A state-the-art nuclear bunker in the Swiss Alps is being used to safeguard Bitcoin.
Exclusive
Own this piece of crypto history
It sounds far-fetched, but it’s true. There is a vault in a secret nuclear bunker in the Swiss Alps protecting a significant amount of Bitcoin (BTC).
Cointelegraph visited the facility first-hand to see how multiparty computation (MPC) shards stored in bunkers are being used to provide bleeding-edge security to one of the world’s first Bitcoin banks.
Every Bitcoiner knows the phrase “not your keys, not your coins,” but you can’t keep hiding your hardware wallet or seed phrase under your mattress forever. With an estimated two million Bitcoin irrevocably lost, how and where you store your BTC remains one of the most challenging aspects of owning the digital asset.
It sounds far-fetched, but it’s true. A secret nuclear bunker in the Swiss Alps houses a vault safeguarding #Bitcoin worth more than $100M 💵💵💵
I visited the site firsthand on a personal invitation by @xapobankapp. Here’s what I learned 👇
🔒 The vault is protected by layers… pic.twitter.com/B8vTIfwtaf
— Gareth Jenkinson – Token2049 🦙 (@gazza_jenks) September 26, 2024
For some, holding their BTC on an exchange is a risk they’re willing to take. Others move their Bitcoin offchain.
Those comfortable enough to entrust their BTC to a third party opt for the services of industry first-movers like Xapo Bank, which uses a series of underground bunkers to safeguard their clients’ Bitcoin.
The Fort Knox of Bitcoin
“You’ve got another five minutes, then I need you to hand over your phone,” says Albert Rocca, Xapo’s senior HQ account manager.
The former career detective slips our smartphones into an inconspicuous backpack as our helicopter chops its way into the Swiss mountains. The bag’s inner compartment is a Faraday cage, cutting off our devices from any connectivity, so we have no way of tracking our location.
The helicopter touches down at a small landing strip nestled under the shadow of a steeply ascending vista. At its base is a smoothed-out granite surface with a single, military-style bunker door. It’s the first of many hermetic vault doors barricading the unknown mysteries inside.
Entering this bunker involves an exhaustive security check. After an ID check and pat-down, visitors are given a magnetic card that they must use to enter various points throughout the facility.
The first major barrier to entry is a six-ton vault door designed to withstand a nuclear blast. The guard scans his retina and enters a code that updates every minute before the massive door gradually swings open.
We move into a smaller space with yet another barrier. This time, a man-trap enclosure with bulletproof glass on either side is used to measure visitors’ weight and height. This biometric data is linked to the magnetic card identifying you as you move through the facility.
Finally, we’re inside the bunker. A tunnel of exposed rock winds into the mountain for about 30 meters, leading to the next set of security doors. This particular point requires the entrant to perform a specific movement to move through, yet another deterrent aimed at bamboozling unwanted guests.
Behind this door is a corridor with vault doors on either side. Our entourage makes its way to one of the many doors, this one giving access to Xapo Bank’s vault.
Andrew Mannoukas, Xapo’s chief information security officer (CISO), is one of a select few able to access the innermost room inside the vault. On this visit, his credentials were revoked so that he wouldn’t be taken hostage and forced to give us entry.
Behind the final door is the MPC shard, one of a number stored in vaults around the world. It is required to sign transactions to manage Xapo Bank’s BTC holdings.
According to the CISO, the sheer number of redundancies safeguarding the infrastructure makes it nearly impossible for an attacker to take control of the bank’s BTC.
“Why the vaults? It’s all about defense in depth. The physical security — those military-grade bunkers — adds another crucial layer of protection. It guards against insider threats, natural disasters, and physical theft attempts,” Mannoukas explains.
Xapo’s shards are distributed globally at undisclosed locations, held by different entities whose exact locations are unknown to each other.
This geographical dispersion is designed to ensure that no single individual, organization or entity can access all of the shards, as doing so would effectively grant them control over the full private key.
Bunker prepared for everything
Xapo Bank’s vault is one of many services housed in the secret bunker. The owner, whose identity is withheld to maintain the site’s security, acquired the facility in a joint venture with the Swiss Air Force in the 1980s.
Now independently owned, the labyrinthine bunker houses all sorts of infrastructure, goods and assets.
The facility maintains all of its nuclear-resistant features. It houses two one-megawatt diesel generators and an intricate HEPA air filtration system that removes any and all pollutants, including toxins and radioactive particles.
It also uses an underground lake to cool server rooms and other utilities within the bunker, eliminating the need for power-intensive air-cooling systems.
Different sections of the bunker have higher security clearances. Access to a hidden emergency exit requires permission from a remote security service. The tunnel is equipped with a timer, and ambient green lights illuminate the passage during the allotted time for crossing.
Another six-ton door guards this entrance. The entry point still features a military-era deterrent — a small chute that allows a guard to drop a grenade into the corridor outside. The bunker is truly a surreal experience. It blends decades-old Swiss bunker construction with cutting-edge technology and infrastructure.
Swapping multisig for MPC
Xapo Bank shifted away from multisignature signing to protect its Bitcoin holdings in 2023.
The company has used these bunkers since its inception in 2013, and the multisig process involved guards manually completing hot and cold wallet BTC movements daily.
MPC technology has made this redundant. The use of homomorphic encryption has completely removed the risk of exposing private keys, adding an additional level of security assurance.
Mannoukas likes to explain the MPC signing process like a group of chefs cooking a dish together, but each chef has a secret ingredient.
The chefs add their ingredients to the pot without showing them to each other. They stir the pot together, following a special recipe that mixes everything perfectly. In the end, everyone tastes the final dish, enjoying the combined flavors, but no one knows exactly what ingredients the others added:
“This is similar to how MPC works in that each chef involved (MPC shard) contributes their piece of the signature without revealing it, and when combined, these shards create a valid signature that is able to sign the transaction.”
This way, the group can authorize the transaction securely without any single person or entity holding the complete private key or the private key ever being assembled.
No expense has been spared in delivering this level of security. The bunkers alone cost millions of dollars annually to use.
The combined security measures remain one of Xapo’s major drawcards. Its clients forego the responsibility of self-custody in exchange for technology and infrastructure that most modern banks don’t employ.
Disclaimer: Cointelegraph was personally invited to visit Xapo Bank’s vault, and the company covered its travel and accommodation expenses.
This article first appeared at Cointelegraph.com News