The secret bunker for bitcoin assets
Published on 24.06.2022 | Reading time: 6 minutes
International security company Prosegur stores cryptocurrencies in super-secret locations without internet access. Partner O₂ Telefónica makes the communication possible and ensures that it is secure.
Looking at money, it quickly becomes clear that times have changed. In the ten biggest bank robberies, around 1.5 billion euros were taken, all told. In crypto hacks, it was around 3.9 billion euros in 2021 alone, according to the analysis company Crystal.
Jochen Werne is not surprised. “Anything of value arouses covetousness.” Werne is Chief Development Officer and Chief Visionary Officer Prosegur Germany. He develops new services for the German subsidiary of the international security group. Prosegur Crypto GmbH offers such a service, Werne is managing director: a custodian for digital assets – without an internet connection.
New money, new risks, new security concepts
Security world market leader Prosegur is famous for its yellow money carriers and became big in the cash business. With the boom of cryptocurrencies, new demands came to the company with headquarters in Madrid. The goal: to be able to offer the world’s most secure storage method for cryptocurrencies. In Germany, Prosegur works together with the business customer division of O2 Telefónica. Together, they are setting themselves up at a new level of security – the highest level, because billions in Bitcoin, Ethereum and other digital currencies are at stake.
“Our goal is to help give the new ecosystem the trust it deserves through security components,” says Werne. “Our history is closely intertwined with the security of any asset. Crypto custody is a logical evolution of our business.”
O2 networks vaults and money
O2 Telefónica is taking over the communication for Prosegur Germany, and completely. Karsten Pradel, Director B2B at O2 Telefónica, explains: “It starts with the mobile phone service for 3300 employees. In addition, around 1,000 of Prosegur’s yellow armoured cars and networked safes are equipped with a Global SIM from O2 Telefónica. In this way, the armoured vans and the security boxes are directly and securely connected to Prosegur’s company network. Via GPS, the routes of cash transporters can be documented and secured.”
O2 also provides fast fibre-optic access and secures internal communication against external access with VPN (Virtual Private Network) access. A completely new feature is a software-controlled data network (SD-WAN): this allows the Prosegur data traffic to be controlled intelligently and quickly.
In this way, the environment at the site can be secured against threats – where the internet traffic originates. An intelligent component links all communication paths and always selects the best one. This has three advantages, says Sören Jahnke, Global Solutions Engineer at O2 Telefónica: “A lot of bandwidth at a low price, more redundancy and thus communication security (because copper cable, fibre or mobile are used depending on availability and demand) and a better user experience because the services work better: ‘Everything runs much faster'”.
Where it gets critical is when people and the internet come into play
Prosegur aims to offer the ultimate crypto custody method. Yet transactions in cryptocurrencies are actually secure. Their cash book is the blockchain. That’s where the crypto money is stored. The blockchain is a digital document; digital copies of this document are stored simultaneously on a large number of computers – this makes it forgery-proof. When a transaction is made, the data chain contained in the document is supplemented in all copies by a data block that can never be deleted again.
However, it becomes critical when people and the internet come into play. Anyone who trades in cryptocurrencies needs a wallet. This is a kind of digital wallet. The wallet software in turn creates a digital signature and processes a transaction with the owner’s private key. Only in this way does the owner gain access to his crypto treasures stored in the blockchain and can use them. “You can always trace every step, what happened when and where,” says Jochen Werne.
Danger for assets and for people
This wallet can be made available in an app or on a computer and is usually connected to the internet. This is called a “hot wallet” – it is convenient because transactions can be made quickly, but it is vulnerable to hacker attacks. A “cold wallet” (also called “cold storage”) works without direct internet access – this can be a USB stick, for example. This form of asset storage has two problems. Firstly, a cold wallet can be the target of an extortionist or robber, just like a gold bar or large amounts of cash stored at home. Secondly, cold wallets are only secure as long as they are disconnected from the internet.
“For us, cold storage is not enough,” says Jochen Werne. “Because having large assets at the disposal of only one person not only endangers the assets, but also the person who has that power of disposal. Here, criminals not only resort to direct threats of violence on this person, but they often also threaten family members.” Prosegur Crypto therefore takes a different approach. The company stores customer data in a hardware security module (HSM). The technology works in much the same way as we would expect in an agent film.
No chance for “Ocean’s Eleven”
“This is a computer in a military-standard shielded case that is kept in one of our high-security facilities and is not connected to the internet,” Werne explains. If, contrary to all expectations, such a device should fall into the wrong hands, it deletes the stored data. Security protocols then stipulate that the data can be reconstructed via a highly complex system equipped with appropriate codes. Prosegur has a whole range of high-security facilities. The locations of the crypto-bunkers are, of course, secret.
“The entire security is fully electronically monitored with various modules and security protocols on several levels. These are smart fences, for example, where possible threats are analysed by artificial intelligence,” says Werne. Even an attack like in the film “Ocean’s Eleven” – George Clooney’s crew simply turns off the power there – would not work.
And yet Prosegur customers can initiate blockchain transactions online – what follows is a sophisticated process. In the process, the hardware security module connects to a computer network that makes blockchain transactions possible.
The technology comes from GK8, a company specialising in crypto technology; the method used here is so-called multi-party computing (MPC). The transaction is transferred to the user’s blockchain via several security instances, using a patented technology that does not require a direct connection to the internet. This secures the critical moment of the transaction. “Everything else stays in cold storage” – most of the time the crypto assets are in the Prosegur high-security vault, without an internet connection. Jochen Werne: “We believe that we can offer the most secure custody method for crypto assets in the world. Currently, we are preparing to launch this service with the appropriate licensing in the strictly regulated German market as well.”