On Alpaca Marketplace, all transactions are, by default, processed using our secure, yet straightforward multi-signature escrow process.
Multi-signature escrow ensures that transaction funds cannot be accessed without the signature of both the buyer and the vendor. Even in the (highly unlikely) event that the escrow server is compromised, the intruder will not be able do anything. In such an event, funds would still be accessible provided that both the buyer and vendor is able to generate their wallet signatures.
The escrow process is outlined below:
- With each new transaction, the buyer encrypts, and submits his/her wallet public key. This, and the public key of the marketplace is used to generate a 2-2 multisig address. 1
- Two transactions, one that returns the funds the buyer and one that transfers the funds to the multisig address, are signed using the buyer's public key sent to the vendor.
- The buyer may cancel their order anytime up until the vendor responds. Doing so will immediately return all funds to his bitcoin address.
- With every order, the vendor has two options:
- Reject the order using the signed transaction from 2a. Funds are returned to the buyer.
- Accept the order. A 3-4 multi-signature wallet is generated 2 from the public keys of the buyer, the vendor, the marketplace, and a mediator.
- Once his order has been accepted, the buyer has two options:
- Release funds. A transaction is sigined and sent to the escrow server and, once claimed by the vendor by signing the same transaction, the funds will be sent to the vendor's BTC address.
- Start a dispute. The buyer and the vendor are given access to the transaction dispute page, where they will be able to communicate in a chat-like interface and propose, accept and reject solutions to the dispute. Once both parties have agreed on a solution, an appropriate transactions will be signed using both keys and sent to the escrow servers, which will process the solution. 2
1 By default, public keys are generated on the server and transactions are seamlessly signed with the users' RSA keys. Advanced users can choose to use their own public keys and manually sign transactions.