Connect with us

Published

on

Whether to buy cryptocurrency as a long-term holding may be the biggest decision an investor interested in digital assets has to make, but where to store crypto like bitcoin can become the most consequential.

Following the wildfires earlier this year in California, social media posts began to appear with claims of bitcoin losses, with some users showing metal plates intended to protect seed phrases burnt up and illegible or describing the complexity of recovering crypto keys stored in a safety deposit box in a bank impacted by the fires. While impossible to verify individual claims about fires consuming hard drives, laptops and other storage devices containing so-called hard and cold storage crypto wallets and seed phrases, what is certain is that bitcoin self-custody presents a unique set of security issues. And those risks are growing.

Holders of crypto typically use some form of what can be called a “wallet,” and there are a few main features – whether that wallet is connected to the internet, and how much control is directly embedded in the wallet for trades and transfers. There is also the underlying issue of whether a crypto investor uses a third party for custody at all, or maintains total custody and trading control over their holdings.

The standard third-party platform “hot wallet” – think of an offering from a Coinbase or Blockchain.com – is constantly connected to the internet. Cold storage and “cold wallets,” on the other hand, include hardware devices (like a USB stick) that holds private keys offline, or even just a seed phrase (a master recovery code, a collection of 12 to 24 words used to recover access to a crypto wallet) on paper/metal. Hardware wallets or offline backups of seed phrases can be used to access crypto when connected to the internet through another device.

With third-party custodial options, there are steps to help owners remain vigilant against the threat posed by cybercriminals who can gain access to an internet-connected platform, including the use of two-factor authentication, and strong passwords. The U.S. Marshals Service within the Department of Justice, which is responsible for asset forfeiture from U.S. law enforcement, uses Coinbase Prime to provide custody for its seized digital assets.

Many crypto bulls prefer to self-custody digital assets like bitcoin for some of the same reasons they are interested in cryptocurrencies to begin with: lack of faith in some forms of institutional control. Custodial wallets from crypto brokers trade convenience for the risk of exchange hacks, shutdowns, or fraud, as in the case of the high-profile implosion of FTX. And the wildfires are just one example in a recent string of global events that raise more questions about shifts in the crypto custody debate. There is the ongoing conflict in the Middle East and Russia-Ukraine war, which has led crypto bulls from overseas to re-think their approach to self-custody.

Nick Neuman, co-founder and CEO of self-custody company Casa, said physical risks in the world like a natural disaster are an opportunity to revisit how bitcoin security works, and the common security lapses folded into most peoples’ practices. “Most people secure their bitcoin with one private key. If that key is on a single device or written down on paper as a seed phrase, it’s a single point of failure. If you lose that key, your bitcoin is gone,” he said.

It should be obvious that keeping seed phrases on paper offers the lowest level of protection against fire, yet it is common practice, Neuman said. Slipping these pieces of paper into fireproof bags or safes offer some protection, but not much, and even going the extra steps to have the seed phrases on “indestructible” metal storage plates presents a few failure points. For one, they might prove to be not so indestructible, and second, they may be impossible to locate amid the rubble. 

“Logically, given the location of the fires in California and the stories being shared on X, it’s highly likely bitcoin was lost,” said Neuman. “Some of them are pretty convincing,” he said.

Casa performs annual stress tests on seed phrase backups.

Some self-custody services, like Casa, offer multi-signature setups that reduce the risks of single-point failure. A multi-key crypto “vault” can include mobile phone keys, multiple hardware keys, and a recovery key that a company likes Casa holds on an owner’s behalf.

The multi-sig custody approach allows an owner to hold a majority of keys while a trusted partner holds a minority of keys. John Haar, managing director at Swan Bitcoin, says that in such a setup, the owner would need to lose all the physical devices and all copies of the seed phrases at the same time. As long as the owner can access at least one device or one seed phrase, they would be able to recover their bitcoin. This approach should significantly limit the potential for all of the devices to be lost in an event like a natural disaster, Haar said.

