BitGo

The Leader in Security, Compliance, and Custodial

Solutions for Digital Assets

December 2018

© 2018 BitGo. Confidential.

 BitGo Builds Trust in Digital Currency

THE LEADER IN DIGITAL ASSET SECURITY

● Pioneered multi-signature security service in 2013
● Processes over $15 billion USD each month
● Largest Bitcoin processor with over 15%
of all on-chain transactions
● Serves over 300 clients across 50+ countries

MULTI-COIN PLATFORM
● Support for over 100 coins and tokens
● Holding over $2B in assets in BitGo wallets

2
BitGo Value Proposition and Technology

SECURE
Built using state-of-the-art multi-sig, encryption & authentication, conforming to
the most rigorous industry standards

SIMPLE
Easy cold storage and hot wallet access via the web and single unified API

SCALABLE
Powers the world’s largest digital currency businesses

3
 Institutional Investors are Entering the Market

FEBRUARY 2018
226 Hedge Funds
focused on trading crypto
(doubled since Nov 2017)
APRIL 2018 JUNE 2018 AUGUST 2018 OCTOBER 2018
Nasdaq VanEck & SolidX join Intercontinental Fidelity Digital Asset
announces support for forces to seek SEC Exchange Services, LLC
cryptocurrency approval to launch Bitcoin announces Bakkt, a Global provides cryptocurrency
exchanges ETF Platform and Ecosystem custody and trading services
for Digital Assets for enterprise clients

JANUARY 2018 MARCH 2018 MAY 2018 JULY 2018 SEPTEMBER 2018 NOVEMBER 2018
NYSE parent, Trading Goldman Sachs Northern Trust Citigroup Standard Chartered
Intercontinental Technologies, adds cryptocurrency announces intent to offer to let investors trade aimed at creating a more
a Wall Street trading trading desk custody for custodian-held reliable and trusted
Exchange
platform, launched a trading platform cryptocurrencies cryptocurrencies investment environment
creates cryptocurrency
datafeed cryptocurrency for potential investors
trading platform
4
 Analysts Agree Custody is the Missing Piece
Monica Sommerville,
Senior Analyst, TABB Group
“Institutional money is being amassed,
sitting on the sidelines, held back by a
lack of greater regulatory clarity,
institutional grade data and
enterprise-ready infrastructure, waiting
for the right conditions to enter the
market, expected to begin happening
this year.”
Source: TABB Group “Crypto Trading:
Platforms Target Institutional Market,”
May 2018
Gabriel Wang
Analyst, Aite Group
“Asset custodial services in the
traditional sense doesn’t exist in the
cryptocurrencies market. As the
market continues to mature and
market participants gradually find
clarity from global regulatory bodies,
Aite Group expects to see incumbent
financial institutions taking the role of
asset custody for cryptocurrencies
down the road.”
Source: Aite Group “The Cryptocurrencies
Market Landscape: A New Frontier,”
July 2018
Lex Sokolin
Analyst, Autonomous
NEXT
“Once institutional liquidity and
custody are solved, crypto assets
can be packaged and distributed like
other investments within asset
allocations to family offices,
endowments and retirement
portfolios.”
Source: Autonomous NEXT “Crypto Utopia,”
July 2018
5
 BitGo Custody: Modern Custody for Modern Assets

The best security with

100% cold storage The best client
technology in experience with fast
bank-grade Class III onboarding and 24/7
underground vaults support

Plus, regulatory compliance

Hold assets with BitGo Trust Company,
a qualified custodian
BitGo
The best
Custody Institutional-grade US Institutional Investors
The most flexibility Financial institutions with more than $150
features with stringent million in assets under custody are required
with support for over
policy controls and under the Investment Advisers Act of 1940 to
100 coins and tokens use a qualified custodian
multi-user accounts

BitGo Trust Company is a qualified custodian

licensed by the South Dakota Division of
The lowest startup fees and Banking
BitGo’s Custody Advantage in
year 2 with reduced custody rates

6
 Not All Custodians are the Same

Traditional custodians offer custody but…

● Security Risk: Not security experts in digital assets and few offer deep cold storage
● Business Risk: Digital assets not the same as stock certificates
● Procedural Risk: Quick transfers out of cold storage are not consistent with security
best practices

Exchanges offer custody but…

● Compliance Risk: SEC regulations say that exchanges cannot also be custodians as
this may present a conflict of interest
● Audit Risk: Commingling accounts is problematic -- accounts must be segregated,
using unique digital asset addresses, that can be independently verified and audited
● Security Risk: Insufficient security levels can make exchanges vulnerable to
breaches. $860M has been stolen from exchanges since January 2018*

7
*Source: Wall Street Journal, July 16, 2018 and September 30, 2018
 Multi-Signature
Key Management

© 2018 BitGo. Confidential.

