Cryptocurrencies are the latest class of highly versatile digital assets that have disrupted the global financial industry. These assets, first introduced in the form of Bitcoin back in 2009, have grown rapidly along with the applications of their underlying blockchain technology across industries.
Bitcoin was designed to be a completely decentralized, transparent peer-to-peer mode of value exchange without intermediaries or trusted third parties like banks or other financial institutions. The premise is carried forward by almost all the crypto assets that followed. The trustless transactions that are carried out on the crypto networks are recorded on a decentralized ledger called the Blockchain, readily queried by using block explorers. The crypto assets themselves are just alphanumeric strings that are associated with a private key. Anyone controlling the private key also controls the assets associated with it, enabling them to hold or transfer these assets to any other private key as they wish.
Crypto Wallets
Crypto wallets are special applications that allow users to manage their private keys so that they can send and receive crypto assets across the world. Crypto wallets are designed to make handling private keys more user-friendly and human-readable while providing additional security features to prevent others from gaining access to the private key, in turn, the digital assets associated with them. Meanwhile, a public key generated by the private key acts as the address for transactions over the crypto network.
Depending on accessibility, key storage, and operating process, the wallets can be majorly classified into software and hardware wallets. The majority of the software wallets fall under the online wallets category, with few exceptions, while most hardware and physical wallet solutions are considered offline wallets. Another familiar categorization of wallets, especially in the enterprise sector, includes hot, cold, and warm wallets, with hot and warm wallets being online software wallets while cold wallets are always offline software or hardware wallets.
Significance of Cold Wallets in Handling Crypto Assets
Cold wallets are an important part of secure cryptocurrency storage solutions, useful especially for individuals and enterprises handling or holding significant amounts of crypto assets. To understand why it is important, a refresher on cold wallets is in order.
What are Cold Wallets?
Cold Wallets are, in a way, regular crypto wallets, but with a major exception. These wallets remain isolated from an internet connection for the most part or throughout their existence. To ensure security and eliminate the potential cybersecurity risks that could compromise assets stored in them, they use private keys that are generated by offline devices. Without the keys being ever exposed online, they are virtually immune to a wide range of cyberattacks, viruses, and malware.
While executing transactions on a cold wallet involves more steps than their hot and warm counterparts, they are not that complicated either. Most of the cold wallet solutions available today are designed to be compact, highly portable, and easy to use. A typical cold wallet is a piece of hardware that resembles a USB stick or a small digital music player. Inside them, they contain a special, purpose-built hardware security module (HSM) responsible for key generation and secure storage. They also include additional security features like a password or a PIN to safeguard the contents in the event it is lost or stolen.
Role of Cold Wallets in Wallet Infrastructure
A typical wallet infrastructure for an enterprise of a crypto platform includes a combination of hot, cold, and warm wallets arranged in a particular order for efficient movement of funds within a secure environment. The cold wallets are responsible for safeguarding a major portion of funds held by the platform. Funds from the cold wallet are withdrawn as a requirement arises to ensure smooth operation while diverting any excess funds to the cold wallet for safekeeping. This combination allows platform operators to minimize risk exposure to their entire holdings without compromising their quality of service to the clients.
The Reality of Cold Wallet Implementation in Today’s Wallet Infrastructure
Theoretically, the combination of hot, cold, and warm wallets, along with best wallet usage practices, should make the existing wallet infrastructure failproof. However, in this not-so-ideal world, the reality is far from expectations, partially due to poor implementation and ignorance. As a result, cold wallets sometimes face continued risk exposure, unbeknownst to the platform operator. Even otherwise, managing cold wallets in the present-day setting is a prolonged and cumbersome process.
Most platform operators today either implement software multisig or MPC-based cold wallet infrastructure. While both types have their own advantages, they also tend to possess a few qualities that fall short of offering the necessary security and flexibility one generally desires from a cold wallet solution. A few common cold wallet-related issues include
Key Leakage and Management Issues
Efficient key management plays a very important role in safeguarding the private keys of any wallet. When it comes to cold wallets, extra precautions need to be taken as these wallets will be securing a major part of overall crypto assets in the platform’s custody. The widely used wallet infrastructure requires manual intervention by designated trustworthy people in possession of the private keys to enable transactions.
