Once again, I wanted to take another look at Celsius Network. In my last article, I discussed a personal review of their app and platform without going to in depth into the infrastructure behind the app (my prior article can be found here). In this article, I would like to look a little deeper into security. The reason I chose security is simple, when I attempt to speak with people about Celsius, I am bombarded with questions about the back end security. I decided I needed to take a deeper look into the security of Celsius Network and their custodian, BitGo.
I have been a member in the Celsius Network telegram chat room since around 7.5K members. I try to check out the chat room a couple of times a day and see the growth, questions and overall sentiment of Celsius. I noticed some common questions that were being asked:
• Can I store my coins on my Ledger/Trezor?
• Will there be 2FA with the app?
• Will the coins be stored in cold storage?
So I took it upon myself to dig into some of those questions and more. I came up with the following questions for Celsius Network (responses are underlined, my opinion may be added, but will not be underlined):
Q & A FOR CELSIUS NETWORK
Q1. Is there any insurance for my deposited crypto currencies? Similar to how a bank is FDIC insured, is there any plans to have similar insurance?
A1. There is currently no insurance offered, but the deposits are very safe in BitGo and spread out over many borrowers (collateralized) so there is no central point a hacker could attack. We’re interested in providing insurance in the future against a fee but there is no timeline on that.
Q2. Does BitGo provide any insurance while providing custody of our assets?
A2. BitGo does not currently provide insurance.
Q3. What percentage of the deposited cryptos will be retained in cold storage?
A3. Hopefully none! If it’s in cold storage we can’t earn interest on it, we’re always deploying the coins to earn interest for our customers.
Q4. Where are the private keys stored? Does the Celsius app communicate with BitGo and all private keys are accessed through BitGo, or are some of the private keys retained by Celsius to access hot wallets?
A4. All of the private keys are held by BitGo and by Celsius with a multi-sig structure.
Q5. Can someone please explain how the deposited cryptos will be secured? (i.e. breakdown of what % is stored at BitGo, what % in hot wallets, what % in cold wallets, % on exchanges, # of exchanges, use of multi-sig wallets)
A5. This changes every day, as mentioned above we will always deploy as many coins as we can because if they’re sitting idle they aren’t earning interest. Anything that’s sitting idle is parked in BitGo.
Q6. Does Celsius Network use a BitGo Custody account or BitGo Business Wallet account? After receiving the above responses, I am assuming that a BitGo Business Wallet account is used as a Custody account’s purpose is to maximize the use of cold storage for digital assets and would not allow for those assets to be loaned out and make interest for the Celsius Network customers.
Q7. When reviewing the “Lenders Protection Pool” in the white paper, there is only $1,996,000 allocated on page 14. Is there an Ethereum (ETH) address available to monitor the Lender’s Protection Pool and increase transparency in the Celsius Network? Also, any plans on increasing the Lending Protection Pool as the company grows?
A7. No response available at this time. But the white paper notes the pool will be funded by fees collected by Celsius Network.
I reached out to BitGo via their customer support email address. I wanted to verify that Celsius Network was a client, the type of account, and discuss the multi signature wallet features. BitGo is an institutional-grade custodian for digital assets. On Thursday, 9/13/2018, they receive the first SEC regulatory license that allows them to offer regulated and protected custody of crypto assets (David, 2018).
BitGo offers a Business Wallet with the below key information noted from their website.
“Multi-signature, three-key management removes any single point of failure and advanced security configurations ensure that assets are secure as they move in and out of the wallet.”
·All wallets use multi-signature security (P2SH) and HD(BIP32) for financial privacy.
·90+ coins/tokens supported 11/13/18
Q & A FOR BITGO
On Friday, 11/16/2018, I spoke with a BitGo Sales Development Representative, Hector Martinez, to find out additional information that could not be found on their website. I asked a series of questions and discovered custodial solutions are more complex than I originally thought. The questions poised below have BitGo’s responses underlined. My opinion may be added but will not be underlined.
Q1. Is Celsius Network a client of BitGo?
A1. Yes. I also noted that the CEL token is listed on the supported tokens from BitGo when you view BitGo’s website (BitGo Pricing, 2018).
Q2. Can you explain multi-signature wallets? How many key signatures are required to move assets?
