.png)
Frameworks, core principles and top case studies for SaaS pricing, learnt and refined over 28+ years of SaaS-monetization experience.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
The institutional adoption of digital assets has reached a critical inflection point. According to Coinbase's 2024 Institutional Crypto Survey, 71% of institutional investors now hold or are interested in holding digital assets. Yet, the fundamental question that keeps executives awake at night isn't about market volatility or regulatory uncertainty—it's about custody. How do you secure millions or billions in digital assets without creating operational bottlenecks or introducing unacceptable risk?
The custody decision isn't merely a technical choice; it's a strategic one that impacts your operational efficiency, regulatory compliance, insurance coverage, and ultimately, your bottom line. Whether you're a corporate treasurer exploring Bitcoin as a treasury asset, a fund manager launching a crypto investment vehicle, or a SaaS platform integrating digital asset payments, understanding the nuances between custodial services, Multi-Party Computation (MPC), and multi-signature (multi-sig) solutions is essential.
This guide cuts through the complexity to help you make an informed custody decision based on your organization's specific needs, risk tolerance, and operational requirements.
Why Does Custody Matter More in Crypto Than Traditional Finance?
In traditional finance, if you lose your bank account credentials, you call customer service. In crypto, if you lose your private keys, your assets are gone forever—irretrievably. This fundamental difference stems from blockchain's core design: transactions are irreversible, and control is entirely determined by cryptographic key possession.
The stakes are extraordinarily high. According to Chainalysis, cryptocurrency theft reached $1.7 billion in 2023, with the majority stemming from custody vulnerabilities. For institutional players, the reputational and financial consequences of a security breach far exceed the direct loss of assets.
Beyond security, custody affects:
Operational velocity: Can your team execute transactions quickly when market conditions demand it, or does your custody solution create bureaucratic delays?
Regulatory compliance: Does your custody approach satisfy regulatory requirements in your jurisdiction, particularly regarding fiduciary duties and qualified custodian standards?
Insurance and liability: Will you be able to secure adequate insurance coverage, and who bears ultimate responsibility for asset loss?
Counterparty risk: Are you introducing additional parties who could fail, be compromised, or act maliciously?
What Is Third-Party Custodial Storage?
Third-party custodial storage mirrors the traditional banking model: a specialized institution holds your assets on your behalf. Companies like Coinbase Custody, Fidelity Digital Assets, BitGo, and Anchorage Digital operate as qualified custodians, holding clients' private keys in secure, often offline environments.
How It Works
When you engage a qualified custodian, they generate and store the private keys to your digital assets using enterprise-grade security infrastructure—typically involving hardware security modules (HSMs), cold storage, and geographically distributed backup systems. You access your assets through the custodian's platform, initiating transactions through authenticated requests that the custodian executes on your behalf.
Primary Advantages
Regulatory clarity: Qualified custodians are regulated entities, often holding trust charters or money transmitter licenses. This regulatory oversight provides comfort to institutional investors and may satisfy fiduciary duty requirements. According to PwC's 2024 Crypto Hedge Fund Report, 89% of crypto hedge funds now use third-party custodians, largely driven by institutional LP requirements.
Insurance coverage: Reputable custodians carry substantial insurance policies. Coinbase Custody, for example, maintains crime insurance coverage up to $320 million, with assets in cold storage covered by Lloyd's of London syndicates.
Operational simplicity: Your team doesn't need to become cryptography experts. The custodian handles key management, security updates, disaster recovery, and compliance reporting.
Established track record: Leading custodians have secured billions in assets for years without major breaches, providing operational confidence.
Key Limitations
Counterparty risk: You're trusting a third party with complete control over your assets. While rare, custodians can fail, be hacked, or face regulatory seizure.
Transaction delays: Withdrawals from custodial cold storage can take hours or even days, creating challenges for trading operations or time-sensitive transactions.
Custody fees: Annual custody fees typically range from 10 to 100 basis points depending on asset volume, plus transaction fees.
Limited control: You're operating within the custodian's policies, procedures, and supported asset universe. Custom transaction types or emerging assets may not be available.
What Is Multi-Party Computation (MPC)?
Multi-Party Computation represents a cryptographic breakthrough that fundamentally reimagines key management. Rather than storing a complete private key in any single location, MPC divides the key into encrypted shares distributed across multiple parties or devices. These shares can collectively sign transactions without ever reconstructing the complete key.
How It Works
In an MPC setup, the private key is generated through a distributed process where no single party ever possesses the complete key. When a transaction needs signing, the key shares engage in a collaborative computation protocol. Each party performs calculations on their share, and these partial signatures combine to create a valid transaction signature—all without the full key ever existing in assembled form.
According to Fireblocks, which has processed over $4 trillion in digital asset transactions using MPC technology, the approach eliminates the single point of failure inherent in traditional key storage.
Primary Advantages
No single point of compromise: Since the complete key never exists in any single location, compromising one key share is insufficient to steal assets. An attacker would need to simultaneously compromise multiple independent parties.
