When it comes to secure custody solutions for cryptocurrency and digital assets, the golden era of hardware is on its way out.
On the surface, HSMs remain popular for institutional cryptographic key custody, blockchain or not – and cold wallets reign supreme in crypto-enthusiast culture on Twitter and Google alike.
But, prepare yourselves – hardware’s downfall is coming. Recent hardware wallet hacks, the movement of cryptography from hardware-defined to software-defined, and the overall trend of digital transformation are the first signs. (For more on this in-depth, check out our article here on HSMs, Multi-sig, and MPC).
We’ve explored this phenomenon in-depth for exchanges; you can find more information on that here. Custodial solutions face different issues; for that – read on.
Custodial Solutions: High Security, High Compartmentalization
Institutional custody of digital assets (cryptocurrency and security tokens) is a different business than exchanges. Exchanges need liquidity to provide a variety of services at top speed; Custodial services’ raison d’etre is to keep assets stored safely – and as such, institutional and/or individual clients typically keep larger sums in their custodial accounts than they would in an exchange. With this in mind, security becomes prioritized over liquidity as a business model.
In practical terms, this means the following:
- The custodial client will prioritize a secure custody solution over an accessible one – and hardware’s primacy in the public consciousness re: secure asset protection impacts consumers during the decision-making process.
- The custodial institution sets up their co-wallet strategy and overall security infrastructure on a completely different paradigm than exchanges.
- In exchanges’ case, assets of one particular kind are usually aggregated into one cold wallet (wallet by token), and small amounts are transferred to users’ hot wallets on-demand for transactions and transfers.
- Custodians may keep one hot and cold wallet per customer to further ensure asset security, even at the compromise of access and liquidity. In this case, wallets are by customer and will hold multiple assets. An alternative strategy of a custodian would be to maintain an internal ledger for the order management layer and cold wallets per asset or per a group of customers.
Revisiting Cold Wallets
Cold wallets have stayed cool in the security world due to the reputation of hardware-based methods as a reliable cryptographic key management solution for enterprises and for cryptographic keys of all kinds – blockchain or non-blockchain. When hardware is offline, the logic goes, it’s harder to access – not just by hackers online, but physically by any malicious actors on the ground.
Hardware’s downsides are catching up to it, however – particularly in the age of digital transformation. Among them:
- Hardware, on its own, only protects against malicious key access, not malicious key usage. In practice, hardware solutions don’t protect against attacks from rogue insiders – an increasing problem in the exchange world, and one recently brought to light by the QuadrigaCX scandal. A workaround is possible by putting multi-sig on top of a hardware solution; multi-sig has limitations, however, as we noted here. The main one: low quorum availability and high overall TCO.
- The co-wallet strategy still leaves keys vulnerable during the “transfer” stage – once coins are moved from “cold storage” to “hot storage” for completing the transaction. This is a general problem with the co-wallet strategy, not just for custodial solutions; any connection to a network leaves the keys at risk in a “hot” wallet, even if they exist in the hot wallet for a short period of time. With the immutability principle of blockchain, there’s no do-overs for cryptocurrency transfers; a few seconds is all it takes to steal the assets, leaving a gaping hole in the “hardware is safer” argument. With cold wallets or co-wallets, the assets are only as safe as the protection measures taken to secure them once it’s connected to the network. Safe transfer – not safe storage alone – is the key to safe cryptocurrency transactions.
- Hardware vulnerabilities are notoriously difficult to fix – and they’re only getting more prolific. From Spectre/Meltdown to Foreshadow to Intel’s recent SGX vulnerability, hardware exploits are only getting more common – and can take months, if not years, to resolve. Often, a hardware patch involves replacing physical components. For a digital asset service, a hardware vulnerability could be the kiss of death to a business.
Custodial solutions prioritize customers’ trust, even at the expense of velocity. A careful buying public, the focus on individualized accounts and asset management as a modus operandi for custodians, and the greater need to fulfill compliance regulations all point to one solution for the custodial digital asset manager: a distributed trust platform.
MPC: Trust Enabled by Security – Throughout the Transaction Lifecycle
We can’t stress any more that MPC provides the security custodians need with the flexibility of software.
MPC is a mathematically based system of software-defined cryptography in which cryptocurrency keys exist as multiple key shares, distributed among multiple servers and endpoints to create a decentralized authorization method. Only if a certain threshold of participants approve the use of their key share, the key can be used. Importantly, a key never exists as a whole in one place, even while in use – thus keys can be protected by ensuring key shares remain separate, without requiring hardware-based physical security.
Unbound’s Crypto Asset Security Platform (CASP) provides all of the benefits of MPC, with the flexibility and agility needed for an ultra-secure custodial solution.
From a security perspective, CASP is the only solution on the market as of this writing which has received official FIPS 140-2 Levels 1 & 2 certification. (More on that here.) CASP’s m-of-n approval structures are infinitely scalable – and it’s the only solution which verifies quorum transactions on the cryptographic level.
As a software-only security solution, your cryptographic keys can be accessed at any time, from anywhere – desktop, server, or mobile. It’s a full locus of control for custodial solutions keeping up with the volatile digital asset market.
Example Custodial Quorum Setup
A large quorum can be set up to ensure that each transaction not only meets compliance and regulation requirements, but also passes through approval from multiple customers and trustees of the account.
Consider the example below: Each transaction must be carried out only after 9 approvals from 4 groups: 1 out of 2 trustees, 2 of 3 customers, 2 of 4 custody managers – and all 4 custodial approvers required to check the transaction for compliance and regulation breaches:
Additional safeguards can include implementing a series of risk-based policies which would enlarge or reduce the quorum based on the USD value of the digital assets at the time of the transaction. CASP remains the only solution on the market which cryptographically verifies the quorum size based on risk level.
This solution not only ensures the custodial service maintains full control over the assets, but the customer becomes a key player in transaction approval. It’s a win-win for both custodian and client.