Earlier this month, Bloomberg reported that wealthy investors have placed “roughly $10 billion of bitcoin” in a “network of underground vaults on five continents, including one in a decommissioned Swiss military bunker.” According to the article, the investors’ private keys are stored deep below ground in encrypted hard drives, housed in racks of servers that have never been connected to the internet, down long hallways of reinforced concrete, behind blast doors, and watched at all times by guards. As impressive as all this sounds, does it actually provide meaningfully better security for cryptocurrency than an ordinary hardware wallet?
Probably not. In fact, it may even be less secure in some ways than a simple, offline hardware wallet. To understand why, it’s important to consider that these “cold storage vaults” are as much a marketing strategy as a security measure.
The vaults owned and operated by Xapo, a Hong Kong-based bitcoin brokerage and online wallet provider founded by Argentinian entrepreneur Wences Casares. Launched in 2014, Xapo has positioned itself as a bitcoin management tool for traditional investors, many of whom may not even understand what’s actually being protected down in those bunkers. For those investors, an ultra-secure vault may seem like a great method for keeping their bitcoin safe. But that’s not really how it works.
When someone steals a bitcoin, they’re not stealing a hard drive. In fact, they’re not stealing anything, at least in the traditional sense. Instead, they’re gaining access to a private key — a long string of random numbers and letters — which can them be moved to another address. Simply taking a smartphone photo of that private key would give a thief everything they need to steal it. Guessing a private key, on the other hand, is only possible in a theoretical sense. By most estimates, it would take all of the computing power in the world trillions of years to even find a single address that currently holds a bitcoin balance.
While hiding those private keys on an encrypted hard drive in an underground vault may seem like a reasonable precaution, in reality those bitcoin are no more secure than they would be with any offline wallet. An encrypted hardware wallet — or even a paper wallet that was generated using an offline tool — provides almost the exact same level of protection, all while making it substantially easier to access those tokens. If the thief can’t crack the hardware’s encryption — also virtually impossible to do — then they can’t access the private key, or the bitcoin it controls.
The Xapo vaults do provide the appearance of substantial security, however. According to Bloomberg, withdrawing bitcoin from one of the vaults takes about two days, with the company verifying the owner’s identity. The company also seems to have a “multisig” setup, requiring the use of multiple private keys from three individual vaults in each customer withdrawal. Again, these precautions could seem persuasive to people who are less familiar with the nature of bitcoin’s encryption.
To more experienced cryptocurrency users, however, this setup may seem less impressive. Xapo’s security amounts to an encrypted, multisig-enabled set of private keys that are stored on air-gapped hardware. The exact same level of security could be established with a couple of well-hidden, well-protected hardware wallets. Instead of waiting two days to access those funds, a competent bitcoin user could have access to them in mere moments.
What’s more, the Xapo approach comes with a big trade off in real-world security. It requires that the depositors trust Xapo with their private keys, and give up direct access to their bitcoin in the process. If Xapo’s bunkers or hardware are ever seized, stolen, or destroyed — or if Xapo itself ceases operations for some reason — those depositors will permanently lose access to their funds. They might not be stolen, but they could be effectively destroyed. Unlike hardware wallet users, these investors won’t even have a passphrase they can use to reconstruct their private keys.
It’s easy to see the appeal of Xapo’s vaults, particularly for institutional and high-wealth investors. They company does provide a real level of security for it’s customers’ investments, even if some aspects of it seem more theatrical than pragmatic. While many bitcoin users would balk at the idea of giving any third party control over their private keys, many larger investors clearly prefer to have someone else handle the responsibility and technical issues.
From Xapo’s perspective, managing other people’s keys is a central feature of their platform. As Xapo President Ted Rogers told Bloomberg, “It’s a subject we discuss a lot, and we believe Bitcoin won’t reach the mainstream if people have to hold their own private keys.”