Interpreting the Current Situation of Digital Asset Custody Opportunities and Challenges for Institutional Investors

Analysis of Digital Asset Custody Opportunities and Challenges for Institutional Investors

01. Current Status of Digital Asset Custody

The development of digital asset custody has gone through three distinct stages. It started with self-custody solutions in the custody 1.0 stage, followed by the emergence of institutional-grade solutions. In the custody 1.0 stage, self-custody was primarily done through wallets, including hardware wallets, software wallets, and paper wallets (physical prints of public and private keys). In this stage, users were responsible for managing their own digital assets by safeguarding their private keys. This method was simple and decentralized but lacked security and efficiency. It was also susceptible to hacking attacks (such as the infamous Mt.Gox incident in Tokyo in 2014, where the Bitcoin exchange was hacked, resulting in a loss of approximately 850,000 Bitcoins and eventual bankruptcy).

Since 2016, third-party custodians have started offering offline cold wallet solutions, marking the beginning of the institutional digital asset custody 2.0 stage. However, the complexity of these solutions did not meet the convenience needs of institutions. In 2017, the Chicago Mercantile Exchange introduced Bitcoin futures, leading to a significant increase in institutional investment demand for digital assets, as well as the rise of regulated digital asset custodians. To meet these demands, custodians adopted technologies such as Hardware Security Modules (HSM), Multi-Party Computation (MPC), and Multi-Signature to provide compliant and secure custody solutions. Additionally, they offered institutional asset control models such as insurance, compliance tools, and customized trading strategies. The diversification of custody options and the introduction of multi-party security and operational layers were important features of the custody 2.0 stage.

In the custody 3.0 stage, digital asset custodians help institutions participate more deeply in the growing Web 3 ecosystem. With the rise of “DeFi Summer” in 2020, followed by the emergence of metaverses and the gaming industry in 2021, institutions have increased their demand for more flexible asset custody methods. The mission of institutional-grade custodians is to provide comprehensive services. Additionally, the demand from high-net-worth individuals and family offices has also increased. They require not only the security of digital asset custody but also appropriate governance levels and the flexibility of asset transfers (allowing assets to be transferred between multiple wallets, such as cold wallets, hot wallets, and spot trading accounts). These are key features of the custody 3.0 stage.

• The Battle for the Throne between Bitcoin and Ethereum What are the determining factors for victory?
• Good news for Bitcoin? Understanding the upcoming Nakamoto version of Stacks with one article
• The US instant payment system FedNow is here! But it is not a rival to cryptocurrencies.

Digital Asset Custody Landscape and Differences from Traditional Custody Solutions

As of April 2023, there are over 120 digital asset custody service providers, mainly divided into self-custody solutions and third-party service providers.

Third-party service providers include digital asset custodians and exchange custodied wallets. They hold users’ private keys, but wallets custodied by exchanges are more vulnerable to hacking attacks. In contrast, digital asset custodians provide comprehensive services to institutions, including trading digital assets, and charge a certain service fee. Self-custody solutions require users to protect their assets themselves, usually through passwords and mnemonic phrases. However, if these are lost, users may not be able to recover their digital assets. These characteristics demonstrate the significant differences between digital asset custody and traditional custody solutions.

Unlike traditional financial custodians who use centralized clearing and settlement systems to custody stocks, bonds, commodities, etc., most institutions choose third-party digital asset custody services. The custodians are responsible for managing clients’ private key information, thus controlling and accessing their assets. Institutions also tend to choose licensed or regulated custodians to protect their assets.

02. Development of Institutional Investors

As more and more investors enter the market, especially institutional investors such as family offices and high-net-worth individuals, the form of digital asset custody needs to change to adapt to market changes.

