7 Burning Issues for
Key Components of a Risk Assessment
for Crypto Cold Storage Providers
TWO DEGREES OF CRYPTO STORAGE
• Connected to the internet
• Can access (and therefore be accessed by)
other parts of the internet
• Vulnerable to attack
• Typically used to house only what the
investor plans to spend in the short term
• Not connected to the internet
• Entirely removed from the internet
• Often stored on a device that looks like a
USB stick or even a piece of paper
of Bitcoin supply held
in cold storage vaults
by one company
Demand for cold storage vault services is on the rise.
Bloomberg, May 2018
Components of a Risk Assessment
for Cold Storage Providers
THE RIGHT SAFE FOR THE JOB
The physical security of the vault
must match the value of the asset.
CONTROL OF DIGITAL THREATS
Digital assets are vulnerable to
magnetic or radio radiation, by
malicious intent or by accident.
Storage areas should be
shielded, including all access
routes on the premises.
No devices capable of memory or
carrying magnetic fields can be
allowed in the vicinity of the asset.
CONTROL OF PHYSICAL THREATS
Access control must-haves:
Recordings kept a minimum of 30-45 days
Guard presence required
Escorts required for vault access
Properly vet and identify any person
requesting access to the vault or its contents:
Every hand-off and every episode
of access to the asset should be
under dual control, with appropriate
segregation of duties.
Every event in the vault
is logged according to an
Personnel on the ground
make the entries and sign
off on them.
Records maintain an audit
trail including the nature
and value (if known) of
the digital asset.
The mission of the vault
Known threats to safety
required to mitigate risks
Every employee must have verified training and understanding of:
Transportation and Storage
Download a copy at lowersrisk.com