In the wake of FTX’s collapse, the crypto asset community returned to a familiar motto: “Not your keys, not your crypto.” It was meant to reassure one another that what Sam Bankman-Fried did couldn’t have happened to us if we had the proper custody in place. This simply isn’t true in this day and age.
As a sector, we applaud new financial products, like ETFs getting approved and we are happy to see more retailers and companies accepting crypto assets. But for mass adoption to continue, secure custody has to be more than an individual effort. Simply holding keys doesn’t work for large-scale asset management, nor will it pass the most basic of security audits. We need a diverse ecosystem of custody options - one of which can remain sole custodial control for the “not your keys, not your crypto” crowd.
The best articles of the week, directly delivered into your mailbox.Subscribe to our newsletter
What does secure crypto custody mean?
Asset managers (from individual advisors to large brokerages and banks) are experts in their field - managing and growing investments to maximise returns. Their proficiency lies in understanding the market, identifying opportunities, and making calculated decisions. Their work, whether for individuals, family offices, or pension funds, is foundational to the financial system we all use. And if we want these providers to offer avenues into digital assets, it follows that they need a way to hold these assets securely - especially if we, individually, are not comfortable doing so.
Yet, returning to the question of the best way to approach custody: Asking these managers to create their own secure crypto custody program is akin to asking them to conduct KYC with only someone's first name, and no internet access. The professional financial ecosystem relies on partners, especially for security and compliance. Not only is it more efficient and secure for asset managers to work with secure custody providers, but these partners are far more expert at putting the robust security measures in place to protect the digital assets. This security is the ultimate end goal of "not your keys, not your crypto."
Setting aside the objections to external custody providers, the requirement of asset managers to hold cryptographic keys is actually against the ethos of secure self-custody. If owning the key equals owning the crypto, that means who has keys has full control and responsibility. If the asset manager holds the key in a secure custody process, it contradicts this principle as the client does not have direct control over their own digital assets. Conversely, if the client retains the keys, it implies that the asset manager isn't truly managing anything, leading to potential inefficiencies and missed opportunities for asset growth. Striking the right balance between secure custody and maintaining clients' independence over their cryptocurrencies is challenging, reinforcing the need for specialised crypto custody services.
The road ahead for modern crypto asset custody
In the coming year, I expect that we'll see continued expansion of the custody services ecosystem. As more providers enter the market, we need to remain vigilant against bad actors and insecure, inadequate services. If you are comfortable holding your own keys, then continue to do so. If you are looking for a secure custody provider, look for the following four characteristics:
- First, do they hold your assets in segregated wallets, and do they share the public wallet address with you? This makes it possible for you to verify your holdings at any time.
- Second, have they undergone and passed security audits, like the international information security management standards (ISO)?
- Third, are they insured for loss of assets (whether via cybercrime or internal mismanagement)?
- And fourth - are they licensed to operate in your jurisdiction? This lessens the likelihood of a rapid departure and de-platforming of you, the customer, in case of regulatory issues.
While there are many more elements to consider depending on your crypto asset strategy, these are paramount to selecting a secure custodial partner. As crypto asset adoption surges, service providers offering secure custody are absolutely essential to a healthy, secure ecosystem. To avoid further scams like that of FTX, the industry must evolve how we approach custody and not only rely on sole custodial control - not if we want true mass adoption of crypto assets.
