Investing in and trading digital assets is not a risk-free activity. Price swings in the financial markets can sometimes cause the value of the assets to dip, and then there’s the always unpredictable factor of human behavior, which can include loss, misuse, and even theft. Many decades ago, TradFi institutions began using custodians to safeguard client assets — and custodians are now a crucial linchpin of the digital asset space as well.

Digital asset custodians are third party organizations that store the private keys of clients’ digital assets that exist on blockchains in wallets; private keys are long strings of letters and numbers that serve as passwords while blockchain technologies are decentralized, digital, public ledgers with many of them supporting smart contracts: programs that automatically unfold as certain conditions are met.

Choosing the right custodian provides a solid sense of security against potential risks that exist. When you’re ready to choose a digital asset risk management custodian for your institution, there are four key elements to consider.

#1: Type of Wallets Offered

Hot wallets connect to the internet, improving transaction speed — but can create an opening for hacking. Cold wallets, meanwhile, are not internet connected, which eliminates any concern about hacking but slows down transaction speed.

To enhance the security of hot wallets while preserving their inherent transaction speed, users can create systems to avoid single points of failure. They could, for example, split up keys and store them in different locations. They could also require multiple keys to sign for transactions; place limits on who can move funds, how often, and how much; who can receive funds; and so forth.

Under this scenario, a company may keep some funds in hot wallets for ready liquidity and the remaining digital assets in cold wallets. When considering what custodians can offer in optimal digital asset risk management, find out what wallets they offer and what safeguards their technologies allow.

#2: Qualified Custodian

It’s increasingly common for providers to call themselves custodians — but, rather than being a qualified custodian, they’re simply offering a hot wallet software solution for users to employ. For a company to be a qualified custodian, they must meet a certain definition. Currently, under the SEC definition in the United States, a qualified custodian “generally is a federal or state-chartered bank or savings association, certain trust companies, a registered broker-dealer, a registered futures commission merchant, or certain foreign financial institutions.”

Under a proposed new rule, the definition of assets would expand to include digital assets although, as of yet, it does not. Keep watching the BitGo blog for updates on this important risk management issue for digital assets, including crypto assets.

When looking for effective digital asset risk management, there are significant benefits when you select a qualified custodian. For example, they must appropriately segregate client funds and meet regulators’ rigorous standards to reduce operational risks to protect their clients. Said another way, a qualified custodian has a fiduciary responsibility to look after clients’ best interests, using internal controls to reduce the degree of risk being undertaken.

Qualified custodians can also offer services like these: cold storage, proven security technologies, redundant human processes, backup keys, and insurance against loss or theft — and BitGo does offer these services. So, when you choose BitGo Trust Company for your digital asset risk management firm, you’ll benefit in numerous crucial ways.

#3: Effective Key Management

Factors to consider in this element of risk management include who holds the keys and where and how they are generated. Institutions and retail platforms largely favor one of three types:

  • Self-managed hot wallets where they hold some to all of the keys; this is offered by BitGo, Inc.

  • Self-managed cold wallets where they hold some to all of the keys; because the BitGo Trust Company is a qualified custodian, we can provide this service.

  • Custodian-managed cold wallets where the custodian holds all of the keys; because the BitGo Trust Company is a qualified custodian, we can provide this service.

Once a company decides what kinds of wallets would be best for their needs and that having a qualified custodian is important, it’s vital to choose the right custody service to effectively navigate the risk landscape. This involves ensuring that their approach to managing the existing risk framework follows best practices by implementing internal controls and more.

How many keys come with a wallet? If only one, this could put the wallet at risk of a single point of failure with the digital assets inaccessible if the key is lost or stolen.

How many keys are required to sign a transaction? If your company has two keys and both are required to sign, then one hacked or lost key would prevent access to funds. If there are three keys and only two are needed, then one could be lost or stolen, and all would still be good: your company could sign; the hacker couldn’t. How does your custodian of choice provide layers of protection against bad actors? (Stay tuned to learn more about other options: single sigs and smart contracts!)

