Press Brand Story: George Clooney would have no chance

The secret bunker for bitcoin assets

Published on 24.06.2022 | Reading time: 6 minutes

Source: Die Welt – original language German | Translated by deepl.com

International security company Prosegur stores cryptocurrencies in super-secret locations without internet access. Partner O₂ Telefónica makes the communication possible and ensures that it is secure.

Looking at money, it quickly becomes clear that times have changed. In the ten biggest bank robberies, around 1.5 billion euros were taken, all told. In crypto hacks, it was around 3.9 billion euros in 2021 alone, according to the analysis company Crystal.

Jochen Werne is not surprised. “Anything of value arouses covetousness.” Werne is Chief Development Officer and Chief Visionary Officer Prosegur Germany. He develops new services for the German subsidiary of the international security group. Prosegur Crypto GmbH offers such a service, Werne is managing director: a custodian for digital assets – without an internet connection.

New money, new risks, new security concepts

Security world market leader Prosegur is famous for its yellow money carriers and became big in the cash business. With the boom of cryptocurrencies, new demands came to the company with headquarters in Madrid. The goal: to be able to offer the world’s most secure storage method for cryptocurrencies. In Germany, Prosegur works together with the business customer division of O2 Telefónica. Together, they are setting themselves up at a new level of security – the highest level, because billions in Bitcoin, Ethereum and other digital currencies are at stake.

“Our goal is to help give the new ecosystem the trust it deserves through security components,” says Werne. “Our history is closely intertwined with the security of any asset. Crypto custody is a logical evolution of our business.”

O2 networks vaults and money

O2 Telefónica is taking over the communication for Prosegur Germany, and completely. Karsten Pradel, Director B2B at O2 Telefónica, explains: “It starts with the mobile phone service for 3300 employees. In addition, around 1,000 of Prosegur’s yellow armoured cars and networked safes are equipped with a Global SIM from O2 Telefónica. In this way, the armoured vans and the security boxes are directly and securely connected to Prosegur’s company network. Via GPS, the routes of cash transporters can be documented and secured.”

O2 also provides fast fibre-optic access and secures internal communication against external access with VPN (Virtual Private Network) access. A completely new feature is a software-controlled data network (SD-WAN): this allows the Prosegur data traffic to be controlled intelligently and quickly.

In this way, the environment at the site can be secured against threats – where the internet traffic originates. An intelligent component links all communication paths and always selects the best one. This has three advantages, says Sören Jahnke, Global Solutions Engineer at O2 Telefónica: “A lot of bandwidth at a low price, more redundancy and thus communication security (because copper cable, fibre or mobile are used depending on availability and demand) and a better user experience because the services work better: ‘Everything runs much faster'”.

Where it gets critical is when people and the internet come into play

Prosegur aims to offer the ultimate crypto custody method. Yet transactions in cryptocurrencies are actually secure. Their cash book is the blockchain. That’s where the crypto money is stored. The blockchain is a digital document; digital copies of this document are stored simultaneously on a large number of computers – this makes it forgery-proof. When a transaction is made, the data chain contained in the document is supplemented in all copies by a data block that can never be deleted again.

However, it becomes critical when people and the internet come into play. Anyone who trades in cryptocurrencies needs a wallet. This is a kind of digital wallet. The wallet software in turn creates a digital signature and processes a transaction with the owner’s private key. Only in this way does the owner gain access to his crypto treasures stored in the blockchain and can use them. “You can always trace every step, what happened when and where,” says Jochen Werne.

Danger for assets and for people

This wallet can be made available in an app or on a computer and is usually connected to the internet. This is called a “hot wallet” – it is convenient because transactions can be made quickly, but it is vulnerable to hacker attacks. A “cold wallet” (also called “cold storage”) works without direct internet access – this can be a USB stick, for example. This form of asset storage has two problems. Firstly, a cold wallet can be the target of an extortionist or robber, just like a gold bar or large amounts of cash stored at home. Secondly, cold wallets are only secure as long as they are disconnected from the internet.

“For us, cold storage is not enough,” says Jochen Werne. “Because having large assets at the disposal of only one person not only endangers the assets, but also the person who has that power of disposal. Here, criminals not only resort to direct threats of violence on this person, but they often also threaten family members.” Prosegur Crypto therefore takes a different approach. The company stores customer data in a hardware security module (HSM). The technology works in much the same way as we would expect in an agent film.

