Bitcoin and digital asset exchange Gemini today announced that the company has secured insurance coverage for the digital assets that it holds on behalf of clients that are stored in hot wallets (i.e. online). The insurance is being provided through a global consortium of leading insurers and arranged by Aon, a global professional services firm providing a broad range of risk, retirement and health solutions.
The coverage complements existing FDIC “pass-through” deposit insurance for which fiat funds (U.S. dollars) of Gemini customers are eligible for. The enhanced insurance is a milestone for Gemini, as the New York trust company has become an even safer and more stable place to buy, sell, and store bitcoin.
Yusuf Husain, Head of Risk at Gemini stated that insurers have been reluctant to safeguard the cryptocurrency industry due to a large number of high-profile hacks that have resulted in devastating losses over the years, not to mention poor security standards, internal controls, policies and procedures that have characterized much of the earlier days in the space. As a result, many crypto exchanges and custodians have either been unable to obtain insurance or dismiss it due to the high cost of premiums required by the few insurers willing to provide coverage.
“We were able to successfully demonstrate to insurers that Gemini is indeed a safe and secure exchange and custodian and further bolsters Gemini as a safe place for customers to buy, sell, and store digital assets in a regulated, secure, and compliant manner. Not only is this a tremendous win for Gemini customers but this is also a win for the broader crypto industry in furthering consumer protection.”
Below you can find more information on Gemini’s security methods:
For the majority of Gemini customers, crypto assets are held in offline vaulted storage systems. Only a small portion of digital assets are held in online “hot” wallets.
Hot Wallet
- The Gemini Hot Wallet environment is hosted on Amazon Web Services (AWS). AWS has a proven track record for physical security and internal controls.
- Tiered access-controls are applied to Gemini’s production environment to restrict access to employees based on role, following the principle of least privilege.
- Administrative access to the production environment requires multi-factor authentication.
- Hot Wallet key management is rooted in hardware security modules (HSMs). Gemini uses the hosted CloudHSM service provided by AWS, which offers dedicated HSMs within the AWS cloud.
- The specific hardware used by CloudHSM has been evaluated according to federal information processing standard publication 140-2 (FIPS PUB 140-2) and achieved a rating of Level 2.
Cold Storage
Gemini’s Cold Storage system provides two tiers of offline storage termed “cold” and “cryo” (short for “cryogenic”) for improved security and redundancy.
- Gemini uses HSMs that have achieved a rating of FIPS PUB 140-2 Level 3 (or higher).
- All cold and cryo private keys are generated, stored and managed onboard HSMs for the lifetime of the key.
- Gemini uses Multisignature technology (Multisig) to provide security against attacks and tolerance for losing access to a key or facility, eliminating single points of failure.
- All HSMs are stored in guarded, monitored and access-controlled facilities that are geographically distributed.
- Hardware is sourced from diverse manufacturers to guard against supply-chain risks.
- All fund transfers require the coordinated actions of multiple employees (i.e., all facilities are “no-lone zones”).