Demystifying Digital Asset Custody
An intuitive guide to understand how digital asset custody works
1. Introduction
Just 2 weeks ago, an Indian crypto exchange lost $271 million in a devastating attack, with North Korea’s state-sponsored Lazarus Group as the prime suspect. This isn't an isolated incident - over $5 billion has been stolen in crypto hacks in the last 2 years alone1. In this high stakes environment with state level threat actors, who can you trust to keep your digital assets safe?
Welcome to the critical yet often misunderstood world of digital asset custody.
What exactly is custody, and why does it matter?
At its core, custody is about keeping valuable assets safe.
We’ve built an incredibly complicated financial system that allows us to move billions of dollars at the push of a button. But it would all come crashing down if the assets at the base of the system disappeared. To avoid that, we rely on trusted parties whose role is to make sure that this doesn’t happen.
These are custodians. They’re incredibly important but few people understand how they really work, particularly in blockchain. This piece aims to change that.
We'll demystify digital asset custody by exploring:
The role of custodians in the crypto ecosystem
Distinctions between types of custody providers
How custody blends traditional security with blockchain technology
The step-by-step journey of a blockchain transaction through a custody system
Key technical concepts and their place in the custody mental model
Why should you care?
If you believe that blockchain is the future of finance, then digital asset custody providers will form the backbone of security in this new landscape, making them the future of how businesses will keep their assets safe.
After reading this, you’ll have an understanding of how they work and be better equipped to understand this new future.
2. The Custodian's Role in the Blockchain World
Lightning Quick History of Custody
Throughout history, we've entrusted our wealth to increasingly sophisticated security systems:
As our world digitized, so did our assets (mostly). Paper certificates gave way to electronic records, and gold bars to strings of data. This brought new challenges, requiring cybersecurity on top of physical security.
Today, the next frontier in custody is blockchain technology. This tech has rewritten the rules, and shifted custody to revolve around the protection of cryptographic private keys – the sole proof of ownership in the blockchain world. Lose or compromise these keys, and you lose your assets - potentially forever.
This is where digital asset custodians come in, offering a combination of cryptography, cybersecurity, and physical security all meant to ensure your private keys - and therefore your assets - stay safe.
Why Custodians Matter in Crypto
Imagine losing billions of dollars in an instant, all because you forgot a password. With digital assets, this nightmare is a real possibility.
In the blockchain world, ownership boils down to one thing: private keys. These aren't physical keys you can hold; they're long strings of characters that prove you own your crypto assets.
This is where a major difference from traditional finance becomes clear. If you forget your bank account password, you can reset it. Lose your private key? There's no 'forgot password' button. Lose your private key, and you've lost your digital assets.
Enter digital asset custodians. They handle and abstract away security and blockchain technical details, basically saying, "Let us handle the complex security stuff so you can focus on running your blockchain based business.”
More specifically, they offer secure, enterprise-grade solutions for private key management, storage, and transaction signing.
We’ll go deeper into each of these aspects. But first, let's understand the custody landscape as not all crypto custody providers are the same.
Types of Digital Asset Custodians
As the demand for secure management grew, different types of custody solutions emerged to meet different needs. You can broadly bucket them into two main categories:
True Custodians: Hold private keys on behalf of users, taking direct control of the users' assets. They're similar to traditional banks in that they have full custody of your assets and are usually regulated. However, unlike with traditional banks, even if they are a Qualified Custodian, assets aren’t protected under FDIC.
Custody Tech Providers: Provide technology that allows users to sign transactions securely without fully relinquishing control of their private keys. They offer a middle ground between self-custody and full third-party custody.
Differences between true custodians vs custody tech providers
Let’s pause on this for a second as it’s an interesting nuance that's easily missed.
In traditional finance, custody tech providers don’t exist. You have to entirely entrust custody to a third party if you are dealing with bits rather than atoms, otherwise your assets can’t operate in traditional siloed systems.
Blockchain allows us to have a shared ledger, a public record of your assets that everyone agrees on. Systems are more open, and if you are technically competent, it’s now possible to manage your own private keys and not entrust them to others.
But most people don’t want to deal with the technical complexity of full self-management, and many businesses deem it too risky. Custody tech providers rose to meet that challenge, providing software to abstract complexity and add enterprise controls, without taking full ownership over the private key.
And today there are lots of different custody providers offering these services.
So what do these custodians actually do? Let's dive deeper and create a mental model of custody to try and understand it.
3. Custody Mental Model:
Cyber Security Meets Blockchain Security
Imagine you're tasked with guarding the crown jewels, but instead of a physical crown, you're protecting an invisible asset that exists only as data. And if that data disappears, it’s almost impossible to get it back. How would you even get started keeping it safe?
Welcome to the world of digital asset custodians.
