AWS Database Blog
How Itaú Bank simplified cryptocurrency custody with Amazon Managed Blockchain Access and Query
In this post, we share how Itaú Unibanco adapted to the growing demand of digital asset services from their customers, and how they used Amazon Managed Blockchain Access, Amazon Managed Blockchain Query, and AWS Nitro Enclaves to quickly bring enterprise-grade innovation to the digital asset space at scale.
Adoption trends in Brazil
Cryptocurrency adoption is accelerating across Latin America, driven by converging favorable consumer and business trends paired with a supportive regulatory environment. In particular, Brazil has been positioning itself as a leader in cryptocurrency adoption.
Brazil has already shifted towards digital payments in recent years, accelerated by mobile technology, government support, and changing consumer habits. The instant payment system, Pix, introduced by the Central Bank of Brazil in 2020 has become a hugely popular way for Brazilians to pay friends, pay bills, and make purchases. Pix, which is used by over 150 million Brazilians, is a real-time payment system that allows instant transfers between bank accounts using just a phone number, email, or ID. Consumers who have already moved onto digital payment methods have also been early adopters of cryptocurrencies, with an estimated 16 million people owning crypto and 12,000 companies holding crypto on their balance sheet. Cryptocurrencies continue to gain traction for use cases like storing value against high inflation, enabling low-fee remittances, and participating in decentralized finance. According to Chainalysis, Brazil ranks ninth globally in crypto adoption.
Regulators in the region are also establishing clear guidelines to grow the cryptocurrency and digital asset industry. For example, Brazil’s securities regulator CVM enacted regulation number 175 in 2022, which now allows regulated investment funds to allocate up to 10% of their portfolios into cryptocurrencies. This is a positive move that expands mainstream investor access to cryptocurrencies. Additionally, in December 2022, Brazil published its Legal Framework for Virtual Assets, also known as the Cryptoassets Act, which took effect in June 2023. This legislation defines virtual assets and outlines requirements for virtual asset service providers (VASPs) operating in Brazil.
Brazil’s plan to launch a central bank digital currency (CBDC) called DREX in 2024, which aims to enhance transaction security and efficiency, is further fueling the use of blockchain technologies and digital assets in core financial businesses. For example, to test a pilot version of DREX, the Central Bank of Brazil has chosen 14 financial institutions to take part in the program, including major local banks like Itaú Unibanco. The project could enable many advanced applications beyond standard payments, including asset tokenization, which is the process of digitizing real-world assets onto a blockchain.
Itaú’s solution for digital asset custody
On December 4, 2023, Itaú Unibanco, one of the largest banks in Latin America, started offering custody services for Bitcoin and Ether and cryptocurrency trading using the ÍON app to selected customers. This follows the formation of Itaú Digital Assets in 2022, which was driven by consumer demand for cryptocurrency services provided by a brand with whom they already trust their traditional assets.
Currently, Itaú Unibanco is gradually opening its cryptocurrency trading service to customers. For its custody service, Itaú has already handled U$1 billion. For 2024, Itaú expects to launch new cryptocurrency products and expand its services to retail platforms. In developing its custody solution, Itaú aimed to meet the same stringent security, compliance, and regulatory requirements as its traditional offerings, while also supporting the innovative use cases of blockchain technology.
The custody service is made up of five layers to achieve these goals, as illustrated in the following figure.
The layers are organized as follows:
- Security – The first layer focuses on security at the infrastructure level by enabling safe transactions and protecting customer keys (from generation to storage) using a combination of well-tested solutions such as hardware security modules (HSMs) and innovative technologies such as multi-party computation and confidential computing
- Compliance – The second layer deals with compliance by analyzing data that is stored on blockchain and traditional data such as credit card purchases and bank transactions to meet know-your-counterparty (KYC), know-your-transaction (KYT), and anti-money laundering (AML) requirements
- Governance – The third layer provides governance by ensuring appropriate permissions and controls are in place for each customer
- Audit – The fourth layer meets auditing requirements
- Services – Finally, the fifth layer offers the custody application itself along with services like staking, trading, and integration with decentralized finance
To build this custody solution, Itaú had to overcome three primary challenges:
- First, they had to simplify managing the blockchain infrastructure itself with the necessary resilience needed for enterprise-grade workloads. This included running and maintaining blockchain nodes, keeping node client software up to date, and load balancing traffic across nodes.
