NEW YORK (InsideBitcoins) — Last week, BitGo announced a partnership with Innovation Insurance Group LLC for the purposes of insuring any bitcoin secured via the company’s multisig storage solutions against possible loss or theft. The new insurance policy protects paying BitGo customers against up to $250,000 in losses, and additional protection can be purchased for a one percent annual fee. Both hot and cold wallets are covered under the unique policy, which has led many to ponder the implications this newly available insurance could have on bitcoin exchanges.
Exchanges need insurance
With all of the hacks and thefts that have taken place in the bitcoin industry over the past few years, one would imagine that traders could be wooed into moving to a new exchange through the promise of insured bitcoin deposits. At this time, the only traditional bitcoin exchanges that offer any sort of insurance on bitcoin deposits are Coinbase Exchange and Coinsetter. Coinbase Exchange has an insurance policy for their hot wallets, while 50% of all Coinsetter deposits are covered through Xapo Vault.
[Read More: Bitcoin Insurance: The Real Deal or a PR Ploy?]
With the recent partnership between Bitstamp and BitGo, it could make sense for Bitstamp deposits to be covered under this new policy. I was able to discuss the new insurance offering with BitGo CEO Will O’Brien via email, but he stated, “We are not disclosing which customers have opted into that additional guarantee at this time.”
Although O’Brien was not willing to discuss specific clients, he was able to share his thoughts on the need for insurance at bitcoin exchanges in general:
“There is lot of demand for additional protection in the exchange market. With the high profile hacks that have occurred over the years, exchanges need to do everything they can to instill confidence that customer funds are safe. By working with BitGo, exchanges get best-in-class security technology and can now benefit from an insurance-backed guarantee.”
It is unknown if Bitstamp has decided to purchase extra insurance coverage for their customers at this time, but it appears that ChangeTip deposits are completely covered through their own partnership with BitGo. ChangeTip’s cold storage wallet appears to be far below the $250,000 threshold for free insurance coverage, and company hot wallets tend to hold a small percentage of what’s available in reserves.
— Nick Sullivan (@gorillamania) February 25, 2015
Can traders finally rest easy?
BitGo has their own fraud prevention system and the ability to implement spending limits, but the reality is that the exchange is still responsible for limiting access to their BitGo wallets. In other words, a hacker or insider could gain access to an exchange’s BitGo wallet and steal some bitcoin. In such an instance, O’Brien explained that it would be unclear if BitGo’s insurance policy would be activated:
“Subject to forensic investigation and the terms and conditions of the policy — If BitGo is at fault for the theft or loss of bitcoins, the customer will be a loss payee of the policy. If the loss is solely due to fault of the customer, it’s not covered at this time.”
Elliptic has an alternative option
In addition to BitGo, I also reached out to Elliptic to get their perspective on insured bitcoin deposits. Elliptic CEO James Smith was able to describe how their offering differs from what is available through BitGo:
“If the exchange loses their copy of the [online] key and the backup key, they should still be able to access their funds by retrieving the encrypted [online] key from BitGo and using it with the BitGo [custodial] key. Thus, it’s still unlikely that they’ll lose customer funds simply by losing their keys, so in that regard it’s no worse than Elliptic’s solution.
“Where there is a difference, though, is in that the exchange is still responsible for establishing proper security around their copies of the exchange key and the backup key. If a thief were to obtain access to the exchange’s copies of the backup key and the exchange key, he would be able to steal all of the customers’ funds. Therefore, the exchange is still responsible for maintaining expert levels of security around their two keys.”
It’s unlikely that “all” of the customer’s funds could be stolen due to BitGo’s use of spending limits and their fraud detection system, but Smith was able to further explain how Elliptic’s manual withdrawal process does provide a different security model for insured cold storage wallets:
“All funds stored with Elliptic are 100% in ‘deep cold storage’. This involves generating all private keys offline, on computers which have never been nor will ever be connected to the Internet, all in a physically secure location. In order for a withdrawal to be made, there is always a manual step required; this has the effect of making electronic theft impossible (i.e. hacking through the Internet).
“When we receive a withdrawal request, we first verify the request with the account owner. We then create a bitcoin transaction, which is unsigned at this stage, and would not be accepted by the bitcoin network. This unsigned transaction is akin to an unsigned cheque. We take the unsigned transaction to one of the physically secure locations, where we keep the private keys which are used for transaction signing. Once there, we can use the relevant private key to sign the transaction, making it valid. This all occurs offline (i.e. there is no connection to the Internet at this stage). We can then leave the secure location with a copy of the signed transaction (now resembling a signed cheque!), which can be broadcast onto and accepted by the bitcoin network.”
[Read More: Winklevoss Twins to Launch Bitcoin Exchange with FDIC Insured Deposits]
Earlier this month, BTC China Senior Business Development Manager Greg Wolfson told Inside Bitcoins that an immature bitcoin insurance market was to blame for the lack of insurance offerings at exchanges. With the variety of guarantees now available from BitGo, Elliptic, and Xapo, it will be interesting to see which exchanges decide to offer an extra level of security to their users.
You can follow @kyletorpey on Twitter.