Blockchain Custody Onion Model
To understand how custodians operate, let's build a mental model.
Think of digital asset custody as a high-tech onion, with multiple layers of security wrapped around a core blockchain address.
Layer 1: The Blockchain Core At the core lies the blockchain itself. This is where your assets truly "live". Control of these assets comes down to one thing: the private keys.
Layer 2: Key Management The first protective layer surrounds the private keys. Key management and storage. Custodians use cryptographic techniques like Multi-Party Computation (MPC) or Hardware Security Modules (HSMs) to secure private keys. We dive deeper into these later in section 5.
Layer 3: Physical Security For true custodians, physical security is a crucial layer. This usually involves secure facilities, often with biometric access controls, 24/7 surveillance, and even armed guards. It's the fortress that protects the servers and hardware storing your digital assets. Custody tech providers indirectly provide physical security as their software relies on secure facilities to house their infrastructure. However there are additional obligations on the user to host their portion of the infrastructure securely, which for true custodians isn’t the case.
Layer 4: Transaction Policies This layer sets rules for transactions. It might include limits on transaction amounts, whitelisting of approved addresses, or time-locks on large transfers. It's like having a personal banker who double-checks every check you write, making sure it meets predefined criteria.
Layer 5: Access Control This layer determines who can initiate transactions and under what circumstances. Custodians will check credentials and require authentication to ensure the initiator has permission to sign the transaction. It might involve multi-signature schemes requiring multiple approvals, or sophisticated role-based access controls. Think of it as a high-tech version of the two-person rule used for launching nuclear weapons, ensuring no single person can unilaterally make critical decisions.
Layer 6: Logging and Attestation: This layer creates an unalterable record of all system activities and transactions. It allows for transparent auditing and third-party verification of assets. Think of it as a tamper-proof surveillance system for operations, ensuring accountability in the custodian's processes. While this is shown as a distinct layer, in reality the best custody providers will continuously verify and attest at each layer.
Layer 7: Audit and Compliance The outer layer involves continuous monitoring, regular audits, and adherence to regulatory requirements. This provides peace of mind to clients and satisfies the scrutiny of regulators.
There you have it. Digital asset custody really is just layers of web2 and physical security built on top of a blockchain address, with each successive layer adding more security.
Understanding this model is important because it highlights the complexity of what custodians do. They're not just storing digital assets; they're orchestrating a sophisticated dance of cybersecurity measures, cryptographic techniques, physical safeguards and regulatory compliance.
In the world of digital assets, custody is as much about managing information and processes as it is about safeguarding wealth. It's a new paradigm, where value can be moved (and lost!) as easily as information, reshaping how we think about asset security.
Now that we have that model in our mind, we can pretty easily understand the journey of a blockchain transaction through this system.
4. Step by Step Journey Through the Custody System
Let's look at what happens behind the scenes when you use a custody provider by walking through a real-world scenario: Alice wants to send $100 worth of crypto from her custody wallet to Bob's address. Here's how this transaction flows through the layers of our onion:
1. Initiating the Transaction (Layer 7: Audit and Compliance)
Alice logs into her custody account and enters Bob's address and the amount: $100.
Initial compliance checks kick in, verifying Alice's identity and checking if Bob's address is on a sanctioned list (AML checks).
2. Logging Begins (Layer 6: Logging and Attestation)
The custodian's system begins logging this action, marking the start of the audit trail.
3. Access Control (Layer 5)
The system authenticates Alice and determines who needs to approve this transaction.
For this small $100 transaction, Alice's approval is sufficient. For larger amounts, multiple approvals might be required.
Alice receives a push notification on her phone to confirm the transaction.
4. Policy Check (Layer 4: Transaction Policies)
The system checks Alice's transaction against preset policies, for example:
Is $100 within Alice's daily transaction limit?
Is Bob's address on Alice's whitelist, or does it need additional verification?
Are there any time-based restrictions on Alice's account?
If all checks pass, the transaction moves to the next layer.
5. Physical Security (Layer 3)
The transaction triggers access to physically secured hardware. This might involve automated systems accessing cold storage (more on this in the next section) in a secure facility.
6. Key Management (Layer 2)
Now, the custodian's systems need to sign the transaction with Alice's private key.
Security measures like MPC (Multi-Party Computation) and HSMs (Hardware Security Modules) are used to sign these transactions securely.
7. Blockchain Interaction (Layer 1: The Blockchain Core)
With the transaction signed, the custodian broadcasts it to the blockchain network.
This marks the handoff from the custodian's controlled environment to the blockchain which processes and confirms the transaction.
8. Logging Update (Layer 6: Logging and Attestation)
The system updates the transaction log with final details.
9. Confirmation and Completion (Layer 7: Audit and Compliance)
The custodian's systems monitor the blockchain for confirmations.
