To date, the Bitcoin industry has received over $1 billion in venture capital, and startups are trying their hand at developing services for the community or building on top of the distributed ledger technology (blockchain) that runs it. Last year saw a boom for Bitcoin startups, and like any growing ecosystem, some succeeded and some failed.
While the Bitcoin protocol itself provides a great deal of security for transactions, holding bitcoins can be a risky endeavor, especially if a startup happens to keep a hot wallet with a lot of cryptocurrency in it. These wallets are fat targets for hackers, fraudsters and would-be thieves.
Just like any other asset, bitcoins can be secured and insured. Since 2014 different quarters of the Bitcoin ecosystem have been working on solutions available to startups that can provide risk management in terms of securing bitcoins on hand or insuring bitcoins that may be lost due to digital highway robbery.
Below is a small list of resources that a Bitcoin startup should be aware of for getting secure or insured.
Insurance companies with bitcoin coverage
Bitcoin Financial Group
Bitcoin Financial Group, LLC is the first in the industry to offer insurance and financial services to handle needs of companies involved in the bitcoin space. It offers a service dedicated to bitcoin theft called BitSecure. It is a bespoke insurance product which means it is customized according to the needs of the client.
BitSecure protects both the corporate policyholder as well as its customers from any act, error, or omission of an Insured (including errors in technology, processes, and employees) which result in a theft of Insured Bitcoins (or their related private keys). The proprietary bitcoin theft insurance policy applies to both hacking incidents as well as employee theft, and you can choose to insure both hot wallets and cold storage. In case of loss, be it via hacking or employee theft, the policy will reimburse the full value of the stolen insured bitcoins and allow the corporate policyholder to work directly with it customers in the management and resolution of such incidents.
BitSecure is fairly new as it was just announced last February.
Great American Insurance Group
Great American Insurance Group is another institution that offers bitcoin insurance via its Fidelity/Crime Division. Its policy covers Employee Dishonesty, Money & Securities, Forgery and Computer Fraud, as well as a number of additional enhancements available by endorsement. Insurance coverage for bitcoin can be granted by endorsement to existing crime policy for mercantile and governmental customers who accept bitcoin.
The policy also provides tailor coverage to fit the needs of insureds. The addition of bitcoin coverage to the Fidelity/Crime Division was announced back in June 2014.
Insured Bitcoin storage
Elliptic Enterprise Ltd. is one of the first bitcoin storage services to offer insurance to its clients. Elliptic Vault stores bitcoin in cold storage which means bitcoins are kept offline and never re-invested. Bitcoin keys needed to access the bitcoin in cold storage are encrypted and stored offline, with multiple copies of the key made but each protected with layers of cryptographic and physical security, and only accessible to a quorum of Elliptic’s directors.
It is underwritten by Lloyd’s of London, the world’s specialist insurance market, giving it more credibility. If theft or hacking of bitcoin does occur, insurance payout will be calculated in U.S. dollar exchange rate at the time a claim is made.
Elliptic Vault also has international accreditation ISAE 3402 from KPMG which means its internal access controls, financial controls, regulatory compliance (including AML and KYC), disaster recovery, code deployment, segregation of duties and offline bitcoin storage techniques, are greatly scrutinized to make sure that its clients bitcoins are always safe and accessible to clients if needed.
Since November 2013, Coinbase, Inc. has been insured against employee theft and hacking in an amount that exceeds the average value of online bitcoin it holds at any given time. Which means if it has suffered from physical or cyber security breach, or its employee/s decided to steal from it, Coinbase will be able to give back its clients’ bitcoins. But it will not be held liable if the loss of bitcoins is due to the client’s lapse in security measures.
Coinbase’s insurance also contains standard policy exclusions such as force majeure or unavoidable accidents like war, strike, riot, or an act of God – hurricane, flooding, volcanic eruption, earthquake and other natural disasters.
It is insured with highly rated carriers, S&P rating of A+ or A.M. Best Rating of A XV or higher, and employs time-delayed withdrawals which gives clients 48 hours to cancel transactions; joint accounts can be utilized to approve transactions to ensure that bitcoins won’t be moved unless it is approved to be moved; and to ensure bitcoins are always safe and secure, 98 percent of bitcoins are stored offline in geographically distributed safe deposit boxes and physical vaults.
Dubbed as the Fort Knox of bitcoin, Xapo Ltd., is another bitcoin storage that offers insurance coverage in case of employee dishonesty or on-premise theft at Xapo Vault locations. Xapo Vault is insured by third party insurance companies with an A.M. Best rating of A or better.
Though the policy coverage may seem too limiting, Xapo explains that private keys are held offline in geographically dispersed Vaults which means access to it will only be due to employee dishonesty or on-premise theft, not from hackers, thus the policy specifically only covers such instances.
To keep bitcoins secured, Xapo implements multi-factor authentication and private key segmentation; encrypted bitcoin keys and cryptographic materials are physically stored offline on servers that will never be connected to the Internet and are guarded by humans coupled with automated security measures 24/7, and Vault locations are dispersed geographically to prevent being seized by government entities.
Also, there is a 48-hour wait for transactions to go through, ample time to cancel transactions in case they are not authorized by the owner of the bitcoins.
Bitcoin hacks and startup failures are not a thing of the past
The most famous Bitcoin fraud in the history of the industry is probably still the Mt. Gox fiasco where an apparent insider slowly embezzled bitcoins from the exchange. It was found that most of the bitcoins stolen from the exchange were siphoned directly from the exchange’s hot wallet starting in 2011 with most of them gone by 2013. Losses from Mt. Gox have been estimated to exceed $400 million.
Hacks and frauds in 2014 and 2015 hit various exchanges and startups costing millions of dollars. In 2014, BitPay lost $1.8 million in bitcoins. In 2015, BTER.com claimed a hack worth $1.66 million in bitcoins that led to a shutdown and Cryptoine and Cloudminr.io went offline due to separate incidents. The total amount of bitcoins lost to hacks since 2009 is unknown, but it’s clear that the damages reach into the hundreds of millions.
Working a Bitcoin startup means taking on particular risks and as a result it’s important to manage those risks with a well-researched plan and proper security. The list above should not be considered exhaustive, but could make a good starting point for security and insurance services.
This article features contributions from Mellisa Tolentino and Kyt Dotson.