AnchorWatch

Updated: November 2025
< Back to Store it safely
Get AnchorWatch Visit official website
positive icon Insurance-backed Trident vaultspositive icon Time-locked recovery scriptpositive icon Inheritance-ready claims

Quick verdict

positive icon Best for: AnchorWatch pairs Trident multisig vaults with Lloyd's-backed insurance so US treasuries and families can keep keys cold without giving up coverage. Choose it when you want estate, audit, and compliance workflows around long-term bitcoin.

neutral icon Consider if: The service adds a compliance desk to every spend, which means you must plan withdrawals ahead of time. Consider it if you want that oversight plus access to insurance-grade recovery tooling.

negative icon Not ideal when: Because AnchorWatch must sign each spend, you trade speed for assurance. It's not ideal when you need instant, global, or anonymous control.

Set up your AnchorWatch vault

Set up your AnchorWatch vault

1. Choose policy & secure keys

Setup time: ~60 minCost: VariesRisk: Low
  1. Meet AnchorWatch underwriting, review coverage tiers, and set the USD limit you want insured.
  2. Complete KYC or KYB, sign the engagement letter, and receive the factory-sealed signing devices they ship.
  3. Generate your customer keys during the onboarding call so AnchorWatch never sees the seed material.

Gotcha: Insurance underwriting requires US residency or entity registration plus identity verification.

2. Build and test the vault

Setup time: ~45 minCost: Mining feeRisk: Low
  1. Configure the Trident miniscript policy, label each signer, and review the vault's output descriptor together.
  2. Send a small test deposit, confirm it on your own node, and log the insured UTXO ID provided in the policy.
  3. Document the recovery script and store redundant copies offline for board reviews.

Gotcha: Skipping the descriptor review means you cannot independently prove the vault's policy later.

3. Operationalize compliance & inheritance

Setup time: ~30 minCost: FreeRisk: Low
  1. Define compliance contacts so AnchorWatch knows who can request co-signatures and who gets alerts.
  2. Set withdrawal workflows, including evidence AnchorWatch needs before it signs and the one-to-two business day window.
  3. Add beneficiaries or board-approved heirs in Trident so inheritance and insurance claims share paperwork.

Gotcha: Transactions requested outside the documented workflow are delayed until compliance can verify them.

Quick answers

Do I have to use Trident to be insured by AnchorWatch?

Yes. The insurance is bound to Trident's miniscript vault so AnchorWatch can verify keys and sign when policy terms are met.

How fast does AnchorWatch co-sign transactions?

After you sign and submit supporting evidence, AnchorWatch usually completes compliance checks and adds its signature within one to two business days.

What if every customer key is lost?

AnchorWatch can invoke the time-locked recovery path with its emergency partner, or you can file a claim that covers the permanent loss if policy conditions are met.

Key features

Your insured policy (who signs and when)

Insurance-backed Trident vaults

  • Who holds keys: You keep two customer-controlled devices, AnchorWatch keeps its own signer set, and an emergency partner stays offline until needed.
  • Policy terms: Each insured vault corresponds to a specific UTXO and policy number, so loss calculations stay 1:1.
  • When it signs: AnchorWatch co-signs once compliance evidence is reviewed, typically within one to two business days.

Good for: Long-term storage that needs institutional approvals. Trade-off: Movements wait on AnchorWatch availability.

Time-locked recovery script

  • Miniscript path: Trident encodes a timelock that lets AnchorWatch and its emergency partner rebuild access if customer keys disappear.
  • Recovery script: You receive descriptors so you can spend through Bitcoin Core even if Trident is offline.
  • Insurance tie-in: Manual recovery can avoid deductibles and keep coverage intact.

Good for: Estate planning or key-loss response. Trade-off: Timelocks add waiting periods before funds move.

If this happens, can I still move my Bitcoin?

If this happens, can I still move my Bitcoin?

Lose one signing device

Works
~1 business day

Trident is 2-of-3, so you and AnchorWatch still have a quorum if one customer device fails.

