The financial services industry is in the midst of a global transition to mainstream adoption of digital assets, propelled by several converging trends. A rapidly growing number of businesses and individual investors recognize the value of digital assets such as cryptocurrencies and are seeking to own them. That puts pressure on financial institutions to help them do so. Meanwhile, the variety of digital assets continues to expand along with their collective value, which soared past a trillion dollars in 2020. Major players such as BNY Mellon, Visa, Mastercard, and BlackRock have already signaled that digital assets will play a significant role in their financial strategy.
But for digital asset trading to really take off, investors need to know they’re safe. That means the future envisioned by these financial institutions rests on a digital asset custody foundation – which is why these converging trends are driving the need for custody offerings that meet the requirements of institutional as well as individual investors. This is no idle concern: criminals have stolen at least $15 billion in cryptocurrencies in recent years.
In response, a wide and growing variety of financial institutions, including major banks as well as exchanges and other financial services providers, are seeking to offer investors the ability to securely store, buy and sell digital assets. These custodial services require specialized technology that combines strong security with speed, scalability, and operational flexibility. Because the availability of these services will encourage greater digital asset investment, digital custody offerings are critical to the continuing expansion of cryptocurrencies and all digital assets.
What Is Digital Asset Custody?
Digital asset custody is a broad term that includes various methods of storing and protecting digital assets on behalf of their owners. Digital asset custody is in many ways similar to custody of traditional financial assets; custodians take responsibility for securely storing investors’ assets and typically also offer other services including the ability to buy and sell them.
However, there are also important differences. Notably, the nature of digital assets means that secure custody is even more critical than for traditional financial assets. Digital assets such as cryptocurrencies are created and transferred between owners using cryptography and a decentralized network called a blockchain. Owners acquire digital assets in transactions recorded on the blockchain, and those transactions are typically the only documentation of the assets’ existence. The owners are issued cryptographic keys that prove their ownership of the assets, to be used when transferring them between owners or using them to buy things. So, technically, custodians don’t store the assets themselves; they store the owners’ cryptographic keys. Those keys must be protected to ensure the owner’s assets are safe. If they are lost or stolen, the assets may be unrecoverable.
- Digital asset custody services from banks, exchanges and other financial services providers are critical for investor confidence, and a requisite before cryptocurrencies and other digital assets can become mainstream.
- These custody services will facilitate further growth in the use of cryptocurrencies and other digital assets for multiple purposes, including decentralized finance applications.
- Financial institutions can manage investors’ digital assets themselves (direct custody) or use a sub-custodian. Direct custody offers advantages in risk management and the ability to take advantage of new trading options and security technologies.
- Custodians can use multiple methods to secure investors’ assets, based on their needs. Advanced multi-party computation (MPC) technology can be applied to cold, warm and hot wallets, providing strong security, fast access to assets and operational flexibility.
Why Digital Asset Custody Is Becoming So Important
The world of digital assets continues to expand exponentially as they are used for an ever-increasing variety of purposes. In addition to established cryptocurrencies such as Bitcoin and Ether, “stablecoins” tied to national currencies are gaining traction, and countries including China and Sweden are exploring digitized versions of their fiat currencies. An ever-growing range of decentralized finance (DeFi) lending, trading and other services are built on digital assets. Other uses include non-fungible tokens (NFTs) that represent unique items of value such as digital artworks, and experts are anticipating a future in which securities are issued and traded purely as digital assets on a blockchain.
Accordingly, investors are looking for digital asset custodians that can provide the same kind of robust services and protection that they’ve enjoyed for traditional assets such as cash, stocks and bonds. Those services include secure storage and the ability to easily buy and sell digital assets.
Digital Asset Custody Explained
At the core of digital asset custody is the concept of a wallet, which in this case means the place where an asset owner’s cryptographic keys are stored. At a minimum, all wallets store two related types of keys: private and public. These keys are used together to securely complete each transaction, such as a cryptocurrency purchase.