A2. Celsius utilizes a business account hot wallet. This would require a 2 key approval to move assets. One key is controlled by BitGo and the other controlled by the customer. The use of a 2 key approval system increases the points of failure to be hacked or have keys stolen. However, a 3rd key is also maintained. The 3rd key is an emergency backup key that can be used to access funds should BitGo become insolvent or cease to exist. The use of multi-signature wallets allows to grant viewer access to accounts without allowing those viewers the ability to make a transaction (Auditing purposes come to mind here). In addition, a multi-signature approach allows a final approving authority to approve transactions (possibilities include arbitration, CFO signatures, business owner approvals, etc.).
Q3. What advantages do SEC certification and regulation provide BitGo over competitors?
A3. Historically, exchanges cannot act as a custodian of assets. We have a first mover advantage and are compliant with laws and regulations. When I considered this, the exchange has no interest in holding onto my assets when they make much more profit trading assets (No fiduciary responsibility). BitGo’s SEC compliance would be more attractive to other large financial clients, which may lead to long lasting stabilization in the industry.
Q4. Is there a method for Celsius Network users to follow and see the assets and transactions by BitGo?
I was prepared to ask this question but realized the funds are maintained in a hot wallet. The assets are intended by Celsius Network to be loaned out to 3rd parties/exchanges. At that point, the tracking of the assets no longer is required or feasible by Celsius Network (Much as when a loan is made to a business, the bank doesn’t look over my shoulder to watch what I do with the money. They simply take my collateral upon failure to repay the loan.).
Q5. Does BitGo offer insurance to assets maintained there? Are there any future plans for insurance?
A5. At the moment BitGo does not offer insurance to their clients. They are open to the possibility, but they could not elaborate any further. Insurance becomes difficult to gauge when 5-10% of assets are retained in cold wallets and 90-95% of assets are retained in hot wallets. BitGo poised the question to me, how would you feel when only 5% of your assets were covered under the insurance? This made me think, as a business if I would lose 90-95% of my assets, it wouldn’t make a difference. I would be out of business. Insurance would essentially cover nothing.
Q6. Does BitGo consider decentralized exchanges a threat to the business structure?
A6. BitGo is looking to embrace the decentralized exchanges as viable options to improve security of tokens and allow for use of tokens through newer technologies. BitGo has introduce wrapped BTC (WBTC) as a tokenized version of Bitcoin on the Ethereum network, which is scheduled to be available in January 2019 (Chan, 2018). WBTC will allow BitGo to maintain the actual BTC in cold storage while it’s WBTC counterpart is spent in daily transactions, loaned out, or used inside of smart contracts. WBTC will reduce risk associated with custodial services, increase transparency by allowing to see the tokens remaining on the blockchain, and increase the trust in blockchain by allowing audits to be done at anytime by anyone!
Q7. What is on the horizon for security and custodial solutions?
A7. Although BitGo could not provide much depth behind answering this question, they did note the first mover advantage they retain in being the only SEC compliant custodial service, a recent large investment by Goldman Sachs (Goldman Sachs Invests in BitGo, 2018), and of course, WBTC in January 2019.
Now that I got those answers and completed my research, hopefully I can break down the security to users in a simple fashion.
Crypto assets are deposited to Celsius Network through the mobile app. The app is secured by a username and password. Re-entry into the app can be completed by a 4 digit pin from that point forward. Transfers and withdrawals out of the mobile app are also approved via the same 4 digit pin. The digital assets we deposit are sent to a BitGo Business Wallet (Hot Wallet) for custodianship. While at BitGo, a multi-signature wallet is utilized to authorize transaction that require approval from Celsius Network and BitGo. This creates a multiple point system to reduce the ability of hackers gaining access to your assets. Celsius Network has full intention of making transactions with those digital assets (putting our assets to work) for the purpose of creating loans and interest for the Celsius Network and it’s members. Loans are processed and approved via Celsius Network. The loans are collateralized with other members digital assets; however, if a loan were to default, Celsius Network will cover the loan from the Lenders’ Insurance Pool (see white paper page 9 & 14). The Lenders’ Insurance Pool was funded from ~2 million dollars raised in the ICO and plans to continue funding by the Celsius Network fees. The fact that the loans are back by Celsius Network demonstrates their trust in the community, ability to make profitable loans, and reduces risk from it’s members. I feel this is an important aspect of Celsius Network that all members should be aware of. Most lending platforms do not offer asset backing of loans. That is why the loans are collateralized. However, Celsius does, which reduces risk while still maintaining increased return rates! Check below picture of “How We’ew Going to Use the Money”. Notice the Lender’s Insurance Pool?
