- How is wealth stored and what’s crypto custody?
- What are the uses of the main types of crypto storage: custodian, non-custodial, or self-custody?
- How is security handled by the largest crypto custodians?
- What are the challenges when securing your cryptocurrencies?
The last 60 years have seen an ever-increasing reliance on trust and belief in digital systems for wealth storage over physical assets, such as gold or cash.
Even with the rapid evolution of the methodology of economics, some things stay the same, primarily the desire for effective security and safeguarding of whatever assets of value we are dealing with.
How then does this work in the case of the newest forefront of wealth, cryptocurrencies?
Vaults
For physical goods, vaults are the archetypal storage method, steel walls, and a door locked behind a combination. The digital equivalent of these drops the steel walls but retains the crucial aspect of the combination.
Generally, for crypto assets, this location is called a ‘digital wallet’ or wallet for short. This is simply a storage medium that contains the keys that give access to the funds.
A good solution, however, shouldn’t rely on just a single line of defense. As the race to stay ahead in the security business continues, it has become more and more a combination of the digital and the physical that has provided the safekeeping of crypto assets.
Before looking into these methods let’s quickly define some terms in their crypto context: non-custodial, custodial, single-sig, and multi-sig.
Methods of Storage
Just as there are multiple means of storing physical assets: safes, bank vaults, mattresses, buried under the sand in the Caribbean, etc. There exists multiple methods of storing crypto wealth.
The primary and perhaps most important choice is custodial or non-custodial, in short, will you keep your assets safe yourself (similar to having a safe in your own house), or trust a third party to hold them for you (using a bank’s safety deposit box).
This comes with similar pros and cons as physical examples. Going non-custodial the security of the assets goes as far as you desire but does require a high level of diligence.
Custodial conversely, is like allowing the bank to store your assets, convenient as you can forget the ‘how’, but this, of course, requires trust that they won’t lose your assets, a prime recent example of this is the downfall of FTX and the difficulty in their users extracting their assets.
Getting more into the digital world there are two primary methods of accessing these vaults/ safes. Single-signature and Multi-signature (multi-sig). The comparison here is quite simple to wrap our head around as well for both custodial and non-custodial cases.
Single-signature simply means one (digital) key to access the vault/ safe, whilst multi-sig requires (funnily enough) multiple keys.
The positives and negatives of these key methods are the same as they would be in the physical world. Lose that one key? Well, that’s that single-sign door locked away, whilst multi-signature redundancy is built in.
Conversely, multi-sig may take the control away from you as a member of the group owning the assets, what if you don’t want to do anything but the other two key hodlers do? It’s going to be hard to stop them.
Perhaps, now you can see how tricky storage actually is, even just in the case of your own personal assets. What about when scaling up to a centralized exchange, where every day billions of dollars worth of crypto assets are entrusted? They sometimes get a little more inventive.
How do Crypto Custodians Work?
It is hard to say exactly how custodians secure their systems. Another valid layer of protection is simply obfuscation, not letting the outside world know what you are doing, to stop attackers from preparing attacks tailored to the method.
What we know for sure that is common is ‘cold storage’. This just means a wallet (and its internal private key) won’t be exposed to the internet. A cold wallet should rarely be touched and may exclusively be used for deposits the majority of the time.
However, we can get a few clues on how a couple of the largest custodians generate keys and store their cold wallets.
For example, Xapo, an established custodian, provided inklings online that at least one of their wallets is buried deep underground in a military, nuke-resistant bunker within the Swiss Alps.
Underground locations seem to be a good hiding place for private keys that many other custodians are copying, separating valuable assets not just from the internet, but completely cut off from the outside world.
Rituals of Secrecy
On the other side of the world in the US, Coinbase, the largest crypto player has shared that they use electromagnetic signal-blocking tents to secure their cryptocurrency wallet generation.
Through this almost esoteric ritual, the principles of electromagnetism are taken advantage of to prevent outside snooping on the contents of these tents.
Alongside the tin foil tents, Coinbase controls the power to the key-generating devices inside the tents. These unique power supplies are designed to hide signals from the power usage that could leak fluctuation patterns that may reveal what’s occurred during the key generation procedure inside the silver tent.
This key generation ritual inside the tent is called a key ceremony and is where Coinbase’s private keys are forged. The ceremony is an offline-only event and done in person with a reverent group in a soundproof location with zero phones and cameras.
Similar key management procedures are also used when guarding our beloved Internet infrastructure, where a dozen or so individuals hold the keys to the whole wide web.
This (perhaps justified) atmosphere of paranoia is designed to ensure that leaks of the secret key are, without a shadow of a doubt, impossible. When billions are on the line it is worthwhile to take every precaution possible.
Despite how the key ceremonies are carried out, what all custody providers do in common is that they hold multiple copies of the secret key on a range of physical mediums such as USB sticks and hard drives, metal engraving, open white labeled software such as HollaEx or good old-fashioned ink on paper. These are then spread across the globe, some (somewhat ironically) being stored in traditional bank safety deposit boxes or some sent deep underground, just as was done with the gold bullion of old. Suffice it to say, for the most advanced digital money in the world, on the cutting edge of technology, it can seem like a starkly contrasting mix of archaic procedures to safely generate and store digital keys. Truth be told, crypto custody is the ancient art of physical security blended with digital cryptography. Bit of old, bit of new.