Control your own security: A guide to BitGo’s self-managed cold wallets

BitGo’s self-managed cold wallets give organizations the ability to take their security into their own hands while still leveraging BitGo’s technology and processes.

To put it simply: If a hot wallet is like a debit card and a custodial wallet is like a bank vault, then self-managed custody is like installing your own safety-deposit box at home.

In this post, we’ll walk through the basics of self-managed cold wallets, break down the different groups who find them most useful, and dive into a more detailed explanation of how they work.

The basics

All BitGo wallets work on a “2-of-3” basis, meaning they come with three keys (client key, platform key, and backup key), two of which must be used to sign any transaction.

BitGo offers different types of wallets, however — each optimized for a unique purpose and varying in terms of who holds the keys and where.

Best for liquidity, hot wallets require the customer to hold the client key and the backup key. In this setup, the client key is generated and stored online so transactions can be created and signed more quickly.

Best for extra security, custodial wallets involve BitGo holding all three keys, with your client and backup keys kept in offline, cold storage. This means transactions get processed more slowly, but also makes it dramatically harder for a hacker to steal the keys.

In self-managed cold wallets, customers effectively manage their own cold storage using BitGo’s technology while holding the client and backup keys.

Schematically, this looks a bit more like the hot wallet diagram — with one very crucial difference. Rather than the client key getting held online, it’s held offline.

This single difference completely changes the mechanics of how transactions get generated and signed (which we’ll cover below). The end result, though, is that sending funds entails a more involved, comprehensive process — which is entirely the point. The extra friction provides extra protection against someone absconding with your funds.

Who uses self-managed cold wallets and why

Self-managed cold wallets work best for two groups:

First, security-minded institutions who want additional protection and are willing to sacrifice transaction speed to get it. Leveraging BitGo’s technology can help them build a more sophisticated setup than simply relying on a hardware device for self-custody.

Note that organizations often use multiple BitGo wallet types and divide their funds across each according to their preference. Some companies, for instance, will save the portion held in self-managed cold wallets as a reserve, using the funds only for large-but-infrequent transactions.

In any event, these institutions should have a security organization in place that can run “key ceremonies” (to generate and assign key shards) and make sure the keys are stored in a secure environment.

Second, organizations located in certain countries where the law requires keys to be managed locally. For example Japan requires the client key be held on Japanese soil, and so self-managed cold custody provided by BitGo is an excellent option.

How self-managed cold wallets help

Self-managed cold wallets offer three key benefits:

• Stay secure. Like with BitGo’s custodial wallets, self-managed cold wallets ensure your keys never get exposed online, thereby making it safer to use. Moreover, you can also still use BitGo’s wallet policies — like whitelisting, roles and permissions, and velocity limits — to add even more layers of protection.

• Stay compliant. For organizations in certain jurisdictions, using self-managed cold wallets will help them comply with the law.

• Stay flexible. Advanced users can choose how they want to store and leverage their client and backup keys, and potentially build more sophisticated setups.

How self-managed custody works

To set-up self-managed cold wallets, clients combine their hardware with our software.

“Hardware,” in this case, refers to “air-gapped” laptops, which means the network card has been removed so that each laptop is physically incapable of connecting to the internet.

“Software,” meanwhile, refers to a BitGo application called “Offline Vault Console,” which enables the client to sign transactions without their client key ever being online.

Clients can then generate their keys offline using the OVC and shard them into any M-of-N solution they like (eg, 2-of-3, 3-of-6, 4-of-7). By fragmenting the client key into even smaller pieces and setting up these minimum thresholds, they can help ensure that no single person has the ability to sign an unauthorized transaction.

Once the client has completed setup, signing a transaction follows these general steps:

• Create an “unsigned transaction” using the BitGo platform (via the interface or API)

• Download that unsigned transaction to a microSD card

• Take that microSD card to an air-gapped laptop

• Use the client key (stored on a separate microSD card) to create a “half-signed transaction” using our Offline Vault Console; the OVC never stores your private keys in its memory

• Upload the half-signed transaction back to BitGo

• BitGo will check the transaction against your wallet policies and, if it passes, will complete the signature and broadcast the transaction to the blockchain

The client can therefore take a larger role in managing their own security while still leveraging BitGo’s wallet technology.

How to get started

To learn more about Self-Managed Cold Wallets, please visit our product page or reach out to our Sales team at sales@bitgo.com.