The coldest custody: institutional-grade solutions to cryptoasset security

. 4 min read

We’ve talked about security before, when it comes to your cryptoassets. The vulnerability of your private keys is absolute, and there’s no bank or insurance scheme to protect you if hackers get their hands on them and make an irreversible send. Coupled with that, you have to make totally certain your keys are never lost or deleted.

Whilst everybody has a different tolerance for risk vs the accessibility hassles of different storage modes, it makes sense in most cases to plan based on the value of the asset itself.

It’s fun to watch your first half an Eth rise and fall in real time on an exchange, but once you’re pushing into 4 figures you probably invest in some kind of cold storage device and a more of a plan as regards recovery options. After all, most of us are in this for the long game, and are also bearing in mind a prospective increase in value. When LocalCoinSwap opens for trading in August we’ll have robustly-tested escrow services to protect all parties during their transaction, but we recommend moving your funds to a purpose-built wallet as soon as possible for storage.

So what do you do if you have BIG money... Millions, or maybe even billions, to invest in crypto? That little USB stick in the secret drawer isn’t going to cut it any longer. How do you ensure your keys are safe? It’s a problem which has dogged the industry for some time, and is a big obstacle to serious institutional money entering the space.

Family offices, pension funds, hedge funds... they increasingly want their share of the returns that exposure to this asset class could bring - but those charged with managing vast sums of other people’s money cannot afford to take any risks. Not for them the libertarian dreams of ‘being your own bank’, instead they need to know their clients’ funds are secured to an extent equivalent to when they’re safely in an insured and regulated financial product. Which is why cryptoasset custody is one of the most interesting new niches developing within the industry right now.

One heavyweight contender in the field is Xapo, the latest project of the Argentinian-born serial entrepreneur and bitcoin evangelist Wences Casares. Xapo are rumoured to have over $10bn of bitcoin under their care - around 7% of the global circulating bitcoin supply - and 96% of this belongs to just 4 clients. So, not all billionaires agree with Munger and Buffet then. There’s some big money here, hodling tight.

In terms of their marketing Xapo need to tread a fine line, between reassuring potential investors of the lengths they go to in providing security, whilst not giving away compromising levels of detail.

Naturally they are trading to a considerable extent on the personal authenticity and reputation of Casares, who Nathaniel Popper in Digital Gold dubbed ‘patient zero’ for the Silicon Valley adoption of bitcoin. In a recent podcast with Laura Shin, Casares comes across with great sincerity and humility, his passion for bitcoin (and bitcoin alone, a true maximalist) stemming from a childhood in Patagonia which involved 3 massive financial collapses due to state and government actions. It’s funny how much, in an industry literally created around a totally trustless algorithm, how much individuals integrity and credentials really matter - would you invest in an ICO without digging through the team biographies in detail? And that same eloquent sincerity with which Casares sent bitcoins whirling round a Palo Alto conference room in 2013 is now persuading fund managers that he has the answer to their biggest concern.

Some things we do know about how Xapo stores private keys:

  1. They use underground bunkers, including a decommissioned military property in Lucerne, Switzerland. They have invited some journalists into this one (not me), so we know a little bit about it - but they also have 5 other physical vaults, in different continents.
  2. An array of physical security protects these locations, including trained personnel and physical layers such as blast-proof concrete tunnels
  3. They use multisig wallets, requiring a minimum of 3 out of 5 keys. So they have true physical redundancy, if one or more of those bunkers is indisposed courtesy of a nuke or an earthquake
  4. Whilst Xapo offer purchasing and exchange services to institutional customers and need a little liquidity, they maintain 97% of their keys in what they refer to as ‘deep cold storage’ on servers which have never been connected to the internet at any time.
  5. They use fingerprint scanners which are also equipped with pulse readers so the fingerprint being used has to be physically attached to its owners blood supply in order to function
  6. The final barrier surrounding the servers themselves, if the deep underground bombproof location were ever physically breached, is a Faraday cage designed to withstand a possible electromagnetic pulse (EMP) attack that could wipe out the data
  7. No one, not even the operator, enters that room. Its door is sealed with tamper-proof tape. The operator uses “special cabling” to send encrypted data to the hardware for signing. Finally before a transaction can be approved, two more sign-offs, in two other vaults located on separate continents must be performed
  8. It takes over 2 days to make a withdrawal. This is a not a solution for traders seeking to catch a dip. Sean Clark, founder of Canadian First Block Capital, stated “Every part of their DNA is geared to security… Whenever we make big transfers they FaceTime us, we have duress words. If it’s big enough they’ll fly out to see us.”

Whilst Xapo, launched in 2014, seems to have been one of the first firms to think about the growing needs of secure cryptoasset custody, they are far from the only ones now - a range of other solutions are emerging to market, including Coinbase and Ledger Vault, including hybrid solutions aimed at different levels of user need. But Casares welcomes this development. He told Shin he would be worried if they were the only company addressing this space, because they were creating a new category, in which multiple players were needed to ensure success. He sees Xapo as a vehicle to help bitcoin grow - and there will be plenty of room for other drivers on the highway to the future they are carving.

It’s absolutely fascinating to see way this vital question is being addressed at the most elevated level, and we can all learn from they way they think about the physical and electronic layers of security which they have built around their service.

Depending on how many LCS Cryptoshares you have invested in, you might not need to think about custody services at this depth just now - but as the industry and its assets continue to mature and grow, it’s good to know that some of the brightest minds in it are developing solutions which will help all of us invest safely for the future.