Understanding Institutional Crypto Custody Solutions in One Article

With inflation concerns lingering and negative interest rates on the horizon, even the most conservative institutional investors (corporate treasurers) are looking to invest their surplus cash in digital assets.

According to Gartner, 5% of CFOs and senior financial executives said they plan to add Bitcoin to their balance sheets in 2021. However, digital asset infrastructure is not fit for purpose. Most custody technologies still struggle to guarantee the security and liquidity of funds, let alone provide financial tools for automating workflows, managing liquidity and reporting.

As a result, corporate treasurers who hold cryptocurrencies often rely on a range of tools to manage digital assets. A combination of hot and cold wallets is often used to manage funds, but this also creates considerable operational security risks and makes reporting very cumbersome, with employees spending hours researching different data sources to understand the company's situation.

The custody infrastructure for the aforementioned cryptocurrencies is typically implemented in one of three ways – self-custody, joint custody, and third-party custody.

1. Self-Hosting

Full control over your own digital assets

Unlike institutional investors who are bound by the Custody Rule to use qualified custodians, corporate treasurers can follow Satoshi Nakamoto’s vision of financial sovereignty – custody of their own currency.

It’s like keeping your gold in a private vault. However, with Bitcoin, you gain full control over your property by holding your private keys (cryptographic codes that grant ownership of your assets).

Single Signature Wallet

Small businesses can self-custody their digital assets by storing them in a single-signature hardware wallet. The private key is stored in a secure USB drive that can be easily plugged into a desktop or mobile phone to sign transactions.

advantage

• Single-signature wallets give an individual complete control over their assets, allowing a CEO or financial officer to make transactions quickly.

shortcoming

• It’s untenable for all but the smallest companies to have an executive involved in every transaction. Sharing a wallet with different staff members is a possible strategy, but it’s cumbersome and eliminates accountability because it’s hard to know who signed each transaction.

• Single-signature wallets create a major single point of failure. The person holding the wallet may die, losing the funds, or run away with the funds, or become the victim of a hack.

Multi-Signature Wallet

The security concerns and lack of flexibility of single-sig wallets will lead most corporate treasurers to consider multi-sig solutions.

If a single-signature wallet is equivalent to a single key that holds a vault of gold, then a multi-signature wallet is like a safe with a certain number of private keys (M), and a certain number of private keys (N) are required to open the box.

Where M is the total number of private keys and N is the number required to authorize a transaction. Typically, 2 or 4 private keys out of 3 or 5 signers are required to reach consensus on the transaction before it is approved.

advantage

• Multi-signature wallets can be configured with different permission levels, and private keys can be distributed among key employees in a multi-step approval scheme.

shortcoming

• The more signatures required to approve a transaction, the more cumbersome, time-consuming, and expensive the process becomes. On-chain transactions can take hours to clear congestion on the underlying blockchain and incur significant fees for simple, everyday tasks.

• Even with sophisticated sign-off procedures, there is still the potential for collusion — especially if an employee holding a private key leaves the company.

• Multi-signature solutions lack flexibility because they are tied to a specific blockchain address. Therefore, if you want to change your custody policy by adding or removing a party, you will need to move the funds to a new signing arrangement on the underlying chain. Additionally, most multi-signature solutions are limited to 15 signers, making it difficult to create a solution that can scale to meet the needs of large companies.

• On-chain multi-signature transactions can be viewed on a public ledger. Therefore, if addresses are shared, the chain of transactions is exposed. This could reveal sensitive signature schemes and workflows to potential attackers.

2. Joint trusteeship

Share control of digital assets with external co-signers

Joint custody involves delegating authority to a third party that acts as a backup or active co-signer. This can be achieved with multi-signatures or multi-party computation (MPC) based on threshold signature schemes (TSS).

The joint collaborative custody arrangement requires the owner to retain two ba private keys and give the third private key to a semi-custodial service, which reduces the risk of single point of failure.

On-chain joint custody using multi-signature

In the case of joint custody using a multi-signature wallet, a corporate treasurer might hold two of the three private keys and give one to a third party.

advantage

• Improves operational security by sharing the burden of private key management across multiple parties.

shortcoming

• It has the same drawbacks as normal multi-sig, and adds an additional security vulnerability in the form of a trusted third party.

