It has now been several weeks since the Bitfinex hack. As I’ve written before, I still believe in the future of bitcoin and I am encouraged by the ways we’re working to improve security and implement standard practices for the industry.
Nevertheless, in recent weeks BitGo has reviewed our systems and processes to see what we can learn from the situation. We’re constantly seeking to improve our security services and better serve customers; best practices in security are constantly evolving and so are we. Acting upon some of our “lessons learned” coming out of the Bitfinex hack, here are some recent enhancements that we’ve made:
- Customer Wallet Review: We conducted a review of all our customers’ wallets and made recommendations to each customer about how their wallet security could be improved through the use of policies, wallet architecture, and basic practices for handling access tokens and credentials in a multi-user environment.
- Immutable Policies: BitGo policies are controlled by the customer and can be protected by multiple, independent people. To enact a policy change, one person proposes the change, one or more people approve the change (with 2-factor authentication), and finally everyone gets notified that the change is complete via SMS and email. With the new immutable policy feature, once policies have been unchanged for some time, we automatically lock the policy in an immutable state. Changes to the policy cannot be made via API, and may only be unlocked by BitGo Operations Personnel after a manual, out-of-band identification and authentication process. The process includes several safeguards such as a video call with pre-verified persons designated by the company in advance.
- Mandatory Multiple Approvers: Multiple approvers for policy overrides has always been a core function of the BitGo platform. We have tightened the multiple user policy for several customers to require at least three users to take an administrative action.
Additionally, in June, BitGo completed its most recent external security audit. The routine audit examined our operational security and also included a phishing test directed at BitGo’s employees. No major flaws were found, but we did update some minor items in response to the audit.
Overall, these are just some of the ways BitGo is doing things differently. We’re committed to continually making our systems better to keep our customers secure. If you have recommendations, we’re always listening. If appropriate, please don’t hesitate to report through our long standing bug bounty program as well.