Cold Storage, Keys & Crypto: How Gemini Keeps Assets Safe

Eric Winer
4 min readFeb 12, 2019

--

Recent events in the cryptocurrency industry have elevated an important conversation about how cryptocurrencies are custodied by individuals or exchanges. People have many choices when it comes to storing their crypto assets, from self-custody options like a hardware or software wallet, to regulated and unregulated exchanges. There are varying opinions around which approach is best, but each comes with its own tradeoffs and level of risk that a consumer should understand and be comfortable taking on.

We believe that for most investors, storing their cryptocurrency on a regulated and secured crypto exchange and qualified custodian, such as Gemini, is the right approach for the many reasons we will discuss below.

Trust has been the foundation of Gemini’s business — our product — since we launched. As a regulated cryptocurrency exchange and qualified custodian, we’ve invested years of effort and millions of dollars in technical and control measures to help prevent undue losses and nefarious activity. As observers of our recent ad campaign know, we have a strong point of view about the importance of regulatory oversight, compliance, and security in the crypto space. We’ve backed up that point of view by demonstrating our protections by completing a SOC 2 Type 1 review conducted by Deloitte & Touche LLP, a Big Four auditor.

As you embark on the crypto journey, it’s important to determine what approach is right for you. Do you prefer storing your dollars under your mattress instead of a bank? If so, then the “digital mattress” equivalent of a hardware or software wallet is right for you. If you prefer to keep your assets in a regulated financial institution, then a regulated financial institution is the best option to store your cryptocurrency. This will require you to identify which organizations to trust, and that starts by understanding the protections and protocols necessary to safely store, secure, or facilitate access to your holdings.

When assessing an organization’s custody services, there are several measures you should consider. For instance, what jurisdiction does the organization operate in? What type of licensing does the company have? Is there regulatory oversight? What is the background of the executive team? What are the company’s core values? Was the company built with a security-first mentality?

Gemini is a safe place to buy, sell, and store cryptocurrency — not because we say it is — but because of the measures we have put place to protect your crypto and the independent third parties that verify them. They are as follows:

Redundancy with keys (and the facilities and devices that store keys).

  • All of our private keys, which are used to sign cryptocurrency transactions, are custodied offsite in the secure, guarded, geographically distributed facilities of our Cold Storage system. These keys exist on hardware security modules (HSMs) that meet or exceed FIPS 140–2 Level 3 U.S. government computer security standards.
  • Multisignature technology (or “Multisig”) provides added security from attacks and increased fault tolerance. We have contingencies in place in the event of a catastrophe or if all of our facilities and equipment in an entire region were to become inaccessible or destroyed.

Digital asset insurance and capital reserves.

  • A small portion of crypto are held in Gemini’s online “Hot Wallet” environment, with key management via dedicated FIPS 140–2 Level 2 HSMs provided through the AWS Cloud. We maintain insurance (from a combination of underwriters) in an aggregate amount that is greater than the value of our customer’s crypto assets held in our Hot Wallet.
  • We also maintain capital reserves, which are required of us as a New York trust company and fiduciary under the New York Banking Law. All customer U.S. dollar fiat funds held in omnibus accounts are held at FDIC-insured banks in the United States, and these funds are segregated and legally distinct from our business and operating accounts. Capital reserve requirements help ensure that Gemini has sufficient capital to continue operations and support our customers.

Extensive internal controls.

  • Multiple signatories are required to transfer funds out of Cold Storage. Our CEO (Tyler Winklevoss) and President (Cameron Winklevoss) are unable to individually or jointly transfer customer funds into or out of our Hot Wallet or Cold Storage system.

Customers seeking additional protections have even more options. For large crypto holders, we offer custody services with segregated addresses. And for any Gemini account, whitelisting can be enabled to prevent assets from being sent to unknown addresses.

We designed all of these measures from our firm belief that using a regulated, trusted, qualified custodian is the best option for storing cryptocurrency holdings of any size. Because we serve both individuals and institutions, we can offer bank-level protections to hobbyist traders and professional users alike. As discussed above, using a hardware wallet, software wallet, or unregulated exchange is the digital equivalent of keeping cash under your mattress: It’s an option — and perhaps a useful one for small amounts (just like having $20 in your back pocket is) — but it gets riskier as your holdings grow.

Gemini’s team recognizes that cryptocurrencies emerged from a combination of technological innovation and distrust of traditional, centralized institutions. But regulated, licensed financial institutions still have an important place in the world of cryptocurrencies, alongside new decentralized alternatives.

True interoperability between the worlds of fiat currencies and cryptocurrency is crucial to keeping customers safe. As your bridge to the future of money, Gemini is advancing a future of crypto without chaos — one without catastrophic, unnecessary losses that harm consumers and stunt industry progress. We continually revisit the protections and protocols we use to store, secure, and facilitate access to your crypto holdings — and we hope all of our peers in the crypto space will do the same.

Onward and Upward,

Eric Winer, VP of Engineering

--

--