Technology & Data

Digital Assets Custody Technology

Custody for the digital assets space relies on progress and integration in two key areas: structure and technology.

Gunnar Jaerv   Gunnar Jaerv · Published on 15 May 2020

Without professional structures and regulatory oversight, the best technology in the world cannot achieve the probity and transparency required by larger investors. And without the appropriate technology, structural improvements will be forever locked out of this new space. You’d expect the two to advance together, and that is what has happened, but in this post, we’ll be focussing on technologies used to custody digital assets. In general, we’ll be proceeding from the simplest and least effective to the most effective and sophisticated technological solutions available, and thus typically in chronological order. If you’d like to skip ahead to the best of modern technological solutions, click here:

The technological solution to digital asset custody

Since all of these solutions are still widely used at the time of writing, this isn’t a history lesson, though; it’s an overview and analysis of a still rapidly-evolving space.

We’ll start with the oldest and simplest forms of custody.

Exchange custody

Most investors in digital assets manage their own investment themselves. They make their own investment decisions, directly make their own digital assets purchases and trades via exchanges, and thus often simply leave their digital assets in their exchange accounts.

This has obvious benefits — if you’re planning to return to the exchange later and make more trades, having your coins easily available on the exchange is entirely sensible.

However, while two or more people can have the access information for a single exchange account, it’s not conducive to working in partnership with others in a situation where individuals have assigned roles with different responsibilities.

Additionally, it presents serious security problems. As exchanges have grown in volume and digital assets have grown in value, so the amount of effort focussed on stealing from digital asset exchanges has risen sharply every year.

Centralized and decentralized exchanges

There are two types of exchange, centralized and decentralized. Whether exchange custody is self-custody or third-party custody depends on which type of exchange is used.

A decentralized exchange is based on the blockchain. Its web portal is just an entry point, and all the actual computation that goes into facilitating transactions takes place on the blockchain. Leave your digital assets on this exchange and you’re self-custodying them.

A centralized exchange is simply a website that has an account on a blockchain or multiple blockchains. When you use the website, you access those blockchains to buy and sell digital assets through the accounts owned by the website. When you leave your digital assets on this exchange, they’re being custodied by the entity that owns the website.

Decentralized exchanges are much more secure than centralized ones but suffer from low liquidity and are significantly slower. Centralized exchanges offer more coins, have higher liquidity and work much faster, but even the best web security is a poor defence against attack motivated by the chance to steal millions in untraceable digital assets.

Storing digital assets on an exchange is risky — too risky for the majority of retail investors, let alone commercial and institutional investors.

Self-custody of digital assets

The digital assets equivalent of a sock full of money under the mattress, and often similarly motivated; mistrust of financial institutions per se and a desire to ‘keep my money where I can see it’ played a part. Self-custody of assets has a long history, and in digital assets custody has been the norm throughout the lifetime of the space. Only now are things beginning to change.

Self-custody technology relies significantly on wallets. A wallet, in the context of digital assets, is simply a repository for the code that underpins the digital assets. Wallets fall into several categories, including paper wallets, hot and cold wallets, hardware and software wallets, and more. These are all simply ways of storing that code of the digital assets.

Wallets have several advantages. They’re simple and easy to use, and they don’t require learning major new skills, investing significant money in new equipment, or entering into a new business relationship.

Evaluating wallets as custody technology

Whether self-custodying or using a custodian, wallets remain the dominant means of custodying digital assets. A wallet is a tool for storing the private keys that grant access to a blockchain account and thus to the digital assets associated with it.

Beyond that, a variety of wallet technology is available. The standard divisions are between hardware and software wallets, and between hot wallets and cold.

Hardware wallets are physical objects — hardware — that carry wallet software. Typically they’re built into USB keys. Where you’re not using them they can be reliably disconnected by simply removing them. You can store your digital assets in a drawer. Software wallets run on computers, and can’t be reliably disconnected in the same direct, physical way.

Hot and cold wallets are divided based on whether they’re connected or not. A hot wallet is connected to the network, meaning it’s accessible — for you, but also for any attacker. Hot wallets are much more vulnerable to hacking and theft. Cold wallets are not connected to the network.

With only such rudimentary tools available, the digital asset space evolved a set of best practices for self-custody based around keeping only the digital assets you plan to trade in your hot wallet, and keeping the majority of your investment safe in a cold wallet.

This is safer and more effective than not using wallets, or using only hot wallets, but it has major drawbacks.

One of these is that it offers little facility for third party custody, which is a key part of really reliable and safe digital asset custody. Another is that it’s not ideal if you want to make rapid trades — a key component of the digital asset space. Both hot and cold wallets can also be vulnerable, both to increasingly sophisticated multi-pronged attacks from hackers, and to simple human error; consider the case of James Howells, who in 2013 accidentally threw away and irretrievably lost a cold wallet (hard drive) containing 7,500 BTC — now worth $66,272,175.

Finally, when using third party custody through unregulated parties like centralized exchange owners, you can be vulnerable to their errors and failings, as well as sometimes to their bad intent. Many exchanges don’t use cold wallets as much as they claim. And some centralized exchange owners have presided over massive losses, missing funds — and maybe worse.

Moving on from wallets

If the solution isn’t wallets or exchanges, what technology should we be using to custody our digital assets?

The solution has to be integrated with the structural solution: regulated, professional third-party custody. That means it has to provide the security of a cold wallet (it can’t be hacked to steal your private keys), the safety of secure custody (it can’t be stolen or lost), and permit authorized third parties to use it to make transactions, remotely and rapidly. Without this last capacity, no technological solution can hope to facilitate effective third-party custody. And without custody, we’re back to the hot/cold wallet system with its inbuilt failures and dangers.

Currently, Ledger’s Vault is the best contender for this new technological requirement.

(Disclosure: Legacy, our sister company, recently entered into partnership with Ledger to provide secure digital asset custody for investors including institutions and HNWIs.)

Ledger Vault offers the technology to reproduce organizational structures that are key to custody and trust on the device. Trades can be made with multiparty authentication — even if those parties aren’t physically present. Institutional-grade controls can be enforced on transactions, bringing the level of control and security up to that required by institutional investors. And end-to-end secure communication permits professional collaboration.

The solution to digital asset custody can’t be self-custody, and it can’t be insecure third-party custody based on technology intended to safeguard small investments when digital assets were a fringe interest. Institutional and HNWI investors need digital assets to meet the standards they expect from the wider financial world. That means Ledger Vault, the best option on the table right now, will soon be first among many.


This publication is general in nature and is not intended to constitute any professional advice or an offer or solicitation to buy or sell any financial or investment products. You should seek separate professional advice before taking any action in relation to the matters dealt with in this publication. Please note our full disclaimer here.