- Second, they had to implement robust data encryption that protected transaction information up to the point of submission to the public blockchain nodes and prevent any private information from being shared.
- Third, they had to protect the key generation, storage, and transaction signing with security and encryption layers. The key controls access to the customer wallets that hold the digital assets, and any leakage of information or unauthorized use would put customer funds at risk.
Technical deep dive
In the rapidly evolving landscape of digital asset custody, AWS Nitro Enclaves emerges as a pivotal technology. Nitro Enclaves provides an isolated, highly secure environment within Amazon Elastic Compute Cloud (Amazon EC2) instances, crucial for handling sensitive operations such as cryptographic key management and transaction signing. This isolation is essential in the realm of digital assets, where the security and integrity of cryptographic keys are paramount. With Nitro Enclaves, Itaú makes sure that the keys used for digital asset transactions are protected from external threats, maintaining the highest standards of security and compliance.
The following diagram illustrates the architecture for digital assets custody: securely signing transactions and broadcasting to public blockchain networks.
Amazon Managed Blockchain significantly streamlines the operational aspects of blockchain management, providing essential infrastructure support for major networks like Bitcoin and Ethereum. AMB Access offers a fully managed gateway to these blockchain nodes, simplifying the process of connecting to and interacting with different blockchain networks. Additionally, AMB Query enhances the efficiency of blockchain data handling. It provides indexed blockchain data, enabling complex blockchain queries to be translated into simple API calls. This unified approach across different protocols reduces the complexity and time required for blockchain data management, enhancing overall efficiency and lowering costs, risks, and operational efforts.
The following diagram illustrates the architecture for monitoring the blockchain for deposits, withdrawals, and transfers of managed assets, using AMB Access for Ethereum and Bitcoin.
Nitro Enclaves and Managed Blockchain are first-party services on AWS, and allow straightforward integration with other services, keeping security tight. The integration of serverless applications with Managed Blockchain further empowers Itaú to develop custom transaction management and compliant indexing solutions. This integration facilitates the creation of scalable, efficient, and secure applications tailored to the specific needs of digital asset management. With the AWS serverless architecture, Itaú can focus on innovating and enhancing its digital asset services without the overhead of managing server infrastructure, leading to more agile and responsive development cycles.
“Brazil is one of the world’s fastest growing cryptocurrency markets, with interest from the retail sector and among institutions, as well as supportive regulation from our government. Itaú is at the forefront of meeting this need as a trusted and regulated entity, with a comprehensive cryptocurrency initiative. The partnership with AWS and the use of AMB Access has accelerated our time to market by months, which holds great strategic significance for Itaú’s continued leadership across multiple businesses within a rapidly evolving market. Furthermore, we are able to focus on delivering innovative products with the assurance of Amazon Managed Blockchain’s scalability, security, and reliability supporting our efforts. After seeing the benefits of AMB Access, we are looking at AMB Query to help us more quickly get the critical balance and transaction information that is stored on the blockchain.”
– Caio Cesar Lopes Gomes, CIO of Itaú Digital Assets
Conclusion
The integration of AWS technologies like Managed Blockchain and Nitro Enclaves represents a significant step forward in the secure and efficient management of digital assets. As the cryptocurrency use cases continues to grow and evolve, especially in regions like Brazil, the need for robust, scalable, and secure digital asset solutions becomes increasingly important. With its blockchain solutions, AWS offers a powerful toolkit for businesses looking to explore the vast potential of digital assets and tokenization. We encourage businesses interested in advancing their digital asset capabilities to explore the range of solutions AWS offers, setting the stage for innovation and leadership in this dynamic and rapidly evolving landscape. Get started on AMB Access and AMB Query for Ethereum, Bitcoin, and Polygon.
About the authors
John Liu is the Head of Product for Web3/Blockchain at AWS. He has 13 years of experience as a product executive and 10 years of experience as a portfolio manager. Prior to AWS, John spent 4 years leading product and business development at public blockchain protocols with a heavy focus on cross-chain technology, DeFi, and NFTs. Prior to that, John gained financial expertise as Chief Product Officer for fintech companies and portfolio manager at various hedge funds.
Everton Fraga works as Sr. Web3/Blockchain Specialist SA at AWS. He helps companies worldwide build Web3 infrastructure and applications. Previously, he was a software engineer at Ethereum Foundation.