Five ways to secure and insure your Bitcoin startup

Five ways to secure and insure your Bitcoin startup

To date, the Bitcoin industry has received over $1 billion in venture capital, and startups are trying their hand at developing services for the community or building on top of the distributed ledger technology (blockchain) that runs it. Last year saw a boom for Bitcoin startups, and like any growing ecosystem, some succeeded and some failed.

While the Bitcoin protocol itself provides a great deal of security for transactions, holding bitcoins can be a risky endeavor, especially if a startup happens to keep a hot wallet with a lot of cryptocurrency in it. These wallets are fat targets for hackers, fraudsters and would-be thieves.

Just like any other asset, bitcoins can be secured and insured. Since 2014 different quarters of the Bitcoin ecosystem have been working on solutions available to startups that can provide risk management in terms of securing bitcoins on hand or insuring bitcoins that may be lost due to digital highway robbery.

Below is a small list of resources that a Bitcoin startup should be aware of for getting secure or insured.

Insurance companies with bitcoin coverage

Bitcoin Financial Group

Bitcoin Financial Group, LLC is the first in the industry to offer insurance and financial services to handle needs of companies involved in the bitcoin space. It offers a service dedicated to bitcoin theft called BitSecure. It is a bespoke insurance product which means it is customized according to the needs of the client.

BitSecure protects both the corporate policyholder as well as its customers from any act, error, or omission of an Insured (including errors in technology, processes, and employees) which result in a theft of Insured Bitcoins (or their related private keys). The proprietary bitcoin theft insurance policy applies to both hacking incidents as well as employee theft, and you can choose to insure both hot wallets and cold storage. In case of loss, be it via hacking or employee theft, the policy will reimburse the full value of the stolen insured bitcoins and allow the corporate policyholder to work directly with it customers in the management and resolution of such incidents.

BitSecure is fairly new as it was just announced last February.

Great American Insurance Group

Great American Insurance Group is another institution that offers bitcoin insurance via its Fidelity/Crime Division. Its policy covers Employee Dishonesty, Money & Securities, Forgery and Computer Fraud, as well as a number of additional enhancements available by endorsement. Insurance coverage for bitcoin can be granted by endorsement to existing crime policy for mercantile and governmental customers who accept bitcoin.

The policy also provides tailor coverage to fit the needs of insureds. The addition of bitcoin coverage to the Fidelity/Crime Division was announced back in June 2014.

thief robber pick pocket steal stolen money robbed

photo credit: Ruth and Dave via photopin cc

Insured Bitcoin storage

Elliptic Vault

Elliptic Enterprise Ltd. is one of the first bitcoin storage services to offer insurance to its clients. Elliptic Vault stores bitcoin in cold storage which means bitcoins are kept offline and never re-invested. Bitcoin keys needed to access the bitcoin in cold storage are encrypted and stored offline, with multiple copies of the key made but each protected with layers of cryptographic and physical security, and only accessible to a quorum of Elliptic’s directors.

It is underwritten by Lloyd’s of London, the world’s specialist insurance market, giving it more credibility. If theft or hacking of bitcoin does occur, insurance payout will be calculated in U.S. dollar exchange rate at the time a claim is made.

Elliptic Vault also has international accreditation ISAE 3402 from KPMG which means its internal access controls, financial controls, regulatory compliance (including AML and KYC), disaster recovery, code deployment, segregation of duties and offline bitcoin storage techniques, are greatly scrutinized to make sure that its clients bitcoins are always safe and accessible to clients if needed.

Coinbase

Since November 2013, Coinbase, Inc. has been insured against employee theft and hacking in an amount that exceeds the average value of online bitcoin it holds at any given time. Which means if it has suffered from physical or cyber security breach, or its employee/s decided to steal from it, Coinbase will be able to give back its clients’ bitcoins. But it will not be held liable if the loss of bitcoins is due to the client’s lapse in security measures.

Coinbase’s insurance also contains standard policy exclusions such as force majeure or unavoidable accidents like war, strike, riot, or an act of God – hurricane, flooding, volcanic eruption, earthquake and other natural disasters.

