Hot & Cold Wallets, Why These Concepts Are Outdated
In general, institutions that hold digital assets separate their funds into two or more separate wallets: a “cold” wallet that holds the bulk of their funds (90%+ usually), while a “hot” wallet holds whatever remains for liquidity management purposes.
Hot wallets are connected to the Internet, and usually contain just enough funds to serve customer withdrawals, transfers, and other immediate needs, whereas cold wallets never connect to the internet and are often physically isolated, making them significantly more secure than hot wallets. Firms that use a mix of both solutions typically do so to balance accessibility with security, without maximizing either.
Though it is difficult to argue that using a combination of both hot and cold wallets is often better than using one or the other alone, this setup still has its fair share of issues and can be problematic for rapidly growing businesses.
The dual wallet approach threatens business continuity
Cold wallets can range from a simple hardware wallet like the Ledger Nano X stored in a bank vault, to more elaborate arrangements, like Xapo’s Swiss mountain bunker.
Cold wallets need to be physically accessed in order to initiate a transaction, this poses a significant throughput bottleneck since it is a costly and labor-intensive task to execute transactions. This issue is further compounded in the midst of the current pandemic, since social distancing measures, enforced lockdowns, and local restrictions can block access to the cold wallet.
In order to best manage risk, platforms need to closely balance the amount held in their hot wallets with customer demand, ensuring it has just enough funds in its hot wallets to meet its withdrawal needs. However, this arrangement does not lend itself to rapid changes in customer demand – such as in the midst of a bull run or bear period.
The internet is littered with stories about cryptocurrency exchanges that have had to temporarily halt or pause withdrawals due to sudden changes in demand. This has affected even the largest of cryptocurrency exchanges, including Coinbase, Bittrex, and Poloniex, potentially damaging their reputation, and causing user loss. This issue paints the need for a more flexible solution, that can simultaneously facilitate large numbers of transactions when necessary, while still providing granular control.
Cold storage does not mean secure
Many cryptocurrency users and custodians mistakenly believe that cold storage is the most secure way to store private keys, since cold storage setups are invulnerable to online threat vectors, like man-in-the-middle attacks, distributed denial of service (DDoS), and drive-by attacks.
The over-reliance on employees to carry out operations according to a desired procedure is risky as humans are well-known to be error prone when performing repetitive and cumbersome operations. Basic cold storage solutions do not offer any inherent governance options which could be used to mitigate the centralization risk.
Often, those cold storage solutions are built in-house and lack any third-party assessment of their actual security. While Ledger hardware wallet devices remain unhacked to date, the same does not hold true for most of the other wallets on the market. This means that physical access to the device would potentially enable the extraction of the seed. Knowing that devices that have been available on the retail market for more than 5 years are still vulnerable despite the intense effort from the community does not bode well for in-house solutions which benefit from limited investments.
Hot wallets remain vulnerable to hackers
Hot wallets, on the other hand, are notorious for being breached in one way or another. Whether it be through compromised internal tools, employee collusion, insider theft, phishing, or other identified or unidentified causes, there have been dozens of high-profile hot wallet thefts in recent years, affecting even some of the largest cryptocurrency exchanges – including Binance, Bithumb, and most recently: Kucoin.
Moreover, exchanges that lack cold storage entirely are even more prone to catastrophic losses, as was demonstrated by the $534 million Coincheck hack in 2018 – which saw 523 million NEM coins exfiltrated from its hot wallet. As such, hot wallets represent a liability, regardless whether used in combination with cold storage or not.
The vast majority of these hacks could have been thwarted if there were automatic, stringent controls in place to detect and block unusual activity, and by ensuring no single entity has absolute authority over the transaction approval process. Instead, traditional hot wallet setups do not segregate the transaction creation and signing processes, or incorporate both hardware and software-based defences, potentially leaving them vulnerable to attack.
Although most cryptocurrency exchanges and custodians keep only a small fraction of their funds in hot wallets, more advanced solutions like Ledger Vault eliminate the need to choose between speed and security.
Ledger Vault: Security and Scalability, Without Compromises
Fortunately, Ledger has designed a modern solution that offers a secure and scalable alternative to firms with significant exposure to cryptocurrencies, including custodians, exchanges, and hedge funds. This solution is known as Ledger Vault.
Through Ledger Vault, client firms benefit from security and flexibility that far exceeds that of cold storage, while opening the doors to truly scalable digital asset management.
Flexible governance framework
Unlike hot/cold wallet setups, the Ledger Vault enables highly flexible governance arrangements, which can enable a hot/cold like setup, without sacrificing speed, security, or accessibility.
This is achieved thanks to the capabilities of the admin rule and transaction rules, which are used to control who is able to access which accounts while ensuring transactions are subject to a series of automatically enforced checks and challenges before they can be signed by a quorum of operators.
With the Vault, clients can set as strict or as relaxed rules over each of their accounts as necessary, allowing them to control several important parameters in the transaction approval flow, including:
- How many operators are required to sign a transaction (M-of-N rule)
- The order in these signatures must occur in (e.g. CFO gives final approval)
- Which addresses accounts can transact with (address whitelisting)
- Amount-based additional restrictions (require additional approvals for high-value txs)
- Maximum transaction amount
Each account is subject to its own set of governance rules, allowing Vault users to set maximum security rules for high-value accounts, while lower-value accounts can be subject to less stringent checks for the sake of speed and efficiency.
The hot/cold wallet setup is widely acknowledged to be a trade-off that sacrifices security and governance for scalability. However, with Ledger Vault, secure digital asset management doesn’t need to come at the cost of flexibility or scalability, and nor do humans need to be involved at all for many steps – resulting in significant cost reductions while enabling secure high-speed payments and maintaining best-in-class security.
Through the Ledger API, Vault users can automate their transaction flows for specific classes of transactions, such as those to whitelisted addresses or those under a certain value. They can also manually modify their governance rules and initiate transactions through their back office systems via a secure channel used to communicate with the Vault.
The Ledger API enables firms to securely manage their Vault instance through their back office applications while retaining the same level of control, security, and flexibility. With functions ranging from transaction creation, wallet and governance framework management, and reporting of important data, the Ledger API represents the next step in accessible, secure digital asset management.
Current and Future Perspectives
As it stands, many governments, regulators, and consulting firms mistakenly believe that cold storage is the gold standard in digital asset security, largely due to its popularity among cryptocurrency exchanges as the ‘secure’ part of the hot/cold split wallet setup.
“The characterizations of “hot” and “cold” are outdated and obsolete ideas for the needs of the custody industry. New solutions will be temperature agnostic, and the industry needs to establish a new frame of reference moving forward.” – Amandine Doat, Associate General Counsel & Head of Public Policy at Ledger
Fortunately, Ledger presents an entirely original solution to the hot/cold dilemma with the state-of-the-art digital asset management solution known as Ledger Vault. Through Ledger Vault, institutions can limit risk by segregating their digital assets into as few or as many accounts as are necessary for their business operations, whereas a flexible governance engine restricts who is able to submit transactions for approval – and automatically blocks anything that falls outside of set parameters, while all valid transactions must be confirmed by a quorum of operators before being broadcast.
This private key-sparing approach enforces maximum security at all times, while still enabling instant liquidity for digital assets and massive scalability, thanks to the recently launched Ledger API. Now, institutions can offload most security checks to the single setup (per account) governance framework, and redirect these resources to growing their business and supporting their customers.