Bitcoin network privacy

It is possible for blockchain observers to tell that your transactions are being sent from a 3-of-5 multisig vault. As we can see here, 3-of-5 is a pretty popular multisig scheme in terms of total value stored, but the number of distinct UTXOs is not particularly high and thus it considerably narrows down the potential set of wallets from which an attacker may try to guess yours.

Pictured below is a breakdown of BTC value secured by different multisig schemes (red is 3-of-5):


Pictured below is a breakdown of UTXO count secured by different multisig schemes (red is 3-of-5):


Observers of the bitcoin network may be able to determine that transactions are being broadcast from Casa's nodes. One potential improvement Casa can make here would be only to broadcast via Tor; eventually Dandelion should mitigate this concern by making it quite difficult for network observers to deduce the origin of a transaction simply by which peers announced it first.

If an attacker compromises Casa's servers, they can obtain additional information, though they can’t steal your funds.

In terms of personally identifiable information, we store a name and email address, but you are welcome to use a pseudonym.

Casa also stores your extended public keys, which an attacker could use to determine all of the addresses and transactions that belong to your wallet — but not send your funds. This is a tradeoff we made due to the vast improvements in usability we can provide by storing your public addresses.

It's also worth noting that an attacker who gained full control of this database could theoretically change these xpubs and addresses in an attempt to fool users into depositing assets into the wrong wallet, but we have mitigations in place to hinder this significantly, and we're making improvements which will remove it as an attack vector entirely. You can also set up a watch-only wallet if this is a concern for you and double-check every address generated in your Casa app before you send to it.