Show steps
  1. Notify AnchorWatch support and document when the device was lost or destroyed.
  2. Schedule a replacement call so they can ship a new sealed signer and walk you through key generation.
  3. Update the vault records and insurance schedule so the new key is reflected.

Gotcha: AnchorWatch needs evidence that the lost key cannot be recovered before issuing new hardware.

AnchorWatch service interruption

Works, with caveat
Timelock (per policy)

You hold the recovery script and descriptors, so a timelock path lets you spend without AnchorWatch if they are unreachable.

Show steps
  1. Load the recovery script into Bitcoin Core or another compatible wallet.
  2. Wait for the policy's timelock window, then use your remaining keys plus the emergency partner to co-sign.
  3. Sweep funds to a destination you control and notify AnchorWatch once channels reopen.

Gotcha: Bypassing AnchorWatch during an outage may impact insurance, so log every step and inform them once possible.

Coercion or theft attempt

Works
Immediate

AnchorWatch will not sign until compliance clears the request, giving you time to halt a coerced withdrawal and trigger insurance steps.

Show steps
  1. Refuse to sign the outgoing transaction and alert AnchorWatch via their emergency contact.
  2. Provide incident evidence (police report, affidavits) so they can freeze signatures.
  3. Work with them to either rebuild access via the recovery partner or initiate a claim if keys were compromised.

Gotcha: Policies require timely reporting of coercion events; delays can affect coverage.

Lose every customer key

Works, with caveat
Timelock + claim

A miniscript time-locked path plus AnchorWatch's emergency signer lets them rebuild control, and the insurance policy covers any permanent loss that remains.

Show steps
  1. Report the loss immediately and provide documentation proving the keys are unrecoverable.
  2. AnchorWatch and the emergency partner wait out the preset timelock, then co-sign a recovery spend.
  3. If recovery fails, AnchorWatch files the Lloyd's-backed claim on your behalf using your evidence packet.

Gotcha: Claims include a 10% or 25% deductible, so full reimbursement depends on the policy option you selected.

Inheritance: pass it on safely

Inheritance: pass it on safely

Insurance paperwork and vault workflows align so heirs are not guessing when the time comes.

1. Stage the policy

Action
~60 min

Beneficiaries need to be named inside Trident and on the policy so compliance can verify them later.

  1. Gather legal documents (trust, corporate resolutions) before the onboarding call.
  2. List beneficiaries or board designees in Trident and in the insurance schedule.
  3. Store recovery scripts plus instructions in separate, access-controlled locations.
  4. Review the plan annually with AnchorWatch so contacts and documents stay current.
Do this: Align legal paperwork, Trident assignments, and insurance records at the same time.

2. Inheritance-ready claims

Process
Varies (claim + review)

You'll need: Beneficiary identity docs · Recovery script · Policy paperwork

  1. Beneficiary contacts AnchorWatch with proof of death or corporate instruction.
  2. AnchorWatch triggers its compliance review and informs Lloyd's if a claim is likely.
  3. Once the waiting period clears, AnchorWatch co-signs or releases instructions so heirs can move funds.
  4. Any deductible is applied before remaining sats settle to the beneficiary-controlled vault.

Expect compliance plus insurer review before coins move; publish timelines in corporate policy manuals.

Do this: Keep beneficiaries in the loop so they know how to contact AnchorWatch when needed.

3. If plans break

Emergency
Recovery paths
Beneficiary lost documents:
AnchorWatch pauses signatures until replacement affidavits arrive.
Corporate designee is disputed:
Board minutes or court orders must clarify who controls the account before funds move.
AnchorWatch unreachable:
Execute the recovery script via timelock, then present records once service resumes.
Do this: Record fallback contacts plus emergency communication channels in your continuity binder.
Compatibility: what works with AnchorWatch

Compatibility: what works with AnchorWatch

Know which hardware, browsers, and standards the Trident vault expects before underwriting.

