General Trusteeship Research: Security Guardian of the Billion Pass

Source: Tongxuntong Research Institute × FENBUSHI DIGITAL

Text: Song Shuangjie, CFA; Cheng Dongfeng

Special Adviser: Shen Bo; Rin
Guide      

At present, the encryption industry is at an early stage, the exchanges are stolen, the private key of the certificate assets is lost, and the project side runs, and so on. The traditional big money can only be seen at the door of the encrypted world. The pass-through management business cuts into this pain point and will lead trillions of funds into the encryption world.

Summary      

The encryption industry is currently making great strides forward. A large number of traditional hedge funds, family trust funds, and wealth funds have begun to deploy Certified assets. The demand for custody custody services is increasing day by day, but they are vulnerable to the loss of custody assets and hacking and stealing. Project parties, fund parties may run and other issues.

In order to solve the above pain points and seize the market for custody, the large institutions in the United States, South Korea, Japan, the United Kingdom, Australia and other countries have entered the market, including many well-known companies such as Goldman Sachs Group and Fidelity Group.

Clients' demands for custody of asset custody include security, compliance, asset appreciation, and asset liquidity. Security is the core appeal of customers, mainly to prevent accidents such as loss or theft of the certificate. The certificate asset custody business often requires a more reasonable multi-signature mechanism, reliable hardware and software design and risk control design. Just in case, the hosting platform usually buys insurance.

The development of the encryption industry is not yet mature, and the regulatory system is not perfect. Large-scale traditional funds face risks such as fraud, running, and policy uncertainty. Therefore, compliance is also one of the important demands of the trusteeship industry. The technical service capability and risk management level are the main indicators for the regulatory agencies to examine the compliance of the encrypted custody business. According to Bitwise's report, in recent years, the encryption hosting business has developed rapidly, and the number of hosting platforms that have obtained regulatory licenses is increasing.

Currently, the mainstream hosting solutions on the market include Coinbase, Cobo, BitGo, Bakkt, Keystore and other organizations. Every organization attaches great importance to security issues and adopts a series of measures to ensure asset security. In addition to Keystore's efforts to strive for compliance, the rest have obtained compliance licenses. In addition, the custodian will further attach importance to providing asset value-added and liquidity.

Risk warning: hacker attack, management mechanism is not perfect, compliance process is not as expected

table of Contents

1 The market has strong demand for custody asset custody

1.1 Traditional financial asset custody

1.2 Passage asset custody

1.3 Large institutions have entered the market

2 Security and compliance are the key demands of Custody asset custody

2.1 Security

2.2 Compliance

2.3 Other appeals

3 Passive asset storage and storage methods

3.1 Hot Storage (Hot Storage)

3.2 Cold Storage

4 Analysis of typical general trusteeship scheme

4.1 Coinbase

4.2 Cobo

4.3 BitGo

4.4 Bakkt

4.5 Keystore

4.6 Summary

text

 

1The market has strong demand for custody asset custody

 

1.1 Traditional financial asset custody

The custody refers to the act of the trustee accepting the entrustment of the principal and carrying out the management and management of the custody object in accordance with the pre-specified contract. At present, the custody business of CSI assets is still in its early stage, and it has not yet formed a standardized function like traditional finance, which needs further development.

1.2 Passage asset custody

The encryption industry is currently making great strides forward. A large number of traditional hedge funds, family trust funds, wealth funds, etc. have begun to deploy Certified assets, and the demand for custody custody services is also increasing, mainly for the following reasons:

(1) The certificate assets are easily lost

Due to the decentralized nature of the blockchain and the encryption method, once the private key is lost, the corresponding certificate assets are completely lost. Depositing the pass on a non-centralized wallet, while guaranteeing absolute control over the private property, also means losing the secret in the event of an accident (such as accidental deletion of the wallet, forgetting the mnemonic, hardware and software damage, etc.) Key, no longer able to retrieve the certificate assets. According to a study by ChainAlysis in November 2017, approximately 2.78 million to 3.79 million BTCs have disappeared forever, corresponding to 17% to 23% of the total BTC liquidity at the time.

On December 9, 2018, Gerald Cotten, founder of QuadrigaCX Exchange, died on the road. He is said to be the only person who controls the private key of the exchange's cold wallet, resulting in the company's $140 million in user assets being unrecoverable.

