Companies that own or trade crypto currencies, such as Bitcoin, must effectively protect their digital money. A long list of successful hacks shows that such protection is not easy to implement. If trading with digital money is to be integrated into one's own business processes or part of one's own services, then it is usually not possible to store coins at external exchanges (especially as it is questionable whether this would increase security). In such cases, effective protective measures must be implemented by the parties themselves.
Entrusting access to cryptocurrencies exclusively to management is an obstacle to dynamic business processes and entails risks (See: A Crypto Exchange CEO Dies-With the Only Key to $137 million). On the other hand, insiders are a real threat, so access to coins should not be entrusted to individual employees. In addition, a lack of two-factor authentication is always a gateway for attackers, although two-factor authentication has long been state of the art.
The following measures should therefore be taken into account for comprehensive security:
Cold Storage and Hardware Security Modules
As far as possible, crypto currencies should be stored in so-called cold storage, i.e. not on a computer with an online connection. For dynamic business processes this is sometimes only possible for a small part of the coins. In this case the values should not be stored in an ordinary wallet software but in a Hardware Security Module (HSM). An HSM is a device that protects cryptographic keys from digital and physical attacks. Attackers who were able to penetrate company computers cannot simply steal the wallet file. At the same time, attacks that steal the HSM from the data center or office are mitigated.
Nitrokey HSM 2 combines professional key management features with a low price that makes it affordable for every cryptocurreny startup. With a performance of approx. 100 transactions per second and per device, low to medium performance requirements are met. A linear scaling of several Nitrokey HSMs allows a high performance of several thousand transactions per second.
Access to coins and the initiation of transactions must not be controlled by individuals. Instead, a four-eyes principle or n-of-m access protection should apply. This means that from a group of eligible employees (m) more than one (n) must agree to initiate transactions. For example, transactions must be confirmed by at least three employees from a group of ten employees. This prevents access from being dependent on single employees. The Nitrokey HSM 2 offers such an n-of-m access protection.
Especially for Bitcoin the Nitrokey HSM supports the Koblitz curve secp256k1. In addition to a proof-of-concept wallet for Bitcoin, there is an integration in Go Ethereum. We are happy to support you with the integration into your own systems.
The two-factor authentication (2FA) is used to protect accesses/accounts. It combines two factors, often knowledge (a password) and physical possession (a hardware device).
Nitrokey supports all common standards for two-factor authentication, namely one-time passwords (OTP), FIDO U2F, certificate or key-based authentication for SSL/TLS/HTTPS and SSH.
For consulting and development services please contact us.