The entire process is logged for audit purposes, completing the circle back to the outer layer.
Bob receives the $100, Alice receives a notification that her transfer is successful.
Journey to the Centre of the Onion
This journey shows how each layer plays a different role and highlights the complexity behind every transaction:
Outer layers (5 and 6) ensure regulatory compliance and adherence to predefined rules.
Middle layers (3 and 4) manage access and physical security.
Inner layers (1 and 2) handle the cryptographic operations and blockchain interactions.
5. Key Concepts Simplified
Now that we have a mental model of how custodians are set up and how transactions flow through the system, let’s dive into some of the jargon and terminology we use.
1. Multi-Party Computation (MPC)
What: A cryptographic technique that creates partial keys, used to make partial signatures. For instance, three servers might each hold a partial key, with at least two required to cooperate to sign any transaction.
Where: Key Management (Layer 2)
Why it matters: This enhances security by ensuring no single party holds the complete key, reducing the risk of theft or insider threats.
2. Secure Enclaves (TEE)
What: Protected memory regions in computer processors, isolated from the main operating system.
Where: Key Management (Layer 2)
Why it matters: This offers a secure execution environment for signing, giving confidence that this won’t be affected even if the main system is compromised.
3. Hardware Security Modules (HSMs)
What: Specialized, tamper-resistant hardware for cryptographic operations.
Where: Key Management and Physical Security (Layer 2 and Layer 3)
Why it matters: This provides a secure environment for key storage and signing, protecting against both physical and digital attacks.
4. Cold Storage
What: Storing digital assets offline, unconnected to the internet.
Where: Physical Security (Layer 3)
Why it matters: This provides security against online threats which can’t access offline devices. If the device isn’t connected to the internet, the internet can’t hurt it.
5. Multi-Signature (Multi-sig)
What: Requires multiple signers to coordinate to create a signature in order to authorize a transaction. Imagine a safety deposit box that requires two keys to open - one held by you, one by the bank. That's multi-sig in action.
Where: Access Control (Layer 5)
Why it matters: This distributes control and reduces single points of failure. Single points of failure are always best avoided as they will be targeted by attackers, removing them enhances overall security.
6. Whitelisting
What: A pre-approved list of addresses allowed to receive funds.
Where: Transaction Policies (Layer 6)
Why it matters: This reduces the risk of funds being sent to unauthorized or malicious addresses. If an attacker were to gain access to the account and tried to send transactions to their own address, this would block the transactions before they went to any of the core layers for signing.
These concepts are not mutually exclusive (e.g. you can have multi-sig cold storage using secure enclaves). Each of these technologies (and many more!) come together to help make custody safe. The space is rapidly evolving and we’re constantly thinking of new ways to deal with threats. This means what is state of the art today will likely be out of date in 2-5 years time.
But now whenever you hear an acronym or a new piece of security from a custodian, you can try and map them to the different layers to understand the reason for why it’s been created.
6. Wrap-up
“Show me the incentive and I will show you the outcome” - Charlie Munger
Custodians are paid to strike the balance between security and convenience. They focus on the tricky problem of guarding valuable data that if lost, is almost always irrecoverable, while making that data accessible to allow transactions. Imagine a vault that needs to be impenetrable, yet accessible at a moment's notice. That's the custodian's daily challenge.
To try and solve this problem, custodians try to wrap as many layers of security as possible between the blockchain address where assets live and the ability to move assets from that address. Each layer added to the onion represents a new challenge for potential attackers, making the assets at the core increasingly secure.
However, this isn’t a fully solved problem.
Custodians and security firms that connect to them will continue to evolve with new security measures, new layers and new technologies (including what we are building at Circuit! Reach out if you want to learn how we can help you recover your assets even if private keys are lost).
The Future
As we've peeled back the layers of digital asset custody, hopefully something is becoming clearer: the future is being shaped right before our eyes.
As blockchain continues to reshape industries beyond finance - from supply chain management to digital identity - the principles of secure digital asset custody will become increasingly relevant. The lessons learned from protecting cryptocurrencies today will inform how we secure digital value of all kinds tomorrow. Imagine a world where your digital identity, health records, and financial assets are all secured using learnings from custody principles we use for crypto today.
Now you are better equipped to face this new frontier, with an intuitive understanding of how at its bedrock, we’re approaching keeping things safe.
Welcome to the future of finance. It's secure, it’s digital, and it's just getting started.
If you found this article helpful, please share it :)
Thanks to Chris Grilhault de Fontaines, David Schwed, Hamza Adnan, King Tong Choo, Tom Kiddle and TJ Connolly for reviewing drafts of this piece and providing feedback.
https://www.chainalysis.com/blog/crypto-hacking-stolen-funds-2024/