What is crypto custody?
Introduction to crypto custody?
In the world of traditional finance, custody refers to the services offered by a bank or institution that manage and protect a client's cash or securities.
Financial custodians help safeguard investments, mediate transactions, and make sure tax earnings are properly reported.
In the digital asset industry, custody refers to the different methods used to secure crypto assets.
This process of protecting cryptoassets can be done independently by an individual, partially with the help of others, or be managed entirely by a professional third-party service.
When choosing between different types of cryptocurrency custody solutions, it's important to understand how each works, as well as the benefits, risks, and tradeoffs of each option.
Summary of crypto custody
- Custody is a state of being under control, guardianship, or protection
- Crypto custody refers to the method used to protect cryptocurrency by storing the private keys associated with a cryptocurrency wallet
- There are multiple forms of crypto custody — each with their own unique benefits and tradeoffs
- Both independent and third party, as well as online and offline options, are available to help custody cryptocurrency and secure your digital assets
What do private keys have to do with custody?
What your crypto wallet, or the custodial wallet associated with your crypto exchange, really stores is a set of private keys.
Private keys are an alphanumeric code used in cryptography that functions in a similar way to passwords.
Both public and private keys consist of a long string of letters and numbers which help to prove ownership of funds held in a crypto wallet. You can think of your public keys as a bank account number or username which you can share with anyone.
Private keys, on the other hand, are similar to your PIN or password. It is the private keys that ultimately allow you to gain access to your funds and because of this, your private keys should never be shared with anyone.
Private keys serve as a means of digital signing transactions and permitting transfers. This digital signature broadcasts your ownership of cryptoasset to the blockchain network, without revealing the details of your private keys themselves.
As long as your private keys are secure, your crypto is safe. It is ultimately the way you choose to secure your private keys which defines your custody method.
If you are interested in learning more about private keys, cryptography, and the technology that powers crypto, you can check out our Learn Center article How do cryptocurrencies use cryptography?
What’s the difference between hot and cold storage?
Generally speaking, solutions for securing your private keys can be split into two categories: hot and cold storage. No matter which custody arrangement you choose, your private keys will be held in one or both of these wallet types.
Hot storage refers to self-custody solutions that remain connected to the internet. These software wallets allow you to make online transactions and interact with various exchange platforms and decentralized applications (dApps).
However, because they are connected to the internet, hot wallets may be more susceptible to hacking attempts than their cold storage counterparts. They may also have their access limited by geographical restrictions enforced via your device's IP address.
Cold storage solutions keep your private keys entirely offline and are generally considered the safest way to store your cryptoassets. Transactions made with cold storage solutions are signed locally, which makes them much less susceptible to hacks.
Hardware wallets are a cold storage solution available to consumers who wish to take full ownership of their cryptocurrency. Many crypto exchanges also keep their customer’s assets in cold storage to increase the security of their platform.
Ultimately, the protection of your private keys is defined by your custody arrangement and storage options. The choices between your options will depend on your tolerance for risk and the level of responsibility you are willing to accept.
What are the different types of crypto custody
Many feel that cryptocurrency and blockchain technology empower people with an unprecedented level of financial independence. Cryptocurrencies like bitcoin are decentralized and not controlled by a government, company, or other intermediary. Therefore, when a person owns cryptocurrency, they can maintain complete control over how they choose to keep that asset.
When a third-party crypto custodian like an exchange holds your private keys, they ultimately are responsible for controlling your crypto. While these institutions are in control of your crypto, your assets may be subject to regulatory restrictions or be at risk of theft from security breaches.
This has led to the creation of the popular expression "Not your keys, not your coins," which continues to be a mantra in the crypto self-custody movement.
When you take full custody of your own private keys, you know that only you control your assets. It is this level of complete control (and responsibility) that allows you to achieve financial independence through cryptocurrency.
Of course, this level of responsibility while managing financial independence has its share of pitfalls. Just like if you leave your wallet at a bar you’ll likely lose all access to those funds, losing your private keys has the same effect with your crypto. When self-custodying crypto, there is no hotline number to call if you make a mistake, and it’s highly unlikely you’ll be able to recover your funds.
Further, when assets are independently custodied, no exchange or intermediary can insure your assets and there is no recourse for losses that occur due to your error.
For many, the level of responsibility required to securely take custody of your private keys may seem a bit overwhelming. Because of this, alternative custody solutions have emerged.
