NovaTalks 10 | Como guardar seus criptoativos em segurança

[music] welcome everyone and welcome to our today’s session and i’m pepe leo from a ceo from novadox. Also today we have a special guest joaquin from bitco, and our today’s topic, uh looks very serious, but very important is how to safely store your crypto asset and as exchange, we always set the highest priority of security for our customers. So it’s very important. We invite hawking here to share the uh approach, the best practice to secure your asset, so uh for the beginning! Hawking, can you introduce a bit yourself sure um? first of all, uh thank you for for having me on for organizing this great event, so my name is joaquin sastra, i’m a director of sales and business development here at bitco? Bitco is one of the largest crypto custodians in the world and we also provide financial services and infrastructure for institutions in the digital assets ecosystem. Thank you thank you for joining us today.

So the first question will be related to the context: a lot of customers, no matter retail customer or the institute institutional customer. In a lot of cases, they are exposure to the risk. I mean the security of their asset is under risk. Can you explain a bit about what kind of risk they will probably have so um? there are a number of risks around um. You know operating in an exchange and holding the assets! The main two risks i would risks, i would say, are one losing their assets, of course, and secondly, not having access to their assets at any given moment so um the way, um exchanges and um. You know other digital asset platforms that receive send out, crypto, etc, etc, is through uh, different wallet and digital asset wallet infrastructures right. The general way, a normal exchange would work is by providing um omnibus wallets. What we call omnibus wallets, which are basically wallets that co-mingle all the digital assets of the clients right and uh. Those same wallets are used to essentially receive uh digital assets from the clients and send out um.

The main characteristics of of this wallets is that the end user doesn’t have control over the private keys of those ones right. So that means that the end client will have to rely on uh. You know the seriousness: the security procedures, the regulatory status et cetera, et cetera of that exchange provider to be able to access the coin? So there’s a big difference around holding digital assets on an exchange [music] where the final user depends in one way or the other to have access to those digital assets and um in in the country uh. There are ways also of of having your own wallets with also different water providers or with your own wallets, to store those assets that you have either bought or sold in that exchange um! I would finally mention that um this doesn’t mean that exchanges are not secure, not reliable at all um. What i would recommend in this sense is to operate with an exchange that is secure. That is reliable! You know that is in one way or the other uh regulated uh, and that really gives you that comfort to to operate at the end of a day and exchange the exchange’s main business is to uh, provide liquidity, match bits and asks right, um buy and sell orders um, and that’s why they do best so uh. That would be my my consideration in this topic! Thank you. Thank you uh. So next question is a bit basic because uh in novadox we have a lot of inexperienced customers. So in order to let them understand better, could you please uh, explain uh what is the main difference between hot wallet and cold wallet and why those exchange they use code wallet can serve better. The security is concerned absolutely so um the difference between what we generally uh call hard and we generally call cold wallet is um the way the private keys are held. Okay, just as a very quick summary of how a wallet works um. Let’s imagine we have a mailbox at home, okay, um, where we have the the address of the house, which is of course public to everyone!

Anyone can actually deposit in that mailbox right um and we also have the key to the mailbox, which is only in our own procession, and we are the only ones who can open the mailbox and withdraw take. What it’s in the mailbox.

Okay, so um the difference between hard and cold mailboxes or wallets is um.

That hot wallets are private keys, okay, so the keys that open those kind of wallets are stored in one way or the other online, in other words connected to the network. Okay, the cold wallets, of course, would be a wallet uh to which private keys, the keys that are able to sign the transactions to open those mailboxes are actually stored in what we call cold storage premises or devices, in other words, devices that are not connected to the network and um are actually generally very well secured and safeguarded in in different places.

So, that’s why it’s so important to take into consideration how the exchange that you use um manages all this hot cold wallet, um infrastructure right generally, how an exchange would work is um that um, it’s it’s a a way in which they use both kind of wallets in a way that they might have a very low percentage of all the funds in hot wallets to provide the liquidity needs to their clients every at any given moment and most of the the rest of the assets, the digital assets they have, they would store them in in cold wallets, where the keys are not connected to the network. Thank you! As the first question, i remember you mentioned two kind of risk.

