Ledger is widely known for its consumer-facing hardware wallets, but since last year, several enterprises have been using Ledger Vault, according to the company’s vice president of product, Jean-Michel Pailhon. This product is focused on offering custody solutions to enterprise clients. Now Ledger aims to help MicroStrategy secure its $400m Bitcoin.
MicroStrategy is a business intelligence company that made a splash in August 2020 by buying a large amount of Bitcoin (BTC). More recently Square, who just acquired $50 million worth of Bitcoin, developed an in-house open-source SubZero framework to secure its BTCs.
Pailhon said that both employ HSMs, or Hardware Security Modules, for the management of digital assets. HSMs have been used for years for securing critical data and are generally considered invulnerable. Though SubZero may be a great framework, Pailhon opined that its best suited for tech companies like Square that know how to deploy and manage HSMs. He said that Ledger will set these up for its users, and that “they don’t necessarily need to know how it works. They just need to use the solution.”
Paihon said about onboarding a company like MicroStrategy that one of the first steps would be to decide how many people will be involved in authorizing transactions, a typical setup would need 2-of-3 signatures; where perhaps, the CEO, chief financial officer, and general counsel hold one signature each. All the private keys would be stored on an HSM. Simultaneously, parts of the private keys may be stored in some physical vaults.
When a company officer is going to initiate a transaction, he/she would log into Ledger Vault and input the desired transaction. Then, a notification would be sent to all three signatories. To approve it, they would have to log in and connect their Ledger Blue hard wallet to their computer. Eventually, they would enter their unique Ledger Blue pin to sign the transaction. There is also an additional layer of protection, which involves one of the signatories choosing to abort the transaction altogether, provided that the minimum number of signatures had not yet been authorized.
Pailhon added that though Ledger provides the backend and takes care of the HSM infrastructure, the user acts as its own custodian. This may present a problem as some firms may be required by law to use a regulated custodian. He said that this does not present a real challenge though:
“If you need a regulated custodian, you can ask a regulated entity to become one of the signees in the transaction process.”
While the ledger has gone through that, MicroStrategy has not named its Bitcoin custodians, though it publicly acknowledged the associated risks:
“While we hold the bulk of our BTC assets with established cryptocurrency custodians, a successful security breach or cyberattack could result in a partial or total loss of our BTC assets in a manner that may not be covered by insurance or indemnity provisions of our custody agreements with those custodians.”