We recently picked up a copy of Ben Mezrich’s Bitcoin Billionaires and one of the things that stood out most is how the Winklevoss twins store their bitcoin.
If you don’t know who the Winklevoss twins are, they are the two brothers who are best known for their involvement in a lawsuit against Mark Zuckerberg. You might have seen them in the movie “The Social Network”, where they were portrayed as the villains that claimed to have come up with the original idea for Facebook.
(Winklevoss Twins by FreshTilledSoil)
This article won’t dive into the details of the Winklevoss twins’ involvement in the Facebook debacle. In the last decade, the twins got known for something completely different: Their involvement with Bitcoin.
After settling their lawsuit with Mark Zuckerberg and receiving a large compensation in the form of cash and Facebook shares, they tried their luck as angel investors but pretty soon discovered Bitcoin. Fascinated by the revolutionary new technology, they started plowing money into Bitcoin.
They purchased millions worth of bitcoin when it was still below $10 per bitcoin. Later on, they founded the popular bitcoin exchange Gemini.
It’s estimated that they own around 1% of the global bitcoin supply. Most likely only Satoshi himself and a few other early adopters own a comparable stake in bitcoin. With the price of bitcoin steadily increasing over the last decade, they have become the first known bitcoin billionaires.
But how do you protect that type of wealth? How do you safely store bitcoin when you’re a bitcoin billionaire?
First of all, the Winklevoss twins had to create a truly random private key. They used 16-sided hexadecimal dice for this. Trusting a random number generator on a computer wasn’t enough. They made sure the dice were evenly balanced and rolled them on a level surface to make sure the private key wouldn’t be skewed.
(Hexadecimal Dice by Saharasav)
It goes without saying that all of this took place in a completely isolated environment. The twins nailed towels up across all windows in their apartment to make sure nobody could see inside the room, locked their iPhones away and put them in airplane mode.
They bought two brand-new laptops to set up their bitcoin address based on their private key. The first laptop was a hot laptop which they used to download the bitcoin wallet software. From there, they transferred the wallet software per USB stick to the cold laptop. Before doing this, they physically removed the cold laptops WIFI card to make sure it couldn’t connect to the Internet. And the webcams and speakers of both laptops were blocked with electrical tape.
Once the digital wallet software was on the cold laptop, they then entered the private key they had generated using the hexadecimal dice. Next, they transferred all their bitcoins from the Mt. Gox exchange, which a few years later got hacked, to their new bitcoin address in the wallet they had set up on the cold laptop.
As soon as all the funds were transferred over, they connected a lightweight printer via USB cable to the cold laptop and printed their new private key into distinct shards named “alpha”, “bravo” and “charlie”. After that, they put these shards into plastic envelopes and sealed them.
Tyler and Cameron placed the envelopes in two different backpacks. In total, there were 12 envelopes distributed across the backpacks. The twins then set up bank deposits at small banks all around the United States where they deposited these envelopes.
It had to be in different states and small bank branches where the twins wouldn’t likely be recognized. Due to their fame after “The Social Network” movie, many branches would have recognized the twins and might have rejected them as clients.
For a small branch with less security measures than a big bank, storing something of immense value in one of their safety deposit boxes could attract the wrong type of attention. But for this exact same reason, to remain a low profile, the twins chose these smaller branches spread out all over the United States.
Tyler and Cameron then each took one of the backpacks and headed off to different airports. Each backpack carried 6 envelopes, which contained shards of “alpha” and “bravo”, or “bravo” and “charlie” respectively. None of the backpacks could contain all three shards, because together they contained the entire private key the twins were so determined to conceal.
Both Tyler and Cameron then took their backpacks through TSA control at the airport, and after being haunted by a moment of heightened paranoia (where are these X-ray scanner images and videos stored and what if a curious TSA agent looks at the content in the backpacks and inquires about the sealed envelopes) they boarded different flights with different destinations within the United States.
Once Cameron and Tyler landed at their destinations, they headed straight to first two bank branches and opened two separate safety deposit boxes. Each deposit box contained one shard, or one copy of “alpha”, “bravo” or “charlie”.