One is more related to the safely stored key. The other is more related to the liquidity right! I believe this kind of risk you need to balance because uh as a user also the also node exchange. We need to always balance, and sometimes we need to liquid the the asset in the faster uh response, because the customer they need to liquidate their asset, but also we need to guarantee that we safely store the asset. Could you explain a bit? how can bitcoin balance these two uh requirements? absolutely um, so uh, following up on on on the exact point, i was discussing um a moment ago: um the the the the the way generally exchanges work in order to provide those two things? You were mentioning transactional, quick transactional ability and activity in order to provide liquidity and security! At the same time, it’s basically by using an infrastructure where you have both hot and cold wallets coexisting together, so uh the exchange would hold, let’s say, uh an approximate number, ten percent of all the digital assets that they hold in hot wallets! That enable them to to provide that quick liquidity without having to wait uh for assets to to to be withdrawn from cold wallets, and then they would have um the other 90 percent of the of the assets standing in cold storage, wallets, which um, apart from um, you know providing cold wallets that that have the private keys in cold storage facilities not connected to the network! It also gives uh! It also provides more friction when withdrawing from a cold wallet to a hot wallet. So basically the process would be um! You would um receive the digital assets into the hot wallets, depending on what balance, if it’s 10 90 or whatever balance you need in order to meet the liquidity needs of every day, you would move some of the assets to the cold storage wallets, and then you would just uh be rebalancing every day, depending again on how much you want to have in your hot wallets and how much you want to have in co-ops. Thank you and um? You talk about uh, the macadamias and how cold wally works, and the next question is related to seems?

There are a lot of options available in the market, so for the end customer how? what kind of aspects you will suggest the customer should check before they choose, which code wallet they should use absolutely so um?

There are a number of different um cold wallets in the market. Right um there are cold wallets that can be hold in um, your own hardware device? Okay, there are companies that sell you um, a very secure usb device where you can actually store those assets!

Okay, those are called hardware wallets and, of course, since that’s in a usb device that would be outside the network not connecting and therefore would be considered cold storage um. The bad news about that is that you, as an individual or as an entity, need to make sure that that device is safeguarded in a very, very secure place. Right and sometimes maybe people will forget where they put, that correct exactly um, that’s a a big setback right. There are also uh, just you know.

For for general knowledge, there are so wall um wallets which are um held in in paper. So these are basically uh public keys! Um or public addresses, which are essentially that address that you would put in your mailbox to know where to deposit and also the the private key used to withdraw from from that mailbox in a paper generally in a qr code uh, but in in the in the first years of the crypto space uh, there were wallets that were literally written down the the alphanumeric string, which composes the the private key was actually written down in a in a paper um, but again the bad part of of that is that, of course, you you need to safeguard that paper and, of course, it’s kind of more challenging and, and it’s easier, you know to destroy, etc. Um there’s another uh version of cold wallets, which is uh generally what what the industry is using nowadays um, especially exchanges like, like novadex or or or other you know, serious and and large exchanges out there in the in the industry, which are um voltage, wallets right um.

This essentially means that um, you would have a uh, literally uh physical vaults generally. Under a lot of you know, uh security from video.

You know fingerprints, etc, etc in in either bank bulbs or you know, ex former military premises, etc, etc. Where um the the servers? okay, the large uh, encrypted secure servers that would hold those private keys would be deposited um in in this big bowls and every time you wanted to to make a withdrawal uh, in other words, sign a transaction. There would have to be uh physical people going into the bold uh. You know extracting the key um um signing the transaction in an online device um, and this is essentially the the the most uh used and generalized way of using cold storage today in in the crypto industry. Thank you. Thank you.

So much so about bitco. Let’s talk about uh bitco, and so how can bitco differentiate, uh from other uh relevant products? what kind of unique technology or unique infrastructure bitcoin is applying sure so um bitco has been in the crypto industry since uh 2013.

, okay, um, we essentially in terms of wallets, would provide two main um types of wallets um? One of them is the software as a service infrastructure, the commonly named as we discussed before, hot wallets and the cold storage, qualified custody ones right, um, our founder and ceo mike bell.

