Do We Store Your Crypto Assets Securely?

Max Sapelov, CoinLoan Co-founder and CTO explains assets and platform security

CoinLoan
CoinLoan
May 31 · 9 min read
  • Respond to a frequently-asked question regarding third-party custodian services;
  • And discuss our ten-level approach on platform security.

CoinLoan’s Assets Security Framework

“If the system can process crypto-withdrawals automatically, then it’s vulnerable to hacks — without exception.”

Due to this principle, we are not storing any private keys on network-connected devices, and that is why we are processing all the withdrawals manually. However, manual processing means that small processing delays may occur. While this may be confusing, please note that we are not a wallet service, and your security is our top priority.

CoinLoan’s Assets Security Principles:

  • All cryptoassets are stored in offline, cold, multi-signature wallets.
  • Transaction signing only happens offline on separate devices that have never been connected to the network, and this process involves several people.
  • The multi-signature process involves several keys (N) with a required quorum of any (M) keys. For example, you need 3 out of 5 keys or 5 out of 8 keys to conduct a transaction. Thus, it’s not possible to sign the transaction using a single individual. Also, this system ensures that, if you lose one of the multi-sig keys, you will never lose control over your assets completely.
  • We store encrypted parts of the keys in a geographically-distributed manner in the banks’ safe deposit boxes to prevent potential loss of the keys due to natural disasters, including floods, earthquakes, fires, etc.

Our Most Frequently-Asked Question

Why not store each loan’s collateral in a multi-sig wallet that requires 2 out of 3 keys — with the first from a borrower, the second from a lender, and the third from the platform?


Our Perspective on Outsourced Custodial Services

However, we should be clear what we mean when we use the term, “custodian:”

What does custodian mean in terms of BitGo, for instance? In this case, the term includes only managing and holding the private keys for cold wallets. They’re providing a wallet service and not regulating the deals on a platform. Thus, BitGo is NOT responsible for deals on a platform.

One more topic we would like to clarify is BitGo’s insurance:

What does it mean for end-users of the exchanges and lending platforms? Despite the “ambiguous language” in public statements, it ensures users from internal theft, fraud, and technical problems that result in the loss of the customer’s assets.

BitGo insurance provides NO protection in the following cases:

1. Human Factors
A financial officer of a client platform may send the funds to the wrong wallet using BitGo’s system.

Our Frequently-Asked Questions

Why not use an SEC-approved, certified, and insured custodian, like BitGo, when storing assets?


The Ten Security Layers of CoinLoan’s Platform

This video shows how external custodians could create a false sense of security while security holes remain present.

CoinLoan

CoinLoan is a P2P lending platform for cryptoassets backed loans.

CoinLoan

Written by

CoinLoan

CoinLoan is a P2P lending platform for cryptoassets backed loans. [coinloan.io]

CoinLoan

CoinLoan

CoinLoan is a P2P lending platform for cryptoassets backed loans.