Trend 1 | Ethereum merge sparks institutional investors’ interest in staking

The Shanghai upgrade of Ethereum and the shift from proof of work to proof of stake have sparked institutional investors’ interest in staking Ethereum. Since the Ethereum merge in 2022, the total number of ETH deposited in its network has reached 22.9 million. Institutions usually choose decentralized staking pools, cryptocurrency exchanges, and centralized third-party providers such as digital asset custodians for staking. However, as the types of DeFi products increase, managing private keys for different blockchain protocols becomes a challenge, especially for family offices and asset management institutions with limited time and resources. This includes selecting validators, understanding the risks associated with decentralized staking, and awareness of risks such as smart contract security.

Trend 2 | Family offices favor digital asset staking services provided by technology service providers

With the growing interest in digital asset staking, family offices and external asset managers are more inclined to choose technology service providers that offer secure, user-friendly, and diversified services. These providers not only offer digital asset staking but also provide one-stop services including compliance, trading, fiat currency exchange, and tokenization. Compared to self-custody solutions, technology platforms provide more security measures and user-friendly interfaces for implementing staking and yield strategies for decentralized finance protocols. In addition, built-in approval limits and multiple authorizations provide additional security protection for decentralized finance protocols.

Trend 3 | Institutions focus on the NFT and metaverse space

Institutional investors are closely following the NFT and metaverse space, seeking new business utility and investment opportunities. Well-known brands such as Starbucks and Nike have already used NFTs to enhance customer engagement and develop new revenue streams. However, for newly-entered institutions, self-custody solutions for NFTs may pose challenges. The Chief Operating Officer of a family office in Hong Kong pointed out that self-custody solutions have certain issues in managing private keys. NFT custody solutions provided by third-party service providers allow institutional clients to hold NFTs without managing private keys themselves. They also allow institutions to access multiple decentralized markets to buy and sell NFTs directly, earning recognition from the industry. Furthermore, institutions are also seeking opportunities to invest in NFT collectibles and virtual land in the metaverse. It is estimated that by 2030, the market value of the metaverse will exceed trillions of dollars, and 82% of executives plan to incorporate the metaverse into their business within three years.

03. Key Challenges of Digital Asset Custody

【1】 Security

In the past few years, hackers’ attacks on cryptocurrency exchanges have caused huge losses, leading to a further demand for digital asset custody. Meanwhile, although exchange wallets are convenient, their security relies on the reputation and infrastructure of the exchanges. For example, the closure of FTX exchange in 2022 without proper governance and risk management could result in a significant devaluation of customer assets. Therefore, institutions are increasingly inclined to use self-custody solutions or reputable digital asset custody institutions rather than holding assets solely with exchanges. A family office in Hong Kong revealed that they are considering transitioning from cold wallets to digital asset custody services to manage their expanding digital investment portfolio more easily. In addition, digital asset custody services achieve a balance between security and availability through technologies like multi-party computation (MPC), which involves the splitting and dispersing of private keys, so even if some private keys are leaked, a complete failure can be avoided.

Image: Losses from Digital Asset Hacks (2022) | Source: Decrypt

【2】 Decentralized Regulation

A report shows that the current major concerns of family offices are the security, operational framework, and availability of digital asset custody. After communication with multiple custody service providers, it was found that these are the current obstacles that are difficult to overcome. Additionally, in terms of regulation, although the global legal environment has become more accommodating to digital assets recently, the regulation of digital asset custody is more decentralized and requires clearer guidelines. Many family offices and investment funds operate globally, so choosing digital asset custody services within different jurisdictions with different regulatory policies also poses certain difficulties.

【3】 Comprehensive Insurance Policies

Comprehensive insurance policies are crucial for clients choosing digital asset custody services as they provide a safety net for unexpected events and help build trust in the security of assets. Although professionals in the field of private wealth have limited experience in managing digital assets, comprehensive insurance policies can protect them from human errors and negligence.

The report also points out that custody service providers and technology service providers offer a wide range of insurance policies. The following criteria can be considered when evaluating:

• What is the cumulative limit of the custodian’s policy?

• Are client wallets segregated?

• Which insurance company underwrites the policy?

• Does the insurance policy cover external digital asset theft?

• Does the insurance cover internal theft? Executive internal theft?

• Does the insurance cover private key loss/damage caused by natural disasters?

