How we secure your assets
We use a tried and trusted technology called Multi-party computational (MPC). MPC splits a private key into “key shares” that can be distributed across multiple physical devices, so a hacker cannot obtain the entire key by compromising a single device.
Why is MPC becoming the standard for digital asset security?
To utilize your digital assets, you need a public key and a private key; your ability to safely hold and transfer the asset itself is only guaranteed as long as the private key is safe. Once that key is in someone else’s hands, they can transfer the assets to their own wallet. Therefore, preventing the theft of private keys is crucial to maintaining digital asset security.
Historically, there have been a few primary options for securely storing private keys. These options tend to fall into either hot, cold, or hardware based storage.
- Cold Storage — Private key is held offline
- Hot Storage — Private key is held online
- Hardware Wallet — Private key is held offline on a physical device
While these tools were at one point the only options for digital asset storage, certain operational and security inefficiencies in each have led to the rise of new solutions, such as multi-party computation. Importantly, MPC is strong for not only digital asset storage, but digital asset transfers, as well — and as the digital asset market has developed and grown, so has the need for a security tool that enables fast transfers and advanced business strategies.
Cold Storage
One way to reduce the exposure to digital asset loss is by storing funds in cold storage.
Cold storage enables a user to sign a transaction with their private keys in an offline environment. Any transaction initiated online is temporarily transferred to an offline wallet kept on a device such as an offline computer, where it is then digitally signed before it is transmitted to the online network. Because the private key does not come into contact with a server connected online during the signing process, even if an online hacker comes across the transaction, they would not be able to access the private key used for it.
However, there are several issues with cold storage:
- For a contemporary digital asset business that’s actually trading assets with any frequency, it is too slow to trade from — often taking between 24 to 48 hours to make a transfer
- It does not protect against deposit address spoofing or credential theft
Hardware Wallet
Another method of securely storing private keys is the hardware wallet. Hardware wallets are external devices where you store your private keys, such as a USB stick. Hardware wallets are resilient to malware, and if you happen to lose the wallet you’ll be able to recover the funds using a seed phrase. On the other hand, if you lose the seed phrase, there is no other way of recovering your bitcoin.
Like cold storage solutions, hardware wallet solutions lack the speed that today’s digital asset businesses require.
Hot Wallets
Alternatively, storing funds in a hot wallet is cumbersome due to error-prone copy-pasting of addresses, ever-changing whitelists, and constant 2FA rituals.
Some hot wallets utilize multisignature, or multisig, technology to divide private keys into multiple shares. Unfortunately, multi-sig is not protocol-agnostic (meaning it’s not compatible with all blockchains), and lacks the operational flexibility to support growing teams.
As a result, the best solution is one that offers both operational and institutional security requirements to store the private key safely while at the same time not hindering operational efficiency.
With MPC, the corresponding private key shares are created and encrypted in isolated Secure Hardware Enclaves across multiple cloud centers. To sign transactions, the key shares are used to perform multiple rounds of computation all without ever being brought into the same environment. Because of this, MPC eliminates the single point of compromise of private key creation and signing.
MPC splits a private key into “key shares” that can be distributed across multiple physical devices, so a hacker cannot obtain the entire key by compromising a single device. Offering security and full client fund segregation mean it’s as safe as cold storage, with the flexibility of hot wallets.
