The rise of corporate bitcoin key management
Corporations using bitcoin as a reserve asset in their treasuries has become a hot topic in 2020, primarily due to Microstrategy’s all-in move coupled with CEO Michael Saylor’s all-out media blitz to break down the logic behind this strategy. Square has also made a sizable allocation to its treasury recently.
At time of writing, we are aware of 4% of the total bitcoin supply being held in corporate treasuries. Why is this becoming a trend?
The job of a corporate treasurer is to protect the value of the treasury. If your treasury is held in fiat then you can be sure that it is only going to lose value over time.
Corporate bitcoin treasuries are nothing new, at least for companies that earn revenue in bitcoin. While many merchants over the years simply added bitcoin as a checkout option and used it as a payment rail--automatically converting funds to fiat to protect themselves from volatility risks--bitcoin-focused companies tend to be run by believers who are long-term bulls and see their offering of goods and services as just another means of acquiring more bitcoin.
Historically speaking, organizations that have kept their treasuries in bitcoin over long periods have benefited tremendously. WikiLeaks is probably one of the most prominent examples, seeing appreciation of over 50,000%.
Along with the potential rewards come new types of risks. Sophisticated attackers will attempt to gain access to digital bearer assets, regardless of whether they are held by an individual or a corporation. We will continue to see more and more sophisticated spearphishing and social engineering attacks against organizations.
Corporate bitcoin treasuries will be dealing with large sums of money and must take care to eliminate single points of failure, even against insider attack. A well thought-out key management architecture is the first step, though it must also be coupled with protocols and processes to ensure that the humans managing the keys don’t get tricked by a savvy social engineer.
Casa’s corporate treasury
Many large companies are using trusted third party custodians to protect their bitcoin. While this may be OK if you’re dipping your toe into the water, over the long term it’s risky and counter to the ethos of this entire ecosystem. We’d like to shed some light on how we manage Team Casa’s corporate treasury.
Casa has accepted bitcoin payments since opening our doors in 2018, without any middlemen - we run our own BTCPay server that is integrated directly into our back end infrastructure. This server manages a watch-only wallet for handling payments; there are no private keys online for hackers to steal. Rather, the private keys are held on dedicated hardware that is used to sweep the funds from this single-signature wallet into our corporate treasury multisig wallet on a regular basis.
At Casa we eat our own dog food - that is, our corporate treasury wallet is a Diamond tier multi-user account in which we have a 3-of-5 multisig setup. Each of the keys is held by a different Casa employee. When one employee creates a proposed transaction and signs it, they must then follow established security procedures to request signatures from two other key holders. Each of those holders must verify the details of the transaction via an end-to-end encrypted communications channel and strongly authenticate the identity of the employee who is requesting the signature via a secure video call.
When does Casa spend its bitcoin? Extremely rarely - we consider it to be a reserve asset that should only be liquidated in dire circumstances to help sustain us through tough times. Spending less frequently also has the added benefit of simplifying our accounting overhead.
Your corporate treasury
Companies should understand that custodial risk is a real problem with digital bearer assets and they need not expose themselves to it. While keeping your bitcoin with a trusted third party can protect you from fiat inflation risks, you are giving up your protection from systemic risk.
Unlike large financial organizations that may act on behalf of investors to manage their assets, corporate treasuries are not subject to the qualified custody rule in the Investment Company Act because they are not financial advisors. Self custody is certainly on the table for corporate treasuries!
Unfortunately, I suspect that most companies that are not operating in the bitcoin economy do not hold their own keys due to a lack of sophistication on their part, and possibly due to a desire to have a third party to blame if anything goes wrong.
How should corporations approach private key management? I’d start off by having all key holders understand the common threats to keys by reading my How-To guide. Then for a more rigorous approach, I suggest reading the Cryptocurrency Security Standard and developing a plan that implements as many points as you’re comfortable with.
What are some of the high level decisions that need to be made?
- Who are the key holders?
- How will you generate keys?
- How will you create a wallet from those keys?
- What signing quorum will be required?
- How will key holders store and protect their keys?
- What are the requirements for a key holder to sign with a key?
- How do key holders strongly authenticate signing requests?
- What is the protocol for dealing with compromised keys?
- What are the procedures for adding / removing key holders?
Throughout the process of architecting a corporate treasury management solution, you’ll want to ensure that you don’t insert any potential single points of failure that could result in loss of funds to an attacker that spends them or in loss of access to funds that prevents anyone from spending them. You’ll be walking a fine line between not enough security and too much security.
Call Casa for consultation
We’ve been working with teams and treasuries since 2018, guiding users through the maze of decisions that need to be made when setting up self custody. Schedule a call if you want to learn more!