Cryptocurrency Custody Solutions
BitGo is considered the premier custody solution provider to institutional clients. The company was founded in 2010 by Mike Belshe, a former Google engineer and serial entrepreneur. In 2018, BitGo became a financial services company with the launch of BitGo Trust Company, the first qualified custodian purpose-built for storing digital assets. BitGo contributed to solving the problem with the lack of transparency and stability in the cryptocurrency industry, which, at the time, was preventing institutional investors from entering the niche. Today, BitGo is focused on working with clients, partners, and regulators to deliver innovative security, custody (digital assets are insured for $100m), and liquidity solutions.
Launched in 2018, Coinbase Custody offers clients access to the secure, institutional-grade offline storage solution that has been used by Coinbase’s exchange business since 2012. Coinbase Custody is an independent, NYDFS-regulated entity that operates as an independently capitalized business, Coinbase Trust Company, LLC. The custody solution provider supports all types of assets that institutional investors may be interested in. All digital assets are segregated and held in trust for the benefit of the company's clients. Coinbase is the first custodian to offer staking from safe, offline storage of assets. The minimum balance required to become a client is $1 000 000, alongside an implementation fee between $0 and $10 000.
Anchorage is focused on bringing the world’s most advanced and proven security architecture to cryptocurrency custody, making digital assets safe to hold and to use. Anchorage Trust Company is a state-chartered trust company with fiduciary powers and a Qualified Custodian that helps SEC-registered investment advisers meet their obligations under federal law. It was founded in 2017 to meet the growing need for institutional custody. Anchorage is based in San Francisco, California and Sioux Falls, South Dakota. The company is a Founding Member of the Libra Association. Anchorage supports a variety of assets and is continuously adding new ones.
Kingdom Trust is an independent qualified custodian regulated by the South Dakota Division of Banking. The company specializes in innovative custody solutions for individual investors, investment businesses, family offices, advisory firms, broker-dealers, and various other investment platforms. Kingdom Trust serves over 100 000 clients and has over $12 billion in assets under custody. The company is considered the pioneer in online custody account opening for the Self-Directed IRA industry. In just a few minutes, users can fill out and submit a simple account form. There are no initial physical paperwork nor wet-signature requirements.
Aside from its brokerage and exchange services, OSL provides insured custody for digital asset holdings. The service includes comprehensive protection of customers' assets for both hot and cold wallets. Users' funds are insured against loss, damage, destruction, or theft. The custody solution utilizes state-of-the-art encryption, private key protection, and multi-layer authentication. OSL's cold wallet infrastructure is based in faraday-cage equipped high-security physical vaults, certified to meet US Department of Defense requirements. OSL divides the levels of protection it ensures in 5 categories - digital defense, physical defense, process defense, slippage detection, and insurance.
Tangany is a Germany-based crypto custody provider serving institutional investors and businesses. Its modular Custody Suite lets customers choose from an array of products and services including warm wallets (available via API), multi-signature cold wallets, crypto payment processing, and node infrastructure. Tangany offers both fully and partially-managed custody options, asset tokenization, and tools to create crypto-powered products like exchanges and lending services. Tangany won a 2020 FinTech Germany Award. The provider currently serves more than 65,000 wallets with clients located throughout the EU.
Finoa is a regulated digital asset management platform offering custody, staking, and trading services to professional crypto investors. Its custody solution relies on "warm storage" technology that permits instant withdrawals without compromising security. Users verify their identity through biometric two-factor authentication and multisig. Hardware infrastructure is shielded in partnership with Utimaco, a leading manufacturer of Hardware Security Modules (HSMs). Finoa supports Bitcoin (BTC) and Ethereum (ETH) plus a growing list of altcoins. The company was founded in 2018 and is based in Berlin. It serves institutions, high-net-worth individuals, and corporations all over the world.