- Private keys are extremely large, randomly generated numbers that prove ownership of a digital asset. They are used when transferring assets to someone else or spending cryptocurrencies. The owner verifies each transaction by digitally signing it with their private key. It’s vital that private keys remain just that – absolutely private. The owner should never share them with anyone else, because they can be used to transfer funds to another person.
- Public keys are also extremely large numbers that are used during transactions. Unlike private keys, they can be shared publicly. The public key is used to generate a deposit address for the owner’s wallet. When transferring assets between owners, deposit addresses are shared to determine where assets must be transferred.
How digital asset custody solutions work. Wallets can take many forms, using a variety of methods to store and secure these keys and typically applying access controls such as passwords or passphrases. Some wallets are designed to store a single cryptocurrency, but many can store multiple assets.
Wallets provided by custodians manage the keys on behalf of the owner. With some custody offerings, the owner may not know or have direct access to the private keys. If the owner forgets their password, the custodian can verify their identity so they can regain access and ensure they don’t lose their digital assets.
Owners that prefer to manage their own digital assets, as opposed to relying on a custodian, may use a personal wallet such as a hardware device that stores their keys. This gives them more control over the keys, but it also places greater responsibility on them to protect those keys, and their password, from loss or theft.
An Overview of the Current Digital Custody Landscape
The expanding digital custody landscape currently includes several broad categories of providers. They include:
Exchanges. Specialized cryptocurrency exchanges were the earliest entrants into the digital custody market, and still include some of the largest custodians. The first exchanges were formed around 2010 to enable people to buy and sell Bitcoin. Exchanges have come a long way since those very early days, when inadequate security led to some exchanges being hacked and owners losing their assets. Now, the industry includes much larger, well-resourced companies that prioritize security. Exchanges typically offer services for many different cryptocurrencies. Many large exchanges are also now licensed and regulated by local jurisdictions across the world.
Financial institutions. Some fintech trading firms and payment providers have for several years offered individuals the ability to buy, sell and store cryptocurrencies. More recently, banks and other established financial services firms have begun to expand their custody services to include cryptocurrencies, responding to growing pressure from clients and encouraged by greater regulatory clarity in the U.S., Europe and Asia. The entry of these companies is particularly significant because of their enormous resources and their existing roles as custodians of traditional financial assets. Some banks have taken a step-by-step approach to the market, initially restricting access to a limited number of assets and investors, with plans to expand their custody services over time.
Specialist custody providers. These companies build digital custody solutions that are typically offered to individuals and businesses through banks and exchanges. Generally, asset owners don’t interact directly with the specialist provider. Instead, they interact with their financial institution, which relies on the provider to store the assets and handle transactions. This arrangement is known as sub-custody.
Direct custody vs sub-custody. Some financial institutions outsource their digital asset services to sub-custodians, while others custody customers’ assets themselves. In some cases, institutions assume they are not equipped to custody their own digital assets because of the need for specialized technology, operations and additional risk management. A sub-custody approach also can help banks quickly get involved with cryptocurrencies.
But it also means that financial institutions are relying on the capabilities of other providers, which often have limited resources, to meet their clients’ needs and secure their clients’ assets. It also means that the bank’s services are limited by the sub-custodian’s capabilities and offerings. For example, financial institutions may only be able to accept clients that fit the sub-custody provider’s risk profile, and they may be limited to the wallet and trading options that the sub-custody provider supports. Direct custody enables banks to accept clients based on their own risk assessments and may give them greater freedom to take advantage of new trading options and leading-edge security technologies.
Private Key Storage Methods, Advantages and Drawbacks
Custodians can use a variety of methods to store asset owners’ private and public keys. They vary in the level of security they provide, as well as ease of use and immediacy of access. Not all owners require the same balance of these attributes: an investor that trades frequently may prioritize immediacy, while an investor who plans to hold assets for the long term may value security above all. The most common categories are:
Hot wallets are connected to the internet, so the private keys required to sign transactions are always online. Transactions can be created and recorded on the blockchain in an automated way, without the need for human involvement. The advantage of this approach is that users can quickly and easily trade their assets. The disadvantage is that because the wallet is always connected to the internet and the keys are in a single location, this approach can be more vulnerable to theft if the security of the system is compromised.
