Crypto startup Bakkt has released new details about its crypto custody service. In a blog post from earlier today, Bakkt updated followers on its bitcoin futures contract trading platform while also unveiling new details about its custody services.
Bakkt, for those out of the loop, has been a much-anticipated bitcoin trading platform for nearly a year. Originally announced in summer 2018, Bakkt was scheduled to launch in the fall. That start date was pushed back until January 2019, and then once again into Q2 2019.
Clearly, Bakkt is taking the times to make sure its trading platform is perfect before releasing to retail and institutional investors.
Today’s update from Bakkt COO Adam White discusses some of the work the company has been doing to ensure customer funds stay secure.
What We Learned from Bakkt Today
First, White confirmed the news that Bakkt had filed an application to the New York Department of Financial Services. The DFS is New York’s primary markets regulator and has relatively strict regulatory procedures compared to regulators in other states.
Next, White unveiled specific details Bakkt’s custody solution, which he claims has been in the works for two years.
White began by discussing the importance of security and testing. Prior to working at Bakkt, White was an executive at Coinbase. Before that, White was a test pilot in the United States Air Force. He’s using that high stakes experience to make sure Bakkt gets its right the first time:
“The high stakes environment of military flight test required every system and safeguard be checked and rechecked for safety and performance. As Bakkt prepares to provide custody of digital assets for sophisticated institutional clients, we’re applying the same rigor to safeguarding our customers’ funds.”
With those high standards of safety and security in mind, White and the team at Bakkt have built Bakkt’s custody solution off the same “institutional-grade hardware, operational controls, and cybersecurity systems” used by the Intercontinental Exchange (ICE) and its subsidiaries like the New York Stock Exchange.
Bakkt also revealed something else significant: the company is partnering with the Bank of New York Mellon (BNY Mellon) to ensure funds stay secure and geographically distributed.
Bakkt Acquires Digital Asset Custody Company (DACC)
As part of today’s announcement, it was also revealed that Bakkt has acquired Digital Asset Custody Company (DACC). The DACC team has been fully integrated into Bakkt.
The acquisition has added “native support of 13 blockchains and 100+ assets” to Bakkt, allowing the crypto startup to offer secure custody of more digital assets than before.
How Bakkt’s Crypto Custody Solution Works
Bakkt’s custody solution includes all of the following components:
Warm (Online) and Cold (Offline) Wallets
“Bakkt uses both warm (online) and cold (offline) wallet architecture to secure customer funds,” explains Bakkt CEO Adam White.
“The majority of assets are stored offline in air-gapped cold wallets that are insured with a $100,000,000 policy underwritten by leading global insurance carriers.”
Meanwhile, both the warm and cold wallets use on-chain and off-chain security measures to safeguard crypto keys, including the enforcement of multi-signature controls. Customer funds are protected by layers of additional controls – like multi-factor authentication, destination address whitelisting, and role-based permissions.
Strong Key Security
Bakkt’s warm wallet crypto keys are secured using FIPS 140-2 level 3 or higher hardware security modules (HSM). The HSMs have “physical and logical attributes” that “prevent the viewing, modification, or extraction of private key material.”
Additionally, all cold wallet cryptographic keys are sharded, encrypted, and geographically distributed in an m-of-n architecture. Private keys are never transferred across any open or unecrypted communication channel, and access is protected by firewalls and other network layer security controls.
Bakkt’s Physical Crypto Security
Bakkt uses strong physical security procedures to protect customer funds even further. All Bakkt’s cryptographic systems are secured “in bank-grade vaults and datacenters that are protected with 24/7 physical security.”
The building uses role-based permissions that limit employee access. Plus, systems are regularly tested to ensure a seamless transition to Bakkt’s parallel disaster recovery facilities.
Bakkt Reveals Partnership with BNY Mellon
Part of Bakkt’s physical security is a partnership with BNY Mellon, one of New York’s leading financial institutions.
BNY Mellon is helping Bakkt ensure geographically-distributed private key storage. In a statement, Bakkt praised BNY Mellon for having “a longstanding history of safeguarding the assets of institutional clients such as hedge funds, asset managers, and broker dealers, and we’re excited to work with them.”
The fact that BNY Mellon and Bakkt are working together is huge news for not only Bakkt, but future institutional support of crypto in general.
One of the World’s Most Advanced Cybersecurity Programs
Bakkt claims to use “one of the world’s most sophisticated cybersecurity programs”, including “the same systems that protect the New York Stock Exchange”.
Threats are identified from a “red team first” perspective, which involves full-scale testing of attack strategies against the institution. Threats are then managed by a global team of security specialists who collaborate closely with law enforcement and the global intelligence community to identify, analyze, and prevent attempts at inbound intrusion.
Operational Controls Allow Protection Against Withdrawal Attempts
One final aspect of Bakkt’s security systems is its operational controls. The company claims to have implemented “strict operating procedures to direct the safekeeping and storage of customer funds.” Withdrawal requests are received, verified, and processed by dedicated staff located in multiple geographies, with requests validated – both manually and systematically – against a policy ruleset. That policy ruleset analyzes things like the amount, destination, and velocity of transactions.
Bakkt also has additional anti-collusion and insider threat controls in place to prevent any member of the Bakkt team from accessing customer funds. In fact, Bakkt claims “no individual can access customer funds”, and any access to customer funds must be conducted by “multiple individuals from multiple teams in multiple locations”.
Bakkt is Preparing to Launch the Best Crypto Custody Solution in the Industry
Bakkt has been highly anticipated for months. Based on the information revealed today, Bakkt could live up to the hype. Bakkt could genuinely be the best crypto custody solution the industry has seen so far.
Bakkt not only uses the same infrastructure that successfully secures the Intercontinental Exchange (ICE) and the New York Stock Exchange (NYSE), but it has also improved on that infrastructure even further. The ultimate result is that institutions wishing to participate in crypto markets can do so more securely than ever before.