(Crypto) Custody — security, risk and responsibility on handling private keys

Custodial services are a key element of our 360° Tokenization platform Unibright Freequity. With the rise of tokenization and cryptocurrency adoption, — together with more professional and institutional entities entering the space— the question of how to store the keys that allow access to these digital assets is becoming increasingly important. In this article we will present the different options for storing digital assets (the keys to access them, to be more specific) and discuss the risks and responsibilities involved. Eventually we present a scale to compare the different types of solutions.

What is custody?

From a technical standpoint, custody is about safeguarding private keys, the cryptographic alphanumeric combinations needed to transfer and store digital assets. They are the single point of failure within the space — losing them means losing the respective holdings with literally no chance of recovery.

There are multiple custodial solutions, each offering unique benefits to the user. They range from self-custody with hardware or software wallets to third-party offline-storage, and everything in between. Some users need more frequent access to their assets as others. Some investors might require third-party cold-storage for legal and insurance reasons or because they are obliged to do so. In the US, for example, institutional investors are legally forced to have a “qualified custodian” to secure the holdings.

With more and more financial institutions, HNWIs (high-net-worth individuals), and funds entering the space, the need for a custodial infrastructure rises. According to PwC, there are currently 150 crypto funds with combined assets under management of more than US$ 1bn, with 52% of those employing an independent custodian.

Types of custody

1. Self-custody
There are multiple ways to self-secure private keys. One can use hardware wallets, printed paper wallets, or encrypted data stores. In the end, the keys are moved offline into a “safe” in possession of the owner of the assets. This leaves the applicant as the single point of failure for loss of access or compromise — there is no third-party involved in managing this risk.

2. Partial custody (Multi-Sig, MPC)
Those are products and solutions where a scheme is employed to not have a single point of failure (one human, one account, or one device) when storing and using the keys. It amounts to a form of split or partial custody where the customer names multiple roles/persons (authorised officers, notaries, lawyers) that are required to cooperate within the signing process. One can imagine this like every involved party only having “one chunk of the complete key”. The exact amount of control and scheme used can be defined by the customers needs, ranging from a 2-of-3 multi-signature scheme to complex legal arrangements between the involved parties.

Legal risk and responsibility stays within the group of parties engaged. There is no third-party entity that can be made responsible in the case of emergency. An example implementation of this would be a DApp using Ethereum SmartContracts to create a Multi-Sig wallet offered by a provider that states in his terms that he is not a custodian and that it is the users who are managing the keys and thus taking the risk.

3. Third-party custody
Within this approach, a third party is responsible for the safety of the private keys involved. This party, taking the legal risk and responsibility, is a custodian. Within a third-party custody solution, customer funds are held and managed entirely by a solution provider. The customers transfer their assets to the custody provider, who is then only acting on the customer’s instructions (the customer is not involved in any signing process). Service level agreements define the terms and conditions regarding the storage, access, and transferal of funds by the third party.

Third-party custody solutions generally come in two forms, referred to as online (“hot wallets”) or offline (“cold storage”) systems. The difference between the two amounts to whether the storage system is networked or in any way remotely operable.

Online (Hot Wallets) store keys in (internet) connected systems or in electronically-available hardware devices. These solutions offer a greater processing speed and liquidity, as the use of a network connection enables automated access to the system. On the other hand, being networked means that they are vulnerable to attacks through the network.

Offline solutions (Cold storage) hold keys in (hardware) devices that are physically isolated (or “air-gapped”) with no connection to any network or electronic communication device, thereby removing potential for malicious remote control through electronically communicated instructions. Offline solutions are slower to execute on customer instructions because their key-storage systems can only be accessed at their physical locations and no automation is possible (otherwise the solution is online again). This solution, when designed correctly, significantly lowers the risk of unauthorized transfers through physical security and role-based control over key access.

On the other hand, a solution that is completely offline and not automated at all, relies on (multiple) human beings to handle the key (parts) independently, and therefore does not scale and employs the risk of these humans being compromised.

Considerations from a customer’s perspective

For the individual or enterprise entity that wants to utilize a custody solution, the challenge is comparing existing alternatives and picking the most suitable one. The following topics should be considered when comparing the existing solutions and products:

Safety: How is the safety of the keys guaranteed from a technical and organisational perspective, both in storage and transaction signing? Who takes the risk and is legally responsible? With self-custody this is obvious (all on the user). With partial custody it is the signing users as well as the platform (centralized web app/ DApp) offering the user interface to interact with the (multi-sig) smart contracts. With third-party-custody it gets complex, as everything lies within the responsibility of the entity offering the solution, including the decision of how transparent to be and what to disclose in terms of technical key storage (hardware security modules (HSM), air gaps, offline transaction signing) and organisational setup (how are employees authenticated, authorized and monitored within the custody process). Another question is what level of automation is being used — the more is being coded and connected, the more attack vectors occur.

Speed: The speed at which customers are able to access their funds. Here a trade-off takes place between speed and safety (e.g. hot wallets vs. cold storage). The respective service level agreements of the providers should make a statement on relevant time frames, minimal and maximal withdrawal amounts, and so on.

Audits: Is the solution audited by a trustworthy party and how is compliance accomplished on a general level?

Insurance: Holdings in digital assets can be insured, although there only exist a few options at the moment. Most of these go along with the prerequisite of cold-storage and an audited, transparent solution. Only based on these facts can the risk be measured and thus insured.

Fees: There is no agreed-upon fee model yet established throughout the market — costs and pricing models differ depending on the solution. Additionally, providers often offer individual pricing based on the size of the customers holdings.

Transaction workflow: How does a customer communicate a withdrawal request, meaning the execution of a blockchain transaction for the assets under custody? How is that channel secured and how feasible is it to the customers needs?

Monitoring: What kind of dashboard application exists to monitor the digital asset holdings and transactions executed — are necessary reports like tax reports provided as needed?

Future-Readiness: How fast is the solution provider to onboard new tokens and coins or implement upcoming regulatory demands?

There is no custody without risk, so the question is where to accept risk and how to handle it accordingly. For a customer utilising custodial services it is important that the custodian is liable for damages and able to pay back losses in the case of emergency. Seen from that perspective, it makes no difference to the customer whether there are attack vectors within an automated solution (where code and algorithms access the keys) or within the human element of the operation.

Unibright’s solution

At Unibright we researched different approaches to hot and cold wallets, multi-sig and multi-party-computing based approaches, and (according to our understanding of Unibright as an integrator) their ability to be integrated into processes and systems. We met and joint forces with various custody providers, software experts and data-center builders to examine and push integration standards in this field for future use, always having the regulator’s view in our mind, too.

As a follow-up to this rather broad article, we will present our solution within Unibright’s Tokenization platform in an update, showcasing how our products already today are an attractive solution for customers using our custody services.

Unibright is a team of blockchain specialists, architects, developers and consultants with 20+ years of experience in business processes and integration. Unibright turns ideas into businesses, and improves processes with the help of blockchain technology.

Unibright develops enterprise solutions, invests in start-ups, builds process modelling tools and integration platforms and offers a 360° ecosystem around tokenized assets.

Verticals of https://unibright.io

Learn more by visiting the Unibright website, Twitter and Medium.