In the first quarter of 2025, the digital asset industry was shaken by incidents of hacking and fraud, resulting in the theft of nearly $2 billion worth of cryptocurrencies. As the amount of Bitcoin held by the world's wealthiest increased, so too did the threats against their assets. How are these top holders safeguarding their digital wealth? To explore this question, we present an interview with Andrew Mannoukas, Chief Information Security Officer of Xapo Bank.
Xapo Bank is a private bank dedicated exclusively to Bitcoin, combining state-of-the-art security systems with a fortress-like vault nestled deep within the Swiss Alps. Mannoukas explains how advanced technologies, such as multi-party computation (MPC), are utilized to safeguard assets against highly sophisticated threats. He delves into the evolving landscape of security practices within the digital asset industry, highlighting the continuous improvements and latest trends.
Moreover, he provides a rare glimpse into the bank’s secure vault—a facility that integrates cutting-edge digital security measures with physical safes. The vault, located in the Swiss Alps, stores encrypted fragments of cryptographic keys used for transaction signing, ensuring the highest level of security for its clients’ assets. This interview offers an inside look at one of the most advanced and secure systems protecting digital wealth today..—Ed.
By Andrew Mannoukas, Chief Information Security Officer at Xapo Bank
What is your background in the security industry? How did you come to work in the field?
From a young age, I was deeply fascinated by computers and how they worked. I often spent time building them with my dad, which ignited a technical interest and a passion for problem-solving. I initially pursued a career in IT, and security became a natural next step, aligning with my curiosity and ability to think outside the box. I progressed quickly in the field and, having always been interested in crypto, joined Xapo in 2021.
Threats are evolving rapidly, and high-profile hacks are generating headlines. How do you feel about the state of security within the industry?
The industry has made significant strides towards improved security. Still, high-profile hacks serve as a timely reminder that we can never be complacent. Increased regulation is a positive development that will compel businesses to implement more rigorous security measures. Greater transparency also shows a commitment to safeguarding crypto users—after all, with a massive increase in the capital flowing around Bitcoin, the onus for increased security is greater than ever. Ultimately, we’re responsible for people’s wealth and prosperity, and we must never lose sight of that.
As for the state of security in the industry currently, it’s varied. Unlike TradFi, which has decades of building a legacy of security, crypto is catching up. We are moving in the right direction, and businesses like Xapo are leading the charge for the industry.
What are the most common security risks individuals face when managing their crypto?
Though championed by crypto purists, self-custody makes you the security guard of your funds; it’s the digital equivalent of keeping your money under your mattress. Keeping these funds secure is a huge ask for the average individual, and there are countless examples of how this can go wrong. The surge of sophisticated cyberattacks targeting traditional storage methods, as well as ongoing infrastructure limitations, means it’s a lot to manage for a non-technical user. There will always be a place for self-custody, but if you are not technologically savvy, it may not always be the best option.
What makes Xapo a secure place to store your Bitcoin?
At Xapo Bank, we built our reputation as the “Fort Knox of Bitcoin” on the principle of using physical bunkers to protect customer assets. We’ve developed a more advanced security model that leverages Multi-Party Computation (MPC) not as a standalone tool, but as a core component of a sophisticated security architecture—blending best-in-class physical security with digital solutions. Unlike many platforms in the crypto space, we operate under a full banking license, granted by the Gibraltar Financial Services Commission (GFSC), alongside a Virtual Asset Service Provider (VASP) license. This demands strict adherence to Basel capital requirements, KYC, AML, CTF, Consumer Duty, and Operational Resiliency regulations across all our operations.
What is Multi-Party Computation (MPC) technology? Can you tell us more?
MPC replaces the traditional concept of a single private key with multiple cryptographic shards. These shards, or key shares, are mathematically structured so that the full private key is never reconstructed in a single location, not even during the transaction signing process. Each party performs operations on its shard, contributing to the collective outcome without ever revealing or combining its piece with others. This ensures that the full private key does not exist at any single point in time or space, rendering obsolete the single point of failure common in traditional storage methods.
Think of it like a vault that can only be opened with five separate, physical keys. Each of these keys is held in an undisclosed location. No single person ever sees all the keys, and they’re never brought together in one place. Instead, each keyholder performs their part of the unlocking process independently, contributing just enough to open the vault without ever revealing the full set of keys to anyone.
You can find the Korean version of this article here.
