Perspectives

Cold Storage Isn't Flawless. Don't Learn It the Hard Way

September 27, 2021 - 6 min read

Key takeaways:

  • Most crypto firms concentrate their security efforts on controlling external risks, neglecting the importance and danger of internal threats;
  • Organizations mistakenly believe that cold wallets automatically solve all their security concerns. But market history shows that cold storage doesn’t mean secure;
  • Ledger Vault strips down the deficiencies of conventional cold storage solutions to bring a next-level digital asset custody technology with end-to-end security and no failure points.

In August 2021, we witnessed one of the biggest heists in the crypto world when $600m worth of digital assets were stolen from a DeFi network. The platform’s operators had no other choice than to politely ask the hackers to return the funds.

But leaning on the ethics of cybercriminals is rarely a sound strategy, especially when managing the funds of millions of users and trying to shape a trustworthy image in such a crowded industry. In a world where eye-popping returns lure even the biggest crypto skeptics, the theft of digital assets remains everyone’s worst fear.

Institutions are obliged to do their best to ensure their clients’ peace of mind. To do that, for years, they have relied on cold wallets, or what was believed to be the gold standard in crypto security.

This accumulated an excessive amount of hype and romanticism for cold storage solutions to a point where many are turning a blind eye to their drawbacks. As market history shows, this can be a painful mistake.

What is cold storage and how do companies build it?

Cold wallets, also known as cold storage, are offline devices or physical objects used to store the private keys for your digital assets. There are different mediums of cold storage, including paper and hardware wallets (USBs, a desktop computer, a CD or DVD, etc.).

Cold storage solutions are considered more secure as they aren’t connected to the internet, which substantially reduces the threat from cyberattacks.

The only risks looming over cold wallets are physical loss or theft. Alternatively, if you damage, lose access, or someone steals the medium storing your private keys, you will lose your digital assets.

To mitigate such risks, crypto-native organizations like exchanges, digital banks, and custodians usually keep their cold wallets into bank vaults or safes in distributed locations.

What are the downsides of cold storage?

After the Mt. Gox hack in 2014, when $480m worth of digital assets were stolen, the industry started promoting cold wallets as the safest option for institutions to store users’ funds.

However, over the years, the drawbacks of cold storage solutions started to surface, proving they aren’t flawless.

CipherTrace finds that in 2020, crypto thefts, hacks, and frauds amounted to$1.9b, with a significant growth also seen in cases of exit scams and insider thefts. By the end of July 2021, the figure totaled $681m.

This shows that cold storage isn’t the gold standard in crypto security that most believe it is.

One of the reasons is that cold wallets don’t allow for easy change of governance. Those appointed to manage the funds can hardly be substituted at a later point. This concentrates the risk on the designated group of people, making the whole process highly vulnerable.

But security concerns aren’t the sole reason. The fact that cold storage solutions are often kept in distant locations makes them less convenient for ensuring immediate liquidity at all times. The complicated access to clients’ funds makes the whole procedure slow, cumbersome, and inflexible.

How do cold storage’s drawbacks affect users?

To market their superior security, the majority of the crypto exchanges claim to keep 95% or more of their users’ funds into cold storage.

To eliminate the risk of insider theft, most institutions grant access to the cold wallets and the users’ funds stored there only to a single person or a small group of top-tier managers.

While this practice is widely popular, it often backfires, with investors bearing the consequences.

In January 2019, over $135m worth of cryptocurrency was lost after the CEO of the QuadrigaCX exchange passed away. As he was the sole person with access to the private keys, to date, tens of thousands of Bitcoins, Litecoins, Ethers, and other digital assets remain inaccessible in cold storage.

In December 2020, one of the founders of CEO Global, a Hong Kong-based cryptocurrency exchange, was taken in police custody by the Chinese authorities. The exchange had to suspend all withdrawals due to him being the sole holder of the cold wallets’ private keys. The case resembles what OKex’s clients had to experience a month earlier.

In April 2021, Turkish authorities issued an international search warrant for the CEO of Thodex, a local cryptocurrency exchange, who vanished with $2b in investors’ money. Over 400,000 users are believed to be affected.

In June 2021, the owners of Africrypt, a South African crypto exchange, disappeared along with Bitcoin worth $3.6b.

CipherTrace’s reports from April and August this year list various other exit scams, costing investors millions in digital assets.

Such cases show that conventional crypto storage solutions struggle to offer maximum security for users’ funds. The axiom that whoever owns the private keys owns the assets proves that security systems with a single point of failure are especially vulnerable. It takes just a single immoral decision or an unfortunate event affecting the one in charge of the funds for users to suffer catastrophic losses.

The inability to ensure full segregation of duty between private key owners and operators means organizations can’t rely on an agile and safe governance infrastructure and exposes their clients to massive risk.

Introducing Ledger Vault - the next generation cold storage solution

“Ledger Vault is a product Bitazza utilizes on a daily basis for its security features. Despite the industry’s focus on cold wallets, we believe that it is also important to create good business practices, policies, and procedures around the use and access of those wallets,” said Kavin Phongpandecha Co-founder and CEO at Bitazza. “With strong technology and secure processes, we are able to focus on growing our business instead of worrying about custody. Ledger Enterprise has been a supportive partner of ours since day one.”

The industry has learned the hard way that cold storage is no longer the “Holy Grail” for safeguarding digital assets. Today, exchanges, custodians, governments, and regulators are increasingly looking towards next-level technologies that overcome the drawbacks of conventional cold storage solutions.

Ledger Vault, the core product of Ledger Enterprise, is explicitly designed to address the needs of institutional clients and help them holistically elevate their security protocols.

The state-of-the-art digital asset management solution allows organizations to design flexible governance mechanisms and decentralize the control of users’ funds, ensuring end-to-end security with no failure points. The governance framework can be tailored to the requirements of each business, based on its structure and size.

Thanks to Ledger Vault’s robust governance rules, organizations won’t have to worry about being exposed to external and internal threats.

Ledger Enterprise’s solution is accompanied by a private key management system that fully backs up and recovers private keys.

Furthermore, enforcing maximum security at all times doesn’t come at the expense of liquidity as businesses retain instant access to the digital assets in management.

Ledger Vault battle-tested technology ensures that organizations and their clients are in complete control of the assets, from trading to offline storage, without compromising flexibility, speed, or governance.

Interested in utilizing Ledger Vault, the industry’s top-notch solution, to secure your digital asset portfolios? Contact us at [email protected] to find out how we can bring you on top of the crypto security trends.