Understanding the Different Types of Crypto Custody Solutions
With multiple ways to secure your digital assets, which institutional crypto custody solution is right for you?
As cryptocurrencies continue to become mainstream, it’s increasingly important that individuals and institutions ensure their digital assets are both secure and accessible. Much like with traditional fiat money, it’s important to store your funds in a way that suits your needs. Unlike fiat, your crypto wallet custody solution isn’t actually storing your crypto, but rather the keys associated with your wallet.
Crypto wallets have two different, related keys attached to them: public and private keys. Public keys are converted to the strings of letters and numbers often referred to as a wallet address. When you want to send or receive cryptocurrency, you share an address so that the sender knows where to send the crypto.
Private keys, on the other hand, are the keys that should never be shared with anyone. Your private key verifies your ownership over a crypto wallet, validates transactions, and allows you to transfer assets out of your wallet to a different wallet. You can think of a private key as something similar to a 32 character password to a banking website, one that is often unrecoverable if lost. Many wallet providers offer a 23-word seed phrase to provide access to your wallet in case you lose your key.
In the evolving space of private key and digital asset storage, there are several ways to keep your assets secure. Here, we will explore two of the most common types of digital asset storage, self-custody and third-party custody and compare the advantages and disadvantages of each solution.
If you’re familiar with crypto, you’ve probably heard the phrase “not your key, not your crypto” used by proponents of crypto self-custody or non-custodial wallets. The “key” in the phrase refers to your private key. With self-custody, you are the only one who holds both your keys.
Without any intermediaries, self-custody is viewed as a way to retain complete control over your digital assets. In terms of traditional currencies, self-custody solutions are similar to storing cash in your wallet or a safe.
Within self-custody, there are two main types of storage solutions: hot storage and cold storage. Since each of these contains their own sets of pros and cons, we’ll take a look at each individually.
Hot storage is a crypto self-custody solution that utilizes an internet-connected application to store and manage your crypto. In effect, this means your private keys are somehow accessible to the internet. In relation to fiat currencies, this self-custody solution is similar to carrying cash on you. Some common examples of hot storage wallets include Exodus (Multi-Asset, including BTC), MetaMask (Ethereum Ecosystem), or Phantom Wallet (Solana Ecosystem).
Hot storage wallets are a popular self-custody solution for regular crypto traders because of their ease of access. As an internet-connected application, this solution lets you quickly make crypto transactions or interact with decentralized applications (dapps), much like how you can conveniently spend cash in your wallet at a store.
While the internet connectivity provides much more convenient access to your crypto, it comes with commensurate risk. Because your keys are directly connected to the internet, you may be more susceptible to hacks or scams. Additionally, this solution requires you trust your application provider has not left any vulnerabilities in the application that could expose your private keys.
As an alternative to hot storage, you can use cold storage to secure your digital assets via self-custody. Cold storage is the storage of cryptocurrency where the private keys are not immediately accessible to the internet. Ledger’s hardware wallets are a good example of a self-custody, cold storage solution.
In our fiat comparison, cold storage is similar to storing your money in a personal safe. Just as a safe can prevent money from being taken from your direct person, cold storage solutions provide security by being disconnected from the internet. The drawback to this solution is that you need to bring your digital assets back online before using them, which can make for a longer process. For instance, in order to spend your digital assets from a cold storage wallet, you would need to connect your keys to the internet, and then send a transaction, much like how to spend your fiat, you would have to take it out of the safe and to a store to buy something. This additional step increases security, but reduces accessibility.
Third-party custody offers a way to store your crypto assets without the responsibility of managing your private keys. Third-party custodians are often regulated or semi-regulated entities, like exchanges or banks, that are licensed at the state or federal level.
Third-party custody solutions can offer a more convenient method of crypto custody. Without having to worry about key management, third-party custody solutions can offer a similar experience to traditional online banking, with a regular login and password. Additionally, your assets are more accessible, since you don’t have to worry about connecting your physical device (cold wallet) or private key to make transactions.
Third-party custody can offer a more secure solution through regulation. Third-party custodians are often registered and required to follow KYC and AML processes, similar to traditional banks. This ensures your crypto is coming from legitimate sources and helps better safeguard your assets from regulatory uncertainty.
The downsides to third-party custody are control and third-party risk. When a 3rd party controls your private key, you are giving that custodian control over your crypto or digital assets. Though many are regulated and have a responsibility to act in your best interest, self-custody proponents claim this loss of control could lead to asset freezes and or blocked access to your funds.