What else would your custodian of choice offer for digital asset risk management in this area? View-only access, whitelisted addresses, and velocity controls can all add yet another layer of defense against operational risks.

#4: Key-Protecting Technologies

As a look under the hood, multisig technology has an excellent safety track record. Each wallet comes with multiple keys; typically requires two signatures to prevent single points of failure; provides transparency into the signers; and typically comes with backup keys. Because these wallets take more expertise and engineering time to build, many providers don’t offer them.

TSS technology, meanwhile, is a form of another kind of wallet: an MPC wallet type. MPC wallets require less developmental work than multisig technology and rely upon a single key divided into multiple key shares but do come with challenges that can be addressed with TSS.

Choosing BitGo as Your Qualified Custodian

The BitGo Trust Company is a qualified custodian that puts digital asset risk management front and center in all we do. We offer custodial and self-management cold wallets powered by multisig or TSS technologies; both kinds of technology come with backup keys. Hot wallets are available through BitGo, Inc. To hear more about what can fit your needs, reach out to the expert BitGo team.

Digital Asset Risk Management FAQs

What is digital asset risk management?

Digital asset risk management involves monitoring and managing assets, protecting them from undue risk while allowing investors to benefit from their assets and how they use and deploy them. This is a vital part of overall financial management when an institution has digital assets in its portfolio.

More specific to the content of this post, risk management can be optimized with a qualified custodian. When choosing one for your organization, factors to consider are the types of wallets they offer, how they manage keys, and how they protect those keys.

When you select BitGo Trust Company as your qualified custodian, you benefit in numerous ways. For more information, contact the BitGo team.

Are all companies that offer digital asset risk management services qualified custodians?

Definitely not! Plenty of providers are calling themselves custodians, which can be easily confused with being a qualified custodian. For a company to be a qualified custodian, they must meet a strict definition under the Security and Exchange Commission (SEC). In general, they must be a “registered broker-dealer, a registered futures commission merchant, or certain foreign financial institutions.” The BitGo Trust Company is a qualified custodian.

How does our organization get started with BitGo for our digital asset risk management?

Simply reach out! The expert BitGo team loves to talk to institutions and builders that need digital asset risk management services, and we look forward to speaking with you about your needs. We offer qualified custody services and other financial services to family offices, hedge funds, market makers, and banks as well as exchanges, retail aggregators, platforms, and crypto startups. BitGo helps our clients to secure their assets, deploy them through borrowing, lending, staking, trading and more, and even to build platforms through our wallets as a service and BitGo APIs.

About BitGo

BitGo is the leading infrastructure provider of digital asset solutions, offering custody, wallets, staking, trading, financing and settlement out of regulated cold storage. Founded in 2013, BitGo is the first digital asset company to focus exclusively on serving institutional clients. BitGo is dedicated to advancing a digital financial services economy that is borderless and accessible 24/7. With multiple Trust companies around the world, BitGo is the preferred security and operational backbone for more than 1,500 institutional clients in 50 countries, including many of the world’s top brands, cryptocurrency exchanges and platforms. BitGo also secures approximately 20% of all on-chain Bitcoin transactions by value and is the largest independent digital asset custodian. For more information, please visit www.bitgo.com.

©2024 BitGo Inc. (collectively with its affiliates and subsidiaries, “BitGo”). All rights reserved. BitGo Trust Company, Inc., BitGo Inc., and BitGo Prime LLC are separately operated, wholly-owned subsidiaries of BitGo Holdings, Inc., a Delaware corporation headquartered in Palo Alto, CA. No legal, tax, investment, or other advice is provided by any BitGo entity. Please consult your legal/tax/investment professional for questions about your specific circumstances. Digital asset holdings involve a high degree of risk, and can fluctuate greatly on any given day. Accordingly, your digital asset holdings may be subject to large swings in value and may even become worthless. The information provided herein is not intended for distribution to, or use by, any person or entity in any jurisdiction or country where such distribution or use would be contrary to law or regulation. BitGo is not directing this information to any person in any jurisdiction where the publication or availability of the information is prohibited, by reason of that person’s citizenship, residence or otherwise.