$24m was lost. Setting this up is say $10k in time and materials. Although I would use a rack server.

.

Yeah. Sorry to say, but if you’re going to run a crypto company, and it’s even moderately successful, people are going to try to steal the key. Either you are extremely paranoid, or you’re going to lose a bunch of money, for yourselves or your investors.

I have, I've set up "truly offline" root certificate authorities and the like in the past.

Yes, it's a pain to operate, but if the alternative is "the bad guys get all of our money", then it can be worth it.