A combination of the complex, time-consuming cold wallet transaction initiation process and the unpredictability surrounding liquidity demand on crypto platforms makes it impossible for a single person to manage the entire process. As a result, to ensure uninterrupted service, crypto businesses usually share the wallet keys with multiple senior and mid-level managers to create redundancy. While such practices enable round-the-clock monitoring and timely refill of warm and hot wallets, it also introduces unnecessary risk, exposing the private keys to cyber threats, including hacking, phishing, malware, etc, targeting the key holders.
Sharing the keys with multiple people also reduces accountability, opening the doors for possible mistakes, deliberate misappropriation, and siphoning of funds by insiders.
These abovementioned key management risks are just the tip of the iceberg as there are possibilities of more serious issues occurring at the very top, starting with the key generation. Key generation in the crypto wallet context is the process of creating a wallet by generating a cryptographic private key. Creating own private keys contributes to better security as there is no dependency on third parties. But if good practices aren’t followed, it may have a completely opposite effect. Some of the most common mistakes committed during the key generation process include the use of low entropy secrets without using the Key Derivation Function (KDF) or poor KDF parameters, the use of weak encryption protocols, or unsuitable block cipher modes. All these factors will result in the creation of weaker private keys and associated public keys that can be easily compromised. If that’s not enough, key owners may end up writing down or storing the keys in human-readable plain text format on their devices, which allows cybercriminals or anyone sifting through these devices to copy them and access the cold wallets at their convenience.
MPC Wallets Aren’t Any Better
Apart from the good old HSM-based wallets, some consider MPC wallets to be more secure as they require partial keys generated by one or more devices, either accessed by a single or multiple individuals, to complete the private key necessary to execute transactions. In an MPC setting, unless someone has access to all the necessary partial keys from multiple sources, they can’t access the wallet. However, the MPC wallets are based on proprietary software, generally developed, owned, and operated by a handful of companies. Few operators like FireBlocks adopt the Software-as-a-Service model to deliver MPC solutions to crypto companies at a cost.
The MPC software offered by different providers isn’t always compatible with each other or conventional wallet systems, making it almost impossible to migrate from one provider to another without making significant changes in the operation. As a result, the platforms operating the MPC wallet ecosystem do not have complete control over their wallet infrastructure due to increased dependency on the MPC provider, making them highly vendor dependent, even to resolve any issues that may occur during operations.
No Takers for Native Multisig
Native Multisignature (Multisig) wallets have been around for a while now. As the name suggests, these wallets require multiple signatures to execute transactions that offer similar benefits as an MPC wallet but without creating any dependency on a third party. Unlike MPC, multisig wallets are increasingly becoming compatible with HSMs while creating the necessary redundancies to ensure continued access and safety of funds stored in them.
Multisig wallet operations enable the creation of a trusted group, where each party will have their own private keys used to partially sign the transactions. Only after the requisite number of signatures from the trusted group are satisfied is the transaction gets initiated. Multisig infrastructure allows platforms to specify the number of people/keys to be included in the trusted group as well as the minimum number of signatures necessary for transaction execution. A trusted group can have more people/keys than the number of signatures needed for a transaction. Anyone from the group can sign transactions, which will be executed once the requisite number is reached.
By designating a larger trusted group than the number of signatures needed for transaction execution, companies can create fail-safes where in the absence of a few members, others can still sign the transaction. Such an arrangement will help avoid risks like loss of private keys or passwords, loss or damage of devices due to various reasons, and even the unfortunate demise of one or more members of the trusted group. The need for multiple signatures also reduces the risks associated with cyberattacks as the chances of keys belonging to all the parties to a multisig transaction being compromised is very rare. It also brings in accountability, as any transaction can be executed only after reaching consensus, and no single person can unilaterally initiate a fund transfer with malicious intent.