During my research into Celsius Network’s Security and BitGo, I was forwarded an article to review. The article was by Rachel Wolfson titled, “Why Centralized Cryptocurrency Exchanges Make Terrible Custodians For Crypto Assets” (Wolfson, 2018). At the moment, the article didn’t seem that big of a deal, but now I believe the article highlights what is going to change things up for security and custodial solutions. To the person who forward me the article, thank you for pointing me in that direction and allowing me to draw my own conclusion. So, what is this conclusion exactly? Well, Wolfson highlighted decentralized exchanges as an option for increased security. At the time I didn’t see how that would be a great factor in increasing security more than a negligible amount until I spoke with BitGo. When we discussed WBTC, it became my “Ah-ha” moment! Now let me preface by stating WBTC is a big deal! Please look into WBTC further and do your own research. Now let’s move forward.
WBTC is an Ethereum token that will be minted by BitGo in a 1 to 1 ratio for BTC. For every 1 BTC held by BitGo, there will be 1 WBTC in circulation. Big deal right… why not just use BTC? Well, this allows me to make a deposit to Celsius Network in BTC. My BTC can be transferred to BitGo and placed in cold storage. While in cold storage a WBTC will be minted and put into circulation on the blockchain. That WBTC can be traded, transferred, loaned, lost, etc. Meanwhile, my BTC is still maintained at BitGo. Should the WBTC be compromised or stolen, I have not lost my BTC. Now as a member of Celsius Network, would you enjoy the peace of mind to be able to look at a block explorer and see your deposited BTC in a cold storage wallet? Similarly, the WBTC system can be audited at any moment by simply looking at the circulating supply and comparing it to the BTC explorer.
PAIN POINTS OR WEAKNESSES OBSERVED
1. Two-Factor Authentication (2FA) is missing from the mobile app. UPDATE: on 11/14/18 an email was sent out by Celsius Network indicating 2FA will be implemented in the next update.
2. Maybe introduce an alternate 4 digit pin for “CelPay” and withdrawals. This would require both the transfer pin and login pin to be jeopardized for fraudulent account transfers.
3. Lenders’ Insurance Pool – I am not sure how this pool is store, i.e. fiat, ETH, BTC, etc. If this pool is maintained in digital assets, I would recommend making the address available for Celsius Network members to view. I feel this would increase the transparency and trust in the community. I am not a lawyer, and I am sure there are many factors that go into approving such a decision. At this moment I am not sure if this can be accomplished, but it is just my opinion.
I would like to thank Hector Martinez from BitGo for taking the time to answer my questions. The fact that he was able to make time in his schedule to speak with me was something I didn’t expect to happen. He was a great source of knowledge and provided honest and thorough answers.
I would also like to thank the entire Celsius Network support team in their Telegram room. Your group is active and provide quick responses to any and all questions. At times I see an overwhelming amount of support requests, and you all handle business quite professionally.
If you found this interesting, please read my prior article on Celsius Network where I provide a personal review of their platform. The article can be found here.
If you have any thoughts or opinions please leave them in the comments below. I really like this project and would love to see them succeed. My goal is to spread the word about Celsius Network, continue to research their business, and be an active community member in providing feedback and recommendations.
BitGo, 2018, https://www.bitgo.com/info/
BitGo Pricing, 2018, https://www.bitgo.com/info/resources#multi-currency
Chan, B., 10/26/2018, Introducing WBTC: The Power of Bitcoin with the Flexibility of ERC20, https://blog.bitgo.com/introducing-wbtc-the-power-of-bitcoin-with-the-flexibility-of-erc20-48c6681a9a7c
David, E., 9/14/2018, BitGo Gets Trust License, Launches Crypto Custody Service
Goldman Sachs Invests in BitGo, Finextra, 10/18/2018, https://www.finextra.com/newsarticle/32809/goldman-sachs-invests-in-bitgo
Wolfson, R., 11/7/2018, Forbes, Why Centralized Cryptocurrency Exchanges Make Terrible Custodians For Crypto Assets, https://www.forbes.com/sites/rachelwolfson/2018/11/07/why-centralized-//cryptocurrency-exchanges-make-terrible-custodians-for-crypto-assets/#432869dd2e18