BitGo ‘exaggerated extent of insurance coverage,’ underwriter claims

Getting your Trinity Audio player ready...

BitGo ‘exaggerated extent of insurance coverage,’ underwriter claims

Crypto services firm BitGo has been accused of using ‘ambiguous language’ when describing its new insurance coverage, in a damaging leaked email from one of the policy’s underwriters, CoinDesk reported.

In an email intended for insurance brokers, a copy of which was obtained by the crypto news outlet, the underwriter criticized reports the policy would insure against “third party hacks”, which were described as “misleading.” According to the report, while the wording implies protection against hacked funds in “hot” wallets, in reality cover only extends to amounts held in “cold” storage.

Clarifying the terms of the policy, the underwriter said there was no protection for the loss of private keys in the event of third party hacks.

The report noted, “ … the BitGo Specie policy absolutely does NOT provide any cover for remote ‘third party hacks.’ […] Cover is only provided for ‘storage media’ in secure storage. In other words, there is no cover for any loss of sensitive information (private keys) resulting from the generation, transportation or transaction phases of the private keys’ life cycle.”

The email continued to say a hacker would need physical access to offline private keys for a hack to fall within the scope of the policy.

The comments were described by the underwriter as “necessary” for clarifying the true extent of the cover provided.

BitGo’s new insurance offering was unveiled in recent weeks to significant fanfare, described by the company as the “most comprehensive” insurance product of its kind.

Yet some figures in the insurance industry have described the level of assurance offered by the policy as “certainly nothing newsworthy.”

In response, BitGo defended its descriptions of the policy.  The crypto service firm told CoinDesk, “Working with our insurance underwriters, it is understood that a hack in the cold storage context includes unauthorized access or theft of private keys. This refers not only to the hardware but more specifically to the cryptographic series of alphanumeric characters generated, which permits the release of cryptocurrency from a Public Address.”

“Cold storage involves devices and cryptographic keys that are not exposed to online networks removing the threat vector of remote network access, but there are other attack vectors that would involve technology,” it noted.