Partial custody solutions split the responsibility of securing private keys between multiple parties. This custody method is useful for maintaining joint accounts where multiple individuals have access to the same cryptocurrency.
Two popular partial custody solutions available are multisignature (multisig) and secure multiparty computation (MPC) technologies.
In standard cryptography, a signature is created by a single individual or entity to prove the authenticity and integrity of a message or transaction.
With multisig, a group of individuals or entities each have their own private keys. Rather than requiring a single signature to approve a transaction, multisig wallets require at least two keys to sign transactions on a network. Asset holders often set up multisig wallets that require 2 of 3 or 3 of 5 private keys to match before approving a transaction.
Multisig helps to make sure that there is no single point of failure and that no single party has full control over the funds. Because of this, multisig custody is particularly common among centralized platforms that have several co-founders overseeing large asset reserves.
Imagine a bank vault that requires three different keys to open it, and three of the bank’s managers each hold a key. To open the vault, at least two managers must turn their keys at the same time to access the contents inside. This system prevents any single manager from accessing the vault alone.
Secure multiparty computation (MPC)
Unlike multisig, secure MPC distributes the function of a private key among separate parties.
Each party holds its own private input data but ultimately wants to execute a function that requires the collective inputs of all parties. The parties do not want to disclose their individual inputs to each other. MPC protocols enable them to achieve this by allowing computation on encrypted or secret-shared data.
During the MPC process, each party contributes their own part to the computation but does not gain any knowledge of the other parties' contributions. Each party learns only the output of the computation, but the individual inputs remain concealed in the end.
Like multisig, a predetermined number of key shares must agree to a transaction before the system signs and validates the transaction. But, how they signal approval of that transaction is different.
Imagine you and your friends want to bake a cake, but you each have a secret ingredient that you want to contribute. You can each place your secret ingredient in a locked box that goes inside of the MPC. The MPC acts like a magic box that adds the ingredients together without anyone seeing what was inside of the boxes. Instead, it only reveals the combined ingredients in the form of the finished, fully baked cake.
Unlike multisig technology, secure MPC operates completely off-chain. Secure MPC keeps the details of your partial custody arrangement — like the number of approvers required to execute a transaction — private from other blockchain users.
In third-party custody arrangements, a user relies on an independent qualified custodian to take control of the private keys associated with their digital assets. Although they are not always "custodians" according to the traditional financial definition, centralized cryptocurrency platforms like Kraken fulfill the role of third party custody when clients choose to keep their assets on the platform.
Custodial banks and digital asset managers are other types of third-party custodians that exist in the space. However, these services mainly cater to institutional investors that require more tailored services and corporate controls while protecting their digital assets.
Allowing a third-party to take custody of your private keys has many benefits and drawbacks. Many new crypto users appreciate the ease of access a third-party custody arrangement offers.
With the significant responsibility of self-custody removed, users can more easily trade and transfer digital assets between platforms without first transferring them from a personal crypto wallet. Many third-party custodians may also offer insurance on their crypto holdings incase of some attacks.
However, because the third party is ultimately the one managing your private keys, the custodian effectively controls your coins. In certain instances, they may choose to limit your transactions, freeze your funds, or even block access to your wallet. International regulators may ask them to take these actions also. Additionally, if the third party goes bankrupt, you could lose all of your funds in the process as well.
How to choose the right crypto custody for you
The protection of your private keys is defined by your custody arrangement and storage options. The choices between your options will depend on your tolerance for risk and the level of responsibility you are willing to accept.
Ultimately, the contrasting factors to consider are security and control versus accessibility and convenience.
While self-custody may be the most secure option for some, the enormous responsibility of being the only individual able to access your funds may be too much of a burden.
Meanwhile, when individuals allow others to have a role in controlling their cryptocurrency, they give up a level of control in favor of convenience.
Depending on your cryptocurrency goals, different custody methods may be appropriate.
For those looking to actively trade their cryptocurrency, third party custody may be the most effective option. However, for those looking to hodl their crypto for the long term, self-custody may be the most secure solution.
Get started wth Kraken
Now that you have learned about the different ways to custody your cryptocurrency, are you ready to take the next step in your journey?
Sign up for a Kraken account today to take control of your financial freedom and buy cryptocurrency with as little as $10.