If there was ever a robbery, or a bank employee discovered the content and meaning of the shard, they wouldn’t be able to do anything with it. Reassembling the private key required a copy of “alpha”, “bravo” and “charlie”.
As soon as the first two safety deposit boxes were opened and contained one of the 12 envelopes, the twins continued their trip. They couldn’t just go to another bank in the same city or state. That would be too easy. What if there was an earthquake? Or a hurricane? Or if through some incredible plot, someone was able to get access to the content in these safety deposit boxes that were so close together? It also couldn’t be the same banks. What if there was an employee who somehow gained access to the content of deposit boxes stored at the same bank across different states? To make their cold storage setup bulletproof, they needed 12 separate safety deposit boxes at 12 different bank branches in 12 different states across the United States.
Tyler and Cameron, physically separated and already exhausted by the first bank visit, headed back to the airport. They went through TSA again and boarded the next airplane that took them to their next destination. Tyler had planned everything out in detail, including the exact flights, connections and taxis they were going to take. Nevertheless, the entire operation took them three days.
Finally, a total of 4 copies of their private key was distributed and stored safely around the United States, in 12 separate safety deposit boxes only the twins knew of. One copy of the private key wouldn’t have been enough: In case one safety deposit box was compromised, or one of the shards was burnt, destroyed or lost in a fire, hurricane or earthquake, or if the text on the shards wasn’t readable anymore, they would lose access to all their bitcoins. A situation where they needed 3 of 3 total shards to assemble their private key created a single point of failure. It was way too dangerous.
So they went with a 3 of 12 setup, where they had a total of 12 copies but only needed 3 of them. They necessarily needed a copy of “alpha”, “bravo” and “charlie” each to retrieve their bitcoins. Even if a certain number of their shards were compromised, stolen, unreadable or inaccessible, they could still go to the other locations, assemble their private key and move their bitcoins to a new bitcoin address.
Mezrich calls the length the twins went to secure their bitcoins a “Reverse Heist”. Instead of planning a heist, they did a reverse heist. Starting with security in mind and thinking of all worst-case scenarios, they came up with and implemented one of the best systems to safely store bitcoin of all times.
As soon as the twins were done with their reverse heist, they returned to the place of “crime” to destroy any evidence that might have been leftover of their private key. Specifically, they took the cold and hot laptop, the printer and the routers to the construction site of the future Winklevoss Capital headquarters.
With a sledgehammer, they destroyed all the hardware that had been used for the creation of the private key, wallet and bitcoin address. If there was any “meta information” in the printer, or any clues or hints about their private key, or the fact that they even possessed a private key, it had to be destroyed. Once they were certain that not a single piece of the laptops, printer and routers remained usable, they cleaned up and disposed everything.
At this point they were sure nobody was able to access their bitcoins except them. And not even they could access them, unless they returned to at least three safety deposit boxes and got their hands on a copy of “alpha”, “bravo” and “charlie”.
Between 2012 and 2013, when the Winklevoss twins pulled off their reverse heist, their bitcoin cold storage system was one of the safest in the world. In fact, it probably still is one of the most sophisticated systems to safely store bitcoin. It’s not clear whether the twins still store their bitcoin this same way. In the last decade a lot of new developments have taken place around improved bitcoin safety: From hardware wallets (at the time when the twins implemented this setup people used to store their bitcoin private keys on hard drives or USB sticks), to metal backup devices and multi-signature setups.
For most people going to the measures the Winklevoss twins did almost a decade ago is impractical and even outdated. Of course, every individual has to figure out for themselves what security protocol makes sense for them. Despite the almost bulletproof setup of the twins, there are a few problems: While they removed almost all single points of failure, their private key is entirely dependent on banks. In case the government would ever deem bitcoin illegal, it might be hard and complicated to access their bitcoins.
In 1933, Franklin D. Roosevelt issued Executive Order 6102 which made gold ownership illegal for all Americans and punishable by up to ten years in prison. As a result, all Americans were required to turn in their gold to the Federal Reserve in return for paper money.
