-1

Now that Tesla has bought a large amount of BitCoin, other companies may follow suit. If my company wanted to do that, I was thinking about how it could be done.

I'm familiar with the way private individuals store keys.

I could see two possibilities:

  1. The Chief Financial Officer or someone like that would be the only with the keys, with some type of backup. The data is done in a way very similar to how an individual would do it.
  2. The Information Technology (I.T.) may be called upon. For example, they might write a bot to buy the cryptos at certain prices or criteria.

If I.T. is involved, then one or more programmers or I.T. staff would have access to the keys. If they weren't honest, or left the company, they could use the keys to transfer out all the cryptos. Even if I.T. created an application for the company, the "bad people" could simply do a transfer using the private key totally outside the company's network.

I was thinking that one approach might be to have some automated software to keep moving the cryptos around to new accounts every x hours. To do this, the private/public key would have to be generated by software, but still stored in a data store of some type. Maybe that would have to be a separate database instance that only very key people had the access codes to.

The issue is similar to API Keys, but they often have more flexibility (Protecting API Keys).

NealWalters
  • 115
  • This problem doesn't seem any different from protecting any other sort of critical information. While it's overly complicated (hint: stick them in an HSM), you've got as far in your penultimate paragraph as to creating an access control mechanism for the keys. Just use that, and the problem reduces to protecting API keys. – Philip Kendall Feb 18 '21 at 21:10
  • Maybe it is worth investigating multisignature? (It exists, don't know if it is practical.) (BTW, running a script to move coins around to newly generated addresses all the time? Hard to believe you can get something that fragile and weird past your auditors ..., your insurers, ... your board ...) – davidbak Feb 18 '21 at 21:17
  • BTW there's also https://bitcoin.stackexchange.com/ which might be able to help ... – davidbak Feb 18 '21 at 21:22

1 Answers1

1

As Phillip mentions in his comment, the most solid approach to protecting secrets is a Hardware Security Module. I'm not qualified to get into the details of how that might work with various crypto-currencies but that's where I would start, if given this problem.

I'm not too sure about your idea of moving the accounts around. You haven't described your threat model here but I don't think this solves much. If we are managing keys for a web-server certificate, the approach of creating new keys frequently can limit the damage when a private key is exposed. But in this situation, the attacker who has your keys will be long gone with the money-bits before x hours pass. In my humble opinion, the constant churn creates a larger attack surface. For example, an attacker might find a way to slip their account into your system right before your transfer.

JimmyJames
  • 27,287
  • Thanks, I'll check out HSMs, didn't really know about those (unless the Ledger Nano or Trezor is considered one of those). But with those devices, you also have the 12 or 20 seed words to protect as well. But perhaps those can be known only to a C-level officer. – NealWalters Feb 18 '21 at 23:14
  • @NealWalters In my mind, the goal of using an HSM is to make it impossible to retrieve the private key. Crypto activities are delegated to the device. Whether/how that works with bitcoin or other crypto-currencies is beyond me at the moment. – JimmyJames Feb 22 '21 at 16:56