Serious long-term holders of bitcoin want to control the private key that gives them ownership of their coins. In practice, many delegate control to specialist custodians like BitGo, which is boosting its European presence with the launch of new subsidiaries in Germany and Switzerland.
BitGo is backed by major investors from Silicon Valley and Wall Street, including Digital Currency Group, DRW Ventures, Galaxy Digital Ventures and Goldman Sachs.
In a recent interview, Mike Belshe, BitGo’s chief executive, told New Money Review why crypto-asset custody should be left in the hands of the professionals.
New Money Review: Why is the custody of crypto-assets relatively expensive?
Belshe: In other asset classes, the principles for the storage and security of the asset are pretty well understood.
“we have to worry about the asset disappearing from underneath us”
Even if something is hackable at an electronic level—take warehouse receipts, which have been stolen in the past—insurance underwriters exist to protect against various kinds of loss. You can buy directors and officers (D&O) or errors and omissions (E&O) liability insurance, for example.
In crypto, we’re talking about an asset that’s highly volatile by any historical measure. Then it’s combined with a completely new technology. You can’t physically prove it’s safe: you have to do so mathematically and operationally.
Because of that, in crypto we have to worry not only about making a bad investment, but also about the asset disappearing from underneath us.
As a result, crypto custody fees are relatively high. In fact, custody requires these fees to help build out its research and development efforts.
New Money Review: Why do traditional asset custodians not play a greater role in this market?
Belshe: For them, the risk-reward of crypto custody is not there. On the one hand, they’ve got billions of dollars of risk. On the other, they’ve got a relatively misunderstood asset. They certainly can’t extract much in product fees, even at high rates, to compensate them for that level of risk.
So the incumbents are staying away, which means new companies have to take on the role. This is probably a temporary state of affairs, but how long it lasts is anyone’s guess. Crypto custody is likely to carry a premium, relative to how you would custody other assets, for some time yet.
New Money Review: Given these big firms’ absence, how competitive is the crypto custody business?
Belshe: It’s still a competitive marketplace. There are new entrants all the time, with lots of different models. Some are crypto exchanges that are trying to bolt custody onto the side of the exchange. Some custodians service broker-dealers, who would like to use a bank as custodian but can’t find what they are looking for.
This leaves us in an interesting state of tension. On the one hand, bitcoin is an asset class that functions in a way most financial services people would recognise. On the other, you have software people building the products around it.
In the software world, you have great battles over market share, like that between Oracle and Salesforce. In financial services, the priorities are safety and mitigating risk.
New Money Review: What are the main differences in technological approach when it comes to the storage of private keys?
Belshe: At BitGo we only use multi-signature wallets. Some cryptocurrencies don’t support multi-signature technology, so we don’t support those blockchains. That’s because we don’t think it’s possible to secure large amounts of assets under a single key.
“you’re taking this internet-based money off the internet in order to secure it”
A single key means a single point of failure. It’s a standard principle of security that if you have a vulnerability through one point, you break it up into multiple parts.
Another important question is whether to go for hot or cold storage. I’m a technologist at heart, so cold storage is extremely disappointing to me: you’re taking this fantastic internet-based money off the internet in order to secure it.
From our earliest days, we’ve wanted to put everything online in a secure fashion through the use of multi-signature technology. To some degree we’ve done that: we have clients using online multi-sig wallets that exceed $100m in size.
But when you’re storing billions of dollars, if you don’t need access to the money, the safest place is offline.
Hot wallets have a place if you have real-time activity and you need to be moving money. BitGo does more of that than anyone else: we handle $15bn in transactions every month, which represents almost 20 percent of the bitcoin blockchain by volume.
New Money Review: In 2016 the Bitfinex exchange was hacked to the tune of 120,000 bitcoin (worth $1.2bn at current prices) after working with BitGo on a multi-sig wallet. What lessons did you learn from that episode?
Belshe: The biggest thing we learnt was that security for our clients is hard. You can give them all of the configuration capabilities and they will gravitate towards the lowest-friction option. There’s always a trade-off between ease of use and security.
But even if you’re a security expert you can make mistakes in digital assets. If you’re not a professional, securing the vault is hard.
“this is real money and you need to hand it to professionals”
We had trusted that our clients were going to be able to keep their systems secure. But they were massively breached. At the time we didn’t offer the option to hold all the keys: we offered a non-custodial option, where we held one key and they held two.
For the long term, another key conclusion from that episode is that this is real money and you need to hand it to professionals to look after.
New Money Review: Why are you opening new entities in Germany and Switzerland?
Belshe: Increasingly, our regulated clients are looking to deal with custodians that are also regulated properly. We’re already cleared to do custody in a regulated fashion in Switzerland, and we’re ready to go in Germany, which will give us the ability to cover the whole European Union.
All of this is a broader effort from BitGo to make sure that our clients in different jurisdictions can be sure we’re fitting in with the model they need us to comply with.
New Money Review: How easy has it been for you to work with regulators in Europe?
Belshe: All the regulators are looking at overlapping requirements from the custodians and broker-dealers they supervise. First and foremost, they are looking for compliance with anti-money-laundering and know-your-customer rules. They want to make sure you’re not dealing with terrorists or politically exposed persions.
One thing that is still a bit of an enigma is the question of where the private keys giving access to the crypto-asset should be held. Should they be held locally, globally or a combination thereof? Regulators’ natural inclination is that the keys should belong in the local jurisdiction. But there’s more to be done in building systems that work for clients globally.
Investors are looking for protections, and if it’s safer to have one key in Germany, one in Switzerland and one in the UK, they are happy to hear about that. We can build systems that fully automate their transactions so that, for them, it’s the same as accessing a bank account.
Don’t miss any more New Money Review content: sign up here for our newsletter