Is self-custody really the answer?

Security

August 31, 2023

Written by Andrew Mannoukas

In a climate where several major crypto-native companies have either filed for bankruptcy, been hacked, or simply disappeared overnight, the expression ‘Not your keys, not your coins’ became a slogan that encouraged people to move their digital assets away from so-called safe haven crypto institutions and into self-custody.

Is {{self-custody}} really the answer?

Share this article

In a climate where several major crypto-native companies have either filed for bankruptcy, been hacked, or simply disappeared overnight, the expression ‘Not your keys, not your coins’ became a slogan that encouraged people to move their digital assets away from so-called safe haven crypto institutions and into self-custody.

However, it’s also been reported that over $100 billion worth of cryptocurrency stored in self-custody wallets has been lost forever because of forgotten passphrases or faulty devices, which raises the question: Is the digital equivalent of keeping your money under your mattress really the most secure way to protect your wealth?

A quick internet search throws up many examples of horror stories due to misplaced passphrases, wallet corruption, malicious keyloggers that steal passphrases, and even scenarios where buggy firmware updates have bricked hard wallets. One suspects this is just the tip of the iceberg, as we’re only aware of incidents where the victim has gone public.

When so much is at stake, does a self-custodial wallet with which you play both the role of the account holder and the bank really address the risks? And are you comfortable being solely responsible for the ongoing security of something that could essentially be a single point of failure?

Xapo Bank and its members aren't subject to the same risks and unmonitored bad practices that led to the demise of the above-mentioned shady entities, nor are we vulnerable to the risk of a single point of failure.

We’re proud to be a fully licensed and regulated bank, ensuring complete transparency of our finances and customer funds. We undergo annual audits by one of the Big Four, maintain Payment Card Industry (PCI) compliance, and have our security regularly assessed by the Financial Services Committee.

How do we protect our members’ Bitcoin?

The Wall Street Journal once dubbed Xapo Bank the ‘Fort Knox of Bitcoin,’ with a Swiss military bunker guarding billions of dollars in Bitcoin for our members in a cold storage facility, reminiscent of something from a James Bond film.

Fast forward to today, with Xapo Bank having obtained its banking license and the field of cryptography evolving, we reevaluated whether an air-gapped cold storage facility was still the most secure and efficient way to protect our members' wealth.This is why we made the decision to migrate from a Multi-Signature cold wallet approach to Multi-Party Computation (MPC). With the introduction of MPC wallets, a new era of asset management began — one in which security and privacy are given top priority.

The power of key shares and threshold signatures

At a very high level, MPC functions by splitting the Master Private Key into multiple distinct parts, or "key shares," which Xapo Bank has secured and distributed across the globe at secret locations.

The MPC protocol ensures that the participants engaged in key generation and signing can keep their inputs confidential without disclosing them. That means no individual party within the quorum possesses full access to, or control over the stored assets.

Due to their decentralised design and dispersed private key fragments, hackers would face an overwhelming challenge when attempting to access any of these key shares simultaneously. Since the key shares are refreshed every few minutes, each key share would have to be compromised within a very short window of time at each location.

Secure multiparty computation

By dividing the private key into key shares, a threshold signature approach is required. Simply put, this guarantees that there is not a single point of failure, which greatly enhances our members' security and privacy.

When a signature is required, the multi-party computation ensures these fragments can generate a valid signature without being assembled in full. As a result, the true private key will never appear and is not required to appear. Additionally, MPC ensures there is no seed phrase that could be misplaced, overlooked, or stolen.

The key share creation process we utilised has been audited and awarded CCS Level 3 certification, demonstrating that, “multiple actors are necessary for all crucial actions, sophisticated authentication mechanisms are used to ensure the authenticity of data, and assets are distributed both geographically and organizationally.”

Why Xapo Bank chose MPC

Xapo Bank chose MPC because it eliminates single points of failure and minimises the chance of malicious attacks, creating a reliable and secure way to safeguard your savings.

We believe that only by embedding Security in every fibre of Xapo, whether that be culturally or architecturally, can we continue to deserve the trust and recognition as one of the safest havens for your digital assets.

Whether you want to transact Bitcoin, earn high annual interest paid out daily, or store it securely for the long term, you can become a Xapo Bank member today.

Disclaimer

This article is for general information purposes only and is not intended to constitute legal or other professional advice or a recommendation of any kind whatsoever and should not be relied upon or treated as a substitute for specific advice relevant to particular circumstances. We make no warranties, representations or undertakings about any of the content of this article (including, without limitation, as to the quality, accuracy, completeness or fitness for any particular purpose of such content), or any content of any other material referred to or accessed by hyperlinks through this article. We make no representations, warranties or guarantees, whether express or implied, that the content on our site is accurate, complete or up-to-date.

Share this article

tanding woman engaging with the Xapo Bank app on her mobile phone, overlaid with an orange hue.
Apply now
Join
Xapo Bank
Become a member
Ready to upgrade your finances?

The Xapo
Insider

Catch up on the latest crypto news, and get the inside scoop on our products and services.

Explore The Xapo Insider
How Xapo Bank {{is Enhancing}} Bitcoin Trading with FalconX
News
Article - Oct 07, 2024

How Xapo Bank is Enhancing Bitcoin Trading with FalconX

Read Article
Why Institutional-Level Bitcoin Pricing Matters for {{Your Trades}}
News
Article - Oct 07, 2024

Why Institutional-Level Bitcoin Pricing Matters for Your Trades

Read Article
Xapo Bank and Hilbert Group Launch Bitcoin Yield Hedge Fund with $175M {{Initial Investment}}
News
Article - Sep 18, 2024

Xapo Bank and Hilbert Group Launch Bitcoin Yield Hedge Fund with $175M Initial Investment

Read Article
How Xapo Bank Safeguards your Transactions
News
Article - Sep 06, 2024

How Xapo Bank Safeguards your Transactions

Read Article
Xapo Bank and Hilbert Group: Pioneering Innovation in Bitcoin Wealth Growth
News
Article - Aug 30, 2024

Xapo Bank and Hilbert Group: Pioneering Innovation in Bitcoin Wealth Growth

Read Article
The Price Is Right: A Note on Recent BTC Volatility
News
Article - Aug 08, 2024

The Price Is Right: A Note on Recent BTC Volatility

Read Article