 Multi-Signature Security (Hot Wallets)

Secured with

Multiple keys protects against single machine compromise or single key losses

CUSTOMER KEY BITGO KEY EMERGENCY (BACKUP) KEY

Generated and stored Generated and stored Generated offline,

by client by BitGo stored offline by client
Used to initiate all Used to co-sign all for disaster recovery
transactions transactions

9
 Multi-Signature Security (Cold Storage)

Custody Solutions - BitGo manages all 3 keys

CUSTOMER KEY BITGO KEY EMERGENCY (BACKUP) KEY

X of Y KEY SHARDS Generated and stored Generated offline,

by BitGo stored offline by BitGo
Used to co-sign all for disaster recovery
transactions

Generated and stored by BitGo

Key shards are used to initiate all
transactions
10
 Supported Coins

SUPPORTING THE MOST COINS & TOKENS ...BITGO ALSO SUPPORTS

OF ANY QUALIFIED CUSTODIAN SPECIALIZED WALLETS

Bitcoin (BTC) Ethereum (ETH) XRP (XRP)

Royal Mint Gold
(RMG)

Bitcoin Cash (BCH) Stellar (XLM) Litecoin (LTC)

Each WBTC is backed 1:1 by Bitcoin
● Transparent
● 100% verifiable
Wrapped Bitcoin ● Community led
(WBTC)

Dash (DASH) Zcash (ZEC) Bitcoin Gold (BTG)

11
 Dozens of Supported ERC20 Tokens
STABLECOINS BBX (BBX) Dent (DENT) Kin (KIN) OPTin (OPT) Snovio (SNOV)

CENTRE Dollar Status Network

BCAP (BCAP) Digix (DGX) Kyber Network (KNC) PlusCoin (PLC)
(USDC) Token (SNT)

Gemini Dollar (GUSD) Blockbid (BID) Drive (DRV) Linker Coin (LNC) Polymath (POLY) Storj (STORJ)

MakerDAO’s Dai Loom Network

Blocktrade (BTT) eChat (ECHT) Populous (PPT) Storm (STORM)
(DAI) (LOOM)
Paxos Standard Power Ledger Streamr Data Coin
Blox (CDT) eGold (EGL) Mainframe (MFT)
Token (PAX) (POWR) (DATA)
TrustToken’s
Bounty0x (BNTY) Endor Protocol (END) Mandala (MDX) Propy (PRO) SwissBorg (CHSB)
TrueUSD (TUSD)
Mass Vehicle Ledger
Bread (BRD) Enjin Coin (ENJ) PumaPay (PMA) SyncFab (MFG)
OTHER TOKENS (MVL)
Formosa Financial
0x (ZRX) CashBet Coin (CBC) Medibloc (MEDX) Pundi X (NPXS) TenX (PAY)
(FMF)

Aelf (ELF) Celsius (CEL) FunFair (FUN) Metadium (META) QASH (QASH) Tierion (TNT)

Quantum Resistant
Aeternity (AE) Chainlink (LINK) Gifto (GTO) Metal (MTL) Tokenize (TKX)
Ledger (QRL)

AirSwap (AST) Change (CAG) Golem (GNT) Metronome (MET) Qvolta (QVT) Tokenomy (TEN)

Raiden Network
ANA (ANA) Civic (CVC) Gnosis (GNO) Mithril (MITH) UnikoinGold (UKG)
Token (RDN)

AppCoins (APPC) CoinLion (LION) Hold (HOLD) Multiven (MTCN) Rebellious (REBL) Uquid Coin (UQC)

Colu Local Network Worldwide Asset

Aragon (ANT) Holo (HOT) Nebulas (NAS) Rialto (XRL)
(CLN) eXchange (WAX) ...with more
Augur (REP) Content Box (BOX) Hybrid Block (HYB) Neumark (NEU) Ruby X (RBY) WeTrust (TRST) being added
all the time.
Aurora (AOA) CryptoPay (CPAY) Indorse (IND) Nexo (NEXO) Salt (SALT) Zebi Coin (ZCO)

InternationalCryptoX Sentinel Protocol

Bancor (BNT) DAOstack (GEN) Numeraire (NMR) Zilliqa (ZIL)
(INCX) (UPP)
Basic Attention
Token (BAT)
Decision Token (HST) iShook (SHK) OmiseGo (OMG) Serenity (SRNT) 12
 Easy Access Options

You can access BitGo via our APIs, which can be found at www.bitgo.com/api/v2

Or, you can access BitGo via our web interface at www.bitgo.com

To access our test environment, visit test.bitgo.com

13
 Security Best Practices

© 2018 BitGo. Confidential.

