A cryptoasset bunker: the convergence of physical and digital security
Cryptoassets, particularly bitcoin, have attracted the interest of institutional investors. They have become an increasingly sophisticated market that requires comprehensive and complex security solutions.
The security of cryptoassets, which are one hundred percent digital, also needs a physical environment. The rise of these digital assets, with bitcoin as the most prominent case in a universe that also includes all kinds of tokens and other cryptocurrencies, has not gone unnoticed by cybercriminals. It is estimated that in 2020, more than $1.9 billion was lost in hacks, theft, fraud and misappropriation of cryptocurrencies and other cryptoassets.
To help solve the problem, Prosegur launched the Prosegur Crypto business at the end of last year, becoming the first global security company to offer a comprehensive model and service for the cryptoasset market. It is a business unit aimed primarily at financial institutions, government agencies, investment funds and managers, family offices and cryptocurrency exchanges.
The crown jewel in Prosegur Crypto department is its high-security bunker. This is a physical space for the storage and management of these assets, with over a hundred military-grade security measures. It has been developed with the advice of the Israeli cybersecurity company GK8, created by Israeli cryptography experts.
The links in the security chain
The first link in the cryptobunker's security chain is an HSM (Hardware Security Module) which generates, stores and protects cryptographic keys. If any improper access to this hardware is detected, its contents are completely erased.
The passwords generated by the HSM, which can be retrieved in other vaults in case of attacks, are stored in a highly secure briefcase. Only a very limited number of people have access to it. In addition, to avoid any risk of internal theft, no employee has all the information; no one can execute an operation by himself.
To eliminate the risk of cyber-attacks, the bunker also has a vault, which is totally isolated from the outside, both physically and digitally. This is the crypto-asset equivalent of what is known in the security industry as "cross pavement risk", which refers to the distance that the security guards have to cover on foot to carry the cash from a bank’s premises to the armoured van on the street. By eliminating connectivity in that vault, this "digital pavement risk" is eliminated.
In short, all transactions are carried out manually, in a secure physical space where there is no danger of a physical attack occurring or of the keys being copied or stolen.
It is somewhat paradoxical that ensuring the security of digital assets ultimately depends on physical spaces and manual operations, but this is a consequence of the logic of the world of cryptoassets: they function as a bearer asset. Whoever has the access keys to the digital currency, has the digital currency, without the need for any regulation or specific ownership title. This is why the risks are so great, and why institutional investors need sophisticated and comprehensive solutions.