Fire blocks are fast becoming a major provider of cryptocurrency custody and insurance. This article examines the company and shows how it differs from BitGo.
Bitcoin has allowed individuals and businesses around the world to exchange value in a decentralized, permissionless way since 2009. Bitcoin and other cryptocurrencies have created a new financial system that is based on blockchain technology. This is the good news.
While Bitcoin and other cryptocurrencies are highly secure due to the immutability of permissive blockchain transactions, the security of Bitcoin and other cryptocurrencies is dependent on the competence (and honesty of) the people who manage the ‘private keys. Unfortunately, the private key management of individuals, exchanges, and custodians across the crypto sector was poor and continues to be so.
Exchanges were regularly hacked. Frauds and project rug pulls are commonplace. The growth of DeFi has opened up new avenues for bad actors to steal millions of dollars through the manipulation of smart contract codes.
Investors continue to face a problem with the theft of cryptocurrency. Although cryptocurrency has received a lot of attention, it is clear that institutional investments in technology are not possible. However, it is difficult for most conservative institutions (such as banks and pension funds) to justify investing in unregulated technology that operates outside of the financial system.
Companies like Fireblocks can help. Fire blocks were founded in Israel in 2018 and are a digital asset platform that offers a variety of services tailored to businesses and institutional investors.
Fire blocks are frequently referred to in fintech by clients in a custody or insurance context. However, these services are not ‘table stakes for Fireblocks – they are the minimum offer required to do business in the cryptocurrency space. Fire blocks view themselves as a “crypto as a Service” business. This means that it is a one-stop-shop for companies looking to integrate cryptocurrency capabilities.
Who uses Fireblocks
Fireblock customers include some of the most prominent names in crypto and the wider financial sector, including major banks like Credit Suisse and BNY Mellon as well as popular fintech apps such as Revolut and Robinhood. Some notable names in the crypto industry include Crypto.com, the leading cryptocurrency exchange, and BlockFi, a lending platform.
The company currently has more than 800 customers, including banks, exchanges, custodians and banks, trading desks, hedge funds, and banks. Fire blocks are a one-stop shop for many companies’ most pressing operational issues, including regulation, taxation, infrastructure, asset storage, transfer, regulation, taxes, and infrastructure. There is a good possibility that Fireblocks could be providing backend solutions for any crypto service provider.
Who are the Fireblocks’ creators?
Fire blocks is a private company that was founded by Michael Shaulov and Pavel Berengoltz. These three men have a rich background in cybersecurity. They all worked for top companies and contributed to Israeli military intelligence in developing cybersecurity infrastructure and systems.
Both Shaulov and Berengoltz worked for cybersecurity company Check Point. In 2017, they were given the task of investigating a spate of hacks on crypto exchanges in South Korea. They discovered major security gaps around cryptocurrency security and realized there was an opportunity to create a digital asset security platform.
Fire blocks were quickly a popular choice for venture capitalists, and the market accepted their assessment. The company has raised approximately US$1Billion in funding through five funding rounds and is valued at around $8 billion. There are 28 investors in Fireblocks, including D1 Capital Partners and Cyber starts. Galaxy Digital had announced plans to buy BitGo, a competitor to Fireblocks, in May 2013. However, the sale has yet not been completed.
Fire blocks were established in Israel but its global headquarters are in New York. There are also offices in the UK and France. The company employs more than 250 people from 10 countries.
What do Fireblocks do to secure assets?
Fire blocks do not view private keys and cold storage wallets as industry best practices. Instead, they believe that these solutions are obsolete and unsuitable for institutions or businesses. There are two reasons why this is so.
Multisignature & Cold Storage: The Problem
Because cold storage wallets can’t be accessed via the internet, it has been considered a more secure option for crypto custody. However, cold storage withdrawals can be slow and require manual labor. This is what Fireblocks founder Michael Shaulov said on the recent European Blockchain Convention podcast.
“Retrospectively, companies such as BitGo and Xapo have created a very efficient cold storage solution. They would store assets in wallets that were not connected to the internet. The private keys were then spread around bunkers or military-type facilities in remote places such as the Alps and Iceland. When you wanted to make transactions, you would need to gather that key material, sign a transaction, and then release it to the blockchain. It is extremely secure. It is however cumbersome and complex and took 72 hours to complete transactions. These are the kind of processes that degrade the myth of cryptocurrency and blockchain being the internet money.
