Multisig security on Luno
TL;DR - Luno uses multisig for both cold storage and hot wallets.
One of the biggest advances in Bitcoin security in recent years has been the development of multi-signature (or “multisig”) technology.
While Luno has been using a multisig solution for our cold storage since inception, we’re also happy to announce that we have implemented multisig for our hot wallets.
At Luno we take security extremely seriously, and this is just another step in making sure we provide a world-class security infrastructure to our customers.
So why do we need multisig, and how does it all work?
Let’s step back in time a bit. As many of you will recall, much of the early press around Bitcoin focused on certain questionable operators and the loss of users’ bitcoin. What wasn’t always clear to the readers was that these losses and vulnerabilities had nothing to do with the consistent reliability of Bitcoin and the underlying protocol, but had everything to do with service providers that didn't have the appropriate technology and internal checks in place to secure funds.
For example - if you leave your car unlocked on the street with the key in the ignition and someone steals it, it doesn’t point to an inferior vehicle, it points to negligent and inferior security precautions.
On private keys
For every Bitcoin wallet, there is a wallet address associated with it: this is similar to your bank account number. You can freely distribute this address; it is needed by a sender for you to receive Bitcoin in the wallet and you can check the Bitcoin received into the wallet on the Blockchain.
Each wallet address has a private key associated with it: this is similar to the password you need to access your bank account. This key is needed when funds get sent out of the wallet and if anyone gets their hands on the private key, they have access to sending your money, just as would be the case if you gave your bank password away to a stranger.
A number of the security issues around Bitcoin stems from hackers stealing private keys held in insecure environments, using the keys to access their accounts and effectively emptying out other peoples’ wallets.
Enter cold storage
These private keys can be stored somewhere where the device isn’t connected to the Internet, virtually eliminating the risk of a hacker getting access to them. The keys can be stored in digital form or one could even write the keys down on a piece of paper and keep them in a vault somewhere. The only way a hacker can get access to these keys is by gaining physical access to the vault.
The vast majority of all bitcoin we hold is kept in cold storage - we use multiple highly secure bank vaults with a whole range of access controls and procedures in place. While this virtually eliminates the risk of breach, it isn’t always practical to move these keys from the vaults to online computers when customers want to transact as it is a slow physical process. It is for this reason that some of the keys are stored on computers that are connected to the Internet - these are called “how wallets”.
So what is multisig?
Instead of a Bitcoin wallet having a single private key associated with it, with multisig you have multiple private keys associated with a wallet. Whenever you want to send funds from a wallet, it can be configured so that two out of the three keys are required to authenticate the transaction (technically you can have any amount of keys and any amount of those keys required to do the transaction).
Obviously, if both keys are held in the same environment (both on our servers, for instance) and that environment gets compromised, the perpetrators would have access to both keys, rendering multisig no better than a normal single-key wallet.
A clever solution is to engage with an independent custodian who holds the second signing key in a separate secure environment. This means that even if an attacker manages to compromise one of the keys (e.g. by hacking into a server, which in itself would be a difficult, but somewhat plausible feat), they still won’t be able to move out a user's funds.
We have partnered with one of the leaders in Bitcoin security and a pioneer of multisig technology for this, the security-as-a-service company BitGo.
In order to process any transaction with a Luno wallet, both BitGo and the Luno Wallet system must sign the transaction with their respective keys. So, if an attacker was able to compromise either BitGo’s system (or ours), only one key would be exposed, which would be insufficient to steal the wallet funds.
We have been using and testing multisig-technology to secure our cold storage funds for the past year already, now we are pleased to announce that our hot wallet system has been switched over too.
At Luno, we consider security to be the utmost priority and we are continually working on implementing additional security layers and protections.