The stakes must have seemed high already in 2013, when the largest bitcoin wallets safeguarded by blockchain security provider BitGo held about $10 million-worth of the cryptocurrency.

Later on, in 2015 they crept up to around $100 million. And what had perhaps been unthinkable in the years previous, by 2017 the largest crypto wallets in BitGo’s charge reached close to $1 billion.

Looking ahead to the next milestone, BitGo CEO Mike Belshe will give a talk next month at Stanford University entitled “Securing the Trillion Dollar Wallet.” In a world of tokenized everything – not to mention hedge funds and other institutions redefining the meaning of a whale crypto investor – this no longer seems far-fetched.

“Now we are really thinking, what’s it going to take to secure a trillion dollars?” Belshe told CoinDesk. “It may be a little far away, but we have to start thinking about it now; we have to start designing it now in order to get there.”

Designing a system like this involves a complex blend of hardware and software, policies and procedures, not to mention meeting externally audited regulatory requirements (BitGo recently received approval in the U.S.to act as a qualified custodian for digital assets on behalf of institutional investors).

However, as one security consultant told Belshe’s team, building a secure vault for such a large sum of money basically comes down to two things: kids and fingers.

It’s one thing to keep the cryptographic private key controlling a bitcoin wallet in cold storage, i.e. on a piece of paper or a hardware device disconnected from the internet and locked in a safe. But if a bad guy comes into your office and is ready to cut off your finger or put a gun to your child’s head, what are you going to do? Obviously, quick and ready access to those assets means the security will be cracked.

The trick is to marry technology with process and controls such that it’s difficult to get the money out – or at least so that moving the vast majority of the assets involves lots of independent, separate people whose key signatures are all required, said Belshe.

He added:

“Some of the technology guys out there are saying, ‘hey we can get you out of cold storage in 10 minutes.’ I’m sorry, but if you can get a billion dollars out of cold storage in 10 minutes, that means there’s somebody’s finger that you can threaten.”

Big money

Stepping back, becoming a qualified custodian has taken Belshe years and has seen BitGo come close to acquiring qualified custodian Kingdom Trust, before going it alone to establish BitGo Trust.

With the addition of a regulated trust function, BitGo, which currently handles around $15 billion in monthly crypto transactions, is arguably pulling ahead in the race to secure digital assets for the institutional set. Competitors in this space include the hardware maker Ledger, the traditional U.S. custodial bank Northern Trust, and blockchain startup itBit.

But Belshe views the inevitable evolution towards digital assets as a rising tide that will benefit everyone in the industry. He also admitted clients are really looking for custodians with big balance sheets, something which BitGo does not have today.

“I would love if the big players came in and put their balance sheet behind the security of their custodianship of digital assets. It would be amazing for all of us,” he said.

Since the 2008 crash, the onus has been on diversifying custody arrangements, something the U.S. Securities and Exchange Commission (SEC) has encouraged. These days, hedge funds will often be using 15 to 20 custodians with perhaps only 5% in each to limit their exposure, noted Belshe.

He said BitGo has been in talks with many hedge funds and found there are “literally dozens” that can’t wait to use its trust service.

In the detail, achieving parity with established qualified custody providers involves gaining third-party certification of policies and procedures, or SOCs (system and organization controls). BitGo has now attained SOC I and II certifications, with the auditing of those carried out by Deloitte.

It’s a length which few, if any, other crypto companies have gone to, said Belshe, and it encompasses a wide range of eventualities.

“You can have the most secure software in the world and the most secure hardware. But inside your company what’s the policy for keeping things safe? What happens if your data center goes down?” he said. “We have policy, procedures and plans for all this, that have been tested and are in place.”

Insurance claims

Following BitGo’s qualified custodian announcement, the startup’s next big step is a crypto insurance product to be released within a couple of months. Such insurance typically covers investors for risks such as theft.

BitGo wouldn’t write the policies, but rather white-label the product with an established insurer. Belshe wants to do this right and has amassed a deep knowledge of the subject along the way. The experience has left him circumspect whenever he hears about crypto insurance being offered in the market.

“The insurance claims out there are wide and wild and often not really of value,” Belshe said (meaning “claims” as in representations about insurance, not requests for payment from an insurer). “Anybody that’s looking at insurance, or a provider that claims to be insured, ask them to really show you what the [coverage] limits are.”

This can take some digging. As hard as it is to differentiate BitGo’s cold storage from somebody else’s cold storage solution, it’s equally hard to differentiate one claim of full insurance from another, said Belshe. Oftentimes, you’re dealing with small policies of $10 million or less that may not even cover theft.

Typically the questions that need answering are: Who is the underwriter? What cases are covered? What about insider theft? What about executive insider theft? What are the caps, what are the deductibles? Can you cover your deductibles?

Belshe acknowledged that underwriters are there to provide a service and don’t want to be used as marketing, but in the end, full transparency has to be made available for customers.

Someone offering a great insurance program would find a way to get “solid green lights” from anyone who wanted to review it, even if they had to do that under a non-disclosure agreement (NDA), said Belshe, concluding,

“If they are not willing to talk to you about it, it’s a red flag. I guarantee you, if it’s in secret, there’s a reason it’s in secret.”

Correction: the original version of this story stated that firms were waiting for the end of a 30-day review period to use the qualified custodian service. That review period had ended.

BitGo at Consensus image from CoinDesk archives