Custody Consolidation Could Be A Threat To The Transformative Promise Of Cryptocurrency
Regulation and institutional risk-shifting tendencies are pushing the industry towards custody consolidation. Custody consolidation is a scenario where market forces drive a consolidation of crypto custody into the hands of a just a few entities. If custody becomes consolidated, we see a systemic risk and a barrier to the cryptocurrency movement reaching its full potential.
We believe in the transformative potential of cryptocurrency. To realize that potential, institutions need to be in control of their assets. To do sophisticated types of trading, for example, and to do transactions that are not possible with traditional financial instruments, you need to possess your keys. You need to be able to sign transactions.
Whereas if you are entrusting your assets to a third-party and saying “please hold on to these for me and I’ll come back when I need them,” then you may not be able to do the sophisticated transactions that are only possible with with crypto. You are not realizing the transformative potential of crypto as a new financial instrument; you are a second-class citizen in the ecosystem.
We think that any institution dealing with cryptocurrency will, in the future, have to control keys.
Self-custody won’t be something that only banks, hedge funds and exchanges need to do — but something that regular corporate entities need to do as well.
Corporate entities today have a treasury in the form of a business bank account. In the future they will also have a crypto treasury — and in many cases they will want to manage that in-house by necessity.
There are potentials that can’t exist with fiat; like payment channels, for example — moving funds around in real-time with very low fees on a global basis. Institutions will need to hold their own keys in order to realize these potentials. At Base Zero we are providing a comprehensive platform for institutions to participate in the whole ecosystem.
The evolution of cryptoasset custody has gone through several phases:
- In the beginning there were enthusiasts who held their own keys on a network connected machine.
- De-facto exchange custody began with early exchanges such as MtGox, Tradehill, Bitstamp and Bitfinex. Exchange customers leave assets on the exchange for convenience. The practice of cold storage begins at the exchanges.
- Mixed custody wallets. “Greenaddress and BitGo pioneer multisig hot wallets with a second factor implemented via one of the keys. The user controls another key, while an optional third key is available as an offline fallback.
- Institutional custody begins with Xapo, followed by Coinbase and BitGo.
- Legacy institutions. Fidelity enters the market.
During this evolution, loss and theft continues. Major losses due to poor operational practices — beginning with MtGox — continue with a smaller hot wallet attack on Bitstamp in 2015, and in 2016 a large Bitfinex / BitGo hack resulting from incorrect key handling and a lack of cold storage.
In 2018, $1.7 billion worth of cryptoassets were stolen or lost, including $190 million in the QuadrigaCX incident alone. The QuadrigaCX cold storage was controlled by a single person — a glaring anti-pattern.
The following drivers affect how cryptoassets are custodied:
- Liquidity — Access to assets is important for liquidity. You don’t want to wait 24–48 hours to access your assets while the market moves.
- Convenience — Cold storage solutions have traditionally been cumbersome to use.
- Risk-shifting — Companies prefer to shift the risk to others, resulting in custody consolidation. However, because of the high expense of insurance, risk-shifting may be an illusion as only a small percent can be insured.
- Best practices — Multisig and cold storage are known best-practices for custody, yet many implementations fail to adopt them.
- Regulation — Over-regulation can result in custody consolidation due to barriers to entry and sometimes outright dictates. For example, large funds in the USA are forced to use “qualified custodians” — a concept from the legacy financial system which may not indicate the actual security effectiveness of the custodian.
We see three possible outcomes:
- Consolidation of Custody — A handful of custodians emerge and most assets are stored with them.
- Diversity of Custody — Barriers to entry are low and 50 or more custodians emerge.
- Self-custody — As better tools are developed, secure storage becomes easier and businesses of any size are able to secure their assets. Distributed exchanges eliminate the need to park assets at exchanges.
Systemic Risks Of Custody Consolidation
- Consolidation would create a few large targets for hackers and physical attacks.
- A successful attack would wipe out the custodian and all of their customers — in effect wiping out a large part of the ecosystem.
- Insurance cannot protect against systemic risk, because it is too expensive (1% per year) and there is not enough insurer appetite available. Insurance expense is in line with the actual losses (>1% of market cap per year) and therefore it is not likely to decrease any time soon.
- Failure can be due to theft, regulatory change in the custodian’s jurisdiction, or software error — (see Parity Wallet: “I accidentally killed it”)
In order to keep crypto custody diverse, participants in the ecosystem should advocate for keeping barriers to entry low.
- Secure crypto custody technology should be widely available, not concentrated in the hands of a few “qualified custodians.”
- Regulation should not be costly to comply with, or so cumbersome as to stifle innovation.
- Regulation should be focused on security best practices.
- Best practices often emerge from self-regulating organizations; the Payment Card Industry Data Security Standard, for example.
We’re hoping that promises made by members the Congressional Blockchain Caucus about “light-touch” regulation become a reality.
In Q1 2019 there are market forces driving both diversity and consolidation of crypto custody. If consolidation wins, the scenario presents a systemic risk to the cryptocurrency ecosystem.
Institutions must realize that if you don’t own the keys then the cryptocurrency is not really in your possession, and is not under your control.
Furthermore, for sophisticated types of trading, and to participate in transactions that are not possible with traditional financial instruments, institutions will need to possess their own keys and be able to sign transactions in real time.
We believe in the transformative potential of cryptocurrency. We would like to see best practices and light-handed regulation assist in realizing the promise and potential of cryptocurrency in financial markets.
It’s Time to Embrace Blockchain at a National Level
✔︎ Download: Digital Chamber Of Commerce National Action Plan for Blockchain
About Base Zero
Base Zero is a cryptocurrency security company helping financial institutions to safely self-custody client crypto assets. The product is a web app combined with a set of handheld signer devices. The devices are custom hardware developed by Base Zero. The web app and the devices are used together to keep crypto assets secure. It’s priced as a monthly service. Base Zero engineers do a custom on-site integration for every client. The chief benefit of a Base Zero implementation is it allows totally secure cold storage of digital assets, while maintaining 24/7 real-time transaction capability.
✔︎ Download Now: Product Datasheet & Security Whitepaper
Base Zero, Inc.
contact: Matt Zimmerman, CEO
location: Berkeley, CA