I want to protect my bitcoin and my threat model is that one of the two paper copies of the seed is accessed to recover the wallet and steal the funds. To mitigate this risk I am contemplating the options of a 2-out-3 multi-sig wallet. My first strategy is as follows:
I have therefore 4 geographically separate and secret locations (excluding myself). In terms of hardware wallets with me, I only have 1 which means if the main device is stolen, my bitcoins are safe as one more key is needed. The same is true if locations 1 or 2 are uncovered and a hardware wallet devices were to be stolen (as just one hardware wallet is there). However, taking the seed perspective, two seeds would be compromised.
My first question is whether an attacker can steal the funds with the two seeds uncovered or if 3 seeds are a must in order to recreate the wallet and take the funds? (I am assuming that if the attacker would have access to the 2 seeds to recreate private keys and the multisig wallet that was set up on my personal computer is not possible). I think that is the case, because recovering multisig wallet on Electrum requires 3 seeds (or 1 seed and 2 public keys of the co-signers), but wanted to double-check with the community that indeed no bitcoin can be moved with just two seeds uncovered. Note that with this setup it is effectively cold-cold storage as moving bitcoin, in this case, requires going to either location 1 or 2 to take either hardware wallet 1 or 2 to co-sign with the hardware wallet 3.
The other option is to create a hidden wallet with a passphrase using just one wallet. In that case 2 copies of seed and 2 copies of the passphrase can be stored in 4 geographically distinct locations. If the seed is uncovered then the hidden wallet can’t be accessed and if the passphrase is accessed then the hidden wallet can’t be recreated too. The only vulnerability in the latter case is if the hardware device was stolen and used to move the money (either by tampering with it physically or by directly using it although usage can be restricted with the device PIN).
My second question is whether the first option gives a significantly higher entropy for the protection. Note that in terms of costs of storage the cost would be the same as in both cases we must make use of 4 locations.