• Does the insurance cover losses caused by software vulnerabilities?

• Does the insurance cover cold wallets, hot wallets, both, or neither?

• Which legal entities are covered by the insurance policy? Do they match the legal entities that clients sign service agreements with?

• Does the custodian or exchange allow you to purchase additional insurance?

04. Choose a Custody Model

With the rapid development of the ecosystem and the widespread adoption of cryptocurrencies, custody, as the foundation of the digital asset ecosystem, has become a challenge that needs to be addressed. Unlike traditional finance, blockchain does not have a clearing mechanism and a security control system. Its transactions are irreversible, and investors need to track their own transactions and take responsibility for them. Therefore, we recommend developing strategies and models to address the challenges faced by digital asset custody and seek a balance between operational efficiency and security.

The greatest risks faced by users and private keys include confidentiality (the risk of unauthorized access to private keys and backups), availability (the risk of private keys and backups becoming unavailable), and integrity (the risk of private keys or backups being altered and unreadable). To address this threat, security control measures can be taken, such as:

• Private key management throughout the entire period

• Appropriate technical infrastructure

• Separation of duties

• Limiting the number of accounts with access to keys

• Transaction initiation/review processes

• Asset segregation

• Identity and intent verification

• Establishment of strict transaction processing rules

Should institutions seek internal or external cryptographic custody solutions?

Building an internal custody solution requires certain knowledge, experience, and team resources. If a third-party solution is used, custody can be entrusted to a qualified third-party service provider. However, even in this case, users still need to bear the ultimate responsibility and related responsibilities, such as risks related to the provider, asset security measures, and the selection and management of internal control systems for digital assets.

Determine Custody Models and Vendor Strategies

Before selecting a specific custody service provider, institutions should formally determine their target custody models and vendor strategies. As mentioned above, an outsourcing custody model is the best choice for institutional investors. However, even after choosing an outsourcing model, the vendor strategy still needs to be considered. Institutions should assess which functions and operational methods need to be retained, and compare them with the third parties they want to outsource to.

Factors to Consider When Looking for a Custodian:

When choosing a digital asset custodian, institutions should consider the following key factors:

• Reputation: Evaluate the custodian’s market position and reputation based on its history and background

• Custody and trade execution: Understand the custodian’s operating model, whether it provides additional security measures and transaction speed. For large exchanges that provide trading and custody services, it is necessary to ensure the secure storage of digital assets and the ability to quickly access these assets when needed

• Compliance: Look for custodians with built-in compliance operations to reduce reputation risk. Check whether the custodian has been or is currently subject to regulatory investigations, and whether the custodian has obtained relevant regulatory certifications or licenses

• IT and network security: Understand the custodian’s network security measures, including the security of hot wallets or cold wallets, as well as system compatibility and security features such as multi-signature

• Service suitability: Evaluate whether the custodian’s business model meets your own needs, including the types of digital assets supported, preference for cold wallets or hot wallets, and business continuity

• Commercial terms: Understand the custodian’s fee structure, including storage, deposit, and withdrawal fees, as well as the rights and obligations in the commercial terms, especially the legal rights in disputes and unpaid events

• Ownership and legality: Understand the custodian’s legal structure and jurisdiction, and how these factors affect the management of digital assets

• Financial stability: Evaluate the custodian’s financial strength and the feasibility of its business model, especially in terms of asset access when the custodian ceases operations. A custodian with a strong financial position, sufficient funds, and a viable business model can minimize obstacles in providing services

Summary

The digital asset industry is currently in a phase of rapid development and innovation, with Hong Kong being particularly prominent. Within the digital asset ecosystem, custodial services play a crucial role. As a result of bank failures and market volatility, more institutions are choosing to explore the digital asset space, and institutional-grade custodial solutions have become a strong market demand, aiming to help investors seize vast investment opportunities in a secure and controlled manner.

When designing operational models, institutional investors should have a holistic view and choose third-party providers for digital asset custody. Implementing appropriate digital asset custodial solutions is essential in order to capture market investment opportunities and prevent significant asset losses.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!