BitGO were the first to pioneer the multi-signature transaction back in August, 2013. Now they’re pioneering in security again, with this week’s unveiling of a partnership with one of the largest underwriters in the world, XL Group .
All users of the hosted wallet service will now be covered up to $250,000 for covered theft claims. Users who require or would like more coverage than that can acquire it at the competitive rate of about 1% per year (in addition to regular monthly fees).
Insuring Bitcoin deposits has long been one of the holy grails of the industry. The very nature of digital money makes it somewhat more vulnerable to theft and natural disaster, and finding a suitable underwriter willing to cover a Bitcoin company was no easy task, according to BitGO CEO Will O’Brien. (We spoke to him on 23 February in preparation for this article.)
This was a huge effort. We engaged the former chief underwriting officer from AIG, Ty Sagalow – this is a guy who’s pioneered things like Y2K Insurance, cyber insurance, reputation insurance, and others. We partnered with him and his firm to structure these policies. […] We spoke with a number of different underwriters. XL Group was one of the ones who were most forward-thinking and innovative. […] It was a great challenge. It was something that really only somebody in BitGO’s position could accomplish, because we had the track record, we had the team, we had the operational scalability, we had the technical know-how. They vetted our company, they vetted our operations – they wanted to dig deep into Bitcoin technology, multi-sig technology. It was a lot of effort. It’s not something that is easily attainable. And that’s a value-add for our customers.
The insurance policy now secured by BitGO extends coverage to all account holders up to $250,000. It is important, for legal reasons, to stress that BitGO is not going into the insurance business – rather, they have summited the mountain that is attaining insurance in the wild west of Bitcoin economics. BitGO has long been a good option for Bitcoin start-ups who would rather focus more on their core business than wallet security.
When you think about the history of Bitcoin storage and Bitcoin transactional systems, in the early days, it was up to the users to set up their own security. If you’re using a desktop wallet, and there are a lot of them out there, you’ve got to make sure that your computer doesn’t have malware on it. If you’re using a hosted service, like an exchange or a web wallet, you’ve got to trust your private keys with that hosted service.
With the advent of multi-sig, it makes it such that there’s no one single point of failure if properly implemented. […] Now a hack can’t result in the loss or theft of funds – in theory. […] There are still customers out there, especially in the large enterprise/institutional space, who are saying, ‘That’s all great, I trust technology, I trust BitGO, but what about additional assurances can I have BitGO standing behind this technology that they’ve implemented?’
Companies that hold funds for their customers will especially be attracted to the protection this new feature of BitGO’s services will add. With the recent failures of the exchanges Bter and BitStamp, customer funds were in limbo. In the second case, BitStamp was able to pay back lost funds. However, in the case of Bter, over 7,000 Bitcoins went missing in the blink of an eye and nobody who lost funds will be re-compensated. Had they been using BitGO’s service, the theft might not have happened in the first place. If it still had, the exchange would have presumably been covered and able to return customer deposits while retaining trust.
For many companies still on the fence about whether to engage in the Bitcoin economy or not, having deposits insured was the last mile. A ripple effect may well take place as legacy firms can enter the world of Bitcoin with relative assurance that theft in the form of unauthorized transactions is a thing of the past.
O’Brien urges companies looking to build Bitcoin-integrated services into their business strategy to have a look at their API . For nominal fees, they’ll be sure that their deposits are as safe as they can be.
If you’re building a Bitcoin business today, there’s no reason you should be going and downloading the core Bitcoin libraries like bitcoind, trying to run it yourself, and trying to figure out where to store keys, when you have a service like BitGO, that is battle-tested. We’ve been at this for over two years, and as you scale up what you’re doing, your holdings, your operations, we can keep working with you to give you more and more confidence around the scalability and security of your platform.
In partnership with the Canadian organization C4 – the CryptoCurrency Certification Consortium – BitGO is developing a security standard for cryptocurrency businesses. The CryptoCurrency Security Standard is still in development, but the current draft covers ten important areas that a firm must be secure in if it is to be certified by the body. These areas range from how wallets are generated to proof that the firm has funds in reserve. Since consumers trust BitGO and the C4, a company that bears this seal in the future will by association gain a reputation for reliability.
The standard has three levels. A top-tier company is described as such:
An information system that has achieved Level I security has proven by way of audit that they protect their information assets with strong levels of security. Most risks to the system’s information assets have been addressed by controls that meet industry guidelines. While this is the lowest level within CCSS, it still represents strong security.
This is similar to web standards developed by people from all walks of the Internet industry several years ago, which standardized how web applications were to be written so that developers across platforms could make browsers able to process the code. While it is voluntary, those who write standardized code are assured that their site will be viewable on the greatest number of platforms. Similarly, it’s hard to imagine a situation where the CCSS would be able to be enforced, but any firm that wasn’t willing to meet all the criteria might become suspect in the eyes of the consumer.
Many would say that efforts such as these have been a necessity for some time now. With insurance and standards bodies coming into the field, it’s hard to imagine we’ll be looking at the same Bitcoin landscape this time next year.