this post was submitted on 06 Nov 2023
4 points (66.7% liked)
Monero
1677 readers
28 users here now
This is the lemmy community of Monero (XMR), a secure, private, untraceable currency that is open-source and freely available to all.
Wallets
Android (Cake Wallet) / (Monero.com)
iOS (Cake Wallet) / (Monero.com)
Instance tags for discoverability:
Monero, XMR, crypto, cryptocurrency
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
The fact that multisig was not widely used yet, was indirectly related to the unfortunate CCS Wallet Incident, which happened a few months ago, as well.
@ErC (ErCiccione), a contributor, commented elsewhere a few days ago:
People are now saying, “If multsig had been used…” “should have” “could have” (Hindsight is 20/20 😢). Anyway, fluffypony replied, “when it reached a level of maturity (this year? late last year?) it should have been prioritized.”
We can expect that multisig will be now more prioritized and to be carefully tested and tuned, soon to be available more generally, if not right now. So perhaps the answer to your question is, “No, but maybe soon…”?
@Saki @japananon
Multisig is like the gpg of email, best practice in theory but rarely used due to usability.
AFAIK it's still only available via the CLI version of monero wallet?
Rino.io has a great multisig gui.
@UncleIroh @Saki RINO claims to use it for their enterprise shared custody service:
https://www.rino.io/
And Haveno is supposed to be using it for escrow:
https://github.com/haveno-dex/haveno/blob/master/docs/trade_protocol/trade-protocol.md
I foolishly assumed this meant it was mature enough to implement more broadly, but I guess not.
You can try out their claims. I havnt tried multisig their myself jusy tried a normal account ages ago. My only wish is to have email as an option only or some other network id. Xmpp/nostr/monero. They could use monero for spam protection? Also im not sure how multsig with other parties work, is the email shared with other participant? May be good idea to make that private too..but how to monitize i dont know..
@xmr_unlimited I'm not terribly interested in RINO... they're a third party service, not a piece of software so it doesn't fit my use case. The fact that I need to register & sign in to even try it out is a big turn off.
What I am curious about, though, is if they've refined XMR multisig at all in developing their service, and if so whether they've pushed those improvements upstream or not.
Im pretty sure participants can get their funds out without rino if they saves all their keys
@Saki Interesting, thank you. Was the CCS wallet not using multisig the reason for the breach, then? I haven't followed the incident in detail, I wasn't sure what allowed the attacker access in the first place.
Nothing is sure. It might be skilled attacker(s), it might be simply bad opsec, or it might be an inside job. Several people think and say that we need to minimize trust via mltisig (in retrospect, this seems so obvious but that’s just hindsight).