The Risk of Holding Your Investors’ Private Keys

March 19, 2015

Imagine that you’re a wealth manager or a fund investor, and you just raised a $100 million fund with the promise of hefty returns.  You relish the moment as your investors stop by to drop off pallets of physical cash in your offices.  Once you have all the cash, you take great care to mark each bill, putting them in plastic envelopes (so they are mostly water proof), and then you transport them to a safety deposit box or lock them in a cabinet in your offices.  Every time you make an investment or a payout to your investors, you go to your storage location and remove physical cash in order to make a payout.  You pay for guards, surveillance, armored trucks, myriad security precautions, sparing no expense.  Everything is great until one day an unforeseen event occurs and the cash is lost.

This scenario should sound crazy. A prudent institution would keep the money in an FDIC-insured bank (or banks) and use the banking rails for transmitting value instead of physical cash.  It’s simply a more secure way — anything else would just seem reckless.  Further, in the event of a loss of the cash, the question would be asked why the better alternative wasn’t pursued, raising questions about judgment, fiduciary duties, and liability.

Amazingly, many institutions follow an analogous practice with respect to bitcoins. Using storage techniques like paper wallets or printed key back-ups, as required by certain storage solutions, is akin to managing a large swath of physical cash.  In actuality, attempting these methods of bitcoin storage is worse than the cash example, since private keys must be transmitted electronically at various points in the process and are thus vulnerable not only to physical theft, but also to theft online.  Like cash, the tangible wallet or printed back-up keys are also subject to potential theft during transportation or even while in storage.

Just like leveraging the security and insurance of banks for storing or transmitting cash, attempting to manage or even briefly touch private keys when a better option exists could be viewed as reckless and potentially result in personal liability in the event of a loss. In order to avoid this, a prudent fiduciary should 1) use a vetted and insured storage provider that specializes in security and 2) make sure that such solution never requires a fund or manager  to be responsible for private key creation or storage.

Xapo’s security architecture, products and services were all built with these concerns in mind. Xapo’s vault uses private keys that never touch the the client or the internet and are buried deep within geographically dispersed heavily guarded locations that leverage multi-signature technology for transaction signing.  Our processes have been rigorously penetration tested and successfully passed a SOC2 audit in August 2014 — the first of its kind.  Our customized security protocols further reduce the likelihood of theft through social engineering, phishing or brute force hacks.  Finally, in the unlikely event of a loss, the bitcoins held in Xapo’s vault are fully insured and Xapo is fully responsible.

Trust the bitcoin custodian used by top global hedge funds, venture capital, family offices and exchanges. Protect your bitcoins with Xapo.

Ted Rogers

By Chief Strategy Officer


Article published on March 19, 2015

, , , , , ,

Why Own Bitcoin

People often ask me if they should invest in Bitcoin and later how to invest. I have watched a lot of friends make and lose money on Bitcoin, so I have a strong point of view. I want to share my perspective to help people understand Bitcoin as an investment. All of these numbers and…

By Wences Casares

Bitcoin needs both unregulated and regulated network nodes

At Xapo, we believe that Bitcoin’s permissionlessness, censor-resistance and unseizability are its most important features, without which Bitcoin would not be of much value. The only way to ensure that Bitcoin can remain permissionless, censor-resistant and unseizable is by making sure that anyone can get some bitcoin, store it, and send it without any intermediaries…

By Wences Casares

Beware of extraordinary claims

For those of us who love Bitcoin, and especially for me as the Head of Growth at Xapo, it is always great news when we see more and more people adopting Bitcoin every day with almost magical organic growth that helps the bitcoin price rally. So I should be happy every time I see that, right?…

By Tiburcio de la Carcova