Aside from being a well-known cryptocurrency exchange, Gemini also provides custody solutions to institutional and individual clients. The platform offers flexible pricing, with free setup and no minimums. Gemini Custody launched Captive Insurance Company called Nakamoto, licensed by the Bermuda Monetary Authority (BMA) to insure Gemini Custody™. That way, Gemini Custody™ is protected by $200 million in insurance coverage. The platform has a direct integration with the Gemini Exchange which allows users to take advantage of same-day withdrawals and instant liquidity for trading. Gemini Custody supports over 23 different assets. Gemini is a fiduciary and qualified custodian under New York Banking Law and is licensed by the State of New York to custody digital assets.
ItBit offers full-range crypto-related services including a cryptocurrency exchange, an OTC trading desk, Escrow, and a custodial solution. As a New York State Trust Company, itBit is subject to strict regulatory oversight by the New York State Department of Financial Services. All fiat and crypto customer assets deposited with itBit are backed by mandatory capital reserves as a regulated entity. ItBit uses 100% cold storage ensuring that the deposited crypto assets remain secure and will be available to meet investor redemption and verification requirements.
HexTrust is a provider of crypto custody solutions to institutional investors. The platform is designed with an institutional mindset to provide a highly secure, enterprise-grade and compliant solution for digital assets custody. HexTrust serves institutional investors, corporations, exchanges, and brokers. The platform is powered and protected by bank-grade security, proven cryptographic algorithms, operational best practices, and standards. HexTrust offers on-chain segregation of assets at the account level. That way, balances and transactions are independently auditable on their respective blockchains. The company works with authorities and institutional partners to conform with relevant regulatory regimes and global AML / KYC rules.
Bakkt Warehouse is a custodial solution, comprised of both online and offline, air-gapped digital asset storage. To further protect its customers, Bakkt’s wallets are covered by a $125m insurance policy from a leading global carrier. This coverage is periodically evaluated based on risks and updates to operational best practices. In addition, Bakkt is working with one of the largest custody banks in the world, BNY Mellon, as part of its safekeeping process. Bakkt’s infrastructure leverages enterprise security capabilities, including those that protect Intercontinental Exchange’s dozen exchanges around the world, including the New York Stock Exchange.
Headquartered in Singapore, Onchain Custodian® (ONC) offers a global, standardized, resilient, insured and compliant custody service for the safekeeping of institutional digital asset investments. Onchain Custodian's clients include crypto exchanges, funds, family offices, high net worth individuals, OTC brokers, ICO and STO founders, miners, asset managers, and more. Its product, the SAFE™ digital asset custody platform, offers comprehensive reporting services to facilitate efficient and transparent management of its clients' digital asset holdings. The solution supports 8 digital assets with more to be added (BTC, ETH, LTC, ONT, ONG, NEO, GAS, and USDT). The ONC's platform code and cybersecurity are audited by the NCC group.
BANKEX is designed as a multi-layer security concierge banking infrastructure that is easy-to-use and ensures the safe storage of users' cryptocurrency assets. The BANKEX custody service ensures the secure storage of Bitcoin, Bitcoin Cash, Ethereum, and Litecoin with no minimum deposit limit. The platform also accepts BKX tokens. Service fees are waived for customers that hold a certain amount of their assets in BKX. BANKEX's clients can make deposits or withdrawals, check their balance, and view their transaction history at any time. BANKEX has patented Custody Service in the United States Patent and Trademark Office (USPTO).
Founded in 2018, Aegis Custody is a San Francisco-based fintech company that provides financial institutions with a secure and easy-to-use solution for custody of digital assets. Aegis Custody offers products and services that allow financial institutions, exchanges, funds, and token issuers to transfer and store their digital assets. Aegis is preferred by institutional investors as it provides a self-custody solution. Clients can control their private keys and digital assets without relying on third-parties. The custody solution supports BTC, ETH, and ERC20-compliant tokens. Aegis is backed by Fosun, a global asset management company.
Onyze is a Madrid-based crypto custody platform. It serves both individual and institutional investors and is free for users with less than 100k in their accounts. The platform stores users' funds in escrowed wallets which are protected by an insurance program. Onyze supports Bitcoin, Ethereum, and ERC-20 tokens. If a user wants access to his digital assets, he should send Onyze a cashback request. It is worth noting that it may take up to 24 hours to transfer his funds from Onyze's vault to his wallet. The platform also has a mobile app for Android and iOS devices that allows clients to control their funds on-the-go.
