Xapo Launches Suite of New Security Features; Announces Xapo Vault Now Free of Charge

January 15, 2015

Xapo Vault Now Free of Charge.  Since Xapo’s launch last year, we have invested millions of dollars and leveraged many of the world’s best security engineers to develop the most secure storage service in the bitcoin industry. We believe that all bitcoin holders deserve access to this level of protection, so we are excited to begin offering our world-class Xapo Vault storage service for free. Existing customers who have previously paid an annual storage fee will receive a prorated refund (details will be provided in a separate email).

Deep Cold Storage.  Xapo is also pleased to announce enhancements to our industry-leading suite of physical and technological security features. Xapo’s architecture offers unparalleled, multi-layer bitcoin protection, utilizing a variety of technologies including deep cold-storage servers and multi-signature transaction authorization.

Xapo architecture is built on the guiding principle that in order to achieve the highest levels of bitcoin storage security, private keys should never touch the Internet. Private keys traveling over the Internet or stored in browsers or other Internet-connected endpoints are vulnerable to compromise.

Today, Xapo is the world’s only bitcoin company to offer deep cold storage, a security architecture in which users’ private keys are never exposed to the internet. Xapo’s deep cold storage security architecture means that private keys are created, stored, and maintained offline, in servers that have never and will never touch a network, even when used to sign transactions.

For added protection, our deep cold storage servers are housed in radio wave-blocking Faraday cages and secured behind military-grade security controls deep within reinforced underground bunkers. Our primary deep cold storage vault is located in Switzerland, with additional secure sites deployed around the globe.

Multi-Signature Authorization.  All Xapo Vaults now utilize multi-signature transaction authorization, a security protocol in which multiple validations from our deep cold storage servers are required to approve each vault withdrawal request. Xapo Vault withdrawals must be signed by at least 3 of 5 deep cold storage sites around the world, to help ensure that your bitcoins are impervious to theft at any one location.

Satellite-Based Security.  Xapo has partnered with Satellogic to locate specific elements of our security architecture within Satellogic’s constellation of satellites. Although we do not disclose the function of any particular aspect of our storage network for security reasons, our relationship with Satellogic enables us to leverage their cutting-edge satellite technology to assure we maintain data immutability and ongoing physical and jurisdictional security.

Completion of SOC2 Audit.  We are pleased to report that in August 2014, Xapo became the first bitcoin services company to complete a Service Organization Control 2 (SOC2) Type I audit, conducted by Burr, Pilger & Mayer LLP, a leading US accounting and consulting firm. SOC2 is a widely recognized auditing standard against which service providers are able to report and validate their internal security controls and processes with their auditors and customers.

Looking ahead, in 2015 we’ll be making further enhancements to Xapo’s already industry-leading security architecture, with the goal of continuing to offer our customers the most technologically advanced, secure and seamless way to store bitcoins.

Wences Casares

By Xapo Founder and CEO


Article published on January 15, 2015

, , ,

Xapo regulatory status in Switzerland

Three years ago, Xapo set out to determine the optimal jurisdiction from which to serve non-U.S. customers.  Our research ultimately identified Switzerland as the ideal jurisdiction, as explained in a May 2015 blog post. We are happy to announce that, after almost two years of substantial effort and investment, Xapo has received conditional approval from…

By Wences Casares

What would happen if Xapo got hacked

In light of the Bitfinex hack, we have been asked multiple times, “What happens if Xapo gets hacked?” This is the answer. TL;DR: If Xapo’s hot wallet were hacked, Xapo would cover the loss from its own reserve of bitcoins. Less than 3% of bitcoins are kept in our hot wallet, so our bitcoin reserve would…

By Wences Casares

Xapo joins in with industry leaders to support BIP101

Our community stands at a crossroads. The debate about which path to take has, by and large, been a healthy one, and we have not interposed our own positions or interfered in the discourse. Until today, our involvement has consisted of listening, researching and testing. We believe that work is complete, and it is time…

By Xapo Press