No chance for “Ocean’s Eleven”

“This is a computer in a military-standard shielded case that is kept in one of our high-security facilities and is not connected to the internet,” Werne explains. If, contrary to all expectations, such a device should fall into the wrong hands, it deletes the stored data. Security protocols then stipulate that the data can be reconstructed via a highly complex system equipped with appropriate codes. Prosegur has a whole range of high-security facilities. The locations of the crypto-bunkers are, of course, secret.

“The entire security is fully electronically monitored with various modules and security protocols on several levels. These are smart fences, for example, where possible threats are analysed by artificial intelligence,” says Werne. Even an attack like in the film “Ocean’s Eleven” – George Clooney’s crew simply turns off the power there – would not work.

“WE BELIEVE WE CAN OFFER THE MOST SECURE CUSTODY METHOD FOR CRYPTO ASSETS IN THE WORLD”

JOCHEN WERNE
Chief Development Officer and Chief Visionary Officer Prosegur Germany


And yet Prosegur customers can initiate blockchain transactions online – what follows is a sophisticated process. In the process, the hardware security module connects to a computer network that makes blockchain transactions possible.

The technology comes from GK8, a company specialising in crypto technology; the method used here is so-called multi-party computing (MPC). The transaction is transferred to the user’s blockchain via several security instances, using a patented technology that does not require a direct connection to the internet. This secures the critical moment of the transaction. “Everything else stays in cold storage” – most of the time the crypto assets are in the Prosegur high-security vault, without an internet connection. Jochen Werne: “We believe that we can offer the most secure custody method for crypto assets in the world. Currently, we are preparing to launch this service with the appropriate licensing in the strictly regulated German market as well.”

Bank Blog Crypto

Bank Blog Publication: WHERE BITCOINS MEET HIGH SECURITY FACILITIES

State-of-the-art crypto custody

by JOCHEN WERNE

Original published in German at DER-BANK-BLOG. Please click HERE Translation created with DeepL.com

14 February 2022

Digital assets are as safe as their encryption? Unfortunately not. After all, the dangers do not only come from hackers. Security must be thought of more broadly, as examples of state-of-the-art crypto custody solutions show.

The protection of crypto assets can only be guaranteed if there is a clear awareness of the dangers. Attacks on digital assets such as cryptocurrencies or asstes no longer end with the numerous attack vectors of cyberattacks, but unfortunately already extend to the use of physical force against their owners. It is therefore important to raise awareness of possible dangers, as shown by examples of the state of today’s state-of-the-art crypto custody solutions.

According to Investing.com, the total number of cryptocurrencies as of 12 December 2021 is 9,004 with a total market capitalisation of US$2.24 trillion. After Bitcoin, Ether, XRP, Litecoin and co, the Libra Coin initiated by Facebook received unprecedented media attention, triggered by the announcement of the project alone. And the emotionality and sharpness with which the discussion was conducted shows how seriously the topic is taken internationally at the state level. It is about reputation, influence, control, responsibility and only in the last instance about technology. And for every investor, it is first and foremost about protecting his assets.

The right sense of danger

In the future, protecting our assets will not just mean keeping our wallet in the deepest pocket of our jacket or handbag or turning the key to our flat twice in the lock. In the future, we will have invested part of the fruits of our labour, our fortunes, in crypto investments and cryptocurrencies. This part of our wealth needs to be kept safe, and we need to understand exactly where and how. This requires that we understand the risks. The sense of danger must therefore adapt, as must the lure of the new opportunities. For this, it is of utmost importance to understand the real dangers and to take appropriate protective measures.

As yet, however, this sense does not seem to be all that pronounced. According to Slowmist Hacked , which specialises in aggregating information on detected attacks on blockchain projects, apps and tokens, the total amount of crypto assets stolen in 122 different attacks in 2020 is $3.78 billion. Even though the evaluation is based on the Bitcoin peaks of January 2021, it clearly shows the importance of greater efficiency in security.

In comparison, only 1.63 billion US dollars were captured in the ten largest bank robberies of all time. Considering that the largest robbery took place when dictator Saddam Hussein ordered his son Qusay to withdraw nearly US$1 billion from Iraq’s central bank with a handwritten note, and the tenth largest robbery netted the perpetrators just US$18.9 million, crypto-cybercrime has become an extremely lucrative business.

