Secure your digital assets

A quick introduction to digital asset custody and key management

The advent of blockchain technology has given us unprecedented control over our assets by facilitating self-custody and giving control of their private keys to end-users. But secure digital asset custody is essential to ensure seamless interoperability, smooth market operations and to maintain trust. This article explores some of the universal challenges faced by digital asset custodians, common key management technologies used to safeguard digital assets, and options available to those seeking custodian services.

Blockchain technology has become mainstream, and uptake is accelerating rapidly. According to Statista, user penetration is expected to grow from 8.77% to 12.27% between 2023 and 2027, with the total number of digital asset users expected to reach close to a billion people in 2027.  By 2027, the revenue from digital asset services is expected to exceed 100 billion USD.

As we witness the entry of financial institutions into the digital asset industry, the need for institutional-grade custody solutions for financial institutions and high-net-worth individuals is surging. Self-custody may lead to the permanent loss of digital assets, which is a less viable option for FSIs and HNWIs managing a considerable amount of assets. The loss of digital assets due to insecure custody services has become an increasing concern. Chainalysis [1] estimates that 25% of all bitcoin in circulation may have been permanently lost due to the loss of private keys, underscoring the importance of proper custody and key management solutions in the digital asset industry. The collapse of FTX in 2022 also highlighted the importance of professional custody arrangements to avoid the commingling of funds and to improve oversight throughout over the digital asset lifecycle.

Digital asset custody will gain importance as more regulated institutions enter the digital asset industry. While secure key management is the core service that custodians provide to ensure only authorized users approve and sign transactions, the scope of custodian activities is broad and expanding. Additional services include: financial crime monitoring and detection, settlement finality, asset segregation, distributed ledger technology (DLT) governance, protocol incentive schemes, and interoperability. Each of these topics is the subject of intense research and regulatory scrutiny as financial services professionals, institutional investors, and native digital assets players are expecting additional regulatory clarity from lawmakers. While some jurisdictions are leading in terms of providing regulatory clarity to digital assets businesses (e.g., Switzerland, Germany, Hong Kong, and Singapore), this is not yet the case everywhere, and there may be opportunities for regulatory arbitrage.

Challenges faced by digital asset custodians

The principles underlying digital asset custody are not fundamentally different from the ones underlying traditional custody. Traditional and digital custodians share the same goal of safeguarding their clients’ funds by leveraging state-of-the-art technologies. Nevertheless, operational challenges, regulatory “grey zones,” and the lack of sound insurance policies are all challenges that may hamper the adoption of digital assets by financial institutions.

Other emerging challenges include:

  1. Key management: Institutions entering the digital asset space must ensure they have implemented a strong key management system to prevent unauthorized access to the assets as well as avoid facilitating malicious transactions.
  2. Regulatory uncertainty: The lack of a uniform set of regulations complicates custodians’ operations across multiple jurisdictions, which calls for industry leaders to define unified standards.
  3. Insurance ambiguity: While digital custodians tout the benefits of partnerships with insurance companies to guarantee compensation for the loss of digital assets, the coverage of these policies remains unclear. Defining clear and comprehensive standards, akin to those offered by the FDIC for traditional banking, would enhance the custodians’ value proposition for institutions and retail clients hesitant to relinquish control of their digital assets.
  4. Anti-Money Laundering: Compliance with anti-money laundering regulations and KYC best practices may be challenging depending on the type of wallet chosen. These issues become especially sensitive when clients move hardware wallets across borders with different AML regulations depending on the jurisdiction.

Choose the right custodian model

There are three types of custody services to select: hot wallet, warm wallet, or cold wallet.

Here is a brief overview of each type below:

 

 

 

 

 

 

 

 

After selecting the wallet type, two primary technologies are generally used to secure private keys: multi-party computation and hardware security modules.

  1. Multi-party computation (MPC): This technology distributes secret keys across multiple locations, making them more challenging for hackers to discover, thereby enhancing asset security.
  2. Hardware security modules (HSM): Physical computing devices that securely store and manage secrets, such as the keys used for digital asset transactions.

Both MPC and HSM technologies are well understood in the financial sector, making them trusted options for security officers to keep sharded keys secure.

Value-added services and integration

Beyond the core custody offering, custodians may provide additional services. For instance, decentralized finance (DeFi) or tokenization services are additional services offered to ease the adoption of Web 3 primitives. The adoption of such services could be facilitated by accelerators. Nonetheless, achieving a seamless integration may require additional work. In such cases, a partner like GFT can bring unique practical expertise and knowledge to streamline these processes.

For further information, please read our recent partnership announcement with Metaco (acquired by Ripple) and how we join forces to offer professional digital asset custodian services for our clients: Read More : https://www.gft.com/vn/en/news/import/press-and-news/2023/Press-releases/gft-pr-safe-and-efficient-digital-asset-custody-boosts-competitiveness

 

References:
[1] https://coinmarketcap.com/community/articles/651a8ebebcb050750dcbcc3b/

Digital Asset Custody Deciphered, GBBC Digital Finance, International Securities Services Association, and Deloitte (2023): https://issanet.org/content/uploads/2023/10/Custody-Report_Key-takeaways_06.10.2023.pdf

Building the Markets of the future, Digital Monetary Institute (2023): https://www.omfif.org/wp-content/uploads/2023/09/DMI_2023_-Digital-Assets_noprice.pdf
Digital Assets – Worldwide, Statista: https://www.statista.com/outlook/fmo/digital-assets/worldwide
State of digital asset custody – Understanding and implementing digital asset custody for institutional investors, PwC Hong Kong (2023): https://www.pwchk.com/en/services/audit-and-assurance/risk-assurance/crypto-services/digital-asset-custody-report-jul2023.html
The Path Forward For Digital Assets and Crypto in 2023, Oliver Wyman forum: https://www.oliverwymanforum.com/content/dam/oliver-wyman/ow-forum/future-of-money/The-Path-Forward-For-Digital-Assets-And-Crypto-In-2023.pdf
Ask CryptoVantage: How much bitcoin has been lost forever, CryptoVantage (2023): https://www.cryptovantage.com/news/ask-cryptovantage-how-much-bitcoin-has-been-lost-forever/#:~:text=Lost%20Private%20Keys&text=However%2C%20over%20the%20years%20many,lost%20forever%20in%20this%20manner.

Hybrid and multicloud

Learn how cloud and multicloud drive transformation!

Download now