Vo1t is a market-leading, insured digital custody service, established in 2015. The service provider is trusted by some of the world’s largest institutions. The team behind Vo1t includes experts in physical security, cybersecurity, and banking. They have worked for some of the most renowned institutions in the UK and internationally, including the UK Ministry of Defence, the Financial Conduct Authority (FCA), and Goldman Sachs. Vo1t’s secure cold storage platform supports the majority of the mainstream digital currencies and tokens, as well as hard forks and airdrops. Vo1t is designed to integrate with clients' core infrastructure, enabling rapid transactions in under two hours.
Copper provides end-to-end secure custody architecture for crypto assets. The London-based custodian provides multi-sig support for over 100 digital assets. The company's solution is based on two pillars - security and control. Users can maintain easy management and complete control over their digital assets through the online Copper Platform, while also storing their assets in the offline vault. Copper also provides independent custody connected to multiple exchanges, thanks to which funds can deploy capital across exchanges while maintaining independent custody. Copper won the Best Digital Asset Custodian award at the HFM Awards 2019.
Bitcoin Suisse provides institutional-grade and fully audited crypto asset custody through its time-tested Bitcoin Suisse Vault service. It features a multi-signing process customizable to client needs. The user-friendly access is hardware-free and the client defines who can view and withdraw the stored assets. It is offered to financial service providers, corporations, and institutional and private investors. Access to the Bitcoin Suisse Vault is available 24/7 supporting safe custody for BTC, ETH, BSV, XRP, BCH, LTC, BTG, TRON, EWT and all ERC20/223 tokens. The Bitcoin Suisse Vault offering is based on the Swiss Crypto Vault solution. Swiss Crypto Vault AG is a subsidiary of Bitcoin Suisse AG.
KNØX provides custody services to financial institutions, asset managers, high net worth individuals, cryptocurrency miners, government agencies, exchange venues, trading platforms, and individual traders. In June 2018, the company raised $6.2 million from several investors include iNovia Capital, Initialized, FJ Labs, and Ferst Capital. The idea of the company is to provide institutions with white-glove support for efficient integration, and management of their holdings without having to design and build their own custody solution. The service is compatible with Bitcoin and Ethereum.
Prime Trust is a technology-driven financial institution that provides open banking solutions. The service provider powers everything from financial apps, payment processors, crypto exchanges, and OTC desks, to crowdfunding portals, real estate platforms, brokers, investment advisors, and others. It also provides modern digital asset custody for institutions. PrimeTrust is an independent, qualified custodian, that ranks among the leading in the industry of secure storage solutions for traditional and modern assets. The custody solution provider is a preferred choice due to its competitive fees and proven track record in the field of digital asset security.
Falcon’s proprietary custody solution provides private and institutional investors with a reliable and secure way to store and protect their digital assets. The solution supports the world’s top cryptocurrencies (Bitcoin, Bitcoin Cash, Ether, Litecoin, XRP, and Stellar Lumens) and provides on-demand custody of ERC-20 compatible security tokens. The platform employs Shamir's Secret Sharing algorithm and multisig to ensure the complete protection of users' funds. Recovery seeds are securely stored in multiple geographical locations in bank vaults. All of Falcon's hardware, software, and business processes are periodically examined by an independent security company and audited in line with Swiss banking standards.
The reputation score is a score between 0 and 1000, assigned to products based on our algorithm. It looks at factors such as popularity on Reddit, Twitter mentions, Telegram links, crypto news media mentions, podcast references, and other signals. Unlike our market data methodology for Nomics (which are transparent), the reputation score methodology is opaque to prevent manipulation.
Frequently Asked Questions
What Is Cryptocurrency Custody?
Cryptocurrency custody is a class of solutions for storing and securing large amounts of crypto. These services are aimed at high-net-worth individuals (HNWIs), institutions, and others who control hundreds of thousands to millions of dollars' worth of cryptoassets. Since these entities are responsible for so much cryptocurrency, there's enormous risk in mismanaging private keys, the alphanumeric series that correspond to blockchain addresses and represent crypto ownership. If private keys are lost, so are the corresponding coins.
