Square’s Open-Sources Bitcoin Cold Storage Solution


Late last year, Square began offering the ability to buy and sell Bitcoin with Cash App. As part of that launch Square invested heavily in building out our cryptocurrency infrastructure to help protect Square customers’ funds, and Square itself, from both internal and external threats.

Cryptocurrencies like Bitcoin require private keys to access and move funds. Securing these private keys is important because transfers are irrevocable. An unauthorized person who gains access to the private keys can move funds and due to the nature of cryptocurrencies, it would be practically impossible to identify the person or recover the funds.

Since launching Bitcoin support, Square developed a robust approach to Bitcoin cold storage, and we recognize the importance of sharing our work with the community. As a result, today we’re open-sourcing the documentation, code, and tools for “Subzero” our HSM-backed solution for protecting Square’s Bitcoin holdings.

Cash App customers have the ability to buy, sell and withdraw Bitcoins. They can view the balance for their account, but the actual Bitcoins are held by Square in a combination of hot and cold wallets. Cold storage is a term used to refer to a Bitcoin wallet that is offline, meaning that the private keys for the wallet are stored in such a way that they are inaccessible from any network. Storing Bitcoin in a cold wallet reduces the risk of remote attack.

Without remote access, it is more difficult for an attacker to obtain the private keys that give access to the Bitcoin stored in the cold storage wallet. Transferring funds out of cold storage requires physical access to the private keys or the device on which they are stored. On the other hand, an online or hot wallet is able to send funds at any time. Keeping a small amount of funds in online wallets and the majority of funds in cold wallets is a good way to get the best of both worlds.

There are many ways to implement cold storage. You can print the key material on a piece of paper (a so-called “paper wallet”), carve it into stone, save it on a computer that is kept disconnected from networks, or use a specialized hardware wallet device, such as Trezor or Ledger.