The digital asset market experienced rapid expansion in 2021, with its total value surging to over $2 trillion. However, that same year, criminals exploited regulatory weaknesses to siphon a record $14 billion from the growing ecosystem.
These losses underscore the critical importance of secure custody infrastructure, which becomes increasingly vital as institutional participants with higher security and compliance standards enter the market.
This article explores what custody entails, how this core financial service applies to the world of digital assets, and the evolving solutions available today.
What Is Digital Asset Custody?
Digital asset custody refers to the protective care or guardianship of digital assets, typically provided by a third party for a fee.
In this sense, digital asset custody resembles the custody of traditional financial assets. However, the unique nature of digital assets means custody operates differently—and is even more critical for preventing loss.
How Does Digital Asset Custody Work?
Unlike traditional assets, digital assets are controlled by private keys—a string of letters and numbers that functions like a password, unlocking the rights to manage and use the assets.
The power conferred by holding a private key makes it essential to keep it confidential. Owners should never share private keys with anyone, as they can be used to irreversibly move funds out of a wallet.
A digital asset custodian—such as a Bitcoin or Ethereum custodian—is essentially a third-party company that stores crypto assets under its own private keys, effectively taking ownership of the assets it manages.
Types of Digital Asset Custody Services
The digital asset custody landscape has evolved rapidly in recent years. Most offerings today fall into one of three categories:
Exchanges
Early exchanges acted as de facto custodians, often with disastrous consequences. The collapse of Mt. Gox in 2014 was the first major incident, followed by many other exchanges that suffered breaches after prioritizing growth over security. Today, security is far higher on the agenda, and many established exchanges operate dedicated custody branches. Some of these are also licensed and regulated in their local jurisdictions.
Specialized Custodians
Specialized custodians are often crypto-native firms or traditional financial services companies—such as Fidelity and BNY Mellon—that are increasingly supporting cryptocurrencies in response to client demand.
Self-Custody
For individuals, self-custody is often the preferred route. This means maintaining full control of private keys—usually on a hardware wallet—and eliminating reliance on any third party. In short, it embodies the "not your keys, not your coins" ethos.
Before advanced solutions emerged, achieving independent self-custody was challenging for institutions. However, decentralized Multi-Party Computation (dMPC) technology now eliminates the need for third-party custodians, enabling organizations to retain full control of assets while still being protected by institutional-grade governance controls.
Digital Asset Custody Technologies
Custodians typically rely on several forms of technology to secure private keys. Each type uses a different approach to balance security needs with accessibility and operational flexibility.
Cold Storage
Cold storage maximizes security at the expense of accessibility. Private keys are stored offline and cannot communicate with any online system, making them immune to remote hacking. However, accessing funds can be a slow process requiring manual approvals.
Historically, cold storage involved using laptops disconnected from the internet. Other early forms included printing private keys on paper. Today, the most common form of cold storage involves hardware wallets that store private keys on secure chips.
Hot Wallets
Hot wallets prioritize accessibility over security. The private keys controlling digital assets are held in wallets connected to the internet. This ensures that assets can be accessed quickly but also makes them vulnerable to theft and hacking. As a result, hot wallets are typically used only for holding small amounts of digital assets for daily transactions.
Combined Cold and Hot Storage
The trade-offs of each custody method mean that crypto companies often rely on a combination of hot and cold wallets, usually protected by additional governance layers such as multi-signature schemes. The vast majority of funds are held in cold storage, with a smaller portion kept in hot wallets to ensure sufficient liquidity for customer withdrawals—similar to keeping $100 in your pocket while the rest remains in a bank account.
Multi-Party Computation (MPC)
Multi-Party Computation (MPC) is increasingly used in digital asset custody. This revolutionary cryptographic technique allows multiple parties to jointly perform mathematical calculations without any party revealing its secrets to the others.
This means that multiple computers holding fragments of a private key can collaborate to solve signature equations without ever creating a complete private key or exposing critical information to one another. As a result, a potential hacker cannot obtain the private key by compromising a single device, eliminating the single point of failure common in centralized custody.
In terms of governance and operational efficiency, MPC also offers significant advantages over multi-signature setups. For example, if all signers agree, the signature threshold can be easily changed without creating an entirely new wallet—as would be required with multi-signature—reducing operational burdens and the risk of funds being sent to incorrect addresses.
However, despite these benefits, most MPC implementations still either hold sensitive private key data (making them de facto centralized) or provide sensitive private key data to clients—increasing the risk of permanent loss due to theft or error.
Innovative solutions now address these issues by using decentralized MPC (dMPC) implementations that keep private keys fully decentralized.
