In light of the Bitfinex hack, we have been asked multiple times, “What happens if Xapo gets hacked?” This is the answer.
TL;DR: If Xapo’s hot wallet were hacked, Xapo would cover the loss from its own reserve of bitcoins. Less than 3% of bitcoins are kept in our hot wallet, so our bitcoin reserve would cover the full loss. If Xapo’s deep cold storage vaults were hacked, Xapo would cover the loss from its own reserve but the hack could be bigger than the reserve which would cause a net loss to our customers.
Over 97% percent of the bitcoins we hold for our customers are held in deep cold storage in multiple locations. “Deep cold storage” means that the private keys necessary to move those bitcoins are in servers that have never been online and will never be online; they are “air-gapped” and stored inside bunkered vaults with multiple access controls, mantraps, guards and surveillance systems. “Multiple locations” means that Xapo uses multi-signature technology so that, for every bitcoin address that we use, there are five corresponding private keys and any three of those keys are required to move those bitcoins (that is why Xapo bitcoin addresses start with a 3). These private keys are kept in different physical locations so that if a hacker wants to steal vaulted bitcoin, he or she will need to physically break through the multiple access controls, mantraps, guards and surveillance system to take physical possession of the servers, physically remove the servers from their location, and break their encryption. All of this needs to be done simultaneously in three locations in different continents.
The most exposed part of our bitcoins is the less than 3% that we keep “hot” (i.e. online) for customer transactions. We have many layers of security, multi-signature being just one of them, to prevent a hack of our hot wallet from occurring but, in theory, it could still happen because those bitcoins are highly available by definition.
Until recently, Xapo maintained third-party crime insurance on bitcoin stored in the Vault. The insurance policies kept getting narrower and narrower, covering less and less risk. We eventually decided that the insurance policies were not covering any significant risk and we decided not to renew the insurance. Instead, we implemented the Xapo Bitcoin Reserve. The Xapo Bitcoin Reserve is an amount of bitcoins that Xapo owns and keeps in deep cold storage; the Reserve encompasses an amount of bitcoins that is bigger than the funds kept in our hot wallet at any given time. As such, we are essentially self insuring against a hack of our hot wallet. If our hot wallet got hacked Xapo would cover the loss for its customers in full.
Since we originally set up the Xapo deep cold storage vaults over two years ago, we have continuously endeavored to improve our security infrastructure. Some of the main improvements we have made include improved physical security for our cold storage vaults, consensus-based security for our bitcoin operations and risk profiling for our bitcoin movements. We will continue to invest in these and other areas in order provide our users the most secure wallet/vault.