Cold wallets maximize security at the expense of access speed. The private keys are stored completely offline on a device that is not connected to the Internet. Human involvement is required to digitally sign each transaction so it can be recorded on the blockchain. Because the private key does not come into contact with any online systems, hackers are never able to access it. The drawback is that this method is too slow to support frequent asset trading, often taking 24-48 hours to transfer funds.
Warm wallets combine some of the immediacies of hot wallets with an additional level of security. The keys are held online and transactions can be created automatically, but human involvement is needed to sign the transaction and send it to the blockchain.
Custodians are not limited to using just one of these options. Some providers use a combination of storage methods, holding the majority of holders’ funds in highly secure offline storage while making a smaller amount available quickly via online storage. Two additional security techniques can be applied to hot, warm or cold wallets, used singly or in combination: Multisignature (multisig) and Multi-party Computation.
Multisignature (multisig): Requires multiple private keys to authorize a Bitcoin transaction, rather than a single key. The keys can be spread across several different systems, so that if any single system is compromised, the owner’s assets are still protected from theft. Organizations can use multisig to create and enforce an arrangement in which multiple employees need to sign each transaction so that no single person has total control over funds. This is known as an M-of-N arrangement, where N is the total number of authorized keys and M is the threshold number of keys required to authorize each payment. For example, an organization can designate five people as potential signers and specify that at least two of them must digitally sign each payment.
While multisig strengthens security, it also has drawbacks: it’s inflexible and can be complex to manage. Once the M-of-N signature threshold for a wallet has been defined, it is fixed. To adjust the requirements as a company grows and new employees join and leave, it may be necessary to create new wallets and inform your counterparties of the new wallet address – otherwise payments could be sent to the old address and permanently lost. Furthermore, not all cryptocurrencies directly support multisig, poor wallet implementations can introduce vulnerabilities and transaction fees can be high for cryptocurrencies such as Ether.
Multi-party Computation (MPC): Like multisig, MPC increases security against hackers and insiders by eliminating a single point of compromise. But it offers important advantages over multisig in flexibility, operational efficiency and risk management. MPC splits a private key into “key shares” that can be distributed across multiple physical devices, so a hacker cannot obtain the entire key by compromising a single device. As with multisig, this approach means a company can require multiple authorizers for transactions.
But unlike multisig, MPC easily allows for growth and change. For example, the authorization threshold can be changed as long as all existing key “shareholders” agree to the change. There’s no need to create a new wallet and move funds into it, as with multisig. Counterparties can continue to use the existing wallet address, so there’s no risk that their payments will accidentally be lost. MPC can be applied across any mix of warm, hot and cold wallets, giving custody providers and their clients additional flexibility and security options.
Benefits and Challenges of Digital Asset Custody
Digital asset custody provides enormous potential benefits for investors, but it can be challenging to provide the right combination of security, flexibility and ease of use.
Digital Asset Custody Benefits. Benefits of digital asset custody for investors include:
- Simplicity. Individual investors don’t have to worry about tracking and maintaining private keys because the custody provider does that for them. This becomes more important as investors’ holdings become more complex, perhaps involving more-frequent transactions and/or multiple digital assets.
- Efficiency. For institutional investors, this simplicity translates into greater operational efficiency. Less time and effort are required to manage a portfolio of digital assets.
- Greater security. Financial services firms have the resources and experience to provide highly secure custody solutions that offer greater protection against hackers or internal misuse.
- Reduced risk. In addition to providing advanced security, digital custody providers can reduce investors’ risk in other ways. Some providers are licensed by their regional authorities to act as digital asset custodians. To obtain a license, providers typically must take steps to protect investors’ assets against theft, loss and unauthorized use. Major providers may also have insurance that can cover potential losses due to theft or some other causes.
