Crypto security company Curv has obtained up to $50 million of insurance coverage for its institutional customers from reinsurance giant Munich Re.
“Curv will have the financial capability to pay for losses of crypto assets,” the partners said in a press release Tuesday.
The startup claims that “digital assets cannot be stolen from Curv’s Wallet Service with a single cyber breach or even through insider collusion.” Even so, the insurance policy is available as a further line of defense.
Specifically, Munich RE is insuring Curv against the risks of “an external cyber breach or malicious behavior by Curv or one of its employees,” Curv said. Customers using the wallet can opt-in for the insurance by paying an additional cost based on the amount of assets they store with Curv.
Munich Re audited Curv’s technology and found “their approach enables us to underwrite a policy that covers customer-controlled wallets in Internet-connected settings,” said Ali Kumcu, Munich Re’s head of cyber innovation and services.
That approach dispenses with the usual mix of so-called hot wallets, which are connected to the internet, and cold storage, in which cryptographic private keys are kept on a piece of paper or an offline device and locked away in a safe or even an electromagnetic field-proof cage.
Instead, “the product applies multi-party-computations to the private key signing mechanism, eliminating the private keys altogether,” explained Curv CEO Itay Malinger. “This brings a distributed security model to the signature mechanism.”
The company raised $6.5 million in February 2019 from Team8 and Digital Currency Group.
With its security system, “Curv can enforce a corporate [access] policy from the cloud and completely out of band, so that an attacker or an insider within Curv or within its customers are unable to sign transactions because they simply don’t have enough cryptographic material,” said Malinger, concluding:
“This is also what makes the service insurable.”