“You can spread these keys across multiple regions or even countries, and you need any three of the five keys to approve a bitcoin transaction,” Neuman said of Casa’s five-key approach.

Jordan Baltazor, chief administrative officer at Fortress Trust, a regulated crypto custodian, says best practices that we use in other areas of personal life should apply to cryptocurrency. For one, diversification of storage approach and weighing of risks. Digital assets are no different, he says, when it comes to backing up personal and sensitive data on the cloud to ensure data against loss or corruption.

Companies including Coinbase and Jack Dorsey’s Block offer products that try to merge some of these ideas, creating a more secure version of a crypto wallet that remains convenient to use. There is Coinbase Vault, which includes enhanced security steps before a user can access crypto holdings for trading. And there is Coinbase Wallet and Block’s Bitkey, which have mobile apps that work like a traditional wallet making moving bitcoin around easy, but with the ability to pair with hardware wallets and added security more commonly associated with cold storage.

Bitkey hardware requires multiple authorizations for transactions for added security, similar to “multi-sig wallets.” Bitkey also offers recovery tools so one of the biggest risks of self-custody — losing codes or phrases needed to recover a cold wallet — is less of an issue.

Solutions like Dorsey’s may help to solve the tension between convenience and security; at minimum, they underline that this tension exists and will likely be something of a roadblock to more widespread crypto adoption. Beyond the risks out there in the form of wildfires, all kinds of natural disasters, and wars, bitcoin self-custody can be vulnerable to the biggest personal risk of all: unexpected death of the bitcoin owner. There is arguably nothing more complicated than inheritance when it comes to unlocking the crypto chain of custody.

Coinbase requires probate court documents and specific will designations before releasing funds from custody, while physical wallets offer little to no support, potentially leaving all that digital value stuck on a private key. Bitkey rolled out its inheritance solution in February for what a Bitkey executive called, “kind of a multibillion-dollar problem waiting to happen.”

“People who have a material investment in bitcoin absolutely need to be thinking differently about how to protect it,” Neuman said. He says that after disasters like the California wildfires, or when exchanges go bust like FTX, the industry does see more crypto holders taking action to move to more secure storage setups. “I suppose it’s human nature to wait until ‘bad things happen’ to spur action to improve your own personal situation,” he said. “But I think people would be better off if they were more proactive. Otherwise, they risk having that ‘bad thing’ happen to them, and then it’s too late,” he said.

Continue Reading

Technology

CrowdStrike-backed compliance startup Vanta valued at $4 billion in new funding round

Published

on

By

CrowdStrike-backed compliance startup Vanta valued at  billion in new funding round

Christina Cacioppo, co-founder and CEO of Vanta, speaks at the TechCrunch Disrupt conference in San Francisco on Oct. 29, 2024.

David Paul Morris | Bloomberg | Getty Images

Vanta, a startup with software for managing compliance with cybersecurity and privacy standards, said Wednesday that it closed its latest fundraising round at a roughly $4 billion valuation.

The $150 million round, which included funding from CrowdStrike’s venture arm, represents a valuation increase from $2.45 billion last year.

The jump reflects continued corporate investment in tools designed to limit fallout from cyberattacks. In recent days Microsoft rolled out updates to its SharePoint collaboration software after Chinese hackers gained access to customer data by exploiting a vulnerability.

Christina Cacioppo, Vanta’s co-founder and CEO, declined to specify the company’s revenue but said its growth rate is “in the ballpark of the best SaaS companies,” referring to software as a service vendors. Deal sizes are growing and more clients are coming onboard, she said.

The startup, which tracks adherence to frameworks such as SOC 2 and ISO 27001, boasts more than 12,000 customers. Many of them sell software to large companies, including Atlassian and Snowflake, Cacioppo said. But Vanta can also help businesses outside of the tech industry more quickly complete security reviews before engaging outside suppliers.

Cacioppo and Erik Goldman started the San Francisco-based company in 2018 and have built it up to more than 1,000 employees. Competitors include Auditboard and Drata.

