security – Protecting cryptocurrency private keys in a corporate environment

Now that Tesla has bought a large amount of BitCoin, other companies may follow suit. If my company wanted to do that, I was thinking about how it could be done.

I’m familiar with the way private individuals store keys.

I could see two possibilities:

  1. The Chief Financial Officer or someone like that would be the only with the keys, with some type of backup. The data is done in a way very similar to how an individual would do it.
  2. The Information Technology (I.T.) may be called upon. For example, they might write a bot to buy the cryptos at certain prices or criteria.

If I.T. is involved, then one or more programmers or I.T. staff would have access to the keys. If they weren’t honest, or left the company, they could use the keys to transfer out all the cryptos. Even if I.T. created an application for the company, the “bad people” could simply do a transfer using the private key totally outside the company’s network.

I was thinking that one approach might be to have some automated software to keep moving the cryptos around to new accounts every x hours. To do this, the private/public key would have to be generated by software, but still stored in a data store of some type. Maybe that would have to be a separate database instance that only very key people had the access codes to.

The issue is similar to API Keys, but they often have more flexibility (Protecting API Keys).