Sunday, 16 August 2020

hodlmon.sh: a UTXO monitoring methodology and script for true connoisseurs of security, paranoia and BTC maximalism


Submitting this to help strengthen the community, and for review:hodlmon.sh: a UTXO monitoring methodology and script for true connoisseurs of security, paranoia and BTC maximalismMonitor canary UTXOs for early detection of compromised private keys BEFORE funds are lost, using your own full node for maximum privacy and trustlessness. Note that you will need to implement your own notification strategy (email, push, sms, etc). This script is intended to run on your full node, but can be run from any machine with RPC access to your full node.hodlmon.sh is designed to check if a given UTXO (i.e. a specific output of a specific btc transaction) has been spent or not. This can be used for early and proactive detection if a seed phrase or private key has been compromised, so you have time to move your btc before full compromise happens.  In order for this to work, a small amount of btc should be sent to an address controlled only by a given seedphrase, with that seedphrase being part of a multisig wallet or a seedphrase+passphrase wallet, and the majority of your funds controlled in the seedphrase+passphrase or multisig wallet. The idea is to leave the small amount of btc (the canary utxo) in the address, so that it never moves unless the seedphrase that controls it has been compromised and all funds in the wallet swept. In this way, you use those compromised sats to buy information about the current security status of your wallet(s).Example usage:Set up a cron job to run hodlmon.sh every 30 min to check if transaction output at index "0" for transaction with id "123" has been spent already. Use "my_utxo_nickname" as a friendly name for the UTXO (to differentiate between multiple wallets)*/30 * * * * /path/to/hodlmon.sh 123 0 my_utxo_nickname > /tmp/hodlmon_log 2> /tmp/hodlmon_err_logUsage scenario #1: Seedphrase (A) + passphrase (A')Majority of funds are held in a wallet controlled by both the seedphrase and passphrase, A and A'. A token amount of btc is controlled only by seedphrase A.A + A': majority of fundsA: canary UTXOhodlmon.sh is used to monitor the canary funds locked by A, so that if it is discovered that A has been compromised, the funds locked by A and A' can be moved to a new wallet before the passphrase A' can be cracked and all your funds exfiltrated.Usage scenario #2: multisig e.g. 2 of 3, with seed phrases A, B and CMajority of funds held in a multisig wallet controlled by 3 seedphrases A, B, and C.  3 small canary UTXOs are held in wallets each controlled by A, B or C, respectively.A + B + C: majority of fundsA: canary UTXO 1B: canary UTXO 2C: canary UTXO 3One benefit of multisig (e.g. 2 of 3) is that even if 1 key is compromised, your funds are safe, since at least 2 keys are needed to release funds. But how do you that none of the keys has yet been compromised? If you create separate wallets controlled each by only 1 of the individual keys, and use hodlmon.sh to monitor whether those UTXOs have been exfiltrated, then you can detect partial compromise of your setup before a full exfiltration event takes place, so you can move your funds to a new multisig wallet with freshly generated and uncompromised keys.Example of 3 cronjobs to monitor all 3 canary UTXOs:*/30 * * * * /path/to/hodlmon.sh 123 0 key1 > /tmp/hodlmon_log_1 2> /tmp/hodlmon_err_log_1*/30 * * * * /path/to/hodlmon.sh 456 0 key2 > /tmp/hodlmon_log_2 2> /tmp/hodlmon_err_log_2*/30 * * * * /path/to/hodlmon.sh 789 0 key3 > /tmp/hodlmon_log_3 2> /tmp/hodlmon_err_log_3##########################################################################!/bin/bashtouch /tmp/hodlmon_last_runecho "Transaction ID: $1"echo "Output #:    $2"echo "Nickname:    $3"NODE_IP=127.0.0.1 #TODO: use actual valueUSER=user #TODO: use actual valuePASS=pass #TODO: use actual valuePORT=8332 #TODO: use actual valueCHECK_CMD="/usr/local/bin/bitcoin-cli -rpcconnect=$NODE_IP -rpcuser=$USER -rpcpassword=$PASS -rpcport=$PORT gettxout $1 $2"RESULT="$($CHECK_CMD)"echo "${RESULT}"if [ "$RESULT" == "" ]then  echo "UTXO HAS BEEN SPENT! RED ALERT!!"  MSG="The UTXO for $3 from tx $1 output $2 has moved!"  #TODO: ADD YOUR FAVORITE NOTIFICATION STRATEGY E.G. EMAIL, PUSH NOTIFICATION, SMSelse  echo "UTXO is still on ice"fi via /r/Bitcoin https://bit.ly/3fYdvLL

No comments :

Post a Comment