US mobile payments company Square has made its Bitcoin (BTC) cold storage solution ‘Subzero’ available on Github, in a bid to enable “even more innovation — and better protection for all players — in the cryptocurrency space”.
Square entered the crypto trading space nearly a year ago, when it began testing support for Bitcoin trading through its popular Cash app. Then, in late January the company expanded the feature to most Cash users, though it remained unavailable in a handful of US states. The option was eventually expanded too all 50 US states.
“Since launching Bitcoin support, Square developed a robust approach to Bitcoin cold storage, and we recognize the importance of sharing our work with the community,” Alok Menghrajani, security engineer at Square, wrote yesterday in a blog post. “As a result, today we’re open-sourcing the documentation, code, and tools for “Subzero” our HSM-backed solution for protecting Square’s Bitcoin holdings.”
Menghrajani went on to explain that HSM (hardware security modules)-based solutions were widely used in the payments industry to store sensitive cryptographic key material and perform operations with those keys, adding that for Subzero, Square used “the same HSM vendor that we use for all our other payments-related needs”, as it was familiar with the hardware and software. “The HSM is programmable, allowing us to support Bitcoin wallets today while giving us the flexibility to implement other protocols in the future,” he said.
Square utilised HSM’s programmable nature to add the ability to enforce that cold wallets can only send funds to a Square-owned hot wallet. A multi-party signature requirement provides additional layer of security.
This year alone, the crypto sector has seen a multitude of online hacks targeting online (hot) crypto wallets, which has shown that there is need for reliable cold storage solutions for both institutional and retail investors. Recently US investment giant Fidelity Investments and UK-based security company G4S announced their own solutions, aimed at institutions.