Digital asset custody: solving security issues for institutions

High-profile cryptocurrency hacks in the past and cases of misconduct and negligence have left institutional investors scrambling for a trustworthy custodian

Viewpoint
Robert Cooper
Robert Cooper

DIGITAL assets have been described as the phenomenon of this millennium, growing rapidly into a US$225 billion industry. Many of the world’s largest money managers such as hedge funds, private banks, family offices and treasury offices are dipping their toes into the water of this new investment class.

However, a number of high-profile cryptocurrency hacks in the past and cases of misconduct and negligence have left institutional investors scrambling for a trustworthy custodian, often referred as a secured digital wallet in the crypto world. The search is even more challenging for sophisticated investors holding large sums of digital assets.

While today there is an abundance of custodian options, quality has not always kept up with quantity and trust is the key element in the crypto custody industry. Because of their scale and large transactional volumes, institutional investors can use some key criteria when finding the right crypto custodian for them.

Types of crypto custody solutions

In the early days, a custodian meant a third-party overseeing the safekeeping of traditional financial assets such as gold, silver, cash, and stock or bond certificates. The evolution of financial markets and technological advances have created a new investment class which many associate with the likes of Bitcoin and cryptocurrencies.

A digital asset represents something of value akin to a traditional asset structured in a digital form, such as a currency (i.e. cryptocurrency) or property, equity or debt (i.e. security token). The ownership of this asset is represented by a private key, a unique alphanumeric string that is verified and recorded on the blockchain’s distributed ledger. The private keys are stored in a digital wallet and the owner can transfer, withdraw or deposit his/her asset by signing in using his/her private key. Although the keys are encrypted, once the keys are lost or stolen, so too is the digital asset.

When Bitcoin and other cryptocurrencies were first traded, traders stored their cryptocurrencies in online wallets at the exchanges. There were few third parties offering professional custodian services. As cryptocurrency trading gained popularity, crypto exchanges started providing digital wallets as an added custodial feature. A number of security breaches at the exchanges themselves has prompted some regulators and institutions to mandate the use of professional, third-party custodians in overseeing the secure storage of crypto assets.

Digital wallets can be broadly classified as either hot or cold storage. Hot wallets are connected to the internet and make accessing and transacting in digital assets easy for retail investors. A cold storage wallet is often preferred over a hot online wallet for storing large amounts of cryptocurrencies and other digital assets because of its offline feature; thus, significantly reducing the risk of hacking.

Using cryptographic hardware technology within a cold custody solution will strengthen protection because the private key is generated within the hardware itself. This means the private key never leaves the device, making it difficult for someone to export, access and compromise it. Traders with buy-and-hold strategies can allocate their core holdings offline and store them long-term in encrypted pieces of hardware, solely accessible by explicit authorization from the asset owner.

What makes a secure digital asset custodian?

A good custodian will provide an air-gapped facility meaning that the storage is isolated and not connected to the network adding an extra layer of protection. Some of the more advanced custodians will convert the keys to digital assets wholly or partially into physical forms using a FIPS140-2 complaint hardware security module and securely place those into a vault, free from risks linked to connectivity and with a sharply lowered risk of tampering

Why institutional investors need a different kind of crypto custody

The choices in crypto custody have surged in recent years due to fears of hacks and theft. But lessons from the past show that expertise in the planning of risk controls and contingencies are of upmost importance. Institutions require greater scale and added security measures to rebalance their digital asset holdings between hot and cold wallets while meeting their near-term liquidity needs and regulatory requirements.

When evaluating the hardware requirements of a crypto custodian, corporations should look for an air-gapped, cold storage solution. Institutional investors also have to take into account whether the custodian has the low latency and high scalability to perform large volumes of transaction with ease and security.

The rebalancing of funds between hot and cold environments would involve many humans tasked with executing those transactions. A widely distributed model is appealing in size but with more humans involved, there is greater risk of errors and mismanagement. As a result, crypto natives not only need to evaluate hardware requirements but also the custodian’s operational protocols, risk controls, authentication and permission settings.

Trust is a key element of custody

The responsibility is heavy on a digital asset custodian. Custodians are first and foremost trusted business partners that assume fiduciary duties to their clients. They treat the digital assets as if they were their own and act in the best interests of their clients.

In the US, investing in financial markets involves an SEC-licensed investment professional or institutional investor storing assets at a qualified third-party custodian. This federal law requirement of custodians ensures that they must actively look to mitigate the misappropriation of funds and fraudulent activities.

The regulatory framework on crypto assets is still in nascent phase and there are few digital custodial services that are certified as fiduciaries. Looking for those that are industry certified and that practice good corporate governance would help identify a trustworthy crypto custodian. Some industry best practices would include independent auditors and secondary insurance protection for clients.

With US$4.6 million in crypto assets being stolen every day, investors face the biggest responsibility of finding a trustworthy custodian. Through careful evaluation, investors can find the most secure custody solution for their institution or enterprise and provide their clients with absolute peace of mind.

Robert Cooper is head of Custody at Diginex

Date

16 Jan 2020

Share this article