Are Your Crypto Assets Secure? — Learn How Cryptocurrency Custody Is Evolving in 2019 devrandom Follow Feb 12, 2019 · 5 min read

Cryptocurrency Security is Different!

It’s easy to confuse cryptocurrency with a bank account. It’s much closer to cash, precious metals or bearer instruments.

Unlike a bank account, transactions in cryptocurrency are irreversible. There is no recourse if you lose your private key or someone gets a hold of it and moves your coins away.

Further raising the stakes is the networked nature of blockchains and wallets. Since computers are susceptible to being hacked, private keys can be stolen if they reside on networked devices.

Another way a company can have their keys stolen is via an inside job. Since keys are not attached to identities, the company won’t be able to tell if an employee leaked the key or if the key was stolen via a computer hack. The assets will just be moved away, potentially with no forensic trail.

Given these differences, existing security techniques employed in the financial system are inadequate. They were designed for a more forgiving environment, where fraudulent transactions can be reversed and the perpetrators identified.

Solving Security is a Roadblock to Adoption

Since a total loss of assets is possible, a custodian of cryptocurrency runs the risk of insolvency. Because of the high perceived risk, insurance rates are very high (on the order of 0.5% — 1%). End users will resist such a high cost passed on to them when their other financial assets don’t attract such fees.

The high perceived risk is a damper on institutional adoption, since institutions might not feel they have the expertise to secure the keys, don’t trust others to hold it for them, or see insurance fees as prohibitive.

The Evolution of Cryptocurrency Security

Offline storage (AKA cold storage) was used by the earliest exchanges, including MtGox and Tradehill. Offline storage of private keys prevents network based attacks. The signature on a transaction is applied on an offline machine and then transported manually online to be broadcast to the blockchain.

Exchanges found that only 5–10% of their assets were needed for daily operations. These funds could be kept in an online “hot wallet”, while the rest could be stored offline and accessed only when needed.

This eliminated a lot of the risk due to network attacks. However, using single keys accessible by individual employees left the door open for inside jobs — The MtGox hack is believed to be such a case.

Multisignature (multi-sig) refers to requiring more than one key to authorize a cryptocurrency transaction.

Multi-sig is the use of multiple independent keys to secure a single wallet. It is generally used to divide up responsibility for possession of digital assets, eliminating the single point of attack of a single-key wallet. It also allows one of the keys to be controlled by an automated system that applies business controls, such as velocity limits.

Multi-sig was standardized in Bitcoin in 2012, launched by Greenaddress, BitGo and Electrum in 2013 and gained wide adoption in 2016. Bitstamp and Bitfinex adopted multi-sig for their hot wallets, using BitGo’s technology. Unfortunately, Bitfinex’s hot wallet was hacked in 2016 via a network attack to the tune of $65 million. This demonstrated the importance of offline storage and deep understanding of security aspects such as key management.

Today we have a few major contenders for technology and cryptocurrency custody solutions.

Where We Are Now:

Tamper-resistant wallets, such as Trezor and Ledger. Although these provide a good balance for consumers, they are not suitable for institutional use . Some of the shortcomings include lack of true offline storage (USB is inadequate as an air-gap) and incomplete support for multi-sig wallets. Even Ledger Vault does not offer multi-sig — even though it is supposedly targeted at financial institutions. These wallets also present a tempting target for supply chain attacks due to the specialized hardware involved.

. Some of the shortcomings include lack of true offline storage (USB is inadequate as an air-gap) and incomplete support for multi-sig wallets. Even Ledger Vault does not offer multi-sig — even though it is supposedly targeted at financial institutions. These wallets also due to the specialized hardware involved. Hot multi-sig wallets, such as BitGo and Greenaddress may have a role in securing funds needed for ongoing operations in a lower security setup. However, they don’t seem to support complex multi-sig setups (such as 3-of-5) and they don’t have an offline storage solution, based on their public literature.

Full custody solutions, such as Xapo, Coinbase, LedgerX: These solutions do provide reasonable offline protection. Xapo uses multi-sig. However, it’s not clear if Coinbase or LedgerX support true multi-sig for their solution.

Open source wallets, such as Electrum, provide multi-sig and have offline capabilities but are cumbersome to work with and require significant technical skills. Also, Electrum is only available for Bitcoin.

and require significant technical skills. Also, Electrum is only available for Bitcoin. There are others working on custody services and solutions, and only time will tell if they have attracted the expertise to deliver a secure product.

Transparency into security practices is important. With Base Zero, you know exactly where and how your assets are stored, and why they’re safe

Looking ahead

A complete solution for cryptocurrency custody must have the following features:

Offline storage

Flexible multi-sig support, including single-party and multi-party custody

Fast asset accessibility with real-time transactions, available 24x7

Convenient workflow with minimal overhead

Easy to use hardware with no network or USB connection

An API to interface with other systems

Base Zero is a complete solution

Base Zero is a cryptocurrency security company. We help financial institutions to self-custody cryptocurrency and keep it safe. Our product is a web app combined with a set of handheld signer devices. The devices are custom hardware that we’ve developed — a little bit like a crypto hardware wallet, but more sophisticated.

You use the web app and the devices together to keep your client assets secure. It’s priced as a monthly service. We provide you with the devices, the software-as-a-service, and then we get you up and running at your location. Our engineers come to you and help you set it up with a custom integration for your business.

The chief benefit of the Base Zero product is it allows you totally secure self-custody cold storage of corporate or client crypto assets, while maintaining 24/7 real-time transaction capability.

✔︎ Download Now: Base Zero Security Whitepaper