A Single Solution for All Coins Ends up Lowering the Security for All Assets
One of the main reasons for MPCs gaining popularity is convenience, which may come at the cost of security. MPC wallets can be considered pretty generic when it comes to different digital assets in blockchain parlance. It adopts a “single solution fits all” approach without any room for asset-specific customization. MPCs use the same technology, including security algorithms, to secure both cold and hot wallets. Its design creates many single points of failure, which takes one single solution from an adversary to compromise the entire MPC algorithm, making every single asset across the platform vulnerable to theft.
The nascent stages of development in MPC algorithms and their applications in the crypto sector only make things worse. The complex dynamics and lack of complete understanding of MPC technology by the masses make it impossible to anticipate all possible vulnerabilities. At the moment, to avoid any unexpected shocks, MPCs are ideal for low-risk scenarios that can be automated, like in the case of periodic sweeping of funds from the hot wallet to the cold wallet for safekeeping.
Time and Cost of MPC Operations
As proprietary software, the turnaround time for upgrades or the addition of new assets is difficult as well as time-consuming. Most of these changes can’t be directly affected by the client and need vendor support and expertise. At the same time, MPC wallet solutions do not come cheap as vendors tend to follow USD volume-based pricing structure. As a result, any rise in the value of crypto assets against USD, which is quite common given the volatile nature, will end up raking bigger bills for the platforms.
Further exacerbating the problem is the role of cold wallets in a platform’s wallet infrastructure. Cold wallets are used to store the majority of the platform’s funds. They are either continuously refilled by sweeping in excess funds from hot wallets or used to refill hot wallets, effectively processing huge volumes, and any slight difference in the value of these assets could lead to a surge in the total USD value of assets handled and in turn the service costs in case of MPC wallets. As a result, in spite of their growing popularity, MPC wallets aren’t really suitable for use as cold wallets.
Designing an Ideal Cold Wallet Solution
The issues surrounding the existing cold wallet infrastructure are not a big secret. The advantages, shortcomings, and seriousness of risks associated with the existing infrastructure are well-known yet conveniently ignored so far. Liminal, the enterprise crypto assets storage, and security solutions provider, has reviewed the current solutions and come up with a more secure and convenient alternative in the form of Liminal Smart Cold Wallets.
With its Smart Cold Wallets solution, Liminal has redefined the value proposition for cold wallets by addressing most of the existing shortcomings. It is created by keeping the following design principles in mind.
Design Principles Shaping Liminal’s Cold Wallet Infrastructure
The main intention of using a cold wallet as part of the wallet infrastructure is to minimize the risk of exposure of crypto assets held by the platform. It can be achieved by incorporating enhanced security measures. But as most platforms cater to a large number of clients in a time-sensitive environment, these security measures shouldn’t come at the cost of a reduction in operational efficiency. The design principles of Liminal’s cold wallet infrastructure solution — Smart Cold Wallets, take these factors into consideration and prioritizes accordingly.
Securing Maximum Value First
Crypto enterprises and platforms generally handle large amounts of crypto assets with a very high market value. The wallet infrastructure is designed to minimize losses in case of an unfortunate event where the platform may get compromised. It is achieved by storing a major chunk of the entire crypto holdings in cold wallets, which act as vaults with private keys isolated from the environment. These funds are virtually inaccessible to the world. The general practice involves storing about 70%-80% of the holdings in cold wallets while the remaining 20%-30% is held in hot wallets or other storage solutions to cater to immediate and short-term capital requirements.
Maximum Security at Protocol Level, Wherever Possible
Native technologies are intertwined with the blockchain protocols hosting the crypto assets. Using such technologies makes it possible to address issues at the core instead of operating on abstract layers that create more dependencies and potentially create multiple points of failure if not executed carefully. Using native technologies also simplifies the solution to achieve maximum efficiency. Liminal’s design philosophy relies heavily on this fact to ensure the security and compatibility of its solutions for each supported asset on its respective blockchain protocols. With Liminal’s Smart Cold Wallets, the Multisig implementation for crypto assets is specific to supported protocols and incorporates available native support.
