Keeping our customers’ Bitcoin safe
At Luno, our number one priority is to keep our customers' Bitcoin safe and secure. Our engineering team lives and breathes this, day in and day out. And there is good reason for it. Our reputation depends on it. We aim to be the best and most secure way for customers to buy and store Bitcoin.
The secret to keeping Bitcoin safe is effective key management. The cryptographic functions that keep your Bitcoin safe in your Luno wallet is based on “public-key cryptography”.
Public Key Cryptography
Public-key cryptography works like a post box. Anyone with your post box address can send money to you, but the only way to spend that money again is to have access to that post box’s key. In Bitcoin terms, the key is known as a “private key” and each key has a corresponding post box address known as a “wallet address”. Without the private key, no one is capable of accessing the Bitcoin in your wallet. It is therefore of utmost importance to keep private keys safe from being lost or stolen.
It is possible for you to keep your own Bitcoin private keys on your own computer - but this is like keeping money under your mattress rather than at a bank. Unfortunately, most people do not fully understand the risks associated with self-storage and it is almost always better to trust a secure Bitcoin storage service provider in the majority of cases.
There are 2 main ways to store Bitcoin securely which are used in combination:
- Offline: Storing Bitcoin on a computer not connected to the internet. This makes the keys highly secure, but difficult to access. This offline method of storing is known as “cold storage”
- Online: Bitcoin wallet keys stored on a server connected to the internet. This makes the keys easy to access and Bitcoin can be sent quickly, but is relatively less secure than the above method. This is known as “hot wallet” storage
At Luno, we go a step further in keeping your Bitcoin secure.
The vast majority of our customer Bitcoins are stored in keys that are kept safe in physical bank vaults inside safety deposit boxes. We call this system our "deep freeze" storage solution. It features a number of special processes and procedures to maximise safety:
- Deep-freeze keys are "multi-sig" keys, meaning that multiple keys always need to be present to authorise a Bitcoin transaction. It is a bit like a bank vault that requires multiple keys to be turned at the same time before it can be unlocked.
- Only specific individuals have access to the safety deposit boxes, and the same person does not have access to more than one safety deposit box.
- Private keys in the safety deposit box are encrypted, so it is impossible for a bank employee to steal the key.
Our deep-freeze storage is purposefully difficult to access, so for day-to-day operations, a small percentage of Bitcoin are kept in a combined-strategy system, using offline cold storage and an online hot wallet. This allows us to ensure we always have Bitcoin available to process sends during the day.
Balancing security and availability in this way takes some skill.
Our customers demand the best of both from us - they want their Bitcoin to be super secure, but they also want quick access to it when they need it. Luno achieves this by using a combination of cold storage and a hot wallet.
In addition to our own internal security measures, we have also integrated a co-signing partner as our hot wallet co-signing service. The only way to spend Bitcoin from our hot wallet is if both Luno and our partner authorises the transaction using multi-sig keys. They also offer additional security measures like daily and lifetime key spend limits.
A security measure we regularly encourage our users to enable on their account is two-factor authentication. This adds an additional layer of security to the account.
Protecting private keys effectively is difficult. When signing up with a new Bitcoin service/exchange or installing a new Bitcoin wallet, ask yourself the following questions:
- Do I trust the people building the product or service?
- Do they understand and implement secure key storage?
- Do they have a strong technical and engineering background with sufficient resources to stick around for a long time?
- Do they have special security features like two-factor authentication or integrate with security partners?
- Do they undergo regular security and financial audits?
- Is the company backed by world-class investors?
When choosing who to trust with keeping your Bitcoin safe, do your research and pick a reputable company that is backed by top class investors, has a solid engineering team in place, that makes security paramount, and that implements various methods to keep Bitcoin secure.
Read more here.