PROOFOFCUSTODY
Bitcoin
Data
Get the Report
PROOFOFCUSTODY

The independent scoring system for Bitcoin custody. Every platform scored and ranked.

$1B+ in assets under custody expertise

No spam. Unsubscribe anytime.

PLATFORM SCORES
All ScoresCompareMethodologyCustody Assessment
LEARN
Bitcoin 101Custody GuidesFAQQuiz
RESOURCES
DataPodcastReportEditorial Independence
CONNECT
Twitter / XLinkedInYouTubehello@proofofcustody.io
2026 Proof of Custody. Published by Onramp Bitcoin. Editorial Independence.proofofcustody.io
All Articles
Advanced9 min

Bitcoin Vaults: How Time-Locked Recovery Protects Against Theft

Proof of Custody Editorial·May 3, 2026

A standard Bitcoin transaction is irreversible the moment it confirms. This is a defining feature of Bitcoin's design — and a defining vulnerability of any custody arrangement that exposes a sufficient signing key to compromise. Bitcoin vaults are a class of custody constructions that introduce a time-locked layer between signing and final settlement, giving the holder a window to detect and reverse an unauthorized transaction. Properly designed vaults are one of the most defensively powerful constructions available in Bitcoin custody.

Key Takeaways

  • A vault is a Bitcoin construction where withdrawals are subject to a delay during which the original holder can revoke the transaction using a separate recovery key
  • Vaults make compromised signing keys recoverable rather than catastrophic — the window to detect theft determines the value of the vault
  • Implementations vary in protocol support: covenant-based vaults require OP_CTV or OP_CAT (not yet activated); script-based vaults work today with existing opcodes
  • Vaults are not a substitute for multisig — they complement it by providing recovery time after an attempted theft

The Basic Vault Pattern

A vault is constructed using Bitcoin Script to enforce a delay between when a withdrawal is signed and when it can be claimed. The holder has two keys: a hot key used for normal operations, and a cold recovery key kept in deep storage. The hot key can initiate a withdrawal, which is broadcast and confirmed on-chain. But the withdrawal does not settle to a destination address immediately. Instead, it goes into a time-locked state where, for the duration of the delay (typically 24-72 hours), the recovery key can revoke it.

If the holder initiated the withdrawal themselves, the delay simply passes and the funds settle. If an attacker compromised the hot key and initiated an unauthorized withdrawal, the holder sees the broadcast transaction within the delay window and uses the recovery key to revoke it. The attacker cannot steal the funds even with full control of the hot key, as long as the holder detects the attempt during the delay window.

The architecture transforms the consequence of a key compromise from “the Bitcoin is gone” to “the holder must use the recovery key to revoke the unauthorized transaction within the delay window.” For substantial holdings, this is a profound improvement.

Where Vaults Fit in the Custody Stack

Vaults complement multisig rather than replace it. Multisig eliminates single-key compromise by requiring multiple independent signatures. Vaults provide a recovery window even if multiple signatures are obtained. The two work best in combination: a 2-of-3 multisig vault requires two key compromises AND beats the recovery window. Each layer addresses a different failure mode.

For holders evaluating custody arrangements, the presence of vault constructions is a meaningful security signal. Custody providers that use vaults at the infrastructure level demonstrate sophisticated threat modeling — they have anticipated key compromise as a real risk and engineered for it, rather than assuming key security is sufficient.

What Vaults Cost

Vaults impose two practical costs. Withdrawals take longer. A 24-hour vault delay means routine withdrawals are not instant; they are scheduled with a one-day delay. For long-term holdings being moved infrequently, this is a non-issue. For active operations, it is operationally significant.

Vaults also require active monitoring. The recovery model only works if the holder watches for unauthorized withdrawals during the delay window. If the holder does not check the wallet for a week, an attacker can confirm a withdrawal initiated days ago. Vaults are therefore typically paired with monitoring services — either provider-administered or self-administered watchtower implementations — that alert the holder when a withdrawal is initiated.

Covenant-Based Vaults

Some vault designs require Bitcoin protocol-level features that do not yet exist. OP_CTV (CheckTemplateVerify) and OP_CAT are proposed opcodes that enable cleaner vault constructions by allowing the script to enforce specific transaction templates and outputs. With these opcodes active, vaults can be implemented with simpler scripts that are easier to audit and reason about.

Neither opcode is currently activated on Bitcoin mainnet. Both are subjects of ongoing protocol debate. The activation timeline is uncertain. In the meantime, vault implementations rely on existing opcodes and creative script constructions, which work but are more complex and harder to audit.

Vaults in Institutional Custody

At the institutional custody layer, vault-like constructions are common. Most qualified custodians implement withdrawal delays as part of their operational security model, although the implementation is typically administrative rather than cryptographic — the custodian's internal procedures enforce the delay, not the Bitcoin protocol itself. The practical effect is similar: a window during which unauthorized withdrawals can be detected and revoked.

The strongest implementations combine protocol-level multisig with administrative withdrawal delays and customer-side monitoring. Each layer provides defense against a different failure mode, and the combination is robust against most realistic attack scenarios.

The Bottom Line

Vaults are an underused layer in Bitcoin custody. They provide a recovery mechanism for one of the most consequential failure modes — key compromise — and they do so without requiring trust in any third party. For substantial Bitcoin holdings, the question is not whether to use vaults but whether the custody arrangement implements vault-like withdrawal delays at the infrastructure level. If it does not, the holder is exposed to immediate catastrophic loss from any sufficient key compromise. If it does, the holder gains a defense layer that scales with the value at risk.

Sourced from Spark.Money research; analysis adapted for Proof of Custody's custody-comparison editorial scope.

Stay Informed

Get weekly custody analysis and platform updates delivered to your inbox.