Signing hardware

Verified
  • AnchorWatch-supplied devices
    Factory-sealed hardware shipped during onboarding; kept offline except when signing.
  • Customer-provided HSMs
    Custom setups require AnchorWatch review so the policy still tracks signatures.

Trident dashboard & desktop

  • Web Latest Chrome, Firefox, Safari
  • Mobile browsers

Connection types

Verified
  • Offline signing
    Signing devices stay air-gapped except when exchanging PSBT files.
  • Client node verification
    Use the output descriptor to watch the vault from your own node.
  • AnchorWatch compliance portal
    Web-based evidence uploads with audit logging

Bitcoin standards & keys

Standard Support Notes
BIP39 Yes Customer devices use standard seed phrases
BIP32 Yes Hierarchical deterministic derivation for vault paths
Miniscript Yes Enables time-locked recovery paths
Output descriptors Yes Customers receive descriptors for independent verification
Show advanced
Descriptors
Yes — AnchorWatch emails descriptors plus Recovery Script during onboarding
PSBT
Yes — PSBT handoffs move between Trident, customer devices, and AnchorWatch
Derivation paths
Custom — Policy-specific paths documented inside the recovery script
Output descriptors
Yes — Used for on-chain audits and cold recovery drills
Costs & ongoing obligations

Costs & ongoing obligations

AnchorWatch bills like an insurance carrier: premiums are paid up front, while the Trident Services Fee covers custody tech and support.

One-time Premium: 0.55%–2% of insured value (paid in USD)
Monthly TSF: up to 0.25% annually after the first $250k
Per transaction Compliance signing: one transaction per quarter included

What you pay once

  • Onboarding fee Refundable
    Returned if underwriting declines coverage
  • Annual insurance premium 0.55%–2% of coverage
    Paid at policy start in USD
  • Signing hardware shipment Included
    Factory-sealed devices mailed after underwriting

What you pay ongoing

  • Trident Services Fee Up to 0.25% annually
    Billed monthly on balances above $250k
  • Compliance signatures Included quarterly
    Additional signatures priced per event
  • Deductible 10% or 25% of claim
    Selected during policy setup
Privacy & jurisdiction

Privacy & jurisdiction

What AnchorWatch collects & where it lives

Keys stay offline Segregated records

Insurance carriers need KYC data and policy evidence, but key material never leaves your hardware.

AnchorWatch stores identity docs, policy forms, and transaction evidence on US servers with audit logs. Signing keys remain on the devices you control, and descriptors plus recovery scripts live in the secure portal you download during onboarding.

  • Stays on devices: Customer seed phrases · AnchorWatch signer keys · Hardware PINs
  • Customer portal: Recovery scripts · Output descriptors · Audit-ready statements
  • AnchorWatch servers: KYC/KYB packets · Insurance paperwork · Compliance evidence
  • Logs: Signer requests · Support tickets · Claim documentation
Can I audit my stored data?

Yes. The Trident portal lets you download policy records plus descriptors anytime, and AnchorWatch will export or delete KYC records once regulatory retention windows expire.

Jurisdiction: what that means for you

US-regulated Lloyd's backing

Policies are written on Lloyd's of London paper but administered from the US, so American insurance law applies.

AnchorWatch must respond to lawful US data or subpoena requests and keeps complaint channels through Arch Insurance and Lloyd's. Insurance coverage extends only to US persons or entities today, so cross-border clients need separate arrangements.

  • Provider: AnchorWatch Inc. (US) with Lloyd's syndicate backing
  • Can be compelled: Policy details · Compliance notes · Communication logs
  • Can't access: Customer-held keys · Offline recovery phrases
  • Complaints: Arch Insurance (US) or Lloyd's (UK) escalation paths
What if a court wants to freeze funds?

AnchorWatch can refuse to sign or alert you if a lawful order arrives, but they cannot move funds without your key. You decide whether to cooperate or move funds via the recovery path.

