December 2022

Crypto Custody

arrow pointi

With the loss of customer funds at FTX, crypto custody is front of mind for many digital asset investors. This month we wanted to offer our view on the state of crypto custody. We will outline the different options available to investors and provide an overview of the strengths and weaknesses of each approach.

Secure custody has always been the highest priority for us at CMCC Global and we closely monitor our exposure to third party exchanges and custodians. With the inflow of institutional capital into crypto, there have been strides forward in the security and sophistication of custody solutions. However, the fraud at FTX highlights that even companies that testify to congress can suffer from a lack of internal controls and poor governance. This month we wanted to offer our view on the state of crypto custody. We will outline the different options available to investors and provide an overview of the strengths and weaknesses of each approach.

There are three primary ways for investors to custody digital assets: crypto exchanges, third party custodians, and self-custody solutions.

Exchanges offer a convenient venue for holding digital assets. Exchanges are where digital assets are bought in the first place and for many retail investors the simple solution is to keep assets on the exchange. The exchange interface tends to be user friendly, and many exchanges offer familiar portfolio monitoring tools, akin to traditional stock trading applications. Every asset bought on the exchange can be custodied there, so there is no need to find bespoke wallets for individual assets. For regular traders it can be a hassle to move assets off exchange and then back on to trade. There are also time delays in doing this, which can be costly in highly volatile markets. In summary, there is nowhere more convenient to custody assets than exchanges.

However, there is a popular mantra that OGs in the space regularly repeat which goes – “not your keys, not your crypto”. A core philosophy amongst crypto devotees is that individuals should hold their own private keys and have custody and control of the assets that they own. Assets held on exchanges are secured by the private keys owned by the exchange. This results in two potential threats: security risk and business risk.

On the security side, exchanges are honeypots for hackers. Should a hacker successfully steal private keys from an exchange, then an enormous pool of assets can be drained. This has played out multiple times in the past.

On the business risk side, FTX has done a wonderful job of highlighting the potential risks that users are exposed to by holding assets on centralized exchanges. As we now know, customer funds held by FTX were loaned out to Alameda (a trading fund owned by Sam Bankman Fried). Not only were these funds not being securely custodied, but they were being traded and lost. In the case of FTX, this violated FTX’s terms of service, but was being done anyway. On other exchanges, it may not be against the terms of service to lend out customer assets. Exchanges are companies and user funds could be viewed as AUM. It may be that many exchanges are taking out loans against the AUM of the exchange. In the case of a bankruptcy, users become creditors alongside other entities, meaning that it is not guaranteed that users will be able to withdraw assets that they believe they own.

The second way to custody assets is through third party custodians. Some of the largest custodians in the world, like Fidelity, are now offering custody services for crypto. There are also crypto native custodians such as Coinbase Custody, Gemini and OSL Custody. This is a growing service and in 2021, over USD3bn was invested into institutional focused custodians for digital assets. While these firms initially offered custody on only a handful of the largest digital assets, today offerings span a wide selection of prominent tokens.

The benefit of using a dedicated custodian is the high degree of security and in most cases a sizable level of insurance. On the security side, as a user of these products, we can attest to them being reassuringly cumbersome to use. Withdrawal of assets is slow, with many layers of approval and verification. The security architecture for these custodians often includes:

  1. Digital defense: air-gapped infrastructure that intentionally removes hot wallets (connected to the Internet) from its design. Vaults are often equipped with military grade faraday cages to defend against electro-magnetic interference attacks.
  2. Physical defense: secure storage vaults designed with robust physical protection, requiring multi-party authentication for access and are 24/7 monitored.
  3. Process defense: custody systems and operations adhere to strict segregation of duties and are designed to combine physical, logical and technical controls.
  4. Slippage detection: 24/7 real-time monitoring of cold wallets and reconciliation against other blockchain nodes allows the custodian to detect any potential breaches and initiate crisis management procedures. Integrated blacklists and address whitelisting capability ensures custody wallets can only send to verified client addresses even in times of breach.

In addition to this security architecture, the process of depositing and withdrawing assets is designed to protect against social attacks. On setting up with a custodian, withdrawal addresses are whitelisted meaning that withdrawal can only take place to pre-approved addresses. Adding new whitelisted addresses requires corporate board resolutions and multiple verification checks. Even with these whitelisted addresses in place, the withdrawal process is multi-step involving many signing parties.