Off-chain joint custody with MPC TSS

“I believe TSS will reshape the landscape of wallets and custodial services. It is far superior to multi-sig” — Changpeng Zhao, Binance

MPC TSS (Multi-party Computation with Threshold Signature Scheme) can also be used for joint custody.

The difference lies in the implementation. While multi-signature wallets typically use on-chain transactions, MPC TSS takes the signing process off-chain and relies only on a single signature created by distributed nodes that contain a secret representing part of the private key.

advantage

• Transactions can be signed faster off-chain because they do not rely on slow underlying on-chain transactions.

• Signatures calculated on-chain do not incur network fees.

• There is no need to have multiple wallets for different blockchains, which is cumbersome to handle and difficult to report on.

• While multi-signature wallets are tied to a specific blockchain, the MPC works to standardize a cryptographic signature algorithm (ECDSA) that can be implemented on 95% of blockchains.

• MPC TSS provides enhanced privacy because transactions are not conducted on-chain, preventing potential attackers from snooping into your company’s signing arrangements.

shortcoming

• MPC TSS solutions implemented in centralized databases are a favorite of hackers. For example, encryption keys have been leaked from Intel’s SGX cloud infrastructure on multiple occasions.

• If all MPC nodes are controlled by a centralized organization, assets could still be vulnerable to employee theft, cloud providers, or other colluding partners who may decide to empty wallets. As QuadrigaCX demonstrated, malicious insiders are the most likely cause of digital asset loss.

• Organizational signature structures like approval thresholds are often implemented in an opaque software layer that runs independently of the blockchain, which undermines the security of the system.

• Limited ability to provide an immutable audit log for reporting.

3. Third-party escrow

Deposit assets with a trusted third party

“Any crypto wallet that doesn’t give you your private keys should be avoided at all costs” — Elon Musk

Corporate treasurers may choose to place their gold in custody. This is equivalent to depositing the gold with an insurance company, usually done using a multi-signature wallet controlled by a third party.

advantage

• Handing over digital assets to a custodian means no technical knowledge is required.

shortcoming

• Handing over assets to a third party who can freeze or restrict access reduces the appeal of cryptocurrencies as a safe haven. Assets could be seized or hacked, undermining their ability to provide companies with personal sovereignty and financial privacy.

• Cryptocurrency custodians often commingle assets in opaque omnibus accounts rather than storing them in separate accounts. This forces asset owners to rely on trust rather than being able to verify assets on-chain.

• The list of bankrupt cryptocurrency custodians grows every year, with traditional financial custodians such as Bank of New York Mellon’s custody unit failing to protect clients’ assets in 2015.

• Custodians charge fees, which can increase significantly over time.

• Moving funds to and from the institution is slow and expensive. Withdrawal requests can often only be made during business hours and take days to process.

Qredo Network

Decentralized custody of decentralized assets

Qredo introduces a new paradigm: decentralized custody of decentralized assets.

It uses a cryptographic technique called multi-party computation, where the private keys that control digital assets are distributed across an independent blockchain network.

This allows corporate treasurers to implement any combination of the three custody options – self, joint or third-party custody – without having to make trade-offs between security and accessibility.

Trade Now

Qredo enables companies to quickly trade in volatile digital asset markets through instant transfers, allowing treasurers to reconcile assets between custodians, brokers and financial institutions on the network in real time.

Manage digital assets on a single dashboard

Qredo gives firms clear visibility into potential issues and opportunities by allowing them to manage digital assets from a single interface. Get real-time account balance and transaction information across all positions across banks, funds, client and business wallets, group entities and regions.

Integrating digital assets with fiat treasury systems

Qredo runs on open source software and can be directly connected to the company's financial management system through the REST API.

Seamlessly delegate approval and signing authorizations

The Qredo wallet can be customized to fit the needs of an organization. The power to initiate transactions, approve transactions, or run reports can be assigned to multiple parties, and an unlimited number of signatories can be specified using an arbitrary M(N) threshold scheme.

Exporting immutable audit logs

Qredo records all transactions on a layer 2 blockchain, providing an immutable record of inflows and outflows for blockchain.

Comply with various rules easily

Qredo has messaging capabilities that allow transactions to come with sender and receiver identities, making it easy to comply with emerging regulations such as the travel rule.

Protect your assets with seven lines of defense

Qredo provides a unique security framework (seven lines of defense) to protect assets from the threat of loss due to hacker attacks or insider collusion. MPC is achieved through a decentralized network that is protected by custom hardware and insured by Lloyd's of London.