Bank Blog Crypto


State-of-the-art crypto custody


Original published in German at DER-BANK-BLOG. Please click HERE Translation created with

14 February 2022

Digital assets are as safe as their encryption? Unfortunately not. After all, the dangers do not only come from hackers. Security must be thought of more broadly, as examples of state-of-the-art crypto custody solutions show.

The protection of crypto assets can only be guaranteed if there is a clear awareness of the dangers. Attacks on digital assets such as cryptocurrencies or asstes no longer end with the numerous attack vectors of cyberattacks, but unfortunately already extend to the use of physical force against their owners. It is therefore important to raise awareness of possible dangers, as shown by examples of the state of today’s state-of-the-art crypto custody solutions.

According to, the total number of cryptocurrencies as of 12 December 2021 is 9,004 with a total market capitalisation of US$2.24 trillion. After Bitcoin, Ether, XRP, Litecoin and co, the Libra Coin initiated by Facebook received unprecedented media attention, triggered by the announcement of the project alone. And the emotionality and sharpness with which the discussion was conducted shows how seriously the topic is taken internationally at the state level. It is about reputation, influence, control, responsibility and only in the last instance about technology. And for every investor, it is first and foremost about protecting his assets.

The right sense of danger

In the future, protecting our assets will not just mean keeping our wallet in the deepest pocket of our jacket or handbag or turning the key to our flat twice in the lock. In the future, we will have invested part of the fruits of our labour, our fortunes, in crypto investments and cryptocurrencies. This part of our wealth needs to be kept safe, and we need to understand exactly where and how. This requires that we understand the risks. The sense of danger must therefore adapt, as must the lure of the new opportunities. For this, it is of utmost importance to understand the real dangers and to take appropriate protective measures.

As yet, however, this sense does not seem to be all that pronounced. According to Slowmist Hacked , which specialises in aggregating information on detected attacks on blockchain projects, apps and tokens, the total amount of crypto assets stolen in 122 different attacks in 2020 is $3.78 billion. Even though the evaluation is based on the Bitcoin peaks of January 2021, it clearly shows the importance of greater efficiency in security.

In comparison, only 1.63 billion US dollars were captured in the ten largest bank robberies of all time. Considering that the largest robbery took place when dictator Saddam Hussein ordered his son Qusay to withdraw nearly US$1 billion from Iraq’s central bank with a handwritten note, and the tenth largest robbery netted the perpetrators just US$18.9 million, crypto-cybercrime has become an extremely lucrative business.

Crypto custody: Do hot and cold wallets offer sufficient security?

The famous military scientist Carl von Clausewitz argued in the early 19th century: “An army on the defensive, without fortifications, has a hundred vulnerable points; it is a body without armour”. “We must always retain sufficient forces beyond the garrisons to be a match for the enemy in the open field, unless we can rely on the arrival of an ally to relieve our fortresses and free our army.” In cryptocurrencies, the wallet is the fortress and the blockchain – the distributed ledger – is the army in the open field. It is the job of modern crypto custodians – as guardians of their clients’ assets – to ask themselves daily what additional measures can be taken to best protect cryptocurrencies and crypto assets.

Crypto custody solutions typically involve a combination of hot storage or crypto custody that is connected to the internet and cold storage or crypto custody that is not. Rakesh Sharma comments on Investopia, “Both types of storage have advantages and disadvantages. For example, hot storage is connected to the internet and therefore offers better liquidity. But hot storage options can be vulnerable to hacks due to online presence. Cold storage solutions offer more security. However, it can be difficult to generate liquidity from crypto holdings in the short term because they are offline. Vaulting is a combination of both types of cryptocurrency custody solutions, where the majority of funds are stored offline and can only be accessed with a private key.”

The risk of becoming a victim of physical violence in private crypto custody

The risk of theft of crypto assets is no longer solely about digital robbery in cyberattacks and hacks. Physical violence against the owner of crypto assets or threats to family members is already sadly present. In November 2021, for example, the American co-founder of Tuenti, once billed as the Spanish Facebook, Zaryn Dentzel, was the victim of such an attack in his private Madrid flat.

Dentzel stated on record that the gangsters beat him and stabbed him in the chest with a knife while shooting him several times with a Taser.

Thus it becomes clear that the protection of crypto-assets must also go hand in hand with the fact that a perpetrator who is prepared to use physical force understands in advance that his alleged victim does not readily have power of disposal over his total crypto-assets. Cold storage not at home, but in a cold space, for example a high-security facility, can provide the necessary protection.

State of the art crypto storage meets high security facilities

In July 2021, Prosegur Crypto – the crypto custody subsidiary of Prosegur, one of the largest security companies in the world – announced the creation of the world’s first “digital asset custody bunker”. The consistent combination of a physically and digitally inaccessible environment here is unique to date.

In collaboration with cybersecurity company GK8, Prosegur Crypto brings together all the infrastructure, facilities, technologies and security protocols required to minimise all risk areas identified in the digital asset custody chain.

The solution consists of state-of-the-art cyber security systems provided by GK8’s patented technology and the highest level of a military-grade secured protection environment. It is based on a “360° inaccessibility” approach, mapping over 100 protection measures into 6 integrated layers of security. This ensures the highest possible protection against physical and cyber attacks.

