Hero's Image

Crypto custody: Best practices for keeping digital assets secure

Articles

This article was published on Allnews on July 6, 2023.

 

In May, a debate emerged in the crypto community and among investors about how best to custody crypto assets. The spark was the announcement of a new initiative from a well-known crypto self-custody hardware wallet provider1 that would allow the company to help users recover a lost wallet. 

Much of the debate was centered around how secure this new service would be and whether or not it would allow backdoor access to a user’s crypto assets by governments or malicious actors. While this debate will continue, it has served as an important reminder to us of both the challenges of self custody and the benefits of accessing crypto assets through regulated funds that use highly sophisticated custody services. But before exploring these benefits, let’s look at how crypto assets are typically custodied.     

 

An overview of crypto custody

 

Securing the private keys for crypto assets presents unique custody challenges. The holder of the private key is the holder of the crypto asset, so protecting these alphanumeric keys is critical. There are generally three approaches to crypto custody:

 

  1. Self-custody can be done by using an external hardware device or managing the private keys yourself (e.g., writing them on a piece of paper and storing that in a secure place). This approach carries significant risks because most blockchain transactions cannot be reversed or altered, so if the private key is lost so is the crypto. 

  2. Partial custody refers to software wallets or exchanges that manage private keys. This type of “hot” storage is connected to the internet and vulnerable to things like exchange or wallet hacks. As we saw with FTX, it is not always clear if assets on exchanges are fully reserved, if the exchange is lending your assets, or your assets could be frozen during bankruptcy proceedings. 

  3. Full service third-party custody solutions provide the highest degree of security and customization. This approach includes the utilization of “cold” storage, which involves offline devices that prevent network or software-enabled connectivity.

 

For regulated products like ETPs and ETFs, the only option that meets the fiduciary duties with the highest confidence is a full third-party institutional custody service. ETF providers that use reputable institutional custodians can significantly reduce the risk of loss or theft to investors. These custodians employ cutting-edge technologies and best practices to ensure the secure storage of private keys and employ rigorous protocols for accessing and transferring assets. Furthermore, these solutions typically often offer insurance coverage, further bolstering investor confidence and mitigating potential risks.

The crypto industry operates in a complex regulatory landscape, with varying rules and requirements across jurisdictions. Institutional custody solutions play a crucial role in helping investors navigate this regulatory minefield. Trusted custodians have a deep understanding of compliance obligations and can ensure that investors' assets are held in accordance with relevant regulations. At Hashdex, we follow strict protocols with respect to the custodians we choose to work with that we believe can serve as best practices for our industry. The questions we ask when selecting custodians include:  

 

  • Can the custodian certify segregation of the ETP/ETFs assets as well as certify its systems are disconnected from the internet?

  • Does it require multiple signatures and geographic distribution of cryptographic keys to mitigate the existence of a single point of failure and key-man risk? 

  • Is the quality and effectiveness of a custodian’s operational processes attested by an independent accredited auditor? 

  • Does the custodian have insurance policies against private key theft and loss, as well as against fraud and internal theft? 

  • Is the custodian regulated in a strong jurisdiction with clear and specific regulatory requirements for custodians that go beyond just AML and KYC compliance?

 

Custody solutions that provide detailed reporting and audit trails enable investors to meet their reporting requirements and demonstrate transparency to regulators and auditors. These features not only facilitate compliance but also contribute to the overall credibility of the crypto industry. This level of due diligence is crucial to onboard institutional investors like hedge funds, pension funds, and endowments, who must comply with strict regulatory standards. 

 

Securing crypto’s future 

 

The continued entry of institutional investors into the crypto space, as evidenced by BlackRock and several other large asset managers applying for bitcoin ETFs in the US this month, will drive mainstream adoption and pave the way for wider market participation. However, institutional investors have unique needs and requirements that must be addressed for them to allocate substantial capital to digital assets. Institutional custody solutions offer the necessary infrastructure and safeguards to attract and retain institutional investors. 