Best Practices Every day, Everywhere
In every secure system, the weak link is usually the user. The security features of any system work in conjunction with a set of best practices a user is expected to follow. There is no second-guessing the best practices, and Liminal completely agrees with the belief. Every Liminal solution is designed to operate within the boundaries of recommended best practices, and the Smart Cold Wallet is no different. Some of the best practices implemented in Liminal’s cold wallet solution include:
– MPC for Assets in Motion, HSM for Assets in Cold
MPCs are ideal for automated processes, while HSMs are a perfect fit for cold storage of crypto assets. Liminal’s Cold Wallets makes the best use of the strengths of available instruments by adopting a hybrid approach. The combination of MPC and HSM in Smart Cold Wallets has specific functions, with the former being used for sweeping funds from hot wallets to cold wallets, etc., while HSM secures most of the platform’s funds.
– Key Distribution Across Organizations
Don’t put all your eggs in one basket, a familiar idiom makes good sense when it comes to safeguarding private keys. The risk of keys being compromised is very high when all the keys are handled within the organization. It could be due to various factors, including the use of poor key management practices to secure all the keys, external attacks on an organization’s infrastructure or individuals, and even misappropriation by an insider. Liminal allows clients to minimize risk by assigning a few keys to trusted third parties as a precaution against threats, both external and internal. Liminal also acts as one of the trusted third-party custodians and signing authority for transactions executed over the platform’s wallet infrastructure.
– Easy and Independent Backup and Recovery
Dependency impacts self-sufficiency. Liminal believes that every crypto user should always be in control of their wallets. They should be able to perform all vital actions by themselves without having to rely on external vendors or other third-party organizations. As a result, all components of Liminal crypto storage and management solutions, including the Smart Cold Wallets, can be backed up and restored by the clients without the involvement of Liminal or other proprietary software.
Liminal’s Smart Cold Wallet Solution
Smart Cold Wallets is Liminal’s cold storage solution for enterprises, family offices, and others to safeguard their crypto assets. Using a combination of manual and automated processes, the Smart Cold Wallets infrastructure allows secure and efficient storage and handling of crypto assets as per the user’s requirements. In an enterprise wallet infrastructure, the Smart Cold Wallets create a secure channel through which platforms can seamlessly transfer funds from their cold wallets to warm and/or hot wallets in a controlled environment with minimal human intervention.
The Smart Cold Wallets solution uses the tried and tested multisig wallets to store funds while offering its users the liberty to choose the number of trusted signing parties as well as desired policies for transaction execution. During transactions, once all the predefined criteria are met, Liminal Signer signs off the transaction with one of the keys assigned to it by the user. Following the Liminal system’s signature, the movement of crypto assets from the cold wallet to the destination wallet will be initiated.
To make the process easier, the Liminal Smart Cold Wallets solution is accompanied by an intuitive, user-friendly interface for setup and transaction execution processes.
Setting Up Liminal’s Smart Cold Wallets
All Liminal Cold Wallets are multisig in nature, requiring at least two users to manually authorize transactions. The setup process starts with the user choosing the key configuration, including the total number of keys as well as the minimum number of signatures required to process transactions. In addition to the key holders, Liminal will be one of the signatories to the transactions processed over the Smart Cold Wallets ecosystem to ensure compliance with the policies declared by the user.
Key Configuration on Multisig Liminal Smart Cold Wallets
First Key — The first key is Liminal Key from HSM with policy check and automated signing capabilities. The key is part of the Liminal Signer, which submits the final signature to the transaction upon satisfying compliance with the pre-set conditions.
Client Keys — All keys apart from the Liminal Key are part of the client’s trusted group network, which is authorized to initiate and sign transactions. A minimum of two signing authorities must be declared during the setup process, with no upper limit. The client key will be part of a consumer HSM like Trezor or Ledger.
