In a climate where several major crypto-native companies have either filed for bankruptcy, been hacked, or simply disappeared overnight, the expression ‘Not your keys, not your coins’ became a slogan that encouraged people to move their digital assets away from so-called safe haven crypto institutions and into self-custody.
However, it’s also been reported that over $100 billion worth of cryptocurrency stored in self-custody wallets has been lost forever because of forgotten passphrases or faulty devices, which raises the question: Is the digital equivalent of keeping your money under your mattress really the most secure way to protect your wealth?
A quick internet search throws up many examples of horror stories due to misplaced passphrases, wallet corruption, malicious keyloggers that steal passphrases, and even scenarios where buggy firmware updates have bricked hard wallets. One suspects this is just the tip of the iceberg, as we’re only aware of incidents where the victim has gone public.
When so much is at stake, does a self-custodial wallet with which you play both the role of the account holder and the bank really address the risks? And are you comfortable being solely responsible for the ongoing security of something that could essentially be a single point of failure?
Xapo Bank and its members aren't subject to the same risks and unmonitored bad practices that led to the demise of the above-mentioned shady entities, nor are we vulnerable to the risk of a single point of failure.
We’re proud to be a fully licensed and regulated bank, ensuring complete transparency of our finances and customer funds. We undergo annual audits by one of the Big Four, maintain Payment Card Industry (PCI) compliance, and have our security regularly assessed by the Financial Services Committee.
How do we protect our members’ Bitcoin?
The Wall Street Journal once dubbed Xapo Bank the ‘Fort Knox of Bitcoin,’ with a Swiss military bunker guarding billions of dollars in Bitcoin for our members in a cold storage facility, reminiscent of something from a James Bond film.
Fast forward to today, with Xapo Bank having obtained its banking license and the field of cryptography evolving, we reevaluated whether an air-gapped cold storage facility was still the most secure and efficient way to protect our members' wealth.This is why we made the decision to migrate from a Multi-Signature cold wallet approach to Multi-Party Computation (MPC). With the introduction of MPC wallets, a new era of asset management began — one in which security and privacy are given top priority.
The power of key shares and threshold signatures
At a very high level, MPC functions by splitting the Master Private Key into multiple distinct parts, or "key shares," which Xapo Bank has secured and distributed across the globe at secret locations.
The MPC protocol ensures that the participants engaged in key generation and signing can keep their inputs confidential without disclosing them. That means no individual party within the quorum possesses full access to, or control over the stored assets.
Due to their decentralised design and dispersed private key fragments, hackers would face an overwhelming challenge when attempting to access any of these key shares simultaneously. Since the key shares are refreshed every few minutes, each key share would have to be compromised within a very short window of time at each location.
By dividing the private key into key shares, a threshold signature approach is required. Simply put, this guarantees that there is not a single point of failure, which greatly enhances our members' security and privacy.
When a signature is required, the multi-party computation ensures these fragments can generate a valid signature without being assembled in full. As a result, the true private key will never appear and is not required to appear. Additionally, MPC ensures there is no seed phrase that could be misplaced, overlooked, or stolen.
The key share creation process we utilised has been audited and awarded CCS Level 3 certification, demonstrating that, “multiple actors are necessary for all crucial actions, sophisticated authentication mechanisms are used to ensure the authenticity of data, and assets are distributed both geographically and organizationally.”
Why Xapo Bank chose MPC
Xapo Bank chose MPC because it eliminates single points of failure and minimises the chance of malicious attacks, creating a reliable and secure way to safeguard your savings.
We believe that only by embedding Security in every fibre of Xapo, whether that be culturally or architecturally, can we continue to deserve the trust and recognition as one of the safest havens for your digital assets.
Whether you want to transact Bitcoin, earn high annual interest paid out daily, or store it securely for the long term, you can become a Xapo Bank member today.