As the crypto market continues to mature, investors should request that institutional custody solutions be a minimum standard for regulated crypto asset ETPs providers, for the safety of their assets and to minimize operational and reputational risk. These solutions provide essential security measures to protect digital assets from cyber threats, offer compliance frameworks to navigate regulatory requirements, and facilitate institutional adoption by catering to the specific needs of large-scale investors. Crypto asset managers should embrace them to further strengthen the trust and confidence of crypto investors.

 

 [1]Ledger’s new Bitcoin key recovery feature debate swirls ,” CoinDesk, May 19, 2023

_____________________________

This material expresses Hashdex Asset Management Ltd. and its subsidiaries and affiliates (“Hashdex”)'s opinion for informational purposes only and does not consider the investment objectives, financial situation or individual needs of one or a particular group of investors. We recommend consulting specialized professionals for investment decisions. Investors are advised to carefully read the prospectus or regulations before investing their funds. The information and conclusions contained in this material may be changed at any time, without prior notice. Nothing contained herein constitutes an offer, solicitation or recommendation regarding any investment management product or service. This information is not directed at or intended for distribution to or use by any person or entity located in any jurisdiction where such distribution, publication, availability or use would be contrary to applicable law or regulation or which would subject Hashdex to any registration or licensing requirements within such jurisdiction. No part of this material may be (i) copied, photocopied or duplicated in any form by any means or (ii) redistributed without the prior written consent of Hashdex. By receiving or reviewing this material, you agree that this material is confidential intellectual property of Hashdex and that you will not directly or indirectly copy, modify, recast, publish or redistribute this material and the information therein, in whole or in part, or otherwise make any commercial use of this material without Hashdex’s prior written consent. 

Investment in any investment vehicle and cryptoassets is highly speculative and is not intended as a complete investment program. It is designed only for sophisticated persons who can bear the economic risk of the loss of their entire investment and who have limited need for liquidity in their investment. There can be no assurance that the investment vehicles will achieve its investment objective or return any capital. No guarantee or representation is made that Hashdex’s investment strategy, including, without limitation, its business and investment objectives, diversification strategies or risk monitoring goals, will be successful, and investment results may vary substantially over time. Nothing herein is intended to imply that the Hashdex s investment methodology or that investing any of the protocols or tokens listed in the Information may be considered “conservative,” “safe,” “risk free,” or “risk averse.”

Certain information contained herein (including financial information) has been obtained from published and non-published sources. Such information has not been independently verified by Hashdex, and Hashdex does not assume responsibility for the accuracy of such information. Hashdex does not provide tax, accounting or legal advice. Certain information contained herein constitutes forward-looking statements, which can be identified by the use of terms such as “may,” “will,” “should,” “expect,” “anticipate,” “project,” “estimate,” “intend,” “continue”  “believe” (or the negatives thereof) or other variations thereof. Due to various risks and uncertainties, including those discussed above, actual events or results, the ultimate business or activities of Hashdex and its investment vehicles or the actual performance of Hashdex, its investment vehicles, or digital tokens may differ materially from those reflected or contemplated in such forward-looking statements. As a result, investors should not rely on such forward- looking statements in making their investment decisions. None of the information contained herein has been filed with the U.S. Securities and Exchange Commission or any other governmental or self-regulatory authority. No governmental authority has opined on the merits of Hashdex’s investment vehicles or the adequacy of the information contained herein.

 

Logo Hashdex
The material contained on this website is for informational purposes only and Hashdex, and its affiliates, is not soliciting any action based upon such material. The material is not to be construed as investment advice nor is it to be construed as recommendation, offer or solicitation to buy or sell any financial instrument or product or to adopt any investment strategy. Further, the material contained on this website does not constitute a representation that the financial instruments described therein are suitable or appropriate for any person. Past performance is not an indication of any future performance. Hashdex collects its data from public sources. Therefore, there is no liability for any delays or inaccuracies in the information due to the updating schedule of these sources. This website may contain advertising of financial products.