Mitigating custody risks in the wake of FTX

While self-custody is not an option for most traditional financial institutions, which must report material investments in crypto and hold them with a “qualified custodian,” Chainalysis recently reported mounting evidence that more institutions are turning to self-custody.

Self-custody plays an important and historically significant role in the crypto economy. And it’s a necessary and important characteristic of being a mathematically created fully digital asset class. From inception, crypto has always carried the torch of self-sufficiency, the ability to directly hold assets and transfer a unique piece of digital property anywhere in the world. As borderless bearer-assets, the appeal of self-custodying digital assets will always remain an appealing way to store wealth.

That said, while self-custody may eliminate the possibility of losing assets in an exchange hack or bankruptcy, there are many other risks it simply may not protect against. The past months have seen an increasing trend towards self-custody in the wake of FTX and related contagion.

Since the beginning, Anchorage Digital has focused on bringing institutions a safe and accessible way to participate in crypto. While we recognize the importance of self-custody within the crypto ecosystem, we encourage well-regulated US financial institutions and crypto-native participants to consider the security and accessibility advantages of working with a compliant custodian.

Safe, accessible custody with strong controls

Any time an institution sets out to move funds via self-custody, with the models that exist today, there’s always elevated risk for simple human error. There’s also no way to verify or audit who initiated a transaction.

Contrast that to our regulated model that is able to show proof of exclusive control of private keys, demonstrating that keys are held exclusively by Anchorage Digital and that no one else has or has ever had access to them. Rather than fully-offline self-custody requiring manual human operations, our model relies on biometrics and approval by a group of approved parties to initiate and confirm transactions with a fully auditable trail.

Our unification of policy and signing means the same system which constructs and signs transactions can provide the audit log approval. We can also easily prove to regulators, external auditors, and clients that we have control of digital asset keys at any time, through on-demand challenge response authentication.

Dual-control requirements

Dual controls help to ensure executed transactions match customer instructions and prevent unauthorized movement of assets (dual controls are also required under 12 CFR 9, applicable to national banks).

Hardware security

Although not a requirement to meet the definition of a qualified custodian, there are existing best practices in place when it comes to managing cryptographic data through the use of hardware security modules (HSMs). HSMs, when paired with strong controls, meet goals of exclusive control, regular existence proofing, and are auditable by clients and third-party vendors.

Additionally, they make transactions faster and safer than connecting fully-offline self-custody methods to make transactions.

Our HSM model keeps private key data completely offline within air gapped hardware, while transacting at speeds similar to a warm or hot wallet—with the added improvement of encoding policy engines that validate signing instructions inside the hardware itself. The HSM hardware technology we use has a deep history of being utilized for mission-critical security, and has been shown to offer a consistent methodology for full lifecycle safety.

Segregated accounts

With Anchorage Digital, client assets are maintained in separate vaults, and client assets are never commingled with company assets.

Proof of existence

A qualified custodian should always be able to prove the existence of assets held under custody when requested as an essential client protection. Doing so validates that private keys exist, that the private keys are functional, and that they are held exclusively in the name of the right client or asset owner. We are able to help our clients independently verify their assets are safe within Anchorage Digital custody for their auditing and reporting purposes.

While self-custody may allow existence proofing, vulnerability to weak controls, authentication methods, and authorization strategies create a great deal of easily mitigated risk.

Keeping crypto in the financial system

Anchorage Digital’s proof of controls allow institutions to maintain a stake in the broader financial system, keeping custodied crypto accessible for trading, payment networks, stablecoin use, web3 participation, and reward generating activities like staking.

Though both self-custody and custody with Anchorage Digital move assets off exchanges to mitigate risk for frozen funds or bankruptcy clawbacks, our model takes the best of self-custody and eliminates key weaknesses. We do this by providing an auditable, transparent, regulated platform that enables institutions to safely custody their digital assets and conduct related custody services, while simultaneously eradicating human error risks—such as loss, theft, or damage—all of which are risks associated with self-custody that can be problematic for institutions.

Blockchain monitoring

Institutions should work with a qualified custodian that implements clear policies and procedures for monitoring blockchain activity across all custodied digital assets on a regular basis. Though not a requirement, qualified custodians should prioritize assessing the unique security concerns and vulnerabilities to exploits inherent in digital assets.

While we’re keenly aware of the need to remove assets from centralized exchanges in the wake of FTX, we encourage any institution considering self-custody to also get in touch with us to discuss our safe and efficient solution for digital asset custody, trading, governance, staking, and more.