(2) The certificate assets are vulnerable to hacking and stealing

Reports of the hacker’s assets being stolen by hackers are not uncommon. Mt.Gox, once the largest encryption and trading platform, was stolen 850,000 BTCs in June 2011 and February 2014, and declared bankruptcy. In June 2018, South Korea's two exchanges, Coinrail and Bithumb, were stolen from the equivalent of $40 million and $30 million in encryption certificates. On May 8, 2019, Binance, a well-known trading platform, was hacked and stolen by 7074 BTCs…

On November 7, 2017, the Parity Wallet MultiSig (multi-signature) contract had a bug that caused about 500,000 ETH losses, including the development fund of 300,000 ETH raised by the PC3 Foundation of Polkadot through Crowdsale.

The following picture summarizes the events of the essay exchange and the loss of the hacker's hacking certificate. The horizontal axis shows the price of the BTC during the hacker attack, and the vertical axis indicates the loss caused by the hacker attack. ).

(3) Multi-party trust problem

The start-up projects of the blockchain will generally be funded through the BTC, ETH or BNB platform. Due to the lack of supervision, the project party may have the possibility of misappropriating funds or even running the road. The same is true for the quantitative team and the fund side. Hosting can provide third-party asset regulation and increase transparency.

On June 29, 2019, PlusToken, known as the “first fund disk”, officially ran the road. According to public information, the amount involved was either 20 billion yuan. PlusToken claims to be the world's first blockchain ecosystem, an ecosystem that integrates cross-chain wallets, decentralized trading platforms, global payments, smart arbitrage, computing mining, and blockchain industry chains. PlusToken claims that the main source of profit is the smart dog “moving bricks”, which allows investors to make high returns and quickly absorb gold through “pull the head”.

With the increasing attention to the assets of the certificate, in order to prevent the security problems such as the loss and theft of the certificate, and the multi-party trust problem, the market has a strong demand for the certificate-based custody business.

1.3 large institutions have entered

The first regulated escrow entity was born . In September 2018, BitGo announced that its launch of the encryption pass hosting service BitGo Trust was approved by the South Dakota Banking Department. BitGo thus became the first supervised escrow entity designed and created specifically for certifying assets, and will primarily provide crypto asset hosting services to institutional clients.

According to reports, traditional Wall Street asset custodians such as Goldman Sachs Group, JPMorgan Chase Bank, New York State Mellon Bank, and North Bank are currently considering the implementation of encryption and custody custody services. Bank of America, the second-largest bank in the US, has also filed a patent application called the Blockchain Encryption Tracker to the US Patent and Trademark Office (USPO) to provide a secure version of the encryption pass. The means of storage.

According to an analysis of the Intercontinental Exchange's (ICE) second quarter financial report, BTC Futures Exchange Bakkt may acquire Digital Asset Escrow Company (DACC) for $11 million.

Fidelity Group, the US financial services giant, announced on March 8, 2019 that its Fidelity Digital Assets has been operational but is currently only available to select customers.

The giants of other countries also saw the cake of the custody business.

In November 2017, Shinhan Bank, Korea's largest financial institution, announced the launch of a certificate-based custody business, mainly for institutional investors.

In May 2018, Nomura, Japan, and the digital clearing company Ledger and Global Advisors jointly established a escrow escrow consortium called Komainu.

In July 2018, Australian consultancy Decentralised Capital announced a partnership with Gully Private Vaults, Gustodian Vaults, to launch a crypto-licensed hosting service.

In August 2018, the hosting platform Kingdom Trust announced that British insurance giant Lloyd's of London would provide insurance for the company's custody assets.

2 Security and compliance are the key demands of Custody asset custody

 

2.1 Security

Security is the core appeal of customers to the Custody asset custody business , mainly to prevent accidents such as loss or theft of the CSI. The certificate asset custody business often needs to design a reasonable multi-signature mechanism, reliable hardware and software design and wind control design.

E.g:

Security verification – login password, Google secondary verification, KYC certification;

Cold and hot separation – separation of hot and cold wallets, dynamic distribution of assets;

HSM (Hardware Security Module) – provides bank-level security protection, which can implement functions such as tampering with certificates, tampering and destroying. The former will leave traces of tampering behavior, while the latter will cause tampering behavior to trigger keys and other information. Destruction mechanism.