Fireblocks believes that this is not a good solution in situations where large institutional investors might want to quickly move their assets, such as in the case of an arbitrage opportunity. Cold storage is not as secure as it could be. However, it requires someone (or more) to move assets from offline to the internet. This introduces security risks and the human element.
Multisig wallets are a great way to reduce the risk of asset theft. Fireblocks however view this technology as obsolete because they are not protocol-agnostic (e.g. incompatible with Ethereum) and other operationally inflexible.
The Fireblocks MPC/CMP Algorithm
Fireblocks is moving beyond cold wallets, multi-sig, and default security protocols for institutional crypto custody to develop its cryptographic algorithm. Fire blocks build on existing technology Multi-party Computation(MPC), to create MPC-CMP.
It is similar to a multisig scheme where several people have different private keys. A percentage of these individuals must sign to move funds. Each party’s private keys are always changing. MPC-CMP is also compatible with both hot and cold storage, as cold storage in certain territories is a legal requirement. Fire blocks claim MPC-CMP has more flexibility, is more secure, and can be integrated into cold storage systems 800% faster than original MPC processes. It’s also peer-reviewed technology that is open-source.
Fire blocks passed the Ernst and Young Service Organization Control (SOC 2 Type II) examination in 2019. This exam evaluates how well a company protects its data. Fireblocks also exposes its software to periodic penetration testing. To identify any weaknesses, Fireblocks simulates a cyberattack against its platform. These tests are conducted by ComSec Group and NCC Group, third-party cyber security firms.
Fireblocks was nominated last year for the second annual Microsoft Security20/20 awards where it finished as a finalist under the “Security Trailblazer” category. This award honors companies that lead security initiatives and make the effort to educate their audiences about cybersecurity.
Are Fireblocks insured?
Fireblocks claims that it has comprehensive insurance coverage for all assets under its care. It does not indicate which company it is insured with or how much. This is common for crypto-related companies, as insurance can be difficult to obtain and the coverage is often far lower than the assets under management.
For example, BitGo and Gemini have only 1% coverage on their assets. This is despite being in the best-case scenario. Gemini claims it has $20 billion in AUM. However, its insurance policy covers only $200 million. BitGo is in a similar situation.
Crypto deposits are not covered by the FDIC. There is also no FDIC insurance coverage for fiat deposits. Insurance policies for crypto have not been packaged as ‘off-the-shelf’ solutions. BitGo’s insurance is provided by Lloyds of London. It is provided by several Lloyds-affiliated companies and syndicates, including Atrium and Coin cover, TMK, and Markel, as well as a “panel of additional Lloyd’s insurers.”
Gemini was left without a provider and had to create a Bermuda company called Nakamoto Limited to get coverage. This was assisted by Marsh and Aon insurance brokers.
Fireblocks claims it “created” its policy of insurance, which is consistent with the norm for all providers in this market. Fireblocks claims its policy is unique because it protects assets while in transit. Our policy covers not only cyberattacks and fraud, but also important potentialities that other policies overlook like software bugs and errors in internal processes. It is crucial to protect the dynamic handling of digital assets (such as transfers) when you insure them. A software bug in the crypto space could accidentally cause the asset to burn. Fireblocks claims that its policy has been rated “A” in both the insurance and credit rating agencies A.M. best.
Where are Fireblocks next?
Fire blocks CEO Michael Shaulov stated that crypto is currently at the ‘Early Majority stage of its product Adoption Curve. Fireblocks has $1 billion of venture capital raised, and the clear objective is to be the default infrastructure backend for any business or institution that wishes to include crypto in its business plans. Fireblocks’ 2022 priorities include its new Aave Arc product. It will likely expand to other protocols.
Shaulov claims that traditional financial players such as banks are unable to participate in the DeFi market because banking regulations often require them to only deal with known, trusted entities and individuals who have undergone extensive AML, KYC, and identity verification processes.
This is unfortunately not the case in the DeFi world. Aave Arc allows DeFi users to interact with the regulated financial sector voluntarily through Fireblocks. This allows them to become ‘white-labeled”.
Fireblocks is a regulated provider that traditional banks accept. This allows Fireblocks to act as a pseudo agency for DeFi players. They can keep their anonymity while the banks can be assured that they are not dealing with any counterparties.
Fireblocks will also be focusing on other areas in 2022, including helping to grow internet-based financial apps, tokenizing content, and important initiatives in the GameFi sector.