In addition to control, third-party risk is also a drawback compared to self-custody. Third-party risk is the risk of having outside parties make transactions or perform other financial activities on your behalf. When relying on an exchange or other custodian, it’s important to ensure that they are properly handling your assets. Bankruptcy and data breaches of your custodian could lead to your assets being stolen or frozen.
Some of this third-party risk comes from the fact that not all third party custodians, and their technology solutions, are created equal. Given the immutability of digital asset transactions, the technology that third party custodians use in order to secure your assets greatly impacts that third party risk and how accessible and useful any assets with a third party custodian are. Knowing how your keys, and associated assets, are actually stored is critical to understanding your third party risk.
The current investment environment demands a more secure and transparent custody practice for institutional crypto investors. While there are benefits to self-custody, they are typically unavailable to institutional investors due to either regulation or risk. In the majority of institutional use cases, a third party qualified digital asset custodian is not just a smart idea, it is a necessity. While third-party custody is a viable option for storing large amounts of digital assets, the risks of third-party custody can bring institutional investors to required deeper levels of due diligence to understand how their assets are stored.
Because institutional investors are held to higher standards than individuals, institutional-grade crypto custody solutions have become increasingly popular. Institutional-grade crypto custody offers the regulatory peace of mind and ease of use of third-party custody and implements additional security measures like Hardware Security Modules (HSMs) and Multiparty Computation (MPC).
Both HSMs and MPC solutions, when used by a third-party custody provider, can create a digital asset custody solution that keeps up with the compliance, transparency, security, and integrity standards institutions are required to uphold. Let’s take a look at the pros and cons of these solutions.
Hardware Security Modules (HSMs)
Hardware security modules (HSMs) have been around for the past several decades and are commonly used in the traditional banking and payment industry. HSMs are physical computing devices designed to securely store and manage data. These devices can be plugged into a computer or network to directly provide =cryptographic operations.
Specifically in the area of crypto custody, HSMs can be used to secure and store a wallet’s private keys directly on the physical device. While they can be used to directly access your crypto wallet, HSMs are more often used to secure backups in the crypto industry today.
One advantage of HSMs is that they provide physical security. Physical security provides an air gap from the internet, ensuring that only the holder of the actual device can perform operations.
Another benefit of HSMs is that it’s a long-standing custody solution. Since HSMs have historically been used for payment and banking security, they are recognized under international security standards like the Federal Information Processing Standards (FIPS).
Despite these benefits, there are some drawbacks to using HSMs. The two biggest drawbacks to HSMs are complexity, scalability and cost. First, setting up and maintaining HSMs for daily use can be difficult. Coupled with issues of scalability, HSMs may not be the right solution if you’re looking to handle faster and more complex transactions.
In terms of scalability, HSMs are limited, based on the design and capacity of each device. As a hardware solution, HSMs are limited in functionality and can be difficult to scale. New iterations of HSM technology, like scalable HSMs, are looking to improve on this.
Multiparty Computation (MPC)
Multiparty Computation (MPC) technology has become one of the most popular innovations in crypto custody solutions. Unlike HSMs, general third party, or self custody solutions, MPC custody solutions have few single points of failure.
HSM solutions typically store your private keys on a single, physical device. For general third-party solutions, you are relying on the platform holding your digital assets to protect them. With MPC, your private keys no longer need to be stored in any single location.
Instead, MPC custody solutions can utilize several private keys to perform signing operations. Private keys can be distributed to several intermediaries. When the assets need to be accessed via the private key information, the intermediaries coordinate signing operations together instead of through a single point of failure. MPC technology does this without ever revealing the full private key to any of the intermediaries.
The isolation of key shards creates a significant barrier for bad actors to try to access your assets. To reach your private key information, these actors would need to effectively identify and exploit each intermediary.
MPC’s ability to protect institutional assets without a single point of failure is why Protego Trust has chosen to use MPC wallets to protect its customers. Specifically, Protego utilizes a HA fast-MPC solution with secure hardware isolation (EAL5+ & FIPS 140-2 level 4). This approach combines the strengths of MPC security, cold storage and HSMs to provide one of the most secure and useful custody solutions on the market.
Protego Trust Bank N.A (in formation) is a purpose-built, conditionally federally chartered trust bank, exclusively serving the needs of institutional clients. With a firm belief that the future of all assets is digital, Protego Trust is defining the next generation of financial services by providing regulated infrastructure, advanced technology and safeguards that allow institutional clients to securely participate in cryptocurrencies and digital assets. In 2021, Protego Trust received a conditional federal charter from the U.S. Office of the Comptroller of the Currency, in addition to its Washington state charter. It plans to launch in 2022. Learn more about our institutional custody solutions today.