In addition, just in case, the hosting platform usually buys insurance. BiGo, Coinbase Custody, Fidelity, Gemini, and Kingdom Trust have all purchased insurance, and underwriting companies include well-known insurance companies such as Lloyd's of London, AIG, Allianz, Chubb and XL Group.

2.2 Compliance

The development of the encryption industry is not yet mature, and the regulatory system is not perfect. Large-scale traditional funds face risks such as fraud, running, and policy uncertainty, but can only be smashed at the door of the encryption world .

In view of the above risks, compliance is one of the important demands of customers for the custody business . Technical service capabilities and risk management levels are the main indicators of regulatory agency inspections.

BitGo is the first blockchain security platform in the US to receive a license for Certified Assets. In order to seize the market of the custody business, BitGo acquired the Trust Trust, a trust company with $12 billion in custody assets, in January 2018.

According to Bitwise's report, in recent years, the encryption hosting business has developed rapidly, and more and more hosting platforms have obtained regulatory licenses.

2.3 Other appeals

In addition to the two core requirements of security and compliance, convenience, liquidity, custodian fees, and asset value-added are also indicators for customers to measure asset custodians .

The hoster has different settings for hot and cold wallets, transfer thresholds, and multiple signature settings, resulting in differences in security and convenience between different hosting plans. Future hosting services even include functions such as mortgage dividends, proxy voting, pass-throughs, and tax filings. For example, Coinbase announced the investment in Staked.us in early February 2019, and announced on March 29 that its hosting system supports customers to deposit Tezos in a cold wallet while making mortgage dividends.

3 pass certificate asset storage method

3.1 Hot Storage (Hot Storage)

Hot storage is a way of storing encrypted certificates in an online wallet to facilitate frequent access by nodes. The heat storage of the certificate assets is more liquid, but also because the direct connection to the network is easy to cause the private key to be stolen.

3.2 Cold Storage

Cold storage is to store the private key of the certificate asset offline, such as using a hardware wallet or other storage medium to store and disconnect the network, or print the QR code of the private key and store it in the safe.

Cold storage is not exposed to the Internet and is not hacked, but the risk is transferred to a human-dependent management process. Once the hardware wallet is lost, the pass is difficult to retrieve. In addition, cold storage is less accessible and fluid.

4 analysis of typical general trusteeship scheme

 

4.1 Coinbase

Coinbase launched Coinbase Custody, an encryption and custody hosting solution for institutional clients, in early July 2018. Founded in 2012, Coinbase is currently the world's largest cryptographic compliant compliance exchange, storing over $20 billion in certifying assets. In terms of security, Coinbase Custody offers a new cold storage solution that has undergone rigorous penetration testing and password design review and plans to do regular third-party checks to ensure the platform's continued security.

In terms of compliance, Coinbase Custody is operated by the independent capital entity Coinbase Trust Company, LLC, and is regulated by the New York Financial Services Department (NYDFS) and regularly receives large financial and security audits in the manner of traditional financial custodians.

In terms of liquidity, during business hours, Coinbase Custody responds to requests for clearance from the cold wallet within 2 hours, and responds within 24 hours during non-business hours, in conjunction with the one-stop trading service provided by the compliance platform Coinbase Pro. A higher fluidity can be obtained.

In terms of value added, Coinbase Custody plans to add value-added services to the hosting system, including Staking (Pledge Dividend), which may benefit, and voting governance of the DPoS consensus mechanism.

Depending on the business needs, Coinbase Custody will charge an implementation fee of $0 to $10,000, and the escrow fee is 50 basis points per year, or 0.5%.

The types of certificates that Coinbase Custody can currently store are BTC, ETH, XRP, LTC, BCH, EOS, XLM, XTZ, LINK, ETC, ZEC, MKR, BAT, OMG, ZRX, ZIL, DAI, GNT, MANA, KNC, There are 28 kinds of NMR, LOOM, CVC, FOAM, KIN, XYO, ORBS and BCAP, and the follow-up is expected to be further expanded.

