How Luno keeps your Bitcoin safe
At Luno, our number one priority is to keep our customers' Bitcoin safe and secure. Our engineering team lives and breathes this, day in and day out. And there is a good reason for it. Our reputation depends on it. We aim to be the best and most secure way for customers to buy and store Bitcoin.
The secret to keeping Bitcoin safe is effective key management.
Public-key cryptography works like a post box.
Anyone with your post box address can send money to you, but the only way to spend that money again is to have access to that post box’s key.
In Bitcoin terms, the key is known as a private key. Each has a corresponding wallet address. Without it, no one is capable of accessing the Bitcoin in your wallet. So it's important to keep private keys safe from being lost or stolen.
It is possible for you to keep your Bitcoin private keys on your computer. But this is like keeping money under your mattress rather than at a bank. Unfortunately, most people do not fully understand the risks associated with self-storage. It is almost always better to trust a secure Bitcoin storage service provider in the majority of cases.
There are 2 main ways to store Bitcoin securely which are used in combination:
- Offline: Storing Bitcoin on a computer not connected to the internet is known as cold storage. This makes the keys secure, but difficult to access
- Online: Bitcoin wallet keys stored on a server connected to the internet- a hot wallet. This is easy to access but is less secure.
At Luno, we go a step further in keeping your Bitcoin secure.
The majority of our customers' keys are kept in physical bank vaults inside safety deposit boxes. We call this our "deep freeze" storage solution. It features processes and procedures to maximise safety:
- Deep-freeze keys are "multi-sig" keys, meaning that multiple keys always need to be present to authorise a Bitcoin transaction. It is a bit like a bank vault that requires multiple keys to be turned at the same time before it can be unlocked.
- Only specific individuals have access to the safety deposit boxes, and the same person does not have access to more than one safety deposit box.
- Private keys in the safety deposit box are encrypted, so it is impossible for a bank employee to steal the key.
Our deep-freeze storage is purposefully difficult to access. So for day-to-day operations, a small percentage of Bitcoin are kept in a combined-strategy system, using offline cold storage and an online hot wallet. This allows us to ensure we always have Bitcoin available during the day.
Balancing security and availability in this way takes some skill.
Our customers demand the best of both from us - they want their Bitcoin to be super secure, but they also want quick access to it when they need it. Luno achieves this with a combination of cold storage and a hot wallet.
In addition to our internal security measures, we have also integrated a co-signing partner as our hot wallet co-signing service.
The only way to spend Bitcoin from our hot wallet is if both Luno and our partner authorise the transaction using multi-sig keys. They also offer additional security measures like daily and lifetime key spend limits.
A security measure we regularly encourage our users to enable on their account is two-factor authentication. This adds an additional layer of security to the account.
Protecting private keys is difficult.
When signing up for a new Bitcoin service/exchange or installing a wallet, ask the following questions:
- Do I trust the people building the product or service?
- Do they understand and implement secure key storage?
- Do they have a strong technical and engineering background with sufficient resources to stick around for a long time?
- Do they have security features like two-factor authentication or integrate with security partners?
- Do they undergo regular security and financial audits?
- Is the company backed by world-class investors?
When choosing who to trust with keeping your Bitcoin safe, do your research and pick a reputable company that is backed by top-class investors, has a solid engineering team in place, that makes security paramount, and that implements various methods to keep Bitcoin secure.