Operational flexibility: Transaction signing happens quickly—often in seconds—because you're not retrieving keys from cold storage. This enables high-frequency trading, automated treasury operations, or customer-facing applications requiring instant withdrawals.
Reduced counterparty risk: Solutions like Zengo, Fireblocks, or Qredo allow you to hold key shares yourself, eliminating reliance on a single third-party custodian.
Adaptable security policies: You can implement sophisticated approval workflows—requiring signatures from 2 of 3 executives, or automatically approving transactions under $10,000 while requiring manual approval for larger amounts.
Disaster recovery: If one key share is lost or a device fails, the system can generate a new share without moving assets or changing blockchain addresses.
Key Limitations
Technical complexity: Implementing and maintaining MPC infrastructure requires specialized expertise. While managed MPC services exist, self-hosted solutions demand significant technical resources.
Emerging technology risk: MPC is mathematically sound but relatively new in production environments. Implementations can contain bugs, and the ecosystem of security auditors and incident responders is still maturing.
Regulatory uncertainty: Unlike qualified custodians, MPC's regulatory treatment varies significantly by jurisdiction. Some regulators view client-controlled MPC as non-custodial, while others disagree.
Insurance challenges: Traditional crypto insurance policies were written for custodial models. Securing comparable coverage for MPC arrangements may be more difficult or expensive.
Vendor dependency: If using a managed MPC service, you're trusting their implementation, security practices, and long-term viability. Migration between MPC providers can be complex.
What Are Multi-Signature Wallets?
Multi-signature (multi-sig) wallets represent the blockchain-native approach to distributed control. Instead of using cryptographic trickery to split keys, multi-sig leverages native blockchain functionality to require multiple distinct private keys to authorize transactions.
How It Works
A multi-sig wallet is created with a policy like "2-of-3" or "3-of-5," meaning that transaction authorization requires signatures from 2 out of 3 designated keys, or 3 out of 5 keys. Each key is a standard private key, held by different individuals, departments, or secure environments.
When someone initiates a transaction, it remains pending on the blockchain until the required number of key holders sign it. Only after collecting sufficient signatures does the transaction execute.
Primary Advantages
Transparent and auditable: Multi-sig policies are visible on the blockchain. Anyone can verify that your treasury wallet requires, say, 3 of 5 signatures, providing transparency to stakeholders, auditors, or investors.
No proprietary technology dependency: Multi-sig is a native blockchain feature. You're not depending on any company's continued operation or proprietary implementation. Bitcoin, Ethereum, and most major blockchains natively support multi-sig.
Established security model: Multi-sig has protected billions in assets since Bitcoin's early days. The security model is well-understood, extensively tested, and has proven resilient.
Cost-effective: Multi-sig wallets typically incur only blockchain transaction fees—no ongoing custody or licensing costs.
True decentralization: Each key holder maintains independent control over their key. There's no coordinator who could be compelled by regulators or hackers to compromise the wallet.
Key Limitations
User experience friction: Each required signer must manually sign every transaction. For organizations with frequent transactions, this creates substantial operational overhead.
Limited recovery options: If key holders lose their keys and you haven't reached your signature threshold, assets become permanently inaccessible. There's no customer service to call.
Blockchain-specific implementation: Multi-sig works differently across blockchains. A solution for Bitcoin won't work for Ethereum, and some blockchains have limited or no native multi-sig support.
Transaction costs: Multi-sig transactions are larger and more complex than standard transactions, resulting in higher blockchain fees—particularly noticeable on high-fee networks like Ethereum.
Key management burden: You're responsible for securing each individual key. If three executives hold keys and all use the same cloud backup service, you've created a single point of failure despite having a "distributed" setup.
How Do You Choose the Right Solution for Your Organization?
The optimal custody solution depends on your specific context. Here's a framework for making the decision:
Choose Third-Party Custodial Services If:
- Regulatory requirements are paramount: You're managing pension funds, registered investment vehicles, or assets for institutions with strict custody requirements
- You lack internal crypto expertise: Your organization doesn't have blockchain engineers or security specialists, and building that capability isn't strategic
- Risk transfer is the priority: You want to shift security liability to an insured, regulated third party
- Transaction frequency is low: You're holding assets long-term as a treasury reserve or strategic investment
- Insurance coverage is critical: Your stakeholders or compliance requirements demand substantial insurance backing
Best for: Public companies holding crypto treasuries, traditional financial institutions entering crypto, regulated investment funds, and organizations prioritizing regulatory certainty over operational control.
Choose MPC Solutions If:
- Operational velocity matters: You're running trading operations, payment systems, or customer-facing applications requiring frequent, fast transactions
- You want control without full responsibility: You're comfortable with technology but want protection against internal key loss or compromise
- Flexibility is valuable: You need sophisticated approval workflows, automated transaction rules, or integration with existing systems
- You're managing multiple assets across chains: MPC providers typically support diverse asset types more easily than maintaining separate multi-sig setups for each blockchain
- You have moderate technical capability: You can evaluate MPC implementations and manage the platform, but don't want to handle raw private key security
Best for: Crypto-native fintech companies, high-frequency trading operations, digital asset payment processors, and technology companies integrating crypto into existing platforms.