The HSM (hardware security module, a device that generates, stores and protects cryptographic keys) is housed in a military grade briefcase within the high security vault. This vault is only accessible to a limited number of people who manage the data manually and offline. Staff have restricted access to the information they handle to avoid any risk of internal theft and work from a secure facility where there is no risk of physical attack, copying or theft of systems or passwords. In the event of an unauthorised attempt to access the HSM, its contents are permanently deleted. Immediately, a recovery plan is activated, including a protocol for recovering private keys using seeds located in various other vaults.

The module is connected to an MPC (Multi-party Computation) system, which provides a fast signature process on a state-of-the-art computer network and generates transactions on the blockchain without a direct internet connection. This minimises the possibility of fraudulent access and eliminates any potential vector for cyber attacks. These system features are patented and represent a highly differentiated offering in the market.

Plea for openness: danger recognised – danger averted

The analysis shows that from Clausewitz to the latest developments in cyber security and crypto-custody, the security perspective has hardly changed. The more you rely on a single system or fortress, the more vulnerable you are. It’s all about layered security, which makes it time-consuming and very costly for attackers to get what they desperately want.

We are still only at the beginning of a new era for our monetary systems. An era driven by technology in which it is increasingly important for every actor to develop a good understanding of it in order to build sustainable ones. Technology has never been right or wrong, only the way we humans use it can make it so.

New technologies offer the opportunity to make our world more prosperous for all – let’s use it!

The four principles of good governance

Author: Jochen Werne | First published in German on September 6, 2019 in the BANK—BLOG

Author Jochen Werne

How banks create stability to survive in change

The “cobra effect” is a prime example of failed incentive structures. Good governance in banks and savings banks must serve stability and flexibility at the same time. Compliance with four principles is indispensable.

Well-intentioned is not well done yet. Science calls this the cobra effect. It goes back to an event when India was still a British colony. In order to control a cobra plague, a British governor placed a bounty on every snake that he killed. With the result that enterprising Indians began to breed cobras to collect the bounty. When the governor learned of this practice, he had the program stopped and the breeders released the snakes. Result: The problem had multiplied.

The Kobra effect is regarded as a prime example of failed incentive structures – and thus of failed governance. This word, derived from the French “governance” for government, is often used today, and with its almost inflationary mention, the blur surrounding it is also growing.

So let us recall: governance refers to the structures and forms of governance that exist in a society. This refers to the interaction between the state, the private sector and interest groups. The aim is to improve the management of an organisation or a political or social unit in order to achieve better results.

Stability as an objective of governance

However, it has become common practice to use governance primarily when it is not a question of state structures. For example, the term plays an important role in practically all companies that deal with the public in the form of customers or stakeholders. As a result of the blurred use of the term, case studies from politics are often used today to explain economic frameworks.

Undoubtedly, there are many parallels between the governance of states and the governance of private companies, in their structure and processes and thus also in their form of governance. The decisive factor for both is first and foremost stability and thus the ability to cope with major crises. For states, the core of stability is the constitution, which enables leadership during the crisis and at the same time serves as the basis for a way out of the crisis. A current example of this is the national crisis in Austria. The government has failed; until the next elections a transitional government of experts will lead the country and thus guarantee stability. Around this core, however, a state structure must also have a certain flexibility in order to be able to react to developments.

Stability plus flexibility

And this is where the differences to the private sector begin. States are not in competition with the private sector and generally continue to exist even after crises, even if in extreme cases the political system and its fundamental form of governance may change. The situation is different for companies. Of course, they also need a stable core. But they must be extremely flexible and adapt to market situations in order to survive in the long term. Their stability is based on the flexibility of the process organisation. When it comes to flexibility, smaller companies often have an advantage over large, difficult-to-maneuver corporations. We see this in the financial services industry with the example of FinTechs and InsurTechs. However, these relatively small companies often lack the stability they need to survive when consolidating.

Let’s take the example of the banking industry: It faces clear challenges – digitization, new competing business models, exponential technology leaps and ever shorter product cycles with lower margins and increasing regulation. Sustainable answers and the resulting strategies will only be found by those houses that are stable in themselves on the one hand, but are also capable of a degree of flexibility that has never been demanded of them in history on the other.

Four principles of good governance

But how does a company obtain the necessary stability? There are four principles for good, i.e. successful, governance, which must always be present:

Accountability: There must be an organization that is controllable and controlled.
Accountability: The company as a whole and each individual employee are accountable for their actions.
Openness: Only when employees, customers and stakeholders understand what is happening is transparency actually lived out.
Fairness: Ethical conduct is one of the foundations for long-term value creation.

Governance must be lived

In order to achieve a satisfactory situation for both sides, the four principles of governance are indispensable. However, it is not enough to lay them down in statutes; they must also be lived by each individual.

In addition, the current major transformation issues, which not only the banks but also the entire economy have seized, should be seen as an opportunity for companies with a consolidated governance structure and remind us of a statement by the Roman philosopher Seneca, who said: “Only the tree that has been constantly exposed to gusts of wind is firm and strong, because in battle its roots are consolidated and strengthened”.