Industry News What can we learn from the DMM Bitcoin “leak”?

Why Seed Phrase Security Should Be Priority Number One

Private keys are the backbone of digital asset security as they provide the means by which transactions are signed. Without private keys, institutions cannot access their cryptocurrency or initiate transactions. Similar to […]

Private keys are the backbone of digital asset security as they provide the means by which transactions are signed. Without private keys, institutions cannot access their cryptocurrency or initiate transactions. Similar to other passwords, authentication methods, and authorization codes, it is paramount for institutions to take steps to protect their private keys and keep them safe from unauthorized access.

Losing a private key or having it stolen is a worst-case scenario for any institution providing custody of digital assets. In such cases, a seed phrase is part and parcel of any disaster recovery plan. Seed phrases, usually a string of random words, provide a way to retrieve or restore access to the private keys in case of loss.

If the original private key is lost, the owner can re-enter the seed phrase into a new wallet/vault to recover access to his assets. A proper institutional-grade custody solution will generate seed phrases for any authorized approver in the quorum during the account creation process. Users are then taught how to store their seed phrases (or portions of their seed phrases) securely and how to reinitiate their keys in case of disaster. Keeping backups of the different portions of the seed phrase in various storage locations is considered best practice.

Never give anyone access to your private key or your complete seed phrase

Lately, the market has seen the offering of a seed phrase backup service utilizing third-party entities. This service has been met with concern across the industry, and with good reason. Many fear this service can serve as a backdoor used to gain access to users’ seed phrases. Such fears are not unfounded, as similar approaches have been utilized by malign actors throughout history.

While third-party backup services may seem convenient, they introduce additional risks by opening the organization to counterparty risk. If the third-party service is breached, goes bankrupt, or even has a dishonest employee, seed phrases (and thus private keys) may also be put at risk. While this is true for all users, for institutions managing millions of dollars in assets under management, the security of your private keys and seed phrases is paramount as any unauthorized access to these codes can lead to catastrophic losses.

Moreover, transmitting the seed (shares or portions that can reconstruct the seed) over the internet fundamentally alters the security threat model of a hardware wallet. To enact the backup, users must connect the wallet to their phone via Bluetooth. As mentioned, any device connected to the internet can be hacked. Experience indicates that hackers, on average, spend about $1 million to breach an internet-connected device. If you are an institution with a multimillion-dollar AUM, the potential ROI is enough to encourage cyber criminals.

The only safe solution for seed phrase backup is a proper disaster recovery plan that ensures that seed phrases are never shared with unknown actors but rather stored in a secure location that can be readily accessed in case of any unfortunate scenarios.

Disaster Recovery Hygiene

At GK8, we believe a secure and effective disaster recovery plan is one of the most critical components of an institutional-grade digital asset custody solution. It is essential to have the portions of the seed phrase backed up in both a primary storage location as well as a separate secondary backup location or escrow agent in case of disaster. This ensures the seed phrases are protected while remaining under the direct control of the institutional users.

We recognize how essential seed phrases are for institutional investors to manage their crypto assets properly. That is why our team will walk you through the seed phrase generation process. We will also train you on the best practices of seed phrase regeneration.

At no point does GK8 have access to your seed phrases or your private key.

We urge our institutional users to approach seed phrase backup with caution. Ultimately, the security and safety of both private keys and seed phrases should be taken seriously, and both should be protected and backed up, to ensure that their crypto assets are safe and always accessible.

To learn more about the GK8 solution, click here.

Continue reading

Threat Analysis: What you need to know about crypto hacking

A patented one-directional no-attack vector connection is the key to secured connection. The world is changing. As economic wealth becomes more digital, leading financial institutions have listened to investors and market forces […]

GK8 Joins Forces With CaixaBank as Part of Its Innovation Program

GK8, a cybersecurity company that offers an enterprise-grade custody solution for managing and safeguarding digital assets, was selected from more than 200 companies and 28 countries by CaixaBank, the leading financial group […]

The Macro Case for Tokenization – Why Now?

In this webinar, Thomas will emphasize the transformative potential of tokenization in improving liquidity and accessibility across markets like stablecoins and real estate.