Protecting our customers’ assets is a foundational component of everything we do at Bakkt. Bakkt’s infrastructure leverages enterprise security capabilities, including those that protect Intercontinental Exchange’s dozen exchanges around the world, including the New York Stock Exchange. This is complemented by defenses unique to the safeguarding of digital assets.
The Bakkt Warehouse is comprised of both online (“warm”) and offline, air-gapped (“cold”) digital asset storage. Bakkt rebalances between warm and cold storage tiers to minimize risks associated with warm storage. To further protect our customers, Bakkt’s warm and cold wallets are covered by a $125,000,000 insurance policy from a leading global carrier. This coverage will be reevaluated from time to time based on risks and updates to operational best practices. In addition, Bakkt is working with one of the largest custody banks in the world, BNY Mellon, as part of its safekeeping process.
Bakkt stores client private keys on hardened systems in cold storage and on FIPS 140-2 level 3 HSMs in warm storage. Systems are sourced using approved procurement processes addressing supply chain risk. Bakkt-developed applications and those procured from external vendors are required to support multifactor authentication and are centrally controlled by a full-time, 24x7 cybersecurity team. All Bakkt managed devices (i.e. servers, laptops, network devices, mobile devices, etc.) have extensive security controls to prevent unauthorized access, limit authorized access, and safeguard against local and remote attacks.
Regular penetration tests are conducted including external, internal, and physical evaluations of all operations facilities. For the continuous improvement of our security and operational processes, Bakkt proactively seeks input from partners and law enforcement agencies.
At Bakkt, the protection and secure recoverability of private cryptographic keys, used to store digital assets, is a core competency. Bakkt has robust controls for Disaster Recovery (DR) and Business Continuity Planning (BCP) which help prepare for the restoration of normal services as quickly as possible in the event of a service outage due to unforeseen circumstances or a physical disaster. The Bakkt Warehouse is fully supported in both the primary and backup facilities and can operate independently from the location of ICE trading and clearing systems.
Digital Asset Listing Standards
Bakkt uses a principles-based approach to evaluate support of new and existing digital assets. Our framework includes considerations such as security, regulatory compliance, and transparency. Supported assets should be based on work that is well-documented, peer reviewed, and maintained by a team, organization or distributed community. Bakkt assesses each digital asset’s ability to meet compliance obligations and ensure it falls within the standards set by our regulators, partners, and Federal policy. All assets should align with Bakkt’s mission of expanding access to the global economy by building trust in and unlocking the value of digital assets.