For retail investors, it's enough to store keys in a hardware wallet like Ledger or Trezor, a software wallet, or in a wallet on an exchange like Binance. But the big fish have too much at stake to rely on consumer-grade solutions. They entrust the job of private key management to cryptocurrency custodians.
Hot vs. Cold Storage
In general, crypto custody can be split into two categories – "hot" and "cold" storage. Hot storage refers to crypto, or, more precisely, keys representing crypto, that are accessible via the internet. With assets online, it's easy to withdraw or trade them. Unfortunately, connectivity increases the chances that keys could be hacked or stolen.
Cold storage reduces this risk by relying on "air-gapped" storage devices that are not connected to the internet. While air-gapped machines are still vulnerable to other forms of intrusion, they are usually considered safer than hot storage. However, in most cases, keeping keys in cold storage means sacrificing instant access.
Crypto Custody & Compliance
In addition to the security advantages of partnering with a qualified third-party custodian, outsourcing key management may be a wise compliance move. Per the United States Securities and Exchange Commission (SEC), entities holding large amounts of customer assets must store those holdings with a "qualified custodian."
As of this writing, the SEC has yet to set guidelines for custodying crypto, but it's only a matter of time before they do. Meanwhile, custodians enable funds and institutions to wade into digital assets without fear that they'll be out of compliance when the SEC does issue guidelines.
Other agencies have weighed in. On July 22, 2020, the Office of the Comptroller of the Currency (OCC), a department of the U.S. Treasury that supervises the banking industry, released a letter according to which national banks and federal savings associations could custody "the unique cryptographic keys associated with cryptocurrency."
The OCC letter won't necessarily prompt banks to enter the crypto business – there was never a prohibition on banks offering crypto custody services – but it signals that there are sectors of the U.S. government that consider digital assets to be assets like any other. This makes it safer for funds, HNWIs, and institutions to invest. Down the road, it could drive retail investment as consumer-focused funds offer more crypto options.
Is Custody the Key to Institutional Buy-In?
Custody has long been seen as crucial to attracting institutional money to crypto. Throughout the "crypto winter" that followed the 2017 bull market, analysts predicted that the next runup would be driven by demand from established institutions. Many believed that major players wanted into crypto but were waiting on the sidelines pending the development of reliable infrastructure and regulatory clarity.
In recent years, there has been a proliferation of crypto custodians, including dedicated solutions from trusted brands like Coinbase and Gemini. With the OCC opening digital asset custody to legacy banks, it appears that crypto is on its way to providing institutions with the security and compliance infrastructure they need. While regulatory clarity remains elusive, corporations, funds, endowments, and pensions may start buying in.
How Does Crypto Custody Work?
Holding Bitcoin (BTC), Ethereum (ETH), and other cryptoassets is not the same as holding fiat currency. While banknotes can be stored in and retrieved from physical locations like a wallet or safe, cryptocurrency exists on a blockchain. Ignoring the physical Bitcoins that are traded as collector's items, the typical HODLer has no claim to physical coins. Rather, they hold the keys to addresses on blockchains that represent their crypto.
Most HODLers and traders can sleep at night knowing that their keys are stored in a hardware wallet, software wallet, or hot wallet hosted on a reputable exchange. But professional money managers, hedge funds, and institutions cannot rely on off-the-rack solutions. To guarantee the safety of their keys – and those of their clients – these entities partner with specialized crypto custodians.
Crypto Custody Options
Third-party custodians offer a spectrum of solutions. A client who values accessibility over security may opt for a "hot" storage system that is connected to the internet and does not require his or her physical presence to sign transactions. A client who doesn't need round-the-clock access might choose an offline, "cold" storage solution.
It's a trade-off. Hot storage means liquidity, which is a must for clients who actively trade. Unfortunately, it also means that their keys are exposed to a small but present risk of network-based attack. Cold storage systems insulate keys from hackers at the expense of accessibility.
At its most basic, cold storage could be a hardware wallet or a paper wallet, a page containing QR codes of its owner's keys. These solutions are cost-effective, and, when properly managed, work well for hobby traders up to bonafide whales. For those who prefer to entrust private key management to the professionals, cold storage could be anything from a bank-grade vault to a network of nuke-resistant underground bunkers surveilled by armed guards.