There are three weakness of conventional custodians that make them unfit for certain investors and purposes. Firstly, larger institutions may find the counterparty and balance sheet risk to be too great. While most custodians have insurance coverage, this may not stretch into the billions of USD. Secondly, withdrawals are slow, which in the high-paced world of crypto can be problematic for investors looking to trade. Thirdly, most conventional custodian services are not compatible with the emerging DeFi ecosystem. Rather than just holding an asset like ETH, an investor may wish to stake it or provide liquidity to a decentralized exchange.

In recent months, several exchanges have started offering their own specific custody services which look to overcome the headaches of cumbersome custody products, while providing a greater level of security than simply holding assets on exchange. One such offering is Binance Custody. This solution is growing rapidly and now has USD800m of assets under custody. Insurance on this product is provided by Lloyds, but as of now only covers USD200m per incident (25% of funds). In addition, Binance has its own “insurance fund” which holds an additional USD837m. However, 68% of these assets are correlated to crypto (BNB 44% and BTC 24%) and this fund covers not just the custody product, but also the USD60bn of customer funds. In summary, the absolute level of insurance is not overly reassuring given the total AUM on Binance.

One particularly interesting feature of the new Binance Custody product is called “Binance Mirror”, which is similar to an offering by Copper called Clearloop. These products allow users to trade on exchanges, while having assets reside in a cold wallet with the custodian. In summary, you can trade without the risk of holding assets on exchange. While very new, this hybrid of the exchange and third-party custodian model is quickly gaining traction and could well become a leading solution for institutional investors.

The third and final custody method is self-custody. In the early days of the industry, self-custody was simply a seed phase held by investors or the use of personal hardware. Today, technology providers such as Fireblocks and Ledger offer specialized software, hardware and training, to enable customers to self-custody their digital assets with institutional grade security. Security processes include:

  1. Multi-signature wallets: these are wallets that require signatures from two or more private keys to execute transactions. Multi-sig transactions are referred to as M-of-N transactions, with M being the required number of signatures or keys and N being the total number of signatures or keys involved in the transaction. So, a company could have 3-of-5 signatures required for a transaction to take place.
  2. Secure Multi-Party Computation (MPC): this is where a single key is split up into multiple parts and held by different parties. As with multi-signature wallets, M-of-N people are required to recreate the key and execute a transaction. The benefit of MPC is that it is protocol agnostic. A single MPC key could be used to manage numerous different protocols.
  3. Hardware Security Modules (HSM): these are physical devices that store private keys. These devices are built so that private keys are never exposed online, with transaction signing taking place on the device.

These processes can be used in tandem. For example, multi-sig wallets can be created using HSMs or MPC providers can enforce multi-sig rules. The major benefits of using these technology providers includes faster speed of transactions and the ability to interact with contracts on-chain while maintaining system security.

Crypto custodianship is now a big business. Almost USD3.5bn was raised in 2021 for institutional focused crypto custodian firms, dwarfing the USD471m that was raised in 2020.

The fallout from the FTX bankruptcy and resulting loss in customer funds is bringing crypto custody back into focus. As of today, there are several custody solutions available to professional investors, but no clear winner. Exchanges are convenient, but dangerous. Custodians are secure, but cumbersome. Self-custody requires technological know-how and houses technology risk. Some of the hybrid options, like Binance Custody, are interesting, but too new to rely on. A regulatory backlash resulting from FTX could lead to regulators forcing the unbundling of crypto services to protect customer assets and lower the risk of conflict of interest. This would reverse the trend of exchanges rolling out custody services.

At CMCC Global, we are acutely aware of the benefits and risks of each custody option. We are cautious of exchange risk and only hold assets on exchanges when necessary for trading. As discussed in our special FTX update last month, we did not have an account on FTX as we were not comfortable with the potential conflict of interest between the trading firm Alameda and FTX.

When it comes to custody, our strategy has been to use a variety of solutions across our funds, so as not to be overly reliant on any one technology or counterparty. We are lucky to work with a variety of institutional grade providers who offer an excellent service, that includes insurance coverage at a reasonable price. We look forward to the continuing evolution of custody services and will continue to review our own solutions and new products as they come to market. It is vital for crypto to offer institutional grade custody to give confidence to institutional investors looking to enter the space securely.