Crypto custody: Do hot and cold wallets offer sufficient security?

The famous military scientist Carl von Clausewitz argued in the early 19th century: “An army on the defensive, without fortifications, has a hundred vulnerable points; it is a body without armour”. “We must always retain sufficient forces beyond the garrisons to be a match for the enemy in the open field, unless we can rely on the arrival of an ally to relieve our fortresses and free our army.” In cryptocurrencies, the wallet is the fortress and the blockchain – the distributed ledger – is the army in the open field. It is the job of modern crypto custodians – as guardians of their clients’ assets – to ask themselves daily what additional measures can be taken to best protect cryptocurrencies and crypto assets.

Crypto custody solutions typically involve a combination of hot storage or crypto custody that is connected to the internet and cold storage or crypto custody that is not. Rakesh Sharma comments on Investopia, “Both types of storage have advantages and disadvantages. For example, hot storage is connected to the internet and therefore offers better liquidity. But hot storage options can be vulnerable to hacks due to online presence. Cold storage solutions offer more security. However, it can be difficult to generate liquidity from crypto holdings in the short term because they are offline. Vaulting is a combination of both types of cryptocurrency custody solutions, where the majority of funds are stored offline and can only be accessed with a private key.”

The risk of becoming a victim of physical violence in private crypto custody

The risk of theft of crypto assets is no longer solely about digital robbery in cyberattacks and hacks. Physical violence against the owner of crypto assets or threats to family members is already sadly present. In November 2021, for example, the American co-founder of Tuenti, once billed as the Spanish Facebook, Zaryn Dentzel, was the victim of such an attack in his private Madrid flat.

Dentzel stated on record that the gangsters beat him and stabbed him in the chest with a knife while shooting him several times with a Taser.

Thus it becomes clear that the protection of crypto-assets must also go hand in hand with the fact that a perpetrator who is prepared to use physical force understands in advance that his alleged victim does not readily have power of disposal over his total crypto-assets. Cold storage not at home, but in a cold space, for example a high-security facility, can provide the necessary protection.

State of the art crypto storage meets high security facilities

In July 2021, Prosegur Crypto – the crypto custody subsidiary of Prosegur, one of the largest security companies in the world – announced the creation of the world’s first “digital asset custody bunker”. The consistent combination of a physically and digitally inaccessible environment here is unique to date.

In collaboration with cybersecurity company GK8, Prosegur Crypto brings together all the infrastructure, facilities, technologies and security protocols required to minimise all risk areas identified in the digital asset custody chain.

The solution consists of state-of-the-art cyber security systems provided by GK8’s patented technology and the highest level of a military-grade secured protection environment. It is based on a “360° inaccessibility” approach, mapping over 100 protection measures into 6 integrated layers of security. This ensures the highest possible protection against physical and cyber attacks.

The HSM (hardware security module, a device that generates, stores and protects cryptographic keys) is housed in a military grade briefcase within the high security vault. This vault is only accessible to a limited number of people who manage the data manually and offline. Staff have restricted access to the information they handle to avoid any risk of internal theft and work from a secure facility where there is no risk of physical attack, copying or theft of systems or passwords. In the event of an unauthorised attempt to access the HSM, its contents are permanently deleted. Immediately, a recovery plan is activated, including a protocol for recovering private keys using seeds located in various other vaults.

The module is connected to an MPC (Multi-party Computation) system, which provides a fast signature process on a state-of-the-art computer network and generates transactions on the blockchain without a direct internet connection. This minimises the possibility of fraudulent access and eliminates any potential vector for cyber attacks. These system features are patented and represent a highly differentiated offering in the market.

Plea for openness: danger recognised – danger averted

The analysis shows that from Clausewitz to the latest developments in cyber security and crypto-custody, the security perspective has hardly changed. The more you rely on a single system or fortress, the more vulnerable you are. It’s all about layered security, which makes it time-consuming and very costly for attackers to get what they desperately want.

We are still only at the beginning of a new era for our monetary systems. An era driven by technology in which it is increasingly important for every actor to develop a good understanding of it in order to build sustainable ones. Technology has never been right or wrong, only the way we humans use it can make it so.

New technologies offer the opportunity to make our world more prosperous for all – let’s use it!