I’m being driven along the eastern shore of Lake Lucerne when my guide points out our destination. “The bunker is in one of those mountains,” says Maxim Kon, gesturing at a fog shrouded peak on the opposite shore as he pilots his BMW convertible.
Kon is taking me to see one of the vaults where Xapo, the company he works for, stores its customers’ bitcoins. It’s no ordinary vault: I’ve been told it’s inside a decommissioned Swiss military bunker dug into a granite mountain. Its precise location is secret, and access is limited by security measures that would put a Bond villain to shame.
Kon won’t tell me how much bitcoin is stored in the vault, but he says he sometimes takes customers with “millions” of dollars worth of the cryptocurrency stored with Xapo to tour the vault. It’s odd to think of a virtual currency needing physical storage, but just like your most precious photos, even a cryptocurrency needs some kind of material container. Xapo’s founder is the Argentinian entrepreneur Wences Casares, the “patient zero” of bitcoin among Silicon Valley’s elite. It was Casares who gave tech luminaries like Bill Gates and Reid Hoffman their first bitcoins.
A bitcoin vault doesn’t store actual bitcoin units. Technically, what’s being stored are private, cryptographic keys. These keys form a pair with particular, public-facing, keys and provide access to the balance of coins stored on the bitcoin network. Gaining unauthorized access to someone’s private keys is akin to making off with a gold bar.
Stories of hackers finding their way through even the best secured accounts are legion, and it’s ironic that bank-like methods have to be used to keep cryptocurrencies safe. If someone gets hold of your private key, there’s no way to claw the funds back or demand a refund. That’s why a firm like Xapo that stores bitcoin is a juicy target for hackers—and why it requires paranoiac levels of security.
We pull off the highway and onto a single-track road. We’re surrounded by grazing cows and the odd hiker. A few minutes later we’re at the foot of a mountain, separated only by a 3-meter tall (10 ft) gate. We are met by Michel Streiff, who works for Deltalis, the company that runs the facility.
Deltalis operates the 10,000-square-foot data-center that now inhabits the decommissioned bunker. Server racks for banks, and any client who needs secure data processing, fill a cavity dug over 320 meters deep in the granite mountain. The Swiss military built the facility in 1947, and it served as the army’s secret headquarters during the Cold War, Agence-France Presse has reported. Inside, walls covered with detailed maps and ancient radio electronics serve as vestiges of its military past.
Streiff leads us to a concrete facade jutting out of the mountainside, the bunker’s entrance. We step through about a foot of concrete and enter the lobby. I sign in as I would at any office building, except I also have to present my fingerprints and be photographed. After that I step through a “man-trap”—a phone booth-sized cylinder made of bullet-proof glass that shuts me in until an operator opens the door on the opposite side.
Once through the man-trap, we touch our ID cards and pass through a set of steel revolving doors, then walk down a 100-meter long passageway through the granite. At the end of the passageway are two red steel doors that I’m told can survive a nuclear blast. Streiff invites me to try to close one—my 90 kg (198 pound) frame can’t budge it. “They’re closed every night,” he tells me, showing me how to hang off the handle and use his body’s momentum to gradually swing it shut.
Streiff and Kon are taking me to see Xapo’s “private suite,” an ultra-secure, customized, portion of the data center. We pass through a second man-trap and then end up in front of a nondescript white door. “This is further than anyone outside Xapo has been,” Streiff tells me, as he unlocks it. Inside is a space about the size of a walk-in closet containing a cooling unit, and yet another door. But that’s as far as they’ll let me go, and I’m not allowed to take photographs.
Beyond that door, I rely on what Carlos Rienzi, Xapo’s head of security, tells me later, when I’m back in London. Rienzi chose the vault for Xapo, and he designed the private suite and its security protocols. His “threat model,” as computer security jargon goes, is to protect against attacks from “well-funded terrorist groups or hackers.”
There are two more portals inside the suite: the first leads to an operators’ room, and the second to a “cold room.” The cold room is encircled with steel slabs to form a Faraday cage: a barrier that protects against a possible electromagnetic pulse (EMP) attack that could wipe out the data—and thus the keys to the bitcoin—stored in the room. For digital assets like bitcoin, thick walls and a secret location are not enough. A shield against invisible modes of attack like an EMP bomb must be provided for.
No one, not even the operator, enters the cold room. Its door is sealed with tape—like a crime scene—to ensure it’s not tampered with. The cold room contains hardware, which is never connected to the internet, used to sign bitcoin transactions. Signing a transaction can be performed offline. The operator accesses that hardware using “special cabling,” sending encrypted data to the hardware for signing. Finally, before a transaction can be approved, two more sign-offs, in two other vaults located on separate continents, must be performed.
I ask Rienzi if he feels pretty confident about the security measures he has in place in Switzerland. “We are under attack 24/7,” he tells me, referring to the terrorists and hackers he designed the vault to guard against. “This is not a race. It is a chess game. You have to think about the opponent’s next movement. You can never relax.”