What Is Crypto Custody, and How Does It Work?
With over a decade of existence, cryptocurrencies have gained worldwide traction and growing adoption from individual and institutional investors alike. This, however, has also led to the alarming rise of security breaches and mismanagement of user funds that have wiped billions off crypto wallets, raising significant concerns over the security and risk management measures implemented by the platforms and institutions entrusted with keeping them safe.
Following the multitude of market events that have shaken user trust in the industry to its core in recent years, the demand for robust security has never felt of greater importance. In this article, we take a look at the foundational significance of crypto custody, how it works as a means to safeguard digital assets, and their role in contributing to the sustainable development of the crypto asset economy.
What is crypto custody?
Similar to traditional financial systems, crypto custody services provide secure storage and management solutions to safeguard users’ digital assets. But unlike traditional financial assets, cryptocurrencies are intangible and only exist in digital form on the blockchain. This requires specialized solutions built specifically to prevent loss of funds from hacks, potential technical failures, or human error.
The types of users benefiting from these specialized services have given rise to a variety of custody solutions based on a wide spectrum of individual and collective needs. Given their size and organizational structures, institutional demand for crypto custody requires thorough risk management policies, regulatory compliance and state-of-the-art security infrastructure that can handle a significant volume of digital assets, often managed internally by numerous members of the organization.
Such complex needs have proliferated the development of innovative institutional custody solutions which, consequently, have skyrocketed the total amount of assets held by custody providers (the figures below are based on publicly available data provided to Blockdata for the period of January 2019-2022).
Types of custody solutions
The breadth of digital asset security and management needs from individual and institutional investors has led to the development of two main types of custody solutions: centralized, third-party custodians to which investors outsource the security of their digital assets, and self-custody, which lays the responsibility of securing their assets entirely on the owner of those assets themselves.
There is no one-size-fits-all with regards to which solution is “best”, so long as either option suits the needs of your organization.
How does crypto custody work?
The distinction between crypto and traditional custody lies in the way it functions. In traditional custody, physical assets are stored, whereas in crypto custody, digital asset custodians do not technically store the assets themselves. This is because all data and transactions exist on the blockchain, which means that a user’s funds are protected via cryptography and transactions can only be authorized by accessing a user’s private keys. In crypto custody, custodians ensure the security of a user’s funds from malicious external parties by protecting the user’s private keys.
Private key management
Private keys are cryptographic codes that grant access to digital assets. Crypto custody services implement robust procedures to securely manage private keys, including secure key generation, encryption, and physical security measures. Private keys are often stored in secure hardware devices or cryptographic vaults.
Secure storage infrastructure
Crypto custody services employ best-in-class technology to keep private keys secure. Such services may be offered through cold storage, hot wallets, or a combination of both.
With cold storage, private keys are kept completely offline on devices that are not connected to the internet. While such solutions add an extra layer of security, they do require human intervention to record transactions on the blockchain, which can reduce transaction speed. That is why cold storage is generally preferred for longer-term holding or solutions the likes of native staking, which allows users to earn rewards on their crypto assets held in cold storage.
Hot wallets, on the other hand, are connected to the internet, which facilitates the immediate access to crypto assets for liquidity and transactional purposes. While cold wallets provide more security upsides, hot wallets may be preferred to transact smaller amounts of assets and for scalability of access from many different members of an organization.
While conventional crypto wallets use one private key to provide access to funds with no further authorization required, a multi-signature (multisig)-based wallet uses a special digital signature that requires more than one private key to authorize a transaction. In some cases, several different keys are needed to generate a signature.
Multi-party computation technology
Unlike multisig wallets, which require more than one private key to authorize transactions, multi-party computation (MPC) splits a private key into multiple shares. MPC is a cryptography tool that allows multiple parties – each holding their own private data – to evaluate a computation without revealing any of the private data held by each party. This significantly enhances the security of crypto assets by eliminating any single point of failure.
What other solutions should crypto custody services have in place to protect user assets?
Custom governance controls
Institutions engaging a crypto custody service provider may have the ability to set up a variety of custom rules that allow them to optimize the security of their account and transactions based on their own organizational needs. By assigning specific roles and permissions to different members of their organization, clients know that the movements of digital assets going in and out of their wallets have been authorized according to their own parameters.
Protection against potential losses of funds resulting from security breaches, technical failures or internal errors may be offered by third-party custody providers, thereby providing crypto asset owners with additional peace of mind.
Subject to their own sets of regulatory and compliance standards, institutions in particular that are looking to participate in the digital asset economy require similar oversight from their crypto custody providers. Such oversight includes anti-money laundering (AML) and know-your-customer (KYC) / know-your-business (KYB) protocols.
It is common for third-party custody providers to be independently examined by third-party auditors to ensure that their infrastructure addresses critical information security and privacy protection requirements to keep their clients’ data and assets secure.
How Ceffu secures its clients’ assets
Ceffu is a compliant, institutional-grade custody platform offering custody and liquidity solutions that are ISO 27001 & 27701 certified and SOC Type 1 & Type 2 attested. With wallets powered by MPC technology, combined with a customizable multi-approval scheme and transaction approval policy, Ceffu provides innovative bespoke solutions allowing institutional clients to safely store and manage their digital assets. Institutions also benefit from Ceffu’s secure gateway to a wide range of liquidity products within the Binance ecosystem as Binance’s institutional custody partner.
For more information on Ceffu’s custody services and other relevant questions, please contact our team of account managers by filling out our institutional form.