4.2 Cobo

Cobo was founded in November 2017 by F2Pool founder Shen Yu (Mao Shixing) and former Facebook senior scientist Jiang Changhao, and is committed to creating a one-stop license asset storage and management platform. The Cobo product line includes the Staking's Passport Asset Wallet – Cobo Wallet, Institutional Wallet Development and Passport Asset Hosting Solution – Cobo Hosting, the world's first military-grade security hardware digital wallet – Cobo Treasury.

Cobo Custody offers three services: WaaS (Wallet as a Service), StaaS (Staking as a Service), and large asset custody.

Cobo WaaS: Supports more than 40 public-chain digital asset hosting and supports its wallet development, providing Amazon cloud services in the field of Certified Assets;

Cobo StaaS: Using the consensus mechanism of the blockchain equity proof class, it also provides Staking value-added income for the client to administer the certificate assets;

Large-value asset custody: Cobo Custody manages or manages its assets with customers through a multi-signature scheme combined with hot and cold separation.

In terms of compliance, Cobo has obtained a Hong Kong Trust Licence.

Cobo Custody is currently the largest hosting provider in Asia, serving nearly 120 clients, including almost all of China's well-known exchanges, mining pools, Tokenfund, and quantitative teams.

4.3 BitGo

Founded in 2013, BitGo is a California-based Certified Asset Trust that focuses on secure, compliant and liquid hosting solutions.

In terms of safety, the hot and cold wallets are separated, and the cold storage reaches the safety level of the bank-level vault. Critical issues such as private key storage, disaster recovery, redundant backups, and cold wallet exports have been rigorously tested. In response to the risk that managed assets could be stolen, BitGo insured $100 million in insurance.

In terms of compliance, BitGo announced that its BitGo Trust, a crypto-licensed hosting service, has responded to audit requirements by fully recording user activity and trading behavior and is currently approved by the South Dakota regulatory agency.

In terms of liquidity, BitGo has a dedicated manager to clear and settle assets, providing liquidity through multiple channels while ensuring security as much as possible.

4.4 Bakkt

Bakkt is the BTC futures exchange launched by Intercontinental Exchange ICE and has acquired Digital Asset Custody Company, a digital asset custodian company, to jointly develop a secure digital asset storage solution. At the same time, Bakkt worked with Bank of New York BNY Mellon to create a “geographically distributed” private key storage system (ie, splitting the private key and storing it in different geographic locations).

In order to meet the regulatory requirements and obtain the status of a qualified custodian, in January 2019, Bakkt launched the Bakkt Warehouse, and in April, applied for a escrow license to the New York State Department of Financial Services (NYSDFS). It has been approved.

On November 11, 2019, Bakkt stated that with the approval of NYSDFS, its hosting services can be directed to any institution and not limited to its BTC futures customers.

4.5 Keystore

Founded in 2018, Keystore has operations centers in Shanghai and Hong Kong. Its founding team has many years of experience in asset management at home and abroad, and is committed to solving the technical thresholds, security risks and process specifications that enterprise customers face in managing digital assets. Security auditing is one of Keystore's main businesses, such as auditing standards.

Keystore's managed products are divided into two modes: full-licensing and self-hosting. Security is ensured through multiple signatures, multiple accounts, and bank-level risk control. In terms of privacy, Keystore uses the customer's digital certificate to encrypt the financial data end-to-end. The financial data is only visible to the customer and maintains the neutrality of the service. In terms of compliance, Keystore is currently actively applying for local compliance licenses in the Asia Pacific region. In the future, Keystore will focus on building a global one-stop service platform for blockchain certification assets, providing more diversified on the basis of secure hosting. Financial and derivative services.

4.6 Summary

Currently, the mainstream hosting solutions on the market include Coinbase, Cobo, BitGo, Bakkt, Keystore and other organizations. Every organization attaches great importance to security issues and adopts a series of measures to ensure asset security. In addition to Keystore's efforts to strive for compliance, the rest have obtained compliance licenses. In addition, the custodian will further attach importance to providing asset value-added and liquidity.

At present, the CB asset custody business is still in its early stage. As the market value of the entire encryption market is relatively small, the custody business has not yet started on a large scale. However, through the layout of the custody business by the major giants, it can be seen that the prospect of custody is broad, and it will “pave the way” for the trillion-dollar funds entering the encryption market. Since the encryption pass is actually programmable, future Custody hosting is expected to provide a more diverse service than traditional financial asset custody.