In the wake of the FTX scandal, many crypto investors are taking a deeper look at the security of their assets. To help make an informed choice, we’ve put together this primer on crypto custody and what to look for when choosing a partner.

How the term “custody” gets used in crypto

In traditional finance, a “custodian” refers to an entity that holds the assets on your behalf and protects them against loss, theft, or misuse.

In crypto, however, the term “custody” tends to be used much more loosely. Many “custody” providers simply offer hot wallets and do not actually custody anything. Because they’re connected to the internet, these software solutions do a great job keeping funds liquid, but they also come with greater surface area for hackers to attack. The quality of the security technology backing the wallets can vary widely, too.

Ultimately, many “custody” providers are just giving you a tool to hold the assets yourself; they’re not actually holding them for you.

The concerns don’t end there, however. Even custodians who do hold your assets — including in offline cold storage — may still have the ability to misuse your funds. You hand them the keys and then hope they have your best interests at heart.

So, who do you trust?

Defining “qualified custody”

Unlike the more generic way “custodian” gets used in crypto, a “qualified custodian” means something much more specific, defined by regulators.

A qualified custodian is a regulated entity (like a bank or a trust) that:

  • Has a fiduciary duty to its clients

  • Holds client funds in segregated accounts

  • Meets rigorous regulatory standards and audits that help protect client funds against loss, theft, or misuse

Because whoever holds the keys controls the coins, working with a qualified custodian — rather than a mere “custodian” — becomes critical. You need to be able to trust your custodian, and a qualified custodian has a fiduciary responsibility to look out for your best interests.

Qualified custodians may offer a number of services that provide extra security, including:

  • Cold storage, where the keys are kept offline

  • Remoteness from bankruptcy, so your funds are protected if the company goes under

  • Segregated accounts, so funds are never commingled

  • Backup keys

  • Battle-tested security technology

  • Redundant human processes

  • Insurance against theft, loss, or misuse

Key questions to ask

When evaluating a custodian, here are some key questions to ask:

Wallet security:

  • Do you offer hot and cold wallets both?

  • How many key shares does each wallet consist of, and where are they held?

  • What technology do you use to secure your wallets?

  • Do you have SOC 1 and/or SOC 2 certifications?

Custodial services:

  • Are you a qualified custodian?

  • Where are you regulated?

  • What happens to my funds in case of bankruptcy?

  • What processes do you use to prevent loss, theft, or misuse?

Insurance:

  • Are my funds protected by insurance and under what conditions?

  • How much insurance coverage do you hold?

What BitGo offers

BitGo offers both hot wallets and cold custodial wallets. Many of our clients keep a portion of their funds in hot wallets for greater liquidity and the rest in cold storage for maximum security.

All our wallets divide keys into multiple pieces and require a minimum threshold to sign any transaction, meaning an attacker would need to compromise multiple keys in order to actually gain control.

Moreover, our custodial wallets are provided by our four regulated trust companies, each of which serve as a qualified custodian. We also maintain up to $250M in insurance coverage against loss, theft, and misuse in situations where we hold all keys to a wallet.

To learn more about our services, please contact our team for more information

About BitGo

BitGo is the leading infrastructure provider of digital asset solutions, offering custody, wallets, staking, trading, financing and settlement out of regulated cold storage. Founded in 2013, BitGo is the first digital asset company to focus exclusively on serving institutional clients. BitGo is dedicated to advancing a digital financial services economy that is borderless and accessible 24/7. With multiple Trust companies around the world, BitGo is the preferred security and operational backbone for more than 1,500 institutional clients in 50 countries, including many of the world’s top brands, cryptocurrency exchanges and platforms. BitGo also secures approximately 20% of all on-chain Bitcoin transactions by value and is the largest independent digital asset custodian. For more information, please visit www.bitgo.com.

©2024 BitGo Inc. (collectively with its affiliates and subsidiaries, “BitGo”). All rights reserved. BitGo Trust Company, Inc., BitGo Inc., and BitGo Prime LLC are separately operated, wholly-owned subsidiaries of BitGo Holdings, Inc., a Delaware corporation headquartered in Palo Alto, CA. No legal, tax, investment, or other advice is provided by any BitGo entity. Please consult your legal/tax/investment professional for questions about your specific circumstances. Digital asset holdings involve a high degree of risk, and can fluctuate greatly on any given day. Accordingly, your digital asset holdings may be subject to large swings in value and may even become worthless. The information provided herein is not intended for distribution to, or use by, any person or entity in any jurisdiction or country where such distribution or use would be contrary to law or regulation. BitGo is not directing this information to any person in any jurisdiction where the publication or availability of the information is prohibited, by reason of that person’s citizenship, residence or otherwise.