How do I conduct a key replacement?

If a key becomes compromised, Unchained offers a way to replace a key.

If a key becomes compromised or your seed phrases are misplaced, it's best practice to replace this key in your multisig quorum.

First, make sure a key replacement is necessary before attempting one. If you’re not sure, you can reach out to Unchained Capital support, or read our blog article on this subject. If you are sure that you need to do a key replacement, keep reading for more.

Video guide

Watch this short video for a quick run-through of how to replace a key on the Unchained platform. Below, you'll find complete written instructions.

HubSpot Video

What you'll need

To replace a key, you'll need to prepare the following:

  • Unchained Capital tier-2 account
  • A new key uploaded to the platform

How to upload a new key

  1. Log in to your Unchained account.
  2. Click Keys from the menu on the left-hand side of your screen.
  3. Click the Upload New Key button a the top of the screen. 
  4. Use the platform suggestion or enter a custom name for this key and select Next.
  5. Select the manufacturer of the device you're using.
  6. On Trezor and Ledger, select the blue Connect box to export your public key. On a Coldcard, follow the instructions on the screen to airgap your public key.
  7. Review the exported public key and select Next.

How to replace a key

  1. Navigate to your keys dashboard.
  2. Select the key you want to replace.
  3. Click on Replace Key and author a transaction.
  4. Select the new key from the Choose Key dropdown menu.
  5. Verify that you can or can't sign a transaction via the Can you sign section toggle.
  6. Click Replace Key.
  7. Confirm that you are sure of the change by clicking Replace.
  8. Record a verification video to approve the key replacement and submit it.

After submitting the request, Unchained will create new vaults for you with the new quorum of keys. Your previous key has been successfully replaced.

Note: Depending on if you chose whether you can sign or not, a sweep transaction will be required. A sweep transaction in essence moves funds from one address controlled by your original two keys, to a new address controlled by your original, non-compromised key and your new key.