What security-first custody means at Bakkt
By: Dan O’Prey – Chief Product Officer – Bitcoin & Crypto at Bakkt
Following the bankruptcy of FTX and Alameda Research, and the news of crypto disappearing from those exchanges, we feel it is important to share how we obsess over security and build thoughtful process into every facet of our approach to crypto custody. The truth is, at Bakkt we’re obsessed, really obsessed, when it comes to security, and it’s been that way since the start. Created as part of Intercontinental Exchange was just the beginning, but it’s no surprise that one of the largest exchanges in the world would recognize the importance of security and regulation as core operating principles.
Our approach to custody encompasses several layers of protection and risk management that are intentionally designed to minimize the ability for anyone to bypass process controls or access private keys.
From a physical perspective, as much Bakkt-custodied crypto is placed in cold storage as possible and the keys are held in a bank grade vault across multiple secret locations, protected by guards and biometric security features. We generate all our custodied wallets completely offline and only bring what is necessary for trading volumes online. Funds are divided between warm and cold storage with limits to how much can be stored in each type and within each individual wallet. The majority of funds are stored in deep cold storage. For example, when a consumer utilizing the Bakkt platform purchases bitcoin, that bitcoin is acquired and stored on a 1:1 basis in our cold wallet. We have the exact amount of crypto that was acquired by a customer within our vault.
From a process perspective, we have thoroughly considered our approach and built-in additional process and technical controls. We utilize a highly secure multi-signature structure for all wallets. This means that several private keys are required to enable the transfer of funds. In addition, our system requires that multiple participants give approval before a private key can even be accessed for signing. The architecture of broader blockchain design doesn’t always allow multi-sig in the same way that bitcoin does. For example, other networks like ETH require smart contacts to achieve multi sig functionality, but Bakkt has built a distinct approach where we also follow a multi-sig approach for ether.
Once crypto currency is in our cold storage, we take extra precautions to reduce the risk of unauthorized access. The crypto can only be sent from Bakkt cold storage to our own warm wallets, preventing anyone from sending it to an external wallet. From Bakkt’s pre-approved warm wallets, assets can only be withdrawn and sent to a previously authorized wallet address that has been formally approved by a customer. The process for authorizing wallet addresses with customers includes 2FA and video authorization among other controls.
Our entire business has been built with the highest standards for risk, security and governance.
As a public company, we are subject to extremely strenuous review processes, including in-depth audits from regulators and leading third party audit firms. We also have to prove the function and operation of our processes and authority structure. We continually review access permissions to the custody platform to validate that only authorized staff can perform required functions based on their role. We also regularly perform code reviews and penetration testing against the custody platform to determine if there are any flaws that could result in misuse of the platform. Bakkt’s custody entity also maintains a separate Governance Board. The Bakkt Trust Board is solely focused on the safe and effective operation of Bakkt’s crypto custody operations as a separate, regulated entity. The Bakkt Trust Company is regulated by New York State Department of Financial Services (NY DFS) and is completely separate from the operating entity so that consumer funds are segregated from the rest of the business.
We share all of this to give you greater understanding of what a regulatory first approach looks like and why we have taken such care in building it since our founding in 2018.