Picking a crypto safekeeping platform can be an arduous task. In this post, we’ll look over the best technologies currently available for digital asset custody.
The structure of traditional trust and custody can solve some of the major issues facing the digital assets space, which is why they’re rapidly being implemented around the world. However, digital asset custody requires a technological solution to several basic problems.
Digital assets are inherently secure, in that they are based on blockchains that use modular, unhackable cryptography. Even if a bad actor were able to hack a Bitcoin address, for instance, they would have access only to that address, rather than general access to the network as is the case with traditional computer networks.
However, the encryption keys used to access accounts must be securely stored, transmitted and monitored. They themselves are not stored on blockchains and must be stored in some other way.
Digital assets cannot be physically custodied, because they do not physically exist. Imagine a million dollars in gold bullion: a custodian arranges for secure storage of the bullion in a vault and keeps the key. If the key is stolen, the gold can be stolen too; but at current prices, it weighs over 17 kilograms. Stealing it involves much more than acquiring the key to the vault.
Digital assets exist on their respective blockchains, and nowhere else. Access to them is via private key; to have the key is to have the assets. Additionally, the key is digitally transmitted to access the account address, creating opportunities for theft.
In the past, secure storage of digital assets accounts’ private keys has involved storing them on pieces of paper in physical safes, or using a variety of wallet tools. However these are unsatisfactory for individual retail investors and extremely so for institutional and professional investors.
In addition to the security issues, there is the question of safe access. In a managed portfolio, multiple individuals with differing levels of responsibility and control might need access to the same account key. This cannot be facilitated using the ad-hoc arrangements of hot and cold wallets invented by retail investors and adopted by exchanges. Instead, a technological solution that supplies both permissioned access and secure storage is required.
Coinbase is a digital assets trading platform that also offers custody services. Coinbase has a solid security reputation as an exchange and even claims to have halted over $280,000 in illegitimate transactions during the recent Bitcoin Twitter hack.
Coinbase is an “on-ramp” to the world of digital assets, offering fiat-to-Bitcoin and other trades that let users buy their way into the digital asset economy.
For retail investors, Coinbase offers the usual wallet-based custody arrangements. But for larger investors, it also offers the same custodial solutions it uses for its own funds.
Custody is provided by Coinbase Custody, a legally separate entity to the core Coinbase exchange and a qualified custodian that also custodies the assets of the Coinbase exchange. It’s a fiduciary under New York state law, and offers fully segregated and compliant digital asset custody.
The custody offering is deliberately tailored to institutional investors, and focusing on the assets of most interest to investors.
But what technology is Coinbase Custody using to custody its clients’ assets?
“Segregated cold storage”, boasts Coinbase, going on to claim it uses “dedicated on-chain addresses secured by Coinbase’s battle-tested cold storage”.
In its FAQs, Coinbase says it has created a “proprietary, best-in-class key generation protocol to generate cold storage addresses for custody wallets”.
In other words, Coinbase has built a regulated custodian service that’s held to the same standards as a traditional custodian, which is laudable and represents a step forward for the space. But users should be aware that the technological solution being deployed for storage is essentially just cold wallets, part of a toolkit that has already proven itself inadequate to the demands of digital asset custody.
Fidelity is coming at things from the opposite direction to Coinbase. Where Coinbase is a native of the digital assets space, expanding into custody, Fidelity Investment is one of the biggest players in the traditional financial industry. Fidelity Digital Assets is its Europe-based digital assets-focused arm.
Fidelity bills itself as an “enterprise-grade custody and execution services for institutional investors”. Like Coinbase, Fidelity is deliberately targeting the emerging institutional digital assets investment space, structuring its offering to appeal to the needs of that community and focusing on the assets of most interest to the institutional investor.
Fidelity is already a major player in the space, with more than $7 trillion in client assets under management and over 1.3 million trades handled each day.
And Fidelity comes to the space with a vast amount of custodial and fiduciary experience, delivering the technical expertise required to custody assets. But what about the technological equipment to facilitate digital assets custody and management?
Fidelity uses vaulted cold storage, with an additional layer of systemic protection from its own custodial protocols. What this means in technological terms is that private keys for addresses under their custody are kept locked away in vaults, sometimes on paper.
Fidelity’s offering is superior to the majority of digital asset custody options. Built on top of the basic storage method is a system including “multi-level physical, operational and cyber controls including security protocols that have been created leveraging Fidelity’s time-tested security principles and best practices combined with internal and external digital asset experts”.
This represents a significant advance over traditional cold storage, which is an expedient developed to cope with the vulnerability of off-chain, online private key storage. But the basic storage method is still the same, and limits how agile and responsive Fidelity can be in managing their clients’ digital assets.
Ledger Vault approaches things from another angle again. If Fidelity represents the financial mainstream reaching out to digital assets, and Coinbase represents the digital asset exchange’s growth out into custody, Ledger Vault built its offering on the success of a retail-level hardware wallet — essentially a protected flash drive.
The Ledger Nano provided retail digital asset investors with an affordable alternative to the then-ubiquitous hot/cold wallet storage. As interest in a suitable institutional solution to digital assets increased, Ledger turned its attention to a more powerful and versatile tool that would provide a technological underpinning for the types of activities that institutional digital assets investment would require.
The Ledger Vault, resulting from this process, is not a bundled custody offering. Unlike both Fidelity and Coinbase, Ledger offers the Vault primarily not to clients but to custodians; it’s a tool, rather than a service.
Ledger Vault is both a hardware and a firmware solution, containing the code to enforce transaction rules and platform administration protocols; users can organize multi-party signing of transactions nonlocally, for instance, a key requirement for multi-stakeholder accounts in a fast-moving market.
Businesses that employ the Ledger Vault as a technological solution for custody include First Digital Trust, Legacy Trust Company, CoinShares, and Crypto.com.
While the Ledger Vault does provide a technological structure to support professional and effective digital asset custody, the company doesn’t offer custody services itself.
Anchorage explicitly recognizes the shortcomings of cold storage, drawing attention to it in their website copy and promising a solution that delivers asset productivity as well as security.
Founded in 2017 by two ex-Square employees who brought institutional and infrastructure experience from Docker to the new venture, Anchorage offers a service it says is purpose-built for investors.
Anchorage’s solution involves two-factor authentication of cosigners, including biometric authentication; “hardware security modules” require acceptance of trades by both a client’s team and Anchorage’s, and Anchorage offers oversight, auditability and end-to-end insurance.
Anchorage enables access to the entire digital asset ecosystem — airdtops and staking, delegation and voting, and even trading — direct from custody.
All in all, it’s an impressive offering. It does require working with Anchorage, through their tools — trading from custody is done through Anchorage Trading, custody management requires the input and oversight of the Anchorage team. So there’s less opportunity for a completely custom custody arrangement, but for some investors that won’t be a dealbreaker.