Where Does Evoke Store Its Multisig Recovery Key?

One of the most common questions we get is how and where Evoke stores its portion of your 2-of-3 multisig key. Here's what we can share.

Our security architecture

Evoke's recovery key is generated and stored using industry-standard secure infrastructure. The key is:

• Airgapped and protected by strict access controls requiring multiple authorised parties to unlock
• Stored with redundancy across geographically distributed locations
• Subject to regular security audits

Why we don't share full details publicly

We do not disclose the specific details of our key storage infrastructure publicly, as this would compromise security. Publicly describing exactly how a high-value key is stored would effectively create a map for attackers. This is standard practice in the cryptocurrency custody industry.

What you can verify

While we don't publish implementation details, you can verify these key properties of our architecture:

• Our key alone cannot move your Bitcoin. It requires a second key (yours) to authorise any transaction. This is mathematically enforced.
• No single employee can use the recovery key. Our internal protocols require multiple authorised parties to act together.
• Recovery requires identity verification of the account holder. We won't use the recovery key without verifying you or your executor's identity.

What if Evoke were compromised?

Even in a worst-case security breach, an attacker would have, at most, one of three keys. They could not move your Bitcoin without also compromising one of your personal keys. This is the whole point of non-custodial multisig — the architecture is designed to be resilient against single points of failure, including a compromise of Evoke itself.

The principle: You shouldn't need to trust our key storage implementation to trust our product. The security of your Bitcoin depends on your keys, not ours.