How We Secure Digital Assets
Building products that provide safe and easy access to digital assets requires an uncompromising commitment to security. Digital assets like bitcoin can be easily moved around the world, which introduces unique security challenges. We’d like to share how we think about security and what we’re doing to safeguard your funds.
In order to keep funds safe we assess security from two primary perspectives:
- The security of the blockchain that processes and confirms transactions
- The security of the digital asset that moves value on the blockchain
Blockchain Security
Before supporting a new digital asset, we start by evaluating the underlying blockchain. We consider the maturity of the network, the experience of the development team, and the enabling cryptography. Some blockchains also introduce novel ideas like Ethereum’s Virtual Machine (EVM) that require special consideration.
As we develop our understanding of a new blockchain, we also prepare for specific threats like transaction replacement, 51% attacks, network partitioning, and (as we recently learned) replay attacks after a hard fork.
Digital Asset Security
Once we understand the underlying blockchain, we focus on securing the digital asset. Security is not just a feature, process, or team. It is a core part of our company and influences every decision we make. One of our engineers recently made a similar observation:
Our security program starts with an in-house team of experts. This team helps architect new services, operate through secure workflows, and identify anomalies when they occur. Behind these online services (whose funds are also insured), this team provides a cold storage solution that stores over 98% of digital assets completely offline to protect your funds.
While the backbone of our security program relies on an in-house team of experts, we verify this program using independent third parties. These include independent security audits, a white hat security program, and annual penetration tests.
Looking Ahead
To continue our mission of building an open financial system for the world, we need to do more than just secure our services. The rate of digital asset innovation is increasing and we’re committed to raising the bar. We have an ambitious security roadmap and a growing security team so we can continue securely shipping new products and responsibly supporting new assets.
To learn more about our security program, please join our security team for an AMA on Reddit Tuesday August 9, 2016.
