When you store your bitcoins on an exchange, a gambling site, or in an investment site, you're placing a lot of trust in the company.
Personal wallet security with a relatively small amount of coins is one thing, but these sites store many more bitcoins than the average user, and are therefore prime targets for attack. So how do they protect your money?
Some, like the gambling site Seals With Clubs, use their own proprietary wallet technology, while others work with third-party services.
There are a variety of techniques and tools that companies can use to try and keep customers' cherished coins safe.
Cold storage is an obvious candidate, and this is what wallet provider and merchant payment gateway Coinbase does.
The company, which claims to store more bitcoin than anyone in the world, holds 97% of it offline, on a combination of USB keys and paper backups. The private keys on the USB drives are encrypted and stored in safe deposit boxes around the world.
Exchanges, too, rely on cold storage for their security. "All of the funds held on Coinsetter are currently in cold storage," said the New York-based exchange's founder, Jaron Lukasiewicz. "We have multiple tiers of cold storage, depending on a number of factors."
A firm can manage its own cold storage, or it can get someone else to do it. Coinsetter stores around 50% of its funds in Xapo's bitcoin vault.
Xapo charges around 0.12% of the amount stored to look after enterprise bitcoins in its bitcoin vault, which consists of offline servers held in three locations in Asia, South America and the US.
The geographic distribution isn't just for physical site redundancy. It focuses on governments as an attack vector too. If the authorities in one jurisdiction try to seize bitcoins in a vault, then there would be two other locations still with their bitcoins intact.
Insuring against loss
Now, some cold storage services are complementing the technical advances in enterprise bitcoin storage with a financial one: cyber-insurance.
"We were the first bitcoin company to obtain a cyber-crime insurance policy," said Coinbase co-founder and CEO Brian Armstrong. "This covers the bitcoin we store live on servers, and covers things like hacking, internal theft and accidental loss due to software bugs."
Xapo's vault is insured by Meridian Insurance.
Another wallet supporting cold storage is Armory, an enterprise-class storage wallet developed by Alan Reiner.
John Velissarios, who recently joined Armory as chief information security officer (CISO), explained that the wallet has a special cold storage version designed not to connect to the blockchain, meaning that it doesn't publish transactions.
"You can have a cold storage machine where it's completely disconnected, with no connectivity to the outside world. You use that to release funds from your wallet," he said.
To take advantage of cold storage, enterprise users can prepare their bitcoin transaction on an Internet-connected computer, and then copy it to a USB drive and transfer the transaction to the offline cold storage computer, where they are signed.
"You then copy it back onto the online computer and publish it," Velissarios continued.
Hardware security modules
Not everyone is enamoured by cold storage, however. Getting the funds out of that storage into a hot wallet can be time consuming, point out the method's critics.
"People in a business need controlled access to funds," said Rodolfo Novak, co-founder of CoinKite. "Every time you do cold storage you are mandatorily adding a human to the mix, so there is capacity for human error."
In February, CoinKite launched a service storing private keys securely in hardware security modules (HSMs), which are not directly connected to the Internet, but instead function through a proxy that makes requests to the system. This provides what Novak calls 'warm' storage – securely-held keys that are accessible via an API.
"The HSM is walled out of the standard Internet and it doesn't ever expose its keys. So you can't really practically get hacked," he said.
The HSM, which CoinKite built itself, has no web server. All it can do is support API requests from CoinKite's own web server. The module has to electronically sign that server before it starts up, which according to CoinKite co-founder Peter Gray means that there can be no malicious processes running on the server.
Users access the system using their CoinKite login credentials, which the company encrypts using a hashing algorithm, and can further protect themselves from being compromised using two factor authentication (2FA), via Google Authenticator, SMS, or even paper-based authentication.
When the user is authenticated, they can then access their cold storage via an API, which can be set to follow certain constraints, such as only allowing access from certain IP addresses, or limiting withdrawals to a set amount over a specified time period.
Multi-signature ('multisig') storage is one of the biggest developments in enterprise bitcoin security to date.
BitGo, which CEO and co-founder Will O'Brien says focuses on solutions for enterprises and institutions, eschews cold storage altogether in favour of multisig.
"Single-key cold storage is a dangerous, outdated practice. As an industry we need to end the cold storage ice age and adopt multisig, where you can make any number of keys 'cold' and have much stronger protections."
Standardised a couple of years ago as part of BIP 16 (it was previously a non-standard feature in the protocol), multisig enables a sender to require more than one signature to confirm a transaction in what is known as 'm of n' signing.
In an m of n multisig transaction, there are a total of n available private keys to sign a transaction, and the wallet can be set up to require m of those keys to sign the transaction for the transaction to be executed.
The idea is to stop a single person from being able to compromise a wallet, by requiring another known party to co-sign that transaction.
BitGo, which claimed to be the first provider of multisig wallet functionality, features '2 of 3' signature confirmation, meaning that two private keys must be used to sign a transaction from a total of three available.
One of the signers in the scenario is the private local wallet, and one of them is the bitcoin private key. The third key is a backup key held on the Bitgo server.
Armory also announced fully decentralised mutisig capability in July. The firm offers multisig combinations up to m of 7, via independently-managed Armory wallets, without the use of a centralised site.
"Banks typically have 2 of 3, or 3 of 6, but they generally won't go past 7," said Velissarios, formerly a senior principal in Accenture's security consulting arm, with similar experience at PricewaterhouseCoopers. "That's why the enterprise space is very well suited for doing that kind of segregation of duties and providing those capabilities."
Decentralised private key storage
Dencentralised offline multisig key storage is a significant advantage for some, including the CEO of one VC-backed bitcoin enterprise that has raised several million dollars.
"I can make m of n structures, where all n of the private keys are created offline," said the CEO, who asked not to be named. "Then, how I treat those is up to me. I could put one of them online, but the point is that the choice is mine."
The CEO said:
"There are also situations in which, for very small amounts of coin, I have a small hot wallet, where I keep $50 [in bitcoins]. That has its place."
For those enterprises that do want more ms for their ns, on 18th November, CoinKite introduced multisig for its hardware security module. The system offers m-of-15 transactions, and like Armory, doesn't require any of the keys to be stored on a central server, although it does offer five different options.
In the simplest storage option, CoinKite stores all keys centrally. Passphrase storage keeps the keys in the HSM, but encrypts them using the user's unique password.
The third option, 'invite others', enables users to invite other CoinKite users to be cosignees, who can then choose which option they want to store their key.
The fourth option, offline, uses an open-source tool created by CoinKite, which runs in the browser and generates multisig keys.
Finally, a fifth option lets users import keys from other wallets.
What's next for enterprise bitcoin security?
Wallet companies are specifically tailoring their solutions to enterprises. BitGo has an enterprise service with features like spending limits, alerts, and round-the-clock wallet monitoring. Over at Armory, Velissarios heads up the consulting services division.
What would really help bitcoin enterprises, though, is a standard for auditing security, that goes beyond classic datacentre security and PCI security standards, to reflect the unique nature of bitcoin storage and usage.
Nothing like this exists yet. Will an existing security standards body, or an independent institution in the bitcoin world, step up?
Bitcoin vault image via Shutterstock.