Yet no solution is 100% secure – not even a blast-proof bunker. Keys could still be vulnerable to threats like keylogging or over-the-shoulder spying, and malpractice is always a possibility. Take the case of QuadrigaCX, a Canadian cryptocurrency exchange that collapsed when its founder, Gerald Cotten, unexpectedly died in 2018. At his death, Cotten was the only person with access to the cold storage vaults into which he'd placed his customers' keys. Their funds were never recovered. Though the Quadriga story is less about cold storage than it is a warning to think twice before trusting keys to an unregulated, centralized crypto exchange, it's a reminder of what can happen when a trusted third party lacks good controls.
Importance of Governance
Institutional-grade crypto custody combines the latest in storage technology with a strong governance model. Cold storage should be built around devices like hardware security modules that not only secure cryptographic information but are resistant to physical tampering. Access should be restricted to employees who can swipe the right badge or satisfy a biometric scan. And no device should be available to company personnel except to carry out a client's instructions, which must be authenticated.
When a client does make a request, no individual should be able to execute their wishes without oversight. Ideally, transactions are divided into components with each permissioned to a separate employee. This multi-signature or multisig approach is often used to secure cryptocurrency wallets. Had QuadrigaCX used multisig, the business might have survived its founder's death. At the very least, its customers wouldn't have been cheated.
While it would be unwise for a custodian to reveal the inner workings of their controls, they should be able to provide prospective clients with an outline of their governance model.
Crypto Custody Fees
Third-party crypto custodians charge fees, but these fees aren't always published on the company website. The typical client is not a run-of-the-mill retail trader but a sophisticated investor or institution with unique business requirements. As such, the solution can't be one-size-fits-all.
However, even if a custodian is silent on fees, they may post a minimum account requirement. BitGo and Coinbase Custody fix their minimums at $1 million.
If fees are not set ahead of time, client and custodian will hammer out a schedule. Before choosing a custodian, a client must also consider the types of storage it offers, its governance model, which assets it supports, its insurance coverage, and how it is audited.
Who Are the Best Crypto Custodians?
Third-party cryptoasset custodians are evaluated by fit. A long-term HODLer who prizes security may want the blast-proof bunker described in the previous question, How Does Crypto Custody Work? Another type of client, say a trader who values security but needs instant access to their funds, might be interested in a "warm" storage solution like the one offered by Finoa, a European custodian supervised by the German Federal Financial Supervisory Authority. But what about clients who are restricted to doing business with U.S.-based custodians? Fortunately, the United States is home to two of the world's top crypto custodians, Coinbase and BitGo.
Who Is the Biggest Crypto Custodian?
The bunker solution was pioneered by Xapo, whose institutional business was acquired by Coinbase Custody in 2019. The deal made Coinbase the world's largest crypto custodian. As of this writing, that is still the case.
Coinbase is an attractive option for many reasons. Its brand is one of the few tried-and-true names in the space. Its operations are insured for up to $255 million against hacking and other crimes. Based in California, it is regulated by the New York State Department of Financial Services, a respected agency and one of the first to delve into crypto. Coinbase supports most major cryptocurrencies and was an innovator in offering staking and voting from cold storage. It has served clients across the U.S. and Europe since 2018, Asia since 2019, and in early 2020, it launched Coinbase Custody International to offer services within the EU.
Who Was the First Crypto Custodian?
One of Coinbase's top competitors is BitGo, which is also based in California. Founded in 2013, BitGo was one of the earliest firms to offer crypto custody services to institutions. In 2018, it launched BitGo Trust Company, the first regulated custodian designed to manage digital assets. Like Coinbase, BitGo is heavily insured. It is a regulated Trust Company under the South Dakota Division of Banking. It offers custody for more than 300 cryptocurrencies, staking from cold storage, and, just like Coinbase, it is equipped to service clients wherever they are in the world. It even has an EU presence with subsidiaries in Switzerland and Germany.