Signing Transactions on Liminal Smart Cold Wallets
All transactions from Liminal Smart Cold Wallets will be processed as per the policies declared by the user during setup. Whenever a user wishes to initiate a transaction, they must first enter transaction details on the dashboard. The Liminal system matches the details with the existing user policy declared at the time of setup. Once found in compliance with the particulars, including the transaction limit, the whitelisting status of the recipient wallet address, etc., the user will be allowed to proceed with the transaction.
In the next step, the user will sign the transaction with their hardware wallet. Following the initial signature, all the members of the wallet group authorized to sign transactions will receive an alert over email and SMS prompting them to sign the transaction.
Upon receiving the alert, other key holders must sign the transaction using their hardware wallets to reach the minimum threshold signatures as configured during the initial setup. Once the signature threshold is reached, Liminal Signer checks for the policy.
If all the policy requirements are met, then Liminal Signer will automatically sign the transaction with the key associated with Liminal HSM and broadcast the transaction. Following the last step, the transfer of funds from the Liminal Cold Wallet to the whitelisted recipient wallet will be executed.
The Liminal Gas algorithm continues to monitor the transaction status until it is successful. If the transaction gets stuck due to inadequate gas fees, the algorithm will automatically reattempt the transaction with updated transaction fees. The process will continue at predefined intervals based on the blockchain protocol until the transaction is successful.
HSM and Hardware Wallet Support for Convenience and Enhanced Security
The operation of Liminal Smart Cold Wallets, as well as Smart Wallet Refill solutions, relies heavily on the use of HSM-based devices for security and reliability purposes. Apart from Liminal’s HSM, the Smart Cold Wallets’ ecosystem supports leading consumer hardware wallets like Trezor and Ledger, with more devices to be added soon. Unlike conventional cold storage techniques, both hardware wallets provide advanced security for transactions involving Bitcoin and other crypto assets on all popular blockchain protocols.
Trezor allows users to make secure payments without revealing private keys to a potentially compromised machine connected to the internet. Meanwhile, Ledger uses a Secure Element, dual chip technology to protect the private keys from hardware attacks while performing similar functions as Trezor. Both hardware wallets are designed to safeguard the private keys to ensure the safety of funds stored in them.
By encouraging the use of hardware wallets, Liminal ensures its users are always in control of their funds by protecting the wallet’s private keys from ever getting exposed online. During the entire process, Liminal will never have access to the user’s private keys. Meanwhile, the use of HSMs replaces the commonly followed, tedious offline transaction signing process without compromising security.
In offline signing, the user must first create an unsigned transaction on an online machine with the wallet address, amount, and other details in the current state to retrieve the current nonce. The unsigned transaction must be transferred to an “air-gapped” offline machine containing the private key using a QR code or USB drive for signing. Once signed using the private key from the offline wallet, the signed transaction needs to be transferred back to the online device and broadcast on the blockchain. With hardware wallets, the advanced tamper-proof security features along with secure random key generation capabilities of HSM allow them to create, store and sign transactions in a very robust and secure environment.
Liminal Gas Station for Transaction Confirmation Guarantees
Ethereum continues to be the most widely used blockchain protocol, playing host to thousands of decentralized applications. The prolific Ethereum ecosystem, driven by native ETH cryptocurrency and other utility tokens, makes it one of the must-support protocols in any blockchain solutions ecosystem, including Liminal.
While Ethereum solves the Security and Decentralization parts of the blockchain trilemma, scalability is not one of its strong suits, at least until now. The collateral damage of the scalability problem is unstable, ever-increasing gas fees. While the Ethereum network continues working on addressing this issue, Ethereum Improvement Protocol (EIP) — 1559 was introduced as a way to accelerate and incentivize the mining process. Also implemented as part of this proposal is the process of burning base fees in transactions.
The Liminal Gas Station is an innovative feature supporting EIP 1559 that incorporates an internal intelligent algorithm to determine optimum gas fees for immediate transaction execution. With a combination of EIP 1559 formulas and an in-house intelligent algorithm, the Gas Station is designed to continue monitoring the transaction even after it is executed with optimal gas fees until settlement confirmation is obtained.
