A standard Bitcoin transaction is irreversible the moment it confirms. This is a defining feature of Bitcoin's design — and a defining vulnerability of any custody arrangement that exposes a sufficient signing key to compromise. Bitcoin vaults are a class of custody constructions that introduce a time-locked layer between signing and final settlement, giving the holder a window to detect and reverse an unauthorized transaction. Properly designed vaults are one of the most defensively powerful constructions available in Bitcoin custody.
A vault is constructed using Bitcoin Script to enforce a delay between when a withdrawal is signed and when it can be claimed. The holder has two keys: a hot key used for normal operations, and a cold recovery key kept in deep storage. The hot key can initiate a withdrawal, which is broadcast and confirmed on-chain. But the withdrawal does not settle to a destination address immediately. Instead, it goes into a time-locked state where, for the duration of the delay (typically 24-72 hours), the recovery key can revoke it.
If the holder initiated the withdrawal themselves, the delay simply passes and the funds settle. If an attacker compromised the hot key and initiated an unauthorized withdrawal, the holder sees the broadcast transaction within the delay window and uses the recovery key to revoke it. The attacker cannot steal the funds even with full control of the hot key, as long as the holder detects the attempt during the delay window.
The architecture transforms the consequence of a key compromise from “the Bitcoin is gone” to “the holder must use the recovery key to revoke the unauthorized transaction within the delay window.” For substantial holdings, this is a profound improvement.
Vaults complement multisig rather than replace it. Multisig eliminates single-key compromise by requiring multiple independent signatures. Vaults provide a recovery window even if multiple signatures are obtained. The two work best in combination: a 2-of-3 multisig vault requires two key compromises AND beats the recovery window. Each layer addresses a different failure mode.
For holders evaluating custody arrangements, the presence of vault constructions is a meaningful security signal. Custody providers that use vaults at the infrastructure level demonstrate sophisticated threat modeling — they have anticipated key compromise as a real risk and engineered for it, rather than assuming key security is sufficient.
Vaults impose two practical costs. Withdrawals take longer. A 24-hour vault delay means routine withdrawals are not instant; they are scheduled with a one-day delay. For long-term holdings being moved infrequently, this is a non-issue. For active operations, it is operationally significant.
Vaults also require active monitoring. The recovery model only works if the holder watches for unauthorized withdrawals during the delay window. If the holder does not check the wallet for a week, an attacker can confirm a withdrawal initiated days ago. Vaults are therefore typically paired with monitoring services — either provider-administered or self-administered watchtower implementations — that alert the holder when a withdrawal is initiated.
Some vault designs require Bitcoin protocol-level features that do not yet exist. OP_CTV (CheckTemplateVerify) and OP_CAT are proposed opcodes that enable cleaner vault constructions by allowing the script to enforce specific transaction templates and outputs. With these opcodes active, vaults can be implemented with simpler scripts that are easier to audit and reason about.
Neither opcode is currently activated on Bitcoin mainnet. Both are subjects of ongoing protocol debate. The activation timeline is uncertain. In the meantime, vault implementations rely on existing opcodes and creative script constructions, which work but are more complex and harder to audit.
At the institutional custody layer, vault-like constructions are common. Most qualified custodians implement withdrawal delays as part of their operational security model, although the implementation is typically administrative rather than cryptographic — the custodian's internal procedures enforce the delay, not the Bitcoin protocol itself. The practical effect is similar: a window during which unauthorized withdrawals can be detected and revoked.
The strongest implementations combine protocol-level multisig with administrative withdrawal delays and customer-side monitoring. Each layer provides defense against a different failure mode, and the combination is robust against most realistic attack scenarios.
Vaults are an underused layer in Bitcoin custody. They provide a recovery mechanism for one of the most consequential failure modes — key compromise — and they do so without requiring trust in any third party. For substantial Bitcoin holdings, the question is not whether to use vaults but whether the custody arrangement implements vault-like withdrawal delays at the infrastructure level. If it does not, the holder is exposed to immediate catastrophic loss from any sufficient key compromise. If it does, the holder gains a defense layer that scales with the value at risk.
Sourced from Spark.Money research; analysis adapted for Proof of Custody's custody-comparison editorial scope.
Get weekly custody analysis and platform updates delivered to your inbox.