(Executive Order 6102 that outlawed gold in 1933)
Why did Roosevelt do this? Because the Federal Reserve Act of 1914 limited the amount of paper money the government could print. Roosevelt wanted to fund his government programs but couldn’t do so entirely through taxes. The Federal Reserve Act of 1914 stated that all paper money had to be backed to 40% with gold owned by the Federal Reserve. Since the Federal Reserve didn’t have enough gold in their vaults, Roosevelt then issued Executive Order 6102 and outlawed gold. This was simply a maneuver for the government to confiscate gold in order to increase the federal deficit by issuing bonds and effectively printing more money.
The historic context of the United States making gold ownership illegal is unique but it’s possible that history could repeat itself with bitcoin. After all it’s widely referred to as digital gold. The tricky thing is, it is much harder to confiscate bitcoins since the blockchain is completely decentralized and people can keep their wealth hidden and secret just by remembering 12 words. Hiding a hardware wallet is also easier than hiding gold bullion. If for example bitcoin were made illegal in one country similar to how gold was outlawed in 1933, someone could simply emigrate to a more bitcoin-friendly country where it hasn’t been outlawed.
Carrying a hardware wallet, or even better, remembering 12 seed words as you walk or swim across a border is a lot easier. You can’t do that with gold, real estate and most other assets. Bitcoin is the first truly transferable and location-independent form of wealth. You can literally take it with you. However, if you store your private key in a bank vault, or multiple bank vaults, like the Winklevoss twins do, it might be harder to protect and move wealth in case something similar to Executive Order 6102 is ever issued for bitcoin.
Keeping private keys in a bank and not having access to them any other way creates a single point of failure in itself.
Instead of doing what Tyler and Cameron did, a simple multi-signature setup might be better. Most people don’t know that bitcoin has multi-signature capability or how it works. The short version is that you’re able to create a setup where multiple keys are required to access and move your bitcoins.
This is somewhat similar to the Winlevoss twins’ 3-of-12 setup, where they created redundancy. Even if they lost access to a large number of their shards, as long as they had one copy of “alpha”, “bravo” and “charlie”, they could access their funds. A multi-signature setup works different, but it creates similar redundancy.
For example, a 2-of-3 multi-signature setup means that you need two of three keys in order to access and move your bitcoins. You could have three separate hardware wallets of your choice, which each contain one key. If you ever lose one of the hardware wallets, or if it gets damaged or is stolen, you still have the other two hardware wallets that contain the other two keys. In this scenario, you can still access your bitcoins because you have two of the necessary three keys in your possession.
A 3-of-5 multi-signature setup is an even better way to safely store bitcoin. In this case, you have a total of five keys and only need three of them at any given moment to move your bitcoins. Even if two of the five keys are lost, damaged, stolen or inaccessible, you can still access your funds. And the beauty is: A single key is worthless. Even if someone did get a hold of one of the keys, they wouldn’t be able to do anything with it. Just like you, they’d need a minimum of three keys to access your funds.
Using a multi-signature setup eliminates single points of failure and creates redundancy at the same time. It’s a near perfect, modern version of what the Winklevoss twins did almost a decade ago to safely store bitcoin.
In fact, it’s entirely possible and plausible that the twins have since moved to a multi-signature setup themselves.
Bitcoin safety has come a long way in the last few years. While we still hear stories of people splitting up their private key and storing parts of it in different bank vaults similar to the Winklevoss Twins, multi-signature wallets are becoming more user-friendly and popular.
They will likely become the norm for safe, non-custodial bitcoin storage. For small amounts, using a hardware wallet or other convenient types of single key wallets is fine for most people. But to store large amounts and protect your wealth, a multi-signature setup that creates redundancy and avoids a single point of failure is mission critical.
In case you’re interested in setting up your own multi-signature wallet for bitcoin, this is relatively easy to do these days and there are two services we can recommend.
The first is Unchained Capital and the second is Casa which is run by well-known privacy and bitcoin security advocate Jameson Lopp.
Alternatively, you can create your own multi-signature setup using Electrum.