Your controls

Review anytime Export or delete

Insurance-grade recordkeeping still gives you transparency so you can right-size what AnchorWatch stores.

The Trident portal keeps every signature request, descriptor update, and beneficiary change in one log so you never lose track. Data export and deletion workflows live in the same place, so you can keep only what regulators require.

  • Portal access: Download policy docs, descriptors, and transaction logs whenever needed
  • Notifications: Customize incident and signature alerts for email, SMS, or phone
  • Data requests: Submit export/delete tickets once retention obligations end
  • Audit trail: Every support touch is logged for SOC and insurance reviews
How long are records kept?

Insurance rules require keeping KYC and claim files for statutory periods (often 5–7 years). AnchorWatch deletes or returns data after that window if you ask.

Quick answers

What personal data does AnchorWatch store?

They keep KYC/KYB packets, policy paperwork, and compliance evidence but never your private keys.

Can I monitor the vault without AnchorWatch?

Yes. Use the output descriptor with your own node or explorer to verify balances independently.

How do I request data deletion?

Email support with your policy number once statutory retention periods expire, and they purge or return the files.

Key terms
Trident Services Fee
Monthly charge that funds custody tech, compliance support, and the AnchorWatch signer infrastructure.
Recovery script
Descriptor plus instructions that let you spend directly via Bitcoin Core if AnchorWatch is offline.
Specie coverage
Insurance category AnchorWatch uses to cover physical assets like bitcoin held in cold storage.
Release & Trust

Release & Trust

Security & compliance

Trident vaults and code audited by Halborn, Doyensec, and Blockstream cryptographers.

Security FAQ
Custody & safeguarding

Insurance policies are 100% backed by Lloyd's of London A+ rated syndicates.

Coverage details
Privacy policy

Privacy policy explains how KYC, compliance, and complaint data are handled in the US.

Privacy policy
Terms & conditions

Terms, complaints, and Arch Insurance contacts are published for policyholders.

Terms & complaints
Profile

Profile

Founder(s)
Robert Hamilton & Becca Rubenfeld
Robert Hamilton & Becca Rubenfeld
Company description

AnchorWatch is a U.S.-based bitcoin custody and insurance provider trying to bridge traditional insurance with Bitcoin-native custody, delivering peace of mind by offering an elegant, turnkey solution...

AnchorWatch is a U.S.-based bitcoin custody and insurance provider trying to bridge traditional insurance with Bitcoin-native custody, delivering peace of mind by offering an elegant, turnkey solution for long-term bitcoin holders and corporate treasuries seeking secure, insured, and inheritance-ready custody.

Founded in
2022
Website
anchorwatch.com

FAQs

How does AnchorWatch's Trident vault insurance work?

AnchorWatch locks each deposit inside a Trident 2-of-3 multisig vault that maps to a Lloyd's-backed policy, so coverage follows the exact UTXO you fund. If you permanently lose control under the policy terms, you can file a claim instead of eating the loss.

What does AnchorWatch charge for custody insurance?

Premiums run roughly 0.55%–2% of the insured value per year and are paid up front in USD. A Trident Services Fee of up to 0.25% annually (first $250k waived) is billed monthly so you can size coverage to your treasury.

How fast can I move bitcoin out of an AnchorWatch vault?

You prepare and sign the spend in Trident, submit your evidence package, and AnchorWatch usually clears compliance plus its signature within one to two business days. Plan larger withdrawals ahead so insurance controls never become a surprise bottleneck.

Does AnchorWatch require KYC and where is it available?

Yes. AnchorWatch underwrites regulated US policies, so onboarding requires identity documents or KYB packages and they currently insure only US-based clients.

How are customer keys and funds segregated at AnchorWatch?

You generate your own keys on factory-sealed devices, and each vault has a unique output descriptor that proves funds are never commingled with other policyholders. You can verify segregation on-chain before depositing sats.

×

Rate this service

Alternatives to AnchorWatch