Subzero: Square's open source cold storage solution
Just last year Square began to offer Bitcoin services on its cashapp, this created a need for Square to invest in its security, as they’ll need to hold huge amounts of Bitcoin at once and just keeping them in hot wallets like most of us do won’t cut it.
Square recently open-sourced their solution, called Subzero, that uses a mixture of hot wallets and HSM-backed cold wallets. Cold wallets are wallets that are not connected to the network, they act as a safe storage of your Bitcoin without risking hacking, spoofing or other online attacks, the most common forms of cold wallets are paper wallets and hardware wallets.
Square decided that this wasn’t enough and used a Hardware Security Module (HSM). HSMs are dedicated crypto processors that are specifically designed to protect a cryptographic key and are kept in a hardened, tamper-resistant casings. Square used a multi-signature scheme and kept each of the signing devices in a different geographical area, QR codes are transmitted to these devices and an M-of-N signature is required for this transaction to be deemed valid, signatures are done with a mixture of passwords and smart cards.
Some extra precautions were taken like the wallet not being able to send anything to non-Square owned wallets.
The code and other documentation on how this was achieved is now open-sourced on Github, you can check it out by going to the repo.