 Hot Wallet Organizational Roles

Wallets can be configured to limit access on a need-to-know basis by defining organizational roles

One who controls account policies and approvals

ADMINISTRATOR
(can also approve transactions)

SPENDER Those who can initiate transactions on an account

VIEWER Users who handle accounting, tax and audit functions

15
 Hot Wallet Policies

To further enhance security, policies can be created by an Administrator to limit the ability to transfer
crypto assets into or out of a wallet

TRANSACTION LIMIT Limits the number of digital tokens that can go out in a transaction

Defines a maximum number of digital tokens that can go out

VELOCITY LIMIT
within a defined period of time.

Requires x of y administrators to approve the transaction prior to

MULTIPLE APPROVERS
being signed by BitGo

Individual who gives final approval to a transaction approved

FINAL APPROVER
by Administrators

Limits the transfer of digital tokens only to a list of approved

WHITELIST
addresses
16
 Easy-to-Manage Hot Wallets

DEPOSITS

WITHDRAWALS
HOT WALLET

Suggested Security Measures:

1. Enable IP restrictions for sending
2. Enable spending limits to reduce exposure

17
 Optional Wallet Configurations Isolate Risks and Manage Funds

DEPOSITS

RECEIVE WALLET

COLD STORAGE WARM WALLET

WITHDRAWALS

SEND WALLET

Suggested Security Measures:

1. Restrict Receive Wallet to only send to Warm Wallet
2. Restrict Warm Wallet to only send to Cold Wallet or Send Wallet
3. Set policy for multiple approvals of all transactions from Warm Wallet to Send Wallet
4. Add a velocity limit policy to Send Wallet 18
 Signing Flow

CUSTOMER DATA DATA CENTER

CENTER
● Verify Requesting IP
Client Client
● Check Policy Limits

● Verify Hot Key

● Verify Transaction Contents

Transaction Transaction ● Verify Destination Address

Initiated Received
● Check Dynamic Fraud Filters

● Confirm wallet not frozen

Client
(aka “Big Red Button”)

Client ● Do Client Callbacks

BitGo

Co-sign & send to the

Independent Transaction P2P network to update
Verifier (Optional) public Blockchain
19
19
 Custodial Wallet Configuration
A custodial wallet is a pair of linked wallets, one hot and one cold. One custodial wallet pair is
required for each digital asset in your portfolio.
COLD STORAGE
● The cold storage wallet is linked to
the hot wallet
● The cold storage wallet is used to
accept deposits and to fund the
hot wallet
● Whitelisted to send funds only to
the hot wallet
HOT WALLET
● The hot wallet is the customer’s
interface to the custodial service
● The hot wallet is the means by
which the customer spends digital
assets
20
 Cold Storage Setup and Transaction Flow

Cold Storage
Setup

Generate user partial keys Create cold storage

Transaction
Flow

Customer requests a transfer BitGo performs out-of-band The transaction is signed by Once BitGo co-signs, funds
via web identity verification and M-of-N signatures offline are transferred from the cold
generates a transaction typically within 24 hours storage to the hot wallet

21
 Custom API Endpoint

The “Custom API Endpoint” CLIENT INTERNET DDOS BITGO

option gives clients access to WWW.BITGO.COM

BitGo’s platform through a
private, dedicated URL
(api-yourcompany.bitgo.com)
CUSTOM
ENDPOINT

Using a standard API endpoint, “normal” traffic is queued with all other incoming traffic through a connection to www.bitgo.com

The Custom API Endpoint option is highly recommended if using BitGo APIs and if any of the following are true:
● You are conducting a large number of transactions
● You are transacting with other people’s money
● Your business would be impacted by delays
● You want to avoid going through Cloudflare

Pricing is based on the number of Custom URLs you require

22
 The Big Red Button

Problem: Kill Switch

If an attacker has compromised your system,
how do you halt Bitcoin withdrawals to prevent
theft?
● Protect your assets with the flip of a switch
● Freeze any wallets under a BitGo
organization so coins can’t be removed
● Remove freeze with customizable
out-of-band authentication

23
 BitGo is the Right Solution

© 2018 BitGo. Confidential.

 Leader in Security and Regulatory Compliance

Cryptocurrency Security Standard (CCSS) Level 3

Demonstrated
robustness SOC 2 Compliant (Audit by Deloitte, July 2018)
of security
controls

FS-ISAC member of global financial industry's go to

resource for cyber and physical threat intelligence

Licensed
BitGo Trust Company is a licensed qualified
regulatory
custodian by the South Dakota Division of Banking
compliance

25
 Trusted by the Largest Digital Asset Companies

...and many more

26
Investors
Flexible Product Options

100+ coins & tokens 100+ coins & tokens

* After a year, clients may be eligible for a fee credit if their assets under custody (AUC) balance is equal to or greater than it was during the prior 12-month period
27
** BitGo Trust Company, Inc. is a qualified custodian regulated by the South Dakota Division of Banking
 The Leader in Security, Compliance, and
Custodial Solutions for Digital Assets

© 2018 BitGo. Confidential.