Blockchain observers will be able to tell that you’re spending from a 3-of-5 multisig wallet. As we can see here, 3-of-5 is a pretty popular multi-sig scheme in terms of total value stored, but the number of distinct UTXOs is not particularly high and thus it considerably narrows down the potential set of wallets from which an attacker may try to guess is yours.
Pictured below is a breakdown of BTC value secured by different multisig schemes (red is 3-of-5):
Pictured below is a breakdown of UTXO count secured by different multisig schemes (red is 3-of-5)"
Observers of the Bitcoin network may be able to determine that transactions are being broadcast from Casa’s nodes. One potential improvement Casa can make here would be to only broadcast via Tor; eventually Dandelion should mitigate this concern by making it quite difficult for network observers to deduce the origin of a transaction simply by which peers announced it first.
If an attacker compromises Casa’s servers, they can obtain additional information, though they can’t steal your funds.
In terms of personally identifiable information, we store a name and email address, but you are welcome to use a pseudonym.
Casa also stores your extended public keys, which an attacker could use to determine all of the addresses and transactions that belong to your wallet — but not spend your funds. This is a tradeoff we made due to the vast improvements in usability we can provide by storing your public addresses.
It’s also worth noting that an attacker who gained full control of this database could theoretically change these xpubs and addresses in an attempt to fool users into depositing assets into the wrong wallet, but we have mitigations in place to significantly hinder this, and we’re making improvements which will remove it as an attack vector entirely.