Bitcoin has had a messy start to 2015 when you consider the breach of the Bitstamp exchange alongside plummeting prices and miners going dark. But for Xapo CEO Wences Casares, it’s just growing pains as the infant cryptocurrency tries to build a more solid infrastructure and go mainstream. To do its part, bitcoin storage and wallet company Xapo plans to announce Thursday several new security features to further strengthen its vaults and make that storage free to use.
“When we talk to customers who have heard of bitcoin but are not yet using bitcoin or owning bitcoin, they always mention security as one of main hurdles of using bitcoin and its understandable,” Casares said. “That’s why we’ve from the beginning focused on security.”
Previously, Xapo customers paid a 0.12% annual fee to hold bitcoins in what the company calls its vaults (those customers will now be refunded). The five vault locations are underground in mountains, Casares said, including a main vault in Switzerland. Xapo uses “deep-cold” storage, meaning that account keys are created and kept in offline servers that has never touched a network.
Typically, “hot wallets” in bitcoin are on the network and therefore more susceptible to hacking and loss. For example, Bitstamp lost 18,000 bitcoin from its hot wallet in last week’s breach while the rest of the coins held in cold storage were spared. Compared to last year’s MtGox debacle in which 850,000 coins were lost from the exchange, bitcoin security has arguably made some strides forward.
As part of that push, Xapo is adding multiple-signature validation to its vaults. That means if someone wants to withdraw bitcoins, it must be signed off on by three of the five vaults worldwide. So if someone did break into one vault, no account could be compromised without having access to at least another two of locations, Casares said.
“Each one of these keys we keep in different private offline servers, in metal vaults, that are in deep underground bunkers,” Casares said. “If someone wanted your bitcoin, they would have to raid simultaneously into different vaults on different continents.”
And if hiding bitcoins in a mountain didn’t seem extreme enough, Xapo is also going to stash them in space. The startup is partnering with Satellogic, a satellite company where Casares serves as an adviser, to move a “digital fingerprint” of Xapo’s security system into space. If someone was to hack into Xapo’s software, the fingerprint of the system in theory wouldn’t match, denying access (unless you also physically change it in the satellite itself).
So-called “multi-sig” technology is pretty similar to two-factor authentication, and the idea of having multiple people, or keys, sign off on transactions is finally catching on in the bitcoin community. Bitstamp added it after their most recent breach by partnering with BitGo. Expresscoin, a bitcoin and other alt-currency retailer, also announced today that it is adding mult-sig tech to its exchange, courtesy of Gem.
What remains unclear, however, is how many people are actually storing their bitcoin in Xapo’s vaults. When asked how many users the company had, Casares declined to comment, citing confidentiality like a “Swiss bank.” The company has received criticism last year after touting a Mastercard-linked debit card in April, only to have it not linked to Mastercard at all and only available to overseas customers. Confusion over the card fees also drew the ire of its previous supporters, although the fees remain an important part of Xapo’s revenue stream now that the storage is free.
And amid a price crash, it also remains uncertain how large a market will remain of people needing to store bitcoins, especially as the hype cycle is now championing the miracles of blockchain technology compared to the volatile digital currency. Casares, though, said one doesn’t have to win over the other.
“I am a believer in both,” Casares said. “If you have a perfect public open ledger, one of the first things you’re going to want to use it for is money. That’s why bitcoin is first.”