It is insured with highly rated carriers, S&P rating of A+ or A.M. Best Rating of A XV or higher, and employs time-delayed withdrawals which gives clients 48 hours to cancel transactions; joint accounts can be utilized to approve transactions to ensure that bitcoins won’t be moved unless it is approved to be moved; and to ensure bitcoins are always safe and secure, 98 percent of bitcoins are stored offline in geographically distributed safe deposit boxes and physical vaults.

Xapo

Dubbed as the Fort Knox of bitcoin, Xapo Ltd., is another bitcoin storage that offers insurance coverage in case of employee dishonesty or on-premise theft at Xapo Vault locations. Xapo Vault is insured by third party insurance companies with an A.M. Best rating of A or better.

Though the policy coverage may seem too limiting, Xapo explains that private keys are held offline in geographically dispersed Vaults which means access to it will only be due to employee dishonesty or on-premise theft, not from hackers, thus the policy specifically only covers such instances.

To keep bitcoins secured, Xapo implements multi-factor authentication and private key segmentation; encrypted bitcoin keys and cryptographic materials are physically stored offline on servers that will never be connected to the Internet and are guarded by humans coupled with automated security measures 24/7, and Vault locations are dispersed geographically to prevent being seized by government entities.

Also, there is a 48-hour wait for transactions to go through, ample time to cancel transactions in case they are not authorized by the owner of the bitcoins.

Mark Karpeles, chief executive officer of Tibanne Co., poses for a photograph with a bitcoin in the office operating the Mt.Gox K.K. bitcoin exchange in Tokyo, Japan, on Thursday, April 25, 2013. Bitcoin digital currency, which carries the unofficial ticker symbol of BTC, was unveiled in 2009 by an unidentified programmer, or group of programmers, under the name of Satoshi Nakamoto. Supply is capped at 21 million Bitcoins and managed by a software algorithm embedded into the digital currency?s design, rather than a monetary authority such as a central bank. Photographer: Tomohiro Ohsumi/Bloomberg via Getty Images

Mark Karpeles, chief executive officer of Tibanne Co., poses for a photograph with a bitcoin in the office operating the Mt.Gox K.K. bitcoin exchange in Tokyo, Japan. As CEO he has presided over one of the largest Bitcoin heists (and potentially frauds) of the industry’s history. Photographer: Tomohiro Ohsumi/Bloomberg via Getty Images

Bitcoin hacks and startup failures are not a thing of the past

The most famous Bitcoin fraud in the history of the industry is probably still the Mt. Gox fiasco where an apparent insider slowly embezzled bitcoins from the exchange. It was found that most of the bitcoins stolen from the exchange were siphoned directly from the exchange’s hot wallet starting in 2011 with most of them gone by 2013. Losses from Mt. Gox have been estimated to exceed $400 million.

Hacks and frauds in 2014 and 2015 hit various exchanges and startups costing millions of dollars. In 2014, BitPay lost $1.8 million in bitcoins. In 2015, BTER.com claimed a hack worth $1.66 million in bitcoins that led to a shutdown and Cryptoine and Cloudminr.io went offline due to separate incidents. The total amount of bitcoins lost to hacks since 2009 is unknown, but it’s clear that the damages reach into the hundreds of millions.

Working a Bitcoin startup means taking on particular risks and as a result it’s important to manage those risks with a well-researched plan and proper security. The list above should not be considered exhaustive, but could make a good starting point for security and insurance services.

This article features contributions from Mellisa Tolentino and Kyt Dotson.

photo credit: Bitcoin IMG_1924 via photopin (license)

Mellisa Tolentino

Staff Writer at SiliconANGLE
Mellisa Tolentino started at SiliconANGLE covering the mobile and social scene. Over the years, her scope expanded to Bitcoin as well as the Internet of Things. SiliconANGLE gave Mellisa her break in writing and it has been an adventure ever since. She’s from the sunny country of Philippines where people always greet you with the warmest smile. If she’s not busy writing, she loves reading, watching TV series and movies, but what she enjoys the most is playing or just chilling on the couch with with her three dogs Ceecee, Ginger, and Rocky.

SIGN UP FOR THE SiliconANGLE NEWSLETTER!

Join our mailing list to receive the latest news and updates from our team.

SIGN UP FOR THE SiliconANGLE NEWSLETTER!

Join our mailing list to receive the latest news and updates from our team.

Submit a Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Share This

Share This

Share this post with your friends!