Digital Asset Custody Challenges. For custodians and investors alike, a key challenge is to find the right combination of security, speed, efficiency and operational flexibility:
- Security versus speed. Historically, these were conflicting requirements. The conventional wisdom was that cold storage, which takes assets offline, was necessary to maximize security. The tradeoff is that it could take at least 24-48 hours to transfer assets. This may be acceptable to some investors focused on holding assets for the long term, but it’s completely inadequate for high-speed institutional trading. The alternative, online hot wallets, provided speed – but also resulted in frequent security breaches. Fortunately, custodians and investors no longer need to choose between security and speed. Advanced technologies such as MPC and hardware isolation facilitate rapid transactions while providing strong asset protection.
- Efficiency and operational flexibility. Older digital asset security technologies created operational inefficiencies that translated into higher operating costs for custodians and institutional investors. The manual processes associated with cold storage are slow and error-prone. The inflexibility of multisig made it difficult to efficiently scale operations and adapt to changing business needs, and resulted in higher transaction costs. Again, security technologies such as MPC, combined with increased automation, are removing these constraints and making it possible to build scalable, efficient custody services that can support the needs of institutional and individual investors.
History of Digital Asset Custody
Early approaches to securing digital assets were both primitive and vulnerable. The emergence of Bitcoin around 2009 led to the first attempts to safeguard keys. Owners were typically responsible for protecting their own keys, and resorted to printing them on paper or storing them in personal hardware devices – with the risk that they could lose the keys and their assets. Early exchanges were the first to offer custody options, but often provided inadequate security. One way or another, it’s estimated that perhaps 20% of all Bitcoins simply disappeared.
Since then, the picture has changed dramatically. After more than 10 years of development and experience, technology has matured to the point that custodians can offer professional solutions capable of meeting the needs of large, demanding investors.
The Future of Digital Asset Custody Solutions
There are striking parallels between the way that traditional financial asset custody developed over time and the evolving future of digital asset custody. Before the stock market crash of 1929, investors typically secured their own paper stock certificates. After the crash, the risks of self-custody played a key role in the development of financial institutions and trading infrastructure to handle the ever-growing variety and volume of assets. To protect investors and stabilize markets, governments also created regulations to control the burgeoning financial-services industry. As a result of these developments, millions more people began owning and trading financial assets such as stocks and bonds.
Similar trends today are shaping the evolution of digital asset custody. Governments worldwide are creating new regulations for managing digital assets and clarifying how existing regulations should be applied to digital asset custody. Regulation and licensing create a clearer path for all providers, including innovative startups, and pave the way for large banks and other financial services firms to support the accelerating demand for digital custody services. In turn, the involvement of these professional custodians will increase investors’ confidence in digital assets.
The range of digital assets will continue to expand: the emergence of NFTs is a key example. Further, experts anticipate digitally native securities that are issued and traded solely as digital assets on a blockchain. All of this means that digital assets will play increasingly important roles across the financial landscape for the foreseeable future.
Digital custody plays a central role in the mainstream adoption of cryptocurrencies and other digital assets. Strong digital asset custody offerings from banks, exchanges and other financial services firms provide investors with confidence that their assets are safe, while also enabling them to trade assets quickly and easily. As a result, digital custody will be critical to enabling the continued expansion of digital assets.
Digital Asset Custody FAQ
What is custody of digital assets?
Digital asset custody is a broad term that includes various methods of storing and protecting digital assets on behalf of their owners. Technically, custodians don’t store the assets themselves; they store the owners’ cryptographic keys, which are necessary to prove ownership of the assets and transfer them between owners. Those keys must be protected to ensure the owner’s assets are safe; if they are lost or stolen, the assets may be lost and unrecoverable. An owners’ keys are stored in a digital wallet, which can take many forms.
How is custody evolving to become a critical element in the digital asset landscape?
Investors need custodians that can provide the same kind of secure storage and services that have traditionally been available for assets such as fiat currency, stocks and bonds. The provision of such services by banks, exchanges, funds and other financial services firms is becoming an increasing critical aspect of the landscape.
How will digital asset custody offerings be an integral part of owning crypto in the future?
Owners of cryptocurrencies and other digital assets will increasingly rely on custodians such as banks and other financial services firms to store their assets. In that sense, the distinctions between crypto and other types of financial assets will blur or even disappear. Investors will expect custodians to manage their crypto just as they expect custodians to manage their other financial assets.