It is always important to know the risks when handing over your private keys to us.
There are a number of risks associated with our service and we have tried to address them all. We would group risks into three buckets:
- Personnel related risks
- Security risks
- Operational risks
Ad 1) Personnel related risks
These are risks related to a potential stealing of funds from founders/personnel.
In order to mitigate this risk, private keys to our funds are kept using Shamir's Secret Sharing formula, so that we need to be at least three out of four founders (3/4) that meet in person in order to set up or take down a Dash Masternode. This prevents that any founder to have control of the funds himself and book a one-way ticket to a very exotic place.
Also, we are very transparent in our company structure. We are open towards who we are, and what we do. Our service can be traced on the blockchain and there is clear audit trail to all fractional payments. We believe this is the best way to show what we do is correct.
Ad 2) Security risks
Security risks are two-fold. Risks can occur in person and through hacking.
Without being too specific, we operate an Azure-hosted environment which we are very confident in.
Transfers are made through air-gapped signing, leaving no room for sniffing up the private keys.
In case we are compromized, our "parachute" function can be triggered. It is a pre-signed mass transaction whereby every CrowdNode member gets their balance returned to them when the transaction is broadcast to the DASH network. The "parachute" can be triggered by one of the founders.
Ad 3) Operational risks
These are the risk that are derived from mistakes.
Unfortunately mistakes happen. As a result we try to test as much as possible in order to learn from them.
We think that we have been very thorough in the setup of the service, so that operations do not lead to any mistakes.