Decentralized MPC (dMPC)
A unique innovation in this space involves MPC driven by blockchain consensus.
Instead of relying on a single private key, a decentralized MPC protocol generates independent secrets distributed among MPC nodes on a fast, deterministic blockchain. In most MPC implementations, these nodes are controlled by a single organization, exposing assets to risks such as rogue employees, conspiring cloud providers, or other colluding partners.
In a decentralized MPC network, each MPC node is located in a security-hardened, Tier 4 data center distributed across global financial hubs from London to Chicago and Hong Kong. In a fully decentralized setup, each MPC node is controlled by an independent validator.
When an asset owner wants to send funds, they coordinate with designated approvers via the network to confirm asset ownership on the blockchain. This consensus enables the asset owner to instruct the MPC nodes to run the MPC protocol from their wallet. The MPC protocol then generates a digital signature for the underlying blockchain to send digital assets from that address.
Institutional Self-Custody
Self-custody simply means owning your private keys.
This is straightforward for individuals, who can store keys on a hardware wallet and adhere to the "not your keys, not your coins" philosophy—without trusting a centralized third party.
Until recently, however, self-custody was impractical for organizations. Private keys pose challenges for institutions with governance needs, requiring institutional-grade controls that don’t depend on a single password accessible by one user.
Modern wallet solutions now bring the "not your keys, not your coins" ethos to institutions. They transform private keys into flexible governance layers, allowing organizations to maintain full independent control while protecting assets with institutional controls—all without trusting a third party.
👉 Explore institutional self-custody solutions
Computational Custody
Upcoming advancements in computational custody will introduce fully automated modes of operation. This will allow all custody actions to be based solely on mathematical laws, with transactions automatically and independently evaluated against specific criteria—such as size, parameters, origin, or destination—without relying on third-party custodians or manual oversight.
Cryptocurrency Custody Regulations
In jurisdictions like the United States, traditional financial custodians are highly regulated.
Digital asset custodians that have access to assets and participate in signing transactions fall into the same category—meaning they must seek approval and authorization in every jurisdiction where they operate.
Decentralized custody networks do not fit the mold of centralized custodians. Instead, they act as custody technology providers—more akin to a bank vault manufacturer than a bank.
Therefore, they do not hold private keys, cannot intervene in transactions or seize funds, and do not require cryptocurrency custody licenses.
The Future of Digital Asset Custody
As traditional assets migrate to blockchain and new types of crypto assets—such as NFTs—become increasingly integrated into global finance, digital asset custody will play an ever more critical role.
However, the current landscape risks replicating the same vulnerabilities found in traditional asset custody.
In traditional finance, custodians have consolidated over time. Economies of scale have helped large firms dominate by offering lower prices and greater efficiency. This has created concentrated points of systemic risk, echoing the structural issues that preceded the 2007–2008 financial crisis.
Crypto custody now risks following a similar trajectory. We see major players from traditional finance entering the space, and traditional custody technologies based on old centralized paradigms—including cold storage, hot wallets, and MPC implementations that require clients to relinquish control of their assets—remain prevalent.
There is, however, an alternative vision: a future of decentralized custody for decentralized assets, where organizations can operate with full security and compliance without compromising the independence and autonomy that crypto assets provide.
👉 Learn more about advanced custody options
Frequently Asked Questions
What is digital asset custody?
Digital asset custody involves safeguarding cryptographic private keys that control access to cryptocurrencies and other blockchain-based assets. Custodians ensure these keys are stored securely, preventing unauthorized access and loss.
Why is self-custody important?
Self-custody empowers users by giving them direct control over their private keys. This reduces reliance on third parties and mitigates risks such as exchange hacks, insolvencies, or operational freezes.
What is the difference between hot and cold wallets?
Hot wallets are connected to the internet and allow quick access to funds, making them suitable for small, frequent transactions. Cold wallets store keys offline, providing enhanced security for long-term storage of larger amounts.
How does MPC improve custody security?
MPC distributes key fragments across multiple parties or devices, ensuring that no single point of failure can compromise the entire key. This adds layers of security while maintaining operational flexibility.
Are decentralized custody solutions regulated?
Decentralized custody technology providers typically do not hold assets or directly manage keys, placing them outside traditional custodian regulations. However, users should always verify the compliance of their chosen solution with local laws.
What should institutions look for in a custody solution?
Institutions should prioritize security features, regulatory compliance, governance controls, insurance coverage, and the ability to integrate with existing systems. Flexibility in transaction approval and asset management is also critical.