How iTrustCapital Approaches Security

By Michael FischerFebruary 18, 20224 minutes read
iTrust Approaches Security Hi-Res (1).png

How iTrustCapital Keeps Your Assets Secure

Traditional Hot vs Cold Wallets

Cryptocurrency, blockchain technology, and DeFi are still emerging markets. Because of this, the security features of these markets are still expanding and evolving. The main external risk to any entity holding funds in cryptocurrency is the possibility of hacking. It is important to note that hacking does not typically refer to hacking the blockchain technology itself, as blockchains are inherently designed against such attacks. Rather, hackers target the device or service that funds are stored with. Storage of crypto is typically designated as a wallet.

The reason funds can be stolen on these types of platforms is typically because funds are held in an online, digital wallet known as a hot wallet.

Hot wallets are digital wallets that remain connected to the internet at all times. While this may provide convenience, it also provides an opportunity for hackers to access funds.

In contrast, a cold wallet is hardware that digital funds are stored on that can be taken offline entirely, such as an encrypted hard drive. For years, cold storage has been lauded as the best way to secure cryptocurrency from bad actors like hackers.

Interestingly, new technology has begun emerging in the past 5 years known as MPC, or multi-party computations. This technology has allowed more security when not using cold storage. MPC can provide more speed and convenience but still maintain a relatively secure atmosphere, which contrasts with the traditional hot wallet design.

iTrustCapital’s priority is securing our client’s funds at the highest levels. To store and secure client funds, we use industry-leading providers: Coinbase Custody and Fireblocks. 

Coinbase Custody

Coinbase Custody is not the same as the exchange entity of Coinbase, Inc. Funds held with Coinbase Custody are held offline in cold storage and are inaccessible to online attacks. Coinbase Custody is a leading provider of cold storage, and Coinbase Trust is a regulated entity that has never lost client funds. Furthermore, Coinbase Custody provides commercial crime insurance of $320 million.* 

Coinbase Custody is SOC 1 Type II, and SOC 2 Type II, with regular financial and security audits performed by external auditors. 

Coinbase Custody often refers to its platform as battle-tested, with roughly 7 years of service since inception without a security incident.

Fireblocks

Fireblocks is an industry-leading platform that provides a secure infrastructure for moving, storing, and issuing digital assets. Fireblocks provides its own proprietary multi-layer security matrix to secure funds. According to Fireblocks, the multi-layer security matrix “layers multi-party computations (MPC), Intel Software Guard Extensions (SGX), Fireblocks’ own signature Policy Engine, and a deposit address authentication network.” 

The Fireblocks MPC (known as MPC-CMP) is its own innovation, and is touted as providing Multi-Party Computation at nearly 8x the speed of transactions from previous MPC models.

Intel SGX, the second layer of security, i s a type of hardware isolation. This is provided at the chip level, meaning that even if a hacker were to somehow gain access to the operating system of an asset-holding device, the assets would be locked up in the hardware without a security key present.

The third layer, known as the Policy Engine, allows organizations (such as IRA custodians) to implement “specific approval policies” per transaction. According to Fireblocks, the Policy Engine can automate the governance of funds and can protect against internal collusion.

The last layer in the Fireblocks system is its institutional settlement layer, which automates “deposit address authentication”, as well as automating rotation of addresses.

Lastly, Fireblocks carries its own insurance policy of $30 Million.*

iTrustCapital Does Not Hold Any Digital Assets On Its Platform

Our client's digital assets are held with our secure storage providers, and iTrustCapital does not store any cryptocurrency assets on its platform. 

Even if a hacker managed to gain access to our software platform, they would not be able to siphon funds, as there are no funds held on-platform.

If the worst-case scenario were to occur, and a hacker gained access to a client’s account, the most damage they would be able to inflict is the execution of unauthorized transactions. They would not be able to liquidate, or transfer funds out of, the account. Because of this, there is very little incentive for bad actors to attempt such a crime.

Our Own Security Measures

iTrustCapital’s software platform utilizes security measures that further prevent an instance such as the one mentioned. Using Two-Factor Authentication (2FA), our platform requires that a separate device be used to confirm the identity of a client.

iTrustCapital also takes measures during both onboarding and offboarding to safeguard client accounts. 

We protect our customers from unauthorized distributions using an additional layer of authentication. Clients moving large amounts of funds off of the iTrustCapital platform are required to confirm their identity over a video conference call. This puts our clients at ease knowing that access to their funds is a multi-step process with extensive fail-safes.

Helpful Habits to Protect You and Your Accounts

The most common way a crypto investor has their funds stolen on a “hot wallet” is through the poor management of login credentials. This often happens due to falling victim to a phishing attack, designed to pry confidential information from an unknowing victim. It can also occur from a lack of security on devices, such as implementing strong passwords and restricting access to sensitive information through password access.

We may not give tax advice, but we CAN advise that you always use strong passwords and store your passwords safely!

With 2FA enabled, if a phishing attack compromised your login credentials, the hacker would also need access to your other form of authentication - dramatically mitigating risk.

Our Client Experience is Unparalleled in the Industry 

iTrustCapital's mission is to provide a secure experience for our customers. Therefore, we have built an industry-leading reputation for our Client Experience team. Our support team is available on multiple channels, ready to answer any questions or concerns you may have regarding our security measures.

The information in this article was provided by the Coinbase Custody website, and can be referenced here: https://www.coinbase.com/custody, https://www.coinbase.com/custody/faq

The information in this article was provided by the Fireblocks website, and can be referenced here: https://www.fireblocks.com/platforms/security/, Crypto Custody Is Moving Beyond A Hot VS Cold Model

*Cryptocurrency is not legal tender backed by the United States government, nor is it subject to Federal Deposit Insurance Corporation (“FDIC”) insurance or protections. Users do not receive a choice of custody partner.

DISCLAIMER:

This article is for information purposes only.  It does not constitute investment advice in any way.  It does not constitute an offer to sell or a solicitation of an offer to buy or sell any cryptocurrency or security or to participate in any investment strategy.   iTrust Capital, Inc. is not an exchange, funding portal, custodian, trust company, licensed broker, dealer, broker-dealer, investment advisor, investment manager, or adviser in the United States or elsewhere. iTrust Capital, Inc. is not affiliated with and does not endorse any particular cryptocurrency, precious metal, or investment strategy.   Cryptocurrencies are a speculative investment with risk of loss. Precious metals are a speculative investment with risk of loss. Cryptocurrency is not legal tender backed by the United States government, nor is it subject to Federal Deposit Insurance Corporation (“FDIC”) insurance or protections. Clients do not receive a choice of custody partner. The self-directed purchase and sale of cryptocurrency through a cryptocurrency IRA have not been endorsed by the IRS or any regulatory agency. Historical performance is no guarantee of future results.   Some taxes and conditions may apply depending on the type of IRA account. ​​Investors assume the risk of all purchase and sale decisions. iTrust Capital, Inc. makes no guarantee or representation regarding investors’ ability to profit from any transaction or the tax implications of any transaction. iTrust Capital, Inc. does not provide legal, investment or tax advice. Consult a qualified legal, investment, or tax professional.  iTrust Capital, Inc. makes no representation or warranty as to the accuracy or completeness of this information and shall not have any liability for any representations (expressed or implied) or omissions from the information contained herein. iTrust Capital, Inc. disclaims any and all liability to any party for any direct, indirect, implied, punitive, special, incidental or other consequential damages arising directly or indirectly from any use of this information, which is provided as is, without warranties.

© 2022 iTrust Capital, Inc.All rights reserved.