A recent CoinDesk article titled “Research: Hackers Could Install Backdoor in Bitcoin Cold Storage” raised the prospect of a type of reverse-engineering, backdoor attack, described by Stephan Verbücheln of Humboldt University. The article specifically mentioned Xapo, and we wanted to respond.
The article describes an attacker changing an enterprise code and inserting a “backdoor” to exploit the software. As noted by several people in the comments section of the article, this is only possible if the attacker has access to changing the code. Though all bitcoin companies are subject to this type of risk, we believe that Xapo’s deep cold storage node poses the most secure alternative (and lowest risk of exposure) to this type of attack. Here’s why:
1) Installation of a deep cold storage node. The process of installing a deep cold storage node requires multiple steps designed to virtually eliminate any possibility of the existence of a backdoor before installing the software. The process includes a deep analysis of the software to install, including using reference clients and verifying the correct software versions, verifying the functionality of the software against previous test cases created, analyzing all source code, and employing stringent installation procedures.
2) Key generation process. The process of generating keys in deep cold storage is designed to further assure the cryptographic soundness. The process produces the necessary entropy levels, discards materials used to generate the keys, and utilizes a robust generation process.
3) The physical security of the nodes. The physical implementation of the deep cold storage nodes also ensures that once the software is installed on the nodes, unauthorized modifications cannot be undertaken. Our primary deep cold storage vault is located in Switzerland, with additional secure sites deployed around the globe. This physical security combined with physically dispersed installations means that unauthorized changes would involve simultaneous modifications across multiple physical sites, which would be nearly impossible.
We are committed to the belief that private keys should never touch the Internet. Private keys traveling over the Internet or stored in browsers or other Internet-connected endpoints are vulnerable to compromise. This exposes a user to a myriad of threats, from user error (if the users loses keys) to third party theft (if the user’s computer is compromised (including transmitted data over SSL)). We believe that our deep cold storage architecture offers the highest levels of bitcoin storage security available by any bitcoin company.