The One-Stop Shop
Over the years, both Coinbase and BitGo have evolved into one-stop shops. By offering a range of services, they can attract new clients, keep existing clients in-house, and grow their assets under custody at a faster pace than smaller competitors.
Along with its custody service, Coinbase offers Coinbase Pro, a top crypto exchange by volume and one of the few to earn an "A" transparency rating from Nomics. Its prime brokerage platform, Coinbase Prime, leverages the capabilities of Pro and Custody. Its eCommerce solution, Coinbase Commerce, lets merchants accept cryptocurrencies like Bitcoin, Ethereum, Bitcoin Cash (BCH), DAI, Litecoin (LTC), and USD Coin (USDC).
BitGo complements BitGo Trust with a self-managed custody solution, an API platform for creating multi-signature wallets, crypto prime brokerage services that include trading, lending, and settlement, and BitGo Tax.
Future of Crypto Custody
The good news for smaller custodians is that the pie is sure to expand. The Office of the Comptroller of the Currency recently determined that private keys can be custodied by national banks and federal savings associations. It's unlikely the decision will prompt banks to pour into digital asset custody, but it anticipates the growing need for custodians as crypto's market cap balloons. Big Four accounting giant KPMG reached the same conclusion in a 2020 report which found that since 2011, hackers had stolen nearly $10 billion of cryptocurrency. According to the report, "As cryptoassets proliferate, custodians have a tremendous opportunity to profit."
How to Choose a Crypto Custodian?
Before settling on a third-party custodian, there are questions a client must ask. The first should always be directed inward. Is a dedicated crypto custodian even necessary? The companies on this list cater to funds, high-net-worth individuals, and institutions with hundreds of thousands to millions of dollars of cryptoassets under management. With so much at stake, it's wise to outsource the responsibility of private key management to an expert. But if one is trading with their own assets or if their total AUM is small, there's less need to engage a custodian. There are plenty of self-custody options ranging from beginner-friendly mobile wallets to high-end, military-grade devices with biometric sensors and self-destruct switches.
Balancing Access & Security
Clients must decide whether to place assets in "hot" or "cold" storage. Hot storage means that cryptoassets are accessible online. This may be the preference for clients who actively trade. With cold storage, assets are sequestered on a computer that is not connected to the web. Keeping keys offline protects them from network-based theft. While keys remain vulnerable to keylogging, over-the-shoulder spying, and theft by insiders, those threats can all be managed with good controls.
Cold storage can mean trading access for security, but that needn't be the case. Some custodians build in the capability to trade cold storage assets. One such custodian is Gemini, a major third-party provider regulated by the New York State Department of Financial Services and the issuer of Gemini dollar (GUSD). Gemini stores client keys on hardware security modules (HSMs) that are never connected to the internet. These HSMs are locked in cages across a globally-distributed network of access-controlled facilities. But, thanks to Gemini's Instant Trade, clients are able to move crypto on Gemini's exchange as simply as traders using exchange-hosted wallets.
Other Questions for Crypto Custodians
For security-focused clients, the top consideration will be a custodian's controls and storage tech. That said, it's always worth asking about features like Instant Trade. Other considerations include a custodian's fee structure, the assets they support, their insurance coverage, and how they are audited.
What Are Your Fees?
Custodians don't always publish their fees. This is understandable. The typical client is a sophisticated investor or institution who may be in need of custom solutions that include assets the custodian doesn't support, additional or specialized insurance coverage, access for multiple users, address whitelisting, or a duress protocol.
When fees are posted, they may be expressed in basis points or bps. A basis point is 1/100th of 1% or 1% of 1%. Coinbase Custody charges 50 bps, which is annualized monthly.
Which Cryptocurrencies Do You Support?
While custodians support different assets, most are equipped to custody the top coins by market cap and ERC-20 tokens. Gemini supports any cryptoasset that can be traded on its exchange plus additional coins that have been made available specially for its custody product. BitGo supports more than 300 coins and tokens. Coinbase Custody claims to support 90% of crypto's market cap.
Are You Insured?