She was uh the person who came up with with a very um famous um and very, very well known and and very used um, let’s say technology or setup for wallet which are the multi-sick ones, multi-signature ones. This essentially means that um we here here at bitgo, we use um mailboxes.

So this this this wallets that i i compared to mailboxes um, all our mailboxes oral wallets um have three private keys. Okay and two of them are required to sign transactions. So you multiply the security by a lot when you are actually using this multisig technology. Okay, on top of that um, each one of this uh keys each one of these three keys is sharded. Okay, this one of these uh three keys, um uh. We we we kind of cut them down where, with a chameleon secret, of a very commonly used, uh cryptographic method to to shard these keys, to cut them down into pieces, and in order to reconstruct each key, we would need a certain amount of those pieces in order to be able to reconstruct the key and to sign a transaction. So adding multisig, plus sharding um already brings a lot of security to the space um. Another big advantage that we have is again that we can provide a commingled combined service not only to exchanges but also large. You know financial institutions, asset managers, hedge funds, etc. We can offer them the combined hot and cold wallet setup, which means that they would have um! As many you know, hot wallets, um um opened in their in their bitcoin account um? These wallets can be actually connected via api to their own platforms, so they wouldn’t need to.

You know, create a an entirely new system or entire new app or entirely new web um.

In order to use the bitco services, this hot wallets would be used to facilitate the in and out crypto gateways to and from their clients? The same way you know a a bank would receive fiat funds and send out fiat funds in an automated way through their systems, and in addition to that, we would offer them the cold multisig wallets uh, which are handled by a totally different entity, uh called bitcointrust or one of our qualified custodians, regulated custodians that we have um in several jurisdictions around the world where actually, this uh bitco entity, this regulated custodian would hold um the those three keys of each wallet in our own bolted premises, all cold storage, of course, and we would be the fiduciary responder, the responsible of the funds, which is a very important concept um out there, especially in the in the financial industry right? There are a lot of regulatory companies that regulated companies! Sorry that actually need a third party right, a fiduciary to hold the assets um and also on top of that uh.

We offer um insurance policy, um included in in in our in our kind of product? Suite um, which is also a very a big differentiator of of our of our product line since again, in order to to to serve financial institutions- and you know, financial companies in general, the the insurance uh part is a very, very important um uh part of the of their business, and you know security procedures due diligence, etc.

Just to finalize what what we’re doing um right now at bitgo, apart from providing this different wallet infrastructures to make our clients lives easier, um is that we are essentially providing additional uh financial services. On top of these, you know basic uh part and call search custody services which are essentially uh trading. On the one side. Okay, we are the first um, the first um liquidity provider that provides liquidity directly from cold storage, wallets! Okay, so from wallets are you know which keys are actually for me? that’s the most attractive feature: yeah, yes um! so for for the people that haven’t been around um um a long time here in the in you know, in the crypto industry that um has been um, something very much demanded by the market being able to uh! You know uh, have liquidity and have access to liquidity without having to uh put your assets in a lot of different hot wallet. Um wallets around the the the you know, the the world in different jurisdictions, etc! So we provide that access directly from concerts and insured? Of course, um. We also have opened uh prime brokerage business line where we essentially uh lend and borrow uh digital assets and usds um, mostly to to to institutions and uh large partners um, and we also have a another business line, which i believe will be very, very powerful, which is called our portfolio and tax service line uh, which will essentially facilitate the life of of you, know the the people who work in their in finance or accounting and reporting by bringing together um all the exchanges, the community providers, et cetera, et cetera, different providers in a digital asset ecosystem and being able to create reports, tax reports, um and any kind of analysis reports um in one only platform which would be bitcoin um! So, as you can see where we we we’re working very hard- and we are you know, expanding products, uh pretty quickly. Awesome sounds great, and you mentioned a very important keywords as regulation and also there are some features relevant to a regulation like insurance, the tax report and how? how will you see the trend of the regulation in a crypto industry and you can mainly focus on the synergy between uh, the security and the regulation requirements sure so um! That is a a very, very, very broad question, right and and of course, that that is a question.

Um asked by a lot of our clients uh, who have been already a long time in the industry and also new plans, are that are coming in uh uh! You know in the recent months into the industry.

