Sunday, August 16, 2020

hodlmon.sh: a UTXO monitoring methodology and script for true connoisseurs of security, paranoia and BTC maximalism

Submitting this to help strengthen the community, and for review:

hodlmon.sh: a UTXO monitoring methodology and script for true connoisseurs of security, paranoia and BTC maximalism

Monitor canary UTXOs for early detection of compromised private keys BEFORE funds are lost, using your own full node for maximum privacy and trustlessness. Note that you will need to implement your own notification strategy (email, push, sms, etc). This script is intended to run on your full node, but can be run from any machine with RPC access to your full node.

hodlmon.sh is designed to check if a given UTXO (i.e. a specific output of a specific btc transaction) has been spent or not. This can be used for early and proactive detection if a seed phrase or private key has been compromised, so you have time to move your btc before full compromise happens.  In order for this to work, a small amount of btc should be sent to an address controlled only by a given seedphrase, with that seedphrase being part of a multisig wallet or a seedphrase+passphrase wallet, and the majority of your funds controlled in the seedphrase+passphrase or multisig wallet. The idea is to leave the small amount of btc (the canary utxo) in the address, so that it never moves unless the seedphrase that controls it has been compromised and all funds in the wallet swept. In this way, you use those compromised sats to buy information about the current security status of your wallet(s).

Example usage:
Set up a cron job to run hodlmon.sh every 30 min to check if transaction output at index "0" for transaction with id "123" has been spent already. Use "my_utxo_nickname" as a friendly name for the UTXO (to differentiate between multiple wallets)

*/30 * * * * /path/to/hodlmon.sh 123 0 my_utxo_nickname > /tmp/hodlmon_log 2> /tmp/hodlmon_err_log

Usage scenario #1: Seedphrase (A) + passphrase (A')
Majority of funds are held in a wallet controlled by both the seedphrase and passphrase, A and A'. A token amount of btc is controlled only by seedphrase A.

A + A': majority of funds
A: canary UTXO

hodlmon.sh is used to monitor the canary funds locked by A, so that if it is discovered that A has been compromised, the funds locked by A and A' can be moved to a new wallet before the passphrase A' can be cracked and all your funds exfiltrated.

Usage scenario #2: multisig e.g. 2 of 3, with seed phrases A, B and C
Majority of funds held in a multisig wallet controlled by 3 seedphrases A, B, and C.  3 small canary UTXOs are held in wallets each controlled by A, B or C, respectively.

A + B + C: majority of funds
A: canary UTXO 1
B: canary UTXO 2
C: canary UTXO 3

One benefit of multisig (e.g. 2 of 3) is that even if 1 key is compromised, your funds are safe, since at least 2 keys are needed to release funds. But how do you that none of the keys has yet been compromised? If you create separate wallets controlled each by only 1 of the individual keys, and use hodlmon.sh to monitor whether those UTXOs have been exfiltrated, then you can detect partial compromise of your setup before a full exfiltration event takes place, so you can move your funds to a new multisig wallet with freshly generated and uncompromised keys.

Example of 3 cronjobs to monitor all 3 canary UTXOs:
*/30 * * * * /path/to/hodlmon.sh 123 0 key1 > /tmp/hodlmon_log_1 2> /tmp/hodlmon_err_log_1
*/30 * * * * /path/to/hodlmon.sh 456 0 key2 > /tmp/hodlmon_log_2 2> /tmp/hodlmon_err_log_2
*/30 * * * * /path/to/hodlmon.sh 789 0 key3 > /tmp/hodlmon_log_3 2> /tmp/hodlmon_err_log_3

#########################################################################

#!/bin/bash

touch /tmp/hodlmon_last_run

echo "Transaction ID: $1"
echo "Output #:    $2"
echo "Nickname:    $3"

NODE_IP=127.0.0.1 #TODO: use actual value
USER=user #TODO: use actual value
PASS=pass #TODO: use actual value
PORT=8332 #TODO: use actual value

CHECK_CMD="/usr/local/bin/bitcoin-cli -rpcconnect=$NODE_IP -rpcuser=$USER -rpcpassword=$PASS -rpcport=$PORT gettxout $1 $2"

RESULT="$($CHECK_CMD)"

echo "${RESULT}"

if [ "$RESULT" == "" ]
then
  echo "UTXO HAS BEEN SPENT! RED ALERT!!"
  MSG="The UTXO for $3 from tx $1 output $2 has moved!"

  #TODO: ADD YOUR FAVORITE NOTIFICATION STRATEGY E.G. EMAIL, PUSH NOTIFICATION, SMS

else
  echo "UTXO is still on ice"
fi


No comments:

Post a Comment