While top custodians take insurance seriously, policies are not created equally. Before hiring a custodian, it's a good idea to dig into the details of what its insurance covers. For example, a crime policy will cover losses due to hacking, theft by an employee, fraudulent transfer, and physical damage to keys kept in cold storage. A specie policy – traditionally used for art, precious metals, and collectibles – will only cover damage to or loss of private keys held in offline storage.
Are You Audited?
Though Coinbase, BitGo, Gemini, and others are trusted brands, it's best to get an impartial, expert opinion that their storage systems are secure and that their controls survive real-world stresses. This function is often served by a Big Four accounting firm like Deloitte, Ernst & Young, KPMG, or PricewaterhouseCoopers, but any group with experience performing System and Organization Controls (SOC) audits will suffice.
For cryptoasset custodians, the relevant types of SOC audit are SOC1 and SOC2. SOC1 examines internal controls related to financial reporting. In SOC2 audits, which focus on IT systems, auditors probe data security and availability and whether processes are performed accurately and on a timely basis.
It's important that custodians regularly undergo SOC audits, not just to reassure their customers, but to uncover vulnerabilities in their systems and controls.
What Are the Pros & Cons of Crypto Custody?
After choosing a cryptocurrency, the next decision that every HODLer or trader must make is where to store the private keys associated with their purchase. Hobbyists can keep keys in software wallets or on hardware devices like Ledger or Trezor. Many skip that step and leave their holdings in exchange-hosted wallets. But with hundreds of thousands to millions of dollars of cryptoassets under management, funds, high-net-worth individuals, and institutions can't chance self-custody. Instead, they delegate private key management to specialized custodians.
Crypto Custody Benefits
Custodians can keep a client's keys in "cold" storage on an offline computer where they are safe from network-based attacks. These devices may be physically tamper-proof. In some cases, they are distributed across multiple facilities or even protected by armed guards. Most custodians offer "hot" or internet-connected storage as well. In either case, a good custodian will pair high-end security infrastructure with strong controls that prevent unauthorized access and produce an auditable paper trail.
In addition to the security benefits, cryptoasset custodians let institutional investors enter the digital asset space without fear of breaking the law. The SEC has yet to clarify how crypto fits into the existing regulatory framework, but other agencies have spoken. In mid-2020, the United States Treasury's Office of the Comptroller of the Currency stated that any national bank or federal savings association can custody private keys. For compliance-conscious institutions used to storing customer assets with qualified custodians, this normalizes crypto, making it a safer asset class in which to invest.
Crypto Custody Drawbacks
The main drawback to hiring a third-party crypto custodian is the homework involved. Prospective clients have to strike a balance between access and security then delve into details such as fee structure, assets supported, insurance coverage, and how and by whom a custodian is audited.
When cold storage is combined with stringent controls, it usually means that a client must wait to access their funds. Traders, who need instant access, may opt for hot or online storage solutions. While most custodians offer hot storage, leaving keys online invites risks that simply don't exist with cold storage – no matter how strong a custodian's governance model.
There is middle ground. Finoa's "warm" storage solution allows instant withdrawals without compromising security, and Gemini enables instant trading on its exchange by crediting withdrawals to clients' exchange accounts while their keys stay in cold storage. In most cases, though, a client has to choose between access and security.
Whatever their choice, clients must remember that no solution is 100% secure. Even the most sophisticated cold storage system is vulnerable to offline threats like over-the-shoulder spying, insider theft, and employee carelessness. These threats can all be minimized with good governance, so it's crucial that clients examine a custodian's controls.
Fees vary by custodian. There is also diversity in the assets custodians support. That said, any serious provider will support Bitcoin, Ethereum, other high-cap altcoins, and ERC-20 tokens. Assets can be added, but it's best to check the list of supported assets before signing on.
While all qualified third-party custodians are insured, it's wise to read the fine print. Policies are not created equally, and the burden is on the client to determine when their assets will be covered. For example, a specie policy will pay for damage to keys kept in cold storage but it won't cover hacking. Losses of that sort are covered by crime insurance.
It's a similar story with audits. It's less important that a custodian is audited than how and by whom they are audited. For custodians, the relevant type of audit is a System and Organization Controls or SOC audit, which is traditionally performed by a Big Four accounting firm.