The truth is that regulation is very different depending on the jurisdiction. Okay, we have countries like the u. S, where you know right now? We have the occ opening a new custody regulation for the entire country uh. There are several states uh that have already been regulating the custody of digital assets, uh and also trading liquidity, etc, etc. Like new york or like south dakota, where we do have us bitco trust entities in both states, there’s also jurisdictions like japan, which are pretty advanced? Several countries in europe, um have been uh, pretty uh. You know uh early into the into into into the market um. Now we are seeing um germany with baffin regulating the custody business and also the liquidity side of things uh, also, france, so um, for example, in europe! All this regulation is starting in big countries um in the last few years and months! While we have the us which have been looking into this many more years, so it really depends on on the jurisdiction. What is um most important in my opinion, are two main things. First of all, we can already see the the appetite of the market, and i believe that the regulators have already said to themselves? Okay, this digital asset industry is here to stay.

We probably won’t be able to fight against it. So, let’s just make sure everything is done correctly safely and let’s protect the final user user right, which is by the way why regulation is here right in the entire world. We sometimes forget that regulation should protect finding users right yeah, actually that’s their purpose and of their existence! Yeah exactly it’s not just to bring more work to companies like ours, they or you know, uh bring a big bird into the market? So i i think that change of mentality um is very good and it’s positive?

There are different ways of regulating, of course, and and uh. I think we’re in the correct path in generally, most of the of the largest jurisdictions, but still there’s a lot of work to be done, and a lot of education to be done with regulators to to make them see the entire picture right um. The second thing i would say around regulation is from a final user perspective, um and as i as we were discussing uh before about wallets and about using a regulated exchange, etc, etc? Um regulation helps the final user to find and and and to find to have comfort of finding an exchange, uh or a custodian or any kind of digital asset service provider. That is uh! You know con in one way or the other controlled and uh you know goes through the the necessary processes that the regulator makes them go through in order to protect at the end of the day, the final user. So what i would say is that it is very important to make sure that any service provider you use in the digital asset space.

Please please try to look into how they are regulated in what jurisdiction they operate and that would bring you probably 85 of the comfort uh. You would probably need to figure out the 15 final right, absolutely uh? The the the end customer definitely need to invest their asset in some regulated, well-regulated entity in because no one wants to lose their asset suddenly in a random day, yeah and exactly so uh.

The last question: it’s for the end customer retail customers, because you talk a lot about uh how bitcoin and also the code wallet solution, helped exchange to to have better position in regulation and also earn the credibility? Let’s talk a bit about the retail customer, is it necessary for them to use uh code wallet or they just need to invest in the exchange with code wallet? what what would you say to the retail customers? i would say that’s a very personal uh decision to make okay um.

It really depends on? You know how much you value having direct um individual self access to your own funds.

Okay, as we were explaining before the main difference of using um, you know a wallet or or yeah following an exchange or an exchange holding your assets. Is that you’re not totally independent, and that is the truth right, let’s be totally open um if you are probably, if you are a small investor, you know, and you have just a small amount of the you know your portfolio um invested in crypto. I would say that just finding a you know, a serious regulated, uh exchange or liquidity provider is is good enough. Um. If you are um looking to uh, you know, invest larger amounts! You might want to actually uh have the same setup as the actual exchange would have right, where you would have some of your portfolio in the exchange to be able to buy or sell it very quickly and therefore not be out of the market? If there’s a big bump in the um or rise in the in the price of of the digital asset, you hold and probably use um a qualified custodian! A third party like us here at bitgo to to protect your assets or even hold up a physical device um.

I would say yeah that that would be my my main advice, also um. You mentioned this before, but uh it’s important to retrade it um holding your assets in a physical device or even in a paper um. You know you need to be very comfortable with that yeah complicated right. It has another risk like i said, some people just simply forget it and cannot find it. Yeah yeah uh, thank you for joining us today!

Thank you for your valuable uh, sharing your experience, your suggestions that will uh that they are definitely helpful. Thank you again and i think uh, that’s all for today. Thank you. Thank you, bae. Thank you very much for for having me and um again. Thank you for holding this this event. I think it’s great for the industry and i’m here to to help and um anytime, okay and let’s work better to make this industry better together. Thank you.

Let’s do it! thank you? !