Selecting the right custodian is essential for success in digital assets, whether you represent a hedge fund, corporate treasury, or asset management firm. However, navigating the digital asset custody landscape is far from straightforward.
Cryptography has fundamentally reshaped traditional finance. Assets are now secured through cryptographic private keys—complex strings of code—and transactions are irreversible. This makes security a paramount concern. As a still-emerging asset class, regulators are actively developing frameworks, and clear guidelines or universally accepted best practices remain limited.
To help you make an informed decision, here are six essential considerations when selecting a digital asset custodian for your organization.
1. What Type of Custodian Are You Considering?
As digital representations of value, crypto assets reside on blockchains and are controlled by private keys. A custodian's primary role is safeguarding these private keys, which look like this:
5Kb8kLf9zgWQnogidDA76MzPL6TsZZY36hWXMssSzNydYXYB9KF
Custodians can be categorized by their technical approach to storing private keys:
i) Cold Storage Custodians
Often affiliated with cryptocurrency exchanges or established institutions like Fidelity, these custodians operate as standalone entities mirroring traditional financial structures. They typically employ "cold storage," a method that echoes the physical security used for traditional assets like gold stored in air-gapped vaults.
Private keys are held offline on dedicated hardware, with a small portion of assets kept in "hot" (online) wallets for accessibility. Management specifics vary, but one constant remains: the third-party custodian retains control of the keys, using them to interact with the blockchain on your behalf and generate public keys to receive transfers.
Instead of private keys, users typically receive a traditional username and password. This abstracts the underlying blockchain mechanics, offering convenience but introducing significant trade-offs. Crucially, legally, placing assets with such a custodian may be classified as a bailment—a detail that could determine asset recovery should the custodian face insolvency.
ii) MPC-Based Custodians
Newer third-party custodians leverage a cryptographic breakthrough called Multi-Party Computation (MPC). This innovation splits private keys into fragments, distributing sensitive key material across multiple locations. This avoids the vulnerability of a single point of failure, and signatures are generated distributively.
Some MPC implementations store key material on cloud servers, while others distribute it between client and custodian-controlled servers. Regardless of the storage method, ensuring its security is critical; otherwise, users risk losing key material and being unable to recover funds.
iii) Self-Custody Solutions
Some organizations opt for self-custody, embracing the vision of self-sovereignty inherent in Bitcoin's design.
However, managing private keys internally is a high-stakes endeavor. Keys can be lost, stolen, or compromised by human error—leading to irreversible losses.
Decentralized MPC implementations offer a modern vision of self-custody. They enable organizations to maintain control of assets without taking direct possession of private keys, allowing for the integration of institutional tools like customizable signing workflows and insurance policies while retaining full ownership on independent infrastructure.
2. What Are the Custodian’s Fees?
Fees can significantly impact profitability, especially for smaller funds. Beyond ongoing charges based on transaction activity or a fixed monthly rate, most crypto custodians charge a one-time setup fee.
Initial setup fees can reach up to $10,000, with monthly fees averaging around $3,000. Alternative models exist, such as those with no setup fee, zero ongoing custody costs, and a minimal per-transaction fee.
3. How Does the Custodian Balance Security and Accessibility?
Most digital asset custody methods involve a trade-off between two critical qualities: security and accessibility.
Third-party cold storage solutions prioritize security. They sequester keys offline and implement lengthy, complex withdrawal processes. Accessibility is often secondary, meaning withdrawal times can exceed 12 hours—even if small amounts are kept in hot wallets for easier access.
Despite this security focus, cold storage solutions can still leave assets vulnerable to significant risks, such as insider threats.
MPC solutions, often termed "warm wallets," have the potential to offer both security and accessibility. However, achieving this balance depends heavily on how the MPC nodes controlling the signature process are managed.
Beyond the technical method of key storage, many custodians offer additional security assurances:
i) Insurance
Even if a custodian follows all protocols, funds can still be lost due to criminal activity or internal errors. Insurance is critical here.
Most MPC solutions include crime insurance policies covering employee theft, third-party cybercrime, and related losses. Cold storage solutions may insure only the assets held in hot wallets, not the larger cold storage reserves. Alternatively, some offer comprehensive coverage up to specific limits.
Funds held on certain platforms are protected by standard crime insurance. Some providers also allow users to layer their own custom insurance policies on top, including native DeFi coverage and specialized custody insurance.
ii) Asset Segregation
For security, transparency, and compliance reasons, institutional investors often require that their funds be held in wallets separate from other clients.
However, many digital asset custodians commingle assets in opaque omnibus accounts. Modern solutions isolate assets into separate Layer 2 wallets, providing full visibility into inflows and outflows via a blockchain explorer.
iii) Audits
All third-party custodians should be audited by reputable firms to ensure compliance with standards for capitalization, AML procedures, confidentiality, auditing, reporting, and storage. Penetration testing and smart contract audits may also be appropriate, depending on the custody architecture.
Additionally, SOC 1 and SOC 2 audits can verify that internal controls and operations comply with stringent data privacy and protection laws.
