John Reinhardt
Oct 3 · 3 min read

In part two of our three-part blog series on crypto custody, we dive deeper into institutional-grade custody solutions. (Missed part one? Read about the three tiers of crypto custody here.)

Part Two: Institutional-Grade Crypto Custody

Third-party custody solutions come in two forms, which are often referred to as online (“hot wallets”) or offline (“cold storage”) systems. The difference between the two amounts to whether the storage system is networked or in any way remotely operable. Online solutions are capable of greater speed and liquidity, but can be more vulnerable to attacks. Offline solutions are generally slower to execute on customer instructions because their private key-storage systems can only be accessed at their physical locations, however, there is usually lower risk of unauthorized transfers.

An offline, third-party custody solution is the most robust approach for customers seeking both security and trust, but not all offline solutions deliver institutional-grade protections. Customers should understand how custody solutions work in order to know which attributes and components matter most for their specific needs and concerns.

Below are important infrastructure and operational attributes of an institutional-grade solution:

  • Secure Vaulting: For optimal security, a custody provider should be storing key devices in high-security facilities. Multiple, redundant high-security storage locations and geographically distributed backup sites are necessary for institutional custody providers. Access to secure facilities should be limited to only authorized personnel using multiple forms of identity authentication such as ID badges and biometric scans (e.g. fingerprint).
  • Cryptographic Hardware: Hardware Security Modules (HSMs) are physical computing devices that protect and store cryptographic secrets, including the private keys required for signing a transaction. The most secure HSMs meet the highest levels of the U.S. Federal Information Processing Standard (FIPS) security ratings. If an offline solution uses HSM devices of a certain caliber, the cryptographic secrets on those HSMs cannot be extracted even if the devices were authenticated to in an authorized way. This ensures the private key remains onboard the HSM in perpetuity and no copies can be made — in secret — for use at a later time.
  • Organization Governance and Controls: It is not enough for a storage center to be offline; human governance and role separation controls must work together for effective security design. The instructions issuance process and governance controls are almost as important as how securely keys are stored. The funds movement process for custodying cryptocurrency needs to be designed in a way that diffuses the level of control among parties and ensures that no single party can take over or corrupt that process.
  • Redundancy and Business Continuity: Maintaining multiple, redundant storage locations and geographically distributed backup sites is necessary for institutional-grade custody providers. Having at least two layers of redundancy is important to maintaining operations in the event of natural disasters or the destruction of property.
  • Transparency and Proof of Controls: Visibility into custody services is more important to certain investors than others, depending on factors such as size of holdings, privacy preferences, and other variables. For some customers, it’s important to have tools that allow them to easily access and view their holdings in order to confirm their provider is custodying what they claim. Custody providers should regularly self-test and engage in audits of their systems and controls (e.g. SOC 2 certification).

Custody solutions that can be considered institutional-grade are not just “air-gapped” computers in protected physical locations. They combine at least secure vaulting, cryptographic hardware, and organizational governance to provide multiple layers of security for the safeguarding of assets.

In part three of the series we will focus on questions and considerations when choosing a crypto custodian. To learn more download our Guide to Crypto Custody and join our webinar on October 7, 2019 at 12:00pm ET to discuss the state of crypto custody.

Onward and Upward,

John Reinhardt, Director of Custody Operations

Gemini

A next generation cryptocurrency exchange and custodian that allows customers to buy, sell, and store digital assets. https://gemini.com

John Reinhardt

Written by

Director of Custody Operations at Gemini.

Gemini

Gemini

A next generation cryptocurrency exchange and custodian that allows customers to buy, sell, and store digital assets. https://gemini.com

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade