Fireblocks launches the Agentic Payments Suite, powering agent-initiatied payments for PSPs and Fintechs. Learn more.

Talk to sales

May 26, 2026

|
8 min. read

The Digital Asset Treasury Playbook: What the Top 10% Are Doing Differently

Request demo

Table of Contents

Layer 1: Custody ArchitectureLayer 2: Policy & GovernanceLayer 3: Liquidity & OperationsLayer 4: Yield & Capital EfficiencyWhere Does Your Treasury Sit?The Path Forward

Most digital asset treasuries were never designed with scale in mind. When balance sheets were small and the category was still finding its footing, early-stage setups seemed reasonable enough:

  • A multisig from the early days
  • A cold wallet the CTO holds the keys to
  • A handful of exchange accounts
  • A DeFi position or two on protocols a team member trusts

Improvised infrastructure was a workable trade-off when the numbers were low enough to absorb the gaps. However, it stops being workable the moment scale arrives. When the stakes reach nine figures, or a treasury spans a dozen wallets across three jurisdictions, the gaps in an accumulated setup stop being theoretical. They become operational, legal, and reputational risks the original infrastructure was never built to handle.

The most sophisticated operators have all made the same realization: treasury is not a collection of wallets. It is a system, and systems need to be architected. This playbook breaks down the four layers of that system: custody, governance, liquidity, and yield. They are not sequential, but they are load-bearing in that order, and the teams that get custody and governance right are the ones who earn the right to do anything interesting on top.

Layer 1: Custody Architecture

What the top 10% do differently: they treat the wallet as the treasury, not as an account.

In traditional finance, custody is a solved problem. In digital assets, it is the product. How keys are generated, where they live, who can sign, and under what conditions determines everything downstream. A treasury that treats its wallets as simple accounts has designed a system that works until it doesn’t. The failure modes are well documented: lost keys, insider risk, a single signer unreachable when a time-sensitive transaction needs to move.

Consider a common situation: $50 million in stablecoins sitting across 15 wallets. Some are operational (paying vendors, funding counterparty accounts). Some are strategic reserves. Some are idle. The first question isn’t “how do we earn yield on this?” It’s “do we actually know who can move what, right now, with what approvals?” 

For most treasuries holding that kind of float, the honest answer is no. The teams that get this right solve it at the architecture level, not the procedure level. That means:

  • Distributed key shares through MPC-CMP, held in secure enclaves rather than on any single person’s hardware. Fireblocks’ MPC-CMP has secured $10 trillion in transactions with zero breaches.
  • Purpose-built wallet structure that separates operational, reserve, and external wallets, each with its own policy engine.
  • Hot, warm, and cold wallets under a single operational model, so capital can move between storage environments without migrating to a separate platform or custodian.
  • A qualified custody option where fiduciary structure, regulated counterparties, or investor mandates require it. Fireblocks Trust Company offers this pathway without forcing teams to fragment their operations across separate custodians.

For foundations, protocols, and any organization with a balance sheet that will outlast any single team member, this is the foundation every other treasury decision rests on.

Layer 2: Policy & Governance

What the top 10% do differently: they encode their governance in transactions, not in trust.

Most digital asset treasuries are governed by a document. An operating agreement, a DAO proposal, a signed memo that says “transactions over $X require three of five approvers.” The document describes what should happen. The execution depends on whoever holds the keys actually following it.

Treasuries should encode the rules directly into the transaction layer, so the rule is enforced by the infrastructure rather than by the person with the hardware wallet. The difference is structural. A multisig enforces how many signatures are required, but it doesn’t enforce which transactions those signatures can approve, which counterparties they can move funds to, or what business logic needs to clear before a transaction is eligible to sign.

This matters for foundations, financial institutions, Web3 companies, and any other organization managing treasuries with native tokens, stablecoins, and other assets in the same structure. Many processes need to flow without turning every transaction into a ticketing exercise. Some of these processes include governance votes, grant disbursements, vesting schedules, and operational spend. These require the policy layer to be programmable.

Algorand’s treasury operation is a good reference point:

We were looking for a fully automated solution that could handle thousands of governance payouts. Fireblocks’ API co-signer allowed us to embed business logic and pre-checks into transactions before signing, so the whole process is programmable.

Shane McGovern

Director of Platform Infrastructure

The capability set that makes this work:

  • A policy engine computed in a trusted execution environment, so the rules can’t be overridden by anyone, including Fireblocks.
  • Granular approval workflows: transaction limits, counterparty whitelists, time-of-day rules, multi-approver requirements, and segregation of duties across roles.
  • Programmable pre-signing checks that run vesting eligibility, treasury balance thresholds, and compliance screening before any signature is produced.
  • Full audit trails that satisfy external auditors, investors, and governance stakeholders without manual reconstruction.


Layer 3: Liquidity & Operations

What the top 10% do differently: they don’t manage liquidity, they orchestrate it.

Money has to move between wallets, chains, counterparties, exchanges, and operational accounts. For most teams, this is where treasury operations actually live and where they quietly bleed time.

At most treasuries, this layer runs entirely on manual effort. Someone copies an address, double-checks it, initiates a transfer, waits for confirmation, updates a spreadsheet, and reconciles to the accounting system on Friday. Across a real digital asset treasury with 15 wallets, multiple chains, and multiple counterparties, that manual overhead compounds fast. It is also the layer where the most expensive mistakes happen.

The teams that get this right make the ecosystem itself the default rail. For institutions already on Fireblocks, that means the Fireblocks Network. Our network connects more than 2,400 counterparties, settles over $70 billion per month, and applies automatic deposit address authentication, address rotation, and policy protection on every transfer.

That scale has a compounding effect on how capital moves:

The most important thing for us working with Fireblocks is the network effect — our ability to connect to our takers and move money quickly. The network has gotten so big that it’s almost hard not to work with others on Fireblocks.

Michael Rabkin

Head of Global BD

That kind of connectivity translates directly into how the day-to-day treasury operation runs:

  • Automated sweeps and rebalancing based on thresholds, schedules, or conditions, so capital doesn’t sit idle in operational accounts.
  • New counterparties are reachable through existing rails, without months of integration work.
  • Position, transaction, and P&L data flow into accounting and ERP systems automatically, with no manual export.
  • Around-the-clock operational readiness, because digital asset markets don’t close and neither should the treasury function.

Layer 4: Yield & Capital Efficiency

What the top 10% do differently: they earn yield from infrastructure they control.

Most teams default to chasing yield before anything else is in place. Idle capital feels like a mistake, and the returns available in onchain markets like DeFi lending are attractive. The pull toward optimizing yield first is understandable.

The top 10% sequence it differently. They build the custody, governance, and liquidity layers first, because those are the layers that make yield responsible. Yield without infrastructure is just risk with a coupon. Yield layered on a controlled, governed, orchestrated treasury is capital efficiency.

That reordering isn’t a dismissal of yield. It’s what makes yield durable. Once the first three layers are in place, a real set of capabilities opens up:

Where Does Your Treasury Sit?

Four questions reveal where a treasury actually stands:

  1. If your most senior treasury operator were unreachable for a week, could the rest of the team still execute a routine $500K transfer under the correct approvals, with no manual workarounds?
  2. If a counterparty account ran short at 2am on a Saturday, would your treasury handle it automatically or would it wait until someone was available to intervene?
  3. Can you produce a complete auditable record of every treasury transaction in the last 90 days with policy context in under an hour?
  4. Is your yield strategy governed by the same policy engine that governs everything else, or is it running on a separate set of wallets with separate rules?

If any of these are uncomfortable to answer, the problem runs deeper than how the treasury is being managed. Most teams at this stage know something isn’t right but haven’t yet drawn a straight line between the friction they’re feeling and the infrastructure underneath it. The custody setup, the governance model, the liquidity layer, and the yield approach all compound on each other, and fixing one in isolation rarely holds.

The Path Forward

Fireblocks secures more than $100 billion in daily assets under custody across 2,400+ institutional customers, 150+ blockchains, and thousands of digital assets, with exchanges, trading firms, and Web3-native companies all operating across these layers in various states of maturity.

Those teams include Algorand automating 50,000 governance payouts per quarter, DV Chain running treasury operations across the Fireblocks Network, and institutions across banking, payments, and crypto-native categories that have moved from improvised setups to production-ready infrastructure. The starting point is rarely the same, but the path runs through the same layers.If you are working through these decisions, we’re happy to talk.

About us

Fireblocks is the world’s most trusted digital asset infrastructure company, empowering organizations of all sizes to build, manage and grow their business on the blockchain. With the industry’s most scalable and secure platform, we streamline stablecoin payments, settlement, custody, tokenization, and trading operations enabling – everything from institutional finance to consumer-facing digital experiences across the largest ecosystem of banks, payment providers, stablecoin issuers, exchanges and custodians. Thousands of organizations – including Worldpay, BNY, Galaxy, and Revolut – trust Fireblocks to secure more than $10 trillion in digital asset transactions across 120+ blockchains. Learn more at fireblocks.com.

Related Reports

More Reports

Blog
Company News & Updates

“Hacking for good” with Fireblocks @ Permissionless II

Blog
Company News & Updates, Expert Commentary, Research & Security

“The New Frontier of Crypto Security” Report: Navigating the Latest Threats With Best-in-Class Security 

Best PracticeDigital Asset Security
Blog
Industry Insights, Knowledge Base

[Guide] How to Run a Fully Remote Operations Team with Fireblocks

Best PracticeStablecoins & Payments