BitGo's Big Ideas: Secure the World's Biggest Blockchain Fortunes and Create a 1 Trillion Dollar Wallet
In 2013, the stakes felt like they were incredibly high for bitcoin holders. Especially when the largest bitcoin wallets safeguarded by blockchain security provider BitGo, especially considering it held around $10 million worth of cryptocurrency.
If we flash forward to some time in 2015, this same company managed to creep up to around $100 million. While this is an incredible series of developments that seems like an unthinkable evolution, but by 2017, one of the largest cryptocurrency wallets that was in operation in BitGo's ecosystem managed to reach close to $1 Billion.
But the company is all about pushing forwards, with the next milestone within its sights. This is according to the CEO of BitGo, Mike Belshe, who will be hosting a talk in October at Stanford University, titled “Securing the Trillion Dollar Wallet.”
While it was only five years ago that blockchain and cryptocurrencies started sprouting up, any mention of this sort of money sounds completely out of step. But this is the landscape of five years on, and now $1 trillion being used with cryptocurrencies is not far-fetched at all.
“Now we are really thinking, what's it going to take to secure a trillion dollars?” Belshe argues. “It may be a little far away, but we have to start thinking about it now; we have to start designing it now in order to get there.”
One trillion dollars is no easy number to obtain, nor is it an easy task to undertake, designing a system like that will involve an ever complicated mixture of hardware and software in order to support it. In addition, it requires a strong mix of policy and procedures, and that's not even going into the necessary adherence to externally audited regulatory requirements (BitGo having recently received approval in the USA to serve as a regulated and qualified custodian for digital assets on behalf of institutional investors).
However, according to one security consultant, who had spoken previously to Belshe's team, developing a secure vault system for such a remarkably large volume of money generally boils down to just two components: Kids and fingers.
Once the money starts hitting a certain volume, it becomes a whole other kind of ball game from keeping a cryptographic private key, which controls a bitcoin wallet in some kind of cold storage, like a piece of paper or hardware device which is otherwise silo'd off from the outside world. But what if someone were to come to your office, hold a member of your family hostage in order to get access to those assets? Well, I'm pretty sure you'd give it to them right?
Well if you're talking about a $1 trillion asset storage system, having it be that easy to breach doesn't make for a good security system.
The real trick lies in the intermingling of technology with process and controls in such a way as to make it as difficult as possible for undesirables to obtain access to those funds. Or, at the very least, make it so that moving a majority of those assets involves lots of independent, seperate people whose key signatures are required.
When confronted with questions about the security issues associated with this sort of wallet, Bolshe stated:
“Some of the technology guys out there are saying, ‘hey we can get you out of cold storage in 10 minutes.' I'm sorry, but if you can get a billion dollars out of cold storage in 10 minutes, that means there's somebody's finger that you can threaten.”
The Big Money
Walking back from this somewhat, the act of becoming a fully qualified custodian has taken the likes of Belshe years to set up, and has seen BitGo come very close to the acquisition of Kingdom Trust, the qualified custodian, before electing to go it alone, forming BitGo Trust in the process.
Following the successful addition of a regulated trust function, BitGo, which currently handles roughly 15 billion in monthly cryptocurrency transactions, it's arguably pulling ahead in the race to secure digital assets for the institutional set.
It's here that competitors within the space include the hardware marker Ledger, which is the US traditional custodial bank Northern Trust, and blockchain startup company, itBit.
Belshe believes that the inevitable evolution towards digital assets involves a reising tide, which will benefit everyone active within the industry. In the past, he ha admitted that clients are really looking for custodians with big balance sheets, which is an attribute that BitGo doesn't have at the moment, but it aspires to.
“I would love if the big players came in and put their balance sheet behind the security of their custodianship of digital assets. It would be amazing for all of us,” he said.
Ever since the financial crash in 2008, there has been a greater deal of pressure for diversifying custody arrangements, which is something that the US Securities and Exchange Commission (SEC) has tried to encourage. In this day and age, hedge funds will often be using more than 15 to 20 separate custodians with perhaps only 5% in each in order to limit their exposure to variables, as Bolshe elaborated.
He went on to comment that BitGo had been in talks with a number of hedge funds and found that there are ‘literally dozens' that can't wait until the end of a 30-day review period (During such a time, the public can register objections to South Dakota's approval of the company as a qualified custodian) so they can use its trust service.
It's in this specific detail, that achieving parity with already established qualified custody providers would involve gaining third-part certification of policies and procedures, or SOCs (System and Organization Controls). BitGo has managed to obtain SOC I and II certifications, with the auditing being carried out by Deloitte for both certifications.
It's a length which few, if any, other cryptocurrency companies have gone to, and it's an extensively arduous one, mentions Belshe, and it includes a wide range of eventualities which may occur alongside it.
“You can have the most secure software in the world and the most secure hardware. But inside your company what's the policy for keeping things safe? What happens if your data center goes down?” he said. “We have policy, procedures and plans for all this, that have been tested and are in place.”
In the wake of BitGo's qualified custodian announcement, the company's next desired step is to provide a crypto-based insurance product, which is expected to be released within the next few months. The application of this insurance generally provides some level of coverage for investors against the potential risks such as theft.
Unlike other companies, BitGo wouldn't be playing a hand in the writing of these policies, but rather they would white-label the product with an established insurer that is willing to get involved. Belshe wants to ensure that this foray is done right, and has subsequently dedicated himself to allocating and obtaining a deeper knowledge of the subject matter along the way.
The experiences and education has left him circumspect whenever he hears about the concept of crypto insurance being offered in the market.
“The insurance claims out there are wide and wild and often not really of value,” Belshe said (meaning “claims” as in representations about insurance, not requests for payment from an insurer). “Anybody that's looking at insurance, or a provider that claims to be insured, ask them to really show you what the [coverage] limits are.”
On its own, it can take a certain amount of digging to get to the bottom of. And as hard as it is to differentiate BitGo's cold storage system from somebody elses approach towards it, it's also an equally hard thing to differentiate one claim of full insurance from another that's out there., argues Belshe. In many instances, you're dealing with small policies of $10 million or less which may not even cover the full damage incurred by the theft.
Usually, the questions that need to be answered are as follows: Who exactly is the underwriter? What cases are or will be covered? What about potential insider theft? What about executive insider thefts? What exactly are the caps, and what are the respective deductibles? And can you cover your deductibles under the possible circumstances?
Belshe has taken the time to acknowledge that underwriters are there to provide a service, and don't want to be used as some part of marketing strategy, but ultimately, full transparency has to be made available for the customers should they want it.
Any organization that goes on to offer a great insurance program would need to find some series of methods to get ‘Solid green lights' from anyone who wanted to take the time to review it, even if they had to do so under a previously signed non-disclosure agreement (NDA), argues Belshe, who goes on to conclude the following.
“If they are not willing to talk to you about it, it's a red flag. I guarantee you, if it's in secret, there's a reason it's in secret.”