In addition to CrowdStrike Ventures, other investors in the round included Wellington Management, Atlassian Ventures, JPMorgan Chase and Sequoia Capital.

Vanta has raised $504 million since 2021. The company hasn’t touched any of the $150 million it raised last year, Cacioppo said.

Don’t miss these insights from CNBC PRO

Companies need to be on high alert from Iran cyber attacks, says TrustedSec CEO David Kennedy

Continue Reading

Technology

Uber will let women drivers and riders request to avoid being paired with men starting next month

Published

on

By

Uber will let women drivers and riders request to avoid being paired with men starting next month

Nisian Hughes | Getty Images

Uber announced a new feature Wednesday that pairs women drivers and riders, in its latest move to address safety on the ride-hailing platform.

The new tool, which the platform will begin piloting next month in the U.S., allows women passengers to match with women drivers when booking or pre-booking rides, and create a preference in their app settings. Women drivers can also choose to drive women.

“It’s about giving women more choice, more control, and more comfort when they ride and drive,” Camiel Irving, Uber’s vice president of U.S. and Canada operations, said in a release.

The company said the rider’s preference isn’t guaranteed but the feature increases the chances women will be paired in the app.

Read more CNBC tech news

Uber will pilot the program in Los Angeles, San Francisco and Detroit. The company also said it tested the feature in countries such as France, Germany and Argentina.

This isn’t Uber’s first foray into gender preferences on its platform.

In 2019, Uber rolled out a women rider preference feature for female drivers in Saudi Arabia after women won the right to drive in 2018. That offering later expanded to about 40 countries.

Over the years, ride-hailing companies such as Uber and Lyft have faced safety concerns and questions over the roles these platforms have played in various sexual assault and harassment incidents.

Uber CEO Dara Khosrowshahi on Q1 results, mobility vs. delivery business and state of the consumer

Continue Reading

Technology

Meta updates safety features for teens. More than 600,000 accounts linked to predatory behavior

Published

on

By

Meta updates safety features for teens. More than 600,000 accounts linked to predatory behavior

Facebook and Instagram icons are seen displayed on an iPhone.

Jakub Porzycki | Nurphoto | Getty Images

Meta on Wednesday introduced new safety features for teen users, including enhanced direct messaging protections to prevent “exploitative content.”

Teens will now see more information about who they’re chatting with, like when the Instagram account was created and other safety tips, to spot potential scammers. Teens will also be able to block and report accounts in a single action.

“In June alone, they blocked accounts 1 million times and reported another 1 million after seeing a Safety Notice,” the company said in a release.

This policy is part of a broader push by Meta to protect teens and children on its platforms, following mounting scrutiny from policymakers who accused the company of failing to shield young users from sexual exploitation.

Meta said it removed nearly 135,000 Instagram accounts earlier this year that were sexualizing children on the platform. The removed accounts were found to be leaving sexualized comments or requesting sexual images from adult-managed accounts featuring children.

The takedown also included 500,000 Instagram and Facebook accounts that were linked to the original profiles.

Read more CNBC tech news

Meta is now automatically placing teen and child-representing accounts into the strictest message and comment settings, which filter out offensive messages and limit contact from unknown accounts.

Users have to be at least 13 to use Instagram, but adults can run accounts representing children who are younger as long as the account bio is clear that the adult manages the account.

The platform was recently accused by several state attorneys general of implementing addictive features across its family of apps that have detrimental effects on children’s mental health.

Meta announced last week it removed about 10 million profiles for impersonating large content producers through the first half of 2025 as part of an effort by the company to combat “spammy content.”

Congress has renewed efforts to regulate social media platforms to focus on child safety. The Kids Online Safety Act was reintroduced to Congress in May after stalling in 2024.

The measure would require social media platforms to have a “duty of care” to prevent their products from harming children.

Snapchat was sued by New Mexico in September, alleging the app was creating an environment where “predators can easily target children through sextortion schemes.”

Continue Reading

Trending