The algorithm determines the gas fees by comparing the current and previous blocks’ base gas fees along with network traffic trends to determine the ideal fees for quick transaction settlement. If the gas fees suddenly go up due to increased traffic or some other issue, the Gas Station algorithm reattempts the transaction with the same nonce with gas fees adjusted to the new value. The process keeps repeating until met with success. By retaining the same nonce while reattempting transactions, Liminal Gas Station increases the chances of transaction confirmation as at the protocol level, the protocol doesn’t allow the next transaction nonce to get executed until the previous one is executed.
– Seamless ERC20 Transactions
All transactions on the Ethereum protocol incur gas fees to be paid in ETH, which forces the users to maintain small amounts of ETH in their wallets to make transfers. By doing so, they end up scattering their funds across wallets, and at the same time, they have to make sure that their wallets have enough ETH balance for subsequent transactions. Liminal Gas Station completely eliminates this requirement on the users’ part by taking care of the gas fees on their behalf. The additional convenience offered by Gas Station not only frees up time spent on monitoring but also allows the users to make efficient use of every single token in their holdings.
Policy Shield: Liminal Smart Cold Wallets Policies for Enhanced Security and Peace of Mind
Liminal’s Cold Wallets’ policies, a collective part of the Policy Shield, are designed to keep the security of funds in mind while offering adequate flexibility for the users to customize them to meet their platform-specific needs. The policies, once declared during the signup process, will be applicable to all future interactions on the Smart Cold Wallets solution until the client requests modifications. Even the policy modification is carried out only after the user passes a video verification confirming their identity as well as intent.
Transactions Supported only for Whitelisted Addresses
The Whitelist policy governs all transactions executed over the Liminal Smart Cold Wallets ecosystem. Users should submit the wallet address to which they wish to initiate a transaction from the Liminal Cold Wallet. Once the address is submitted to the whitelist, it needs to be confirmed by all key holders as per the wallet configuration. The submitted wallet addresses will be included in the whitelist only after the necessary threshold signatures are reached. The wallet members sign their consent for whitelisting wallet addresses using their hardware wallets.
Users can send funds from their Cold Wallet only to those addresses that are whitelisted as per the policy. Attempts to transfer funds to any non-whitelisted wallet will be rejected during the policy check, and Liminal Signer won’t sign those transactions. The policy is in place to ensure that users do not send funds to any unknown wallet by mistake. It also prevents any chance of unauthorized transactions from being initiated by one rogue member of the trusted group, which may go unnoticed and signed by other keyholders.
Spending and Transaction Limits
The Spending Limit and Transaction Limit features in Liminal’s Smart Cold Wallets solution are yet another safeguard serving the clients’ interests. Users can declare the maximum amount that can be transferred to a particular wallet address during a specific time frame under the Spending Limit field. Similarly, the Transaction Limit field allows users to declare the amount that can be sent per particular transaction from the Cold Wallet. These limits help platforms manage their funds while ensuring excess funds aren’t transferred to any wallet either deliberately or due to oversight.
How do Enterprises Benefit from Smart Cold Wallets Solution?
Liminal’s Smart Cold Wallets Solution helps crypto businesses create a secure channel to initiate transactions from their cold wallets. The use of reliable multisig wallets with HSM support provides additional layers of security, which is only enhanced by stringent Smart Cold Wallets policies. The external signing authority of Liminal Signer, which executes transactions only to whitelisted addresses only after verifying compliance with current policies, ensures that no unauthorized transactions can be initiated from cold wallets that are part of a more comprehensive wallet infrastructure implemented in the organization.
Apart from making the entire process of storing and transacting crypto assets from cold wallets easier, the Liminal Smart Cold Wallet is designed to work seamlessly with other Liminal products, including the Smart Wallet Refills, to provide an end-to-end crypto asset custody and management solution.
Want to know more about Liminal’s Smart Cold Wallets Solution? Fill out this form to schedule a demo or get in touch with our team for more information.
Learn more about Liminal here.
Do not forget to follow our blog and social media channels to keep yourself updated.
by Liminal
