Crypto Security for Institutions
With our listing on BitGo and the recent entry of Coinbase Custody into the institutional crypto arena, we wanted to discuss the topic of institutional crypto security and how it has developed over time.
Security is a major concern when it comes to cryptocurrencies and a large reason why institutions with hundreds of millions or even billions of dollars under management, have been slow to join the crypto movement. According to Coinbase, there are around $10 billion waiting to enter the crypto markets once appropriate custody services are established.
Keeping your crypto safe has proven to be a tricky business over the years. Chainalysis, a well respected blockchain research company with clients ranging from financial institutions to governments, reported that approximately 4 million bitcoins have been lost forever.
This includes both early adopters as well as some strategic investors. In percentage terms this means that of the current supply of 17 million, around 23% have been lost due to poor custodianship of the owners.
Another security concern is theft via exchange hacks or computer malware/phishing scams, which have been and continue to be, a constant feature of the cryptocurrency ecosystem.
While there are a number of options available to retail investors such as software wallets, hardware wallets, paper wallets and the least secure, but often the most used option, on-line exchange accounts, these will not suffice for large institutions such as banks, pension funds, hedge funds, exchanges and ICOs for example.
The competition heats up
While BitGo and Coinbase are fairly recent entrants into the institutional crypto custody space, a traditional custodian service company called Kingdom Trust was one of the first. A notable difference between Coinbase and BitGo is that the former is also an exchange and whereas the latter is a fully independent crypto custody provider, which they consider to be a significant advantage. According to BitGo:
“Just like with every other asset class, digital currency needs custodianship. Custodians make institutional investing possible by providing a level of checks and balances to keep money safe. This requires a strong separation of duties between exchanging the asset and holding the asset.”
As the crypto ecosystem develops and matures, so does the institutions’ appetite for investing in it and with it the number of companies preparing to service them. But the challenge of securing cryptocurrencies at scale is not an easy one.
Custody requirements from companies can be very different, depending on their business models, but at a minimum any institutional custodian has to ensure full legal and regulatory compliance.
In Coinbase’s case this meant partnering with an SEC-compliant and FINRA-member broker-dealer, Electronic Transaction Clearing (ETC), whereas BitGo initially wanted to acquire Kindgom Trust, but decided against it, as they believe being crypto focused from the ground up is the correct way forward.
In the future Coinbase are planning to acquire their own banking license and to become an SEC-regulated broker-dealer via a recent acquisition of a financial services firm.
On the technical side of things, Coinbase have announced the following measures:
- On-chain segregation of crypto assets
- Split, offline private keys that require a quorum of geographically distributed agents to use cryptographic hardware to sign transactions
- Multiple layers of security
- Robust cold storage auditing and reporting
What about us
At Rialto we are well aware of the challenges facing large crypto companies and are implementing the highest security standards available to secure our customers’ funds including:
- Exchange security audit
- IP whitelisting
- Two-factor authentication
- Locked withdrawal addresses
- VPN only access
- Multi-signature cold storage
- Redundantly secured recovery phrases
Our biggest security exposure are funds kept on exchanges. In order to mitigate the risk, we conduct full due diligence on all our supported exchanges and always enable all available security measures such as two-factor authentication, locked withdrawal addresses and IP whitelisting.
Funds that are not actively traded are kept in cold storage secured with multi-signature technology and redundantly secured recovery phrases. With the launch of our new platform in Q4 of this year, we will begin targeting institutional investors and will upgrade our security measures to include institutional grade custody providers such as BitGo.
While no security measures can ever be 100% fail safe, we can assure you that our approach follows the latest best practices. An often overlooked fact is that many times it’s not the technology that fails, but rather the people operating it. A report published by the London-based consultancy Willis Towers Watson, found that 90% of all cyber-security breaches happened as a result of some type of human error or behavior.
This statistic is supported by the fact that some of the biggest crypto exchange hacks happened as the result of poor security practices, such as keeping funds in hot wallets, rather than fundamental flaws in the technology itself. The takeaway lesson is that good security requires not only good technology but first and foremost correct security policies and procedures.
To stay in touch with us please follow us on our social media channels.