4. What Investment and Yield Opportunities Are Available?
The opportunities presented by DeFi and digital asset markets are uniquely attractive in an era of low interest rates and negative yields. However, choosing the wrong custodian can lock you out of these opportunities.
Access to DeFi
For individuals, DeFi is primarily accessed through self-custody wallets like MetaMask, which store private keys in browser storage and facilitate transaction signing for web-based DeFi apps.
However, cold storage custodians that keep keys offline typically block institutional access to DeFi. Full control and flexible DeFi access are generally only offered by MPC solutions, especially through integrations with institutional-grade wallet providers.
Access to Centralized Exchanges
Beyond storage, some custodians provide access to trading venues or relationships with market makers. Utilizing these services may require transferring assets to an exchange, introducing a new set of risks and forfeiting the protections offered by the custodian.
Some networks are integrating exchanges and fiat on-ramps directly into their systems, granting access to services without counterparty risk. Additionally, upcoming features will offer direct access to liquidity.
👉 Explore advanced custody solutions
5. How Operationally Efficient Is the Custodian?
Choosing the right custody technology can reduce setup time, minimize daily friction, and ensure operations can scale with organizational growth.
Setup Time
Technical training and onboarding all key governance stakeholders can take weeks—or longer if integrating the custodian into an existing tech stack. Well-designed APIs can simplify this task, and some custodians offer white-glove services to guide the setup process.
Scalability
Dynamic organizations need custody solutions that can adapt to the needs of a growing team. This can be a challenge with traditional multisignature setups, where quorum requirements are fixed and cannot be adjusted without creating a new wallet.
MPC provides greater flexibility in signature arrangements, allowing access and permissions to be adjusted on the fly.
Operational Workflows
Custodians can let you specify rules for interacting with your crypto assets. This includes rules about who can trade, who can approve transactions, and who can change custody policies.
Advanced platforms offer granular, customizable control over governance. This ensures each team or employee has the appropriate permissions and access to perform all tasks required for daily operations.
Reporting
For audit and accounting purposes, organizations investing in crypto increasingly require detailed activity reporting. Yet, many custodians operate opaquely, logging assets on internal spreadsheets and failing to provide real-time reporting.
Modern solutions record all digital asset activity on-chain, creating a transparent and immutable audit trail that can be exported at will.
Programmability
Traditional financial institutions devote significant resources to automation, improving efficiency and reducing errors. Although irreversible transactions make mistakes costlier in crypto, similar levels of sophistication are still emerging.
Automation and programmability can significantly reduce errors and unlock new trading use cases, such as high-speed arbitrage and rapid execution. They can also enhance compliance efforts by automatically screening and blocking transactions to avoid exposure to toxic assets.
To this end, some platforms are introducing computational custody—automation tools that can independently evaluate transactions based on specific criteria like size, parameters, origin, or destination and process them without human intervention.
6. Is the Custodian Compliant With Evolving Regulations?
Authorities increasingly subject digital asset firms to bank-like standards, introducing KYC/AML requirements and soon, the Travel Rule. This international guideline, being rolled out globally, will require all digital asset companies to share sender and receiver information.
Compliance infrastructure can help meet regulatory needs, making it easier to adhere to rules like the Travel Rule. Depending on your jurisdiction, you may also need a qualified custodian registered with local authorities.
Decentralized custody networks occupy a unique position in the regulated custody space. They may not fit the technical definition of a custodian since they don't participate in signing transactions. However, you can designate your own regulated custodian to sign transactions while still benefiting from the accessibility of other services on the network.
Frequently Asked Questions
What is the main difference between cold storage and MPC custody?
Cold storage keeps private keys completely offline, prioritizing security but often sacrificing speed and accessibility. MPC custody uses cryptography to split keys across multiple parties, enabling faster transactions while maintaining a high security level.
Why is insurance important in digital asset custody?
Insurance protects against losses from theft, hacking, or internal fraud. Since blockchain transactions are irreversible, insurance provides a critical safety net that traditional financial systems often offer through regulatory frameworks.
How can institutions participate in DeFi while maintaining security?
Through specialized institutional-grade platforms that offer MPC technology and integrations with DeFi protocols. These solutions allow secure interaction with decentralized applications without exposing private keys.
What should I look for in a custodian’s audit reports?
Seek SOC 1 or SOC 2 reports that verify operational controls, along with penetration testing results and proof of reserves. Regular third-party audits demonstrate a custodian’s commitment to security and compliance.
How does asset segregation protect institutional investors?
Segregation ensures that client assets are held in separate wallets rather than commingled in omnibus accounts. This provides clearer ownership trails, enhances security, and simplifies auditing processes.
Can I change custodians after setting up my operations?
Yes, but the process involves transferring assets to new wallets under the new custodian’s control. This requires careful planning to minimize operational downtime and security risks during the transition.
Final Thoughts
The six considerations outlined above should guide you toward selecting a digital asset custodian that aligns with your organization's specific needs. The right choice combines robust security, regulatory compliance, operational efficiency, and access to growing digital asset opportunities.
As the landscape continues to evolve, staying informed about technological advancements and regulatory changes will help ensure your custody strategy remains effective long-term.