a 12-word phrase. In 2-of-3, the two other keys are the backup.
03  ·  Recovery cooling period

The recovery key never signs fast.

The moment you request a recovery signature, a seven-day window opens. Every participant on the vault receives an alert, followed by a reminder each day. One click cancels the request. If nothing cancels it, the HSM releases its co-signature on day seven — and not a minute earlier.

Day 0 · Request

The window opens.

Your security questions are verified, the seven-day clock starts, and every participant on the vault is alerted immediately.

Recovery requested
Days 1–6 · Cool-off

Alerts daily. Cancel anytime.

A reminder lands every day, with a final warning on day six. One click from anyone on the vault cancels the request — so a coerced or fraudulent recovery never goes unnoticed.

One-click cancellation
Day 7 · Signature

The HSM co-signs.

Only if nothing cancelled it. The recovery key releases its signature on day seven — and not a minute earlier.

Co-signature released
04  ·  Sovereign recovery

You can leave, and take your Bitcoin with you.

Coinhost is only useful if leaving is credible. Export the full vault descriptor from the app at any time — and we also email you a signed copy every month. Any wallet that speaks P2WSH (Sparrow, Electrum, Specter) will reconstruct the vault and derive the same addresses.

Descriptor export

wsh(sortedmulti(2,
  [a1f04c92/48h/0h/0h/2h]xpub6D…/<0;1>/*,
  [8c9e3122/48h/0h/0h/2h]xpub6C…/<0;1>/*,
  [hsm00001/48h/0h/0h/2h]xpub6E…/<0;1>/*
))

Derived receive addresses

  • 0/0bc1q8d…nkta
  • 0/1bc1qv2…p09x
  • 0/2bc1qz9…7mwu
  • 0/3bc1qp4…k3lz
  • 0/4bc1qh7…r2jf
  • 0/5bc1qa1…88vc
05  ·  Audit & transparency

Third-party review, in progress.

Scheduled · pre-launch

External security audit

Full code review and threat-model analysis by a Bitcoin-native security firm. The complete report will be published and PGP-signed before mainnet.

Scope · wallet stack, PSBT flow, HSM integration
Ongoing

HSM operational audit

Every CloudHSM operation is streamed to write-once storage. Each signature carries a correlation ID tying it back to the originating recovery request and the responsible reviewer.

FIPS 140-2 Level 3 · AWS CloudHSM
At launch

Responsible disclosure

A coordinated disclosure programme with published scope, bounty tiers, and a PGP key. We will not pursue researchers who follow the policy in good faith.

security@coinhost.com · PGP key on /security

Designing this level of custody for serious holders is what we do.

Request consultation See the wallet