Choose Multi-Signature Wallets If:
- Decentralization is non-negotiable: You want no single company or service provider as a point of failure or control
- Transparency is important: You want stakeholders, investors, or the public to verify your security model on-chain
- Transaction frequency is moderate: You're comfortable with the manual coordination required for transaction signing
- Long-term sovereignty matters: You're planning decade-long timeframes and want assurance that no service provider's failure can impact your custody
- Budget constraints exist: You want enterprise-grade security without ongoing custody fees
Best for: DAOs and blockchain-native organizations, long-term strategic Bitcoin holders, organizations with strong internal crypto expertise, and projects prioritizing censorship resistance and autonomy.
Can You Combine These Approaches?
Sophisticated organizations increasingly use hybrid models. According to Fidelity Digital Assets' 2024 Institutional Investor Study, 67% of institutional investors use multiple custody solutions, tailoring their approach to different use cases.
Common hybrid strategies include:
Tiered by asset size: Cold custodial storage for 90% of assets, MPC hot wallet for active trading with 10%
Tiered by function: Multi-sig for corporate treasury reserves, custodial service for client funds (transferring liability), MPC for operational liquidity
Geographic diversification: Different custody solutions across jurisdictions to reduce regulatory and counterparty concentration risk
Transition strategies: Beginning with a custodian during low transaction volumes, gradually transitioning to MPC or multi-sig as internal expertise and transaction frequency increase
What Questions Should You Ask Potential Custody Providers?
Before selecting any custody solution, conduct thorough due diligence:
Security and Operations
- What security certifications do you hold (SOC 2 Type II, ISO 27001)?
- How are keys generated and stored? What hardware security modules do you use?
- What's your disaster recovery process? Where are backup keys stored?
- Have you experienced any security incidents? How were they resolved?
- What penetration testing and security audits do you undergo?
Insurance and Liability
- What insurance coverage do you provide? What's excluded?
- Who bears liability if assets are lost or stolen?
- Are assets held in segregated accounts or pooled?
- What happens if your company fails or is acquired?
Operations and Integration
- What's the typical transaction processing time?
- What approval workflows can you support?
- What API capabilities exist for integration?
- What blockchains and assets do you support?
- How do you handle hard forks or network upgrades?
Regulatory and Compliance
- What licenses and regulatory oversight do you have?
- How do you handle tax reporting and compliance documentation?
- What's your policy on regulatory inquiries or law enforcement requests?
- Are you a qualified custodian under applicable regulations?
Financial and Commercial Terms
- What are your custody fees and how are they calculated?
- Are there minimum asset requirements or holding periods?
- What are transaction fees for deposits, withdrawals, and trading?
- What service level agreements do you provide?
What Does the Future of Institutional Custody Look Like?
The custody landscape continues to evolve rapidly. Several trends are reshaping institutional options:
Regulatory maturation: The SEC's approval of Bitcoin ETFs and ongoing custody rule-making are creating clearer frameworks. Expect increasing convergence between crypto custody standards and traditional securities custody requirements.
Threshold signature schemes: Next-generation MPC protocols using threshold signatures (TSS) offer even better security properties and efficiency than current implementations.
Decentralized custody networks: Projects like Qredo and Coinbase's planned Base network custody features are building decentralized custody infrastructure, attempting to combine the security of multi-party control with the user experience of centralized services.
Embedded custody: Rather than standalone services, custody capabilities are increasingly embedded directly into financial infrastructure—exchanges, prime brokers, and payment networks—creating seamless but secure asset control.
Cross-chain standardization: As institutions hold assets across multiple blockchains, custody solutions that provide unified security models across diverse ecosystems become increasingly valuable.
Making Your Decision
There's no universal "best" custody solution—only the solution best suited to your specific requirements, risk tolerance, and capabilities. The executive leading this decision should consider:
Your organization's risk profile: Are you more concerned about internal mistakes or external attacks? About regulatory non-compliance or operational inflexibility?
Your technical capabilities: Do you have the expertise to self-custody securely, or is that expertise costly to develop relative to outsourcing?
Your operational requirements: How quickly must you access and move assets? How frequently will transactions occur?
Your regulatory context: What do your auditors, investors, or regulators require or expect?
Your strategic timeline: Is this exploratory crypto exposure or a core strategic initiative? Pilot projects tolerate more risk than scaled operations.
The custody decision will likely evolve as your organization's crypto maturity increases. Many sophisticated investors begin with qualified custodians to establish processes and gain experience, transition to MPC solutions as transaction volumes increase, and ultimately implement hybrid approaches optimizing for different use cases.
Whatever path you choose, prioritize security and operational resilience over convenience or cost savings. In an industry where mistakes are permanent and irreversible, the most expensive custody solution is the one that fails.
The institutions succeeding in digital assets aren't necessarily those with the most advanced technology—they're those that thoughtfully match their custody approach to their specific needs, implement it with discipline, and remain adaptable as both technology and regulation evolve.