Digital asset custody: What can possibly go wrong?

“Not your keys; not your assets.” Is this true of all digital assets?

Private keys are multi-digit numbers which investors entrust to digital asset custodians under a power of attorney. If the private keys to a digital asset are stolen from the custodian, the extent to which the thief has stolen something that they can turn into money varies by asset type. “Native” cryptocurrencies and tokens are indeed lost, with illicit proceeds run through “mixers” or “tumblers” that help hackers hide the trail of transactions by associating them with unrelated funds. Non-native security or real-world asset (RWA) tokens, on the other hand, are protected by the continuing existence of the underlying assets, so the registration function enables the missing token to be burned and a replacement minted. 

How are digital asset custodians managing “not your keys; not your assets” risk?

Multi-signature (“multisig”) wallets are the most common solution. By requiring two or more private keys to sign off on any transaction, they increase the security of the funds stored in the wallet. Multisig processes work fast enough not to disrupt the market by slowing transactions down, and regulators see them as a useful way for independent custodians to manage, on behalf of institutional investors, the critical source of failure in digital asset markets. The real challenge for custodians (and regulators) is how to mitigate the same risk for retail investors, most of which continue to self-custody. Though apps are now available which obviate the need for cold storage in a locked vault, private keys remain vulnerable to the hacking and theft of mobile telephones. It is a good example of how digital assets change the form (theft of a wallet on a mobile phone) rather than the substance (theft of a physical wallet) of safekeeping risks. Retail investors remain resistant to third party custody because being able to transfer value without the intermediation of a financial institution is a foundational principle of the blockchain industry. Eventually, private keys will be built into the retail user experience of apps in the same way that anti-virus software is now built into computers.

Which matters more in risk mitigation: technology or processes and procedures?

Though much time, money and effort are expended on auditing what is novel about digital assets – such as smart contracts and the private key ceremonies used to generate and distribute private keys securely – the main source of vulnerability is not the blockchain technology. Indeed, the traditional assets safekept by traditional global custodian banks would benefit from the protections blockchain technology affords digital assets.  Customer asset protection processes and procedures are more important. Here, digital asset custodians can and should follow the precedents set by the traditional custody industry. Making a single individual responsible for approving transactions, for example – as a number of digital asset custodians have proposed - is not a good idea. There is another reason to implement sound processes and procedures to approve transactions. They are now audited and reviewed not just by issuers and investors but by insurers when providing Directors and Officers (D&O) liability insurance as well as theft cover for customer assets. Firms with excellent processes and procedures pay less for insurance.

Do digital asset custodians have to manage entirely new risks?

Yes and no. At a private key generation ceremony, for example, what matters is not what happens but whether the people at the ceremony are trustworthy and will not steal the keys as they are generated. Which is not unlike checking the individuals given access to a bank vault full of physical securities. The 80:20 Rule applies. Four fifths of the risks digital asset custodians must mitigate and manage are familiar from traditional custody, and the remaining fifth are familiar risks that manifest themselves in unfamiliar ways. In other words, the experience of traditional custodian risk managers is entirely relevant to digital asset custody.

Smart contracts are often identified as a truly novel risk. Are they?

Yes and no. Smart contracts are hackable and offer rewards that are attractive to criminals in the same way as many conventional assets. They are vulnerable at the point where value is being transferred, and not just where value is being held in custody, but the same is true of conventional settlements. However, smart contracts are self-executing agreements written in code and embedded in blockchains. This means that, unlike traditional corporate code, once a smart contract is issued on to a public blockchain, it can be accessed by anyone, including bad actors that seek to exploit coding flaws to steal funds. Once issued, a smart contract is also unchangeable; it cannot be upgraded. This is why smart contracts are audited before launch, to check their code, logic and security measures and fix any potential vulnerabilities before the contract is deployed, but this protection is not foolproof. Smart contracts also execute on receipt of information received. If that information is out-of-date or corrupted or prepared by a calculation agent whose methodology is not standardised, this could create losses and subsequent litigation. In addition, the main reason that smart contracts appeal to issuers - they dispense with costly intermediaries – is also their greatest weakness. If something goes wrong with a smart contract there is no intermediary, such as a broker, paying agent or escrow agent, to sue for recompense.

Should the industry persist with smart contracts?

Smart contracts have yet to optimise how they are governed. But solving the governance problem has enormous potential value, because smart contracts can automate operational processes that are inefficient and expensive. The insurance industry could use smart contracts to automate documentation, credit and funds checks. In the securities and trade finance industries, linking smart contracts to digital identities could transform transaction reporting. Legal certainty would make it easier to broaden the use of smart contracts in operational automation because it would mean all parties to a smart contract are agreed on the source of the information that triggers a pay-out, what should happen if that source fails and what should happen when a trigger event occurs. Ultimately, legal certainty means beneficiaries will always be entitled to their pay-outs, irrespective of the technical performance of the smart contract. If a smart contract is designed well enough to deal with multiple eventualities algorithmically, and all parties to the contract are aligned on a single interpretation of how those eventualities will eventuate, it can add efficiency to operations. But there remains a risk of an unexpected event that even the best-designed smart contract fails to anticipate, just as issuers of Collateralised Debt Obligations (CDOs) and their investors failed to anticipate the events of 2007-08. This risk is especially high with such an immature instrument as a cryptocurrency. It is amplified by the fact that the same smart contract function can be processed differently on different blockchains, creating legal as well as practical uncertainty as to who owns what and who owes what when something goes wrong.

Staking is often identified as another truly novel risk in digital asset custody. Is it?

No. Staking is analogous to re-use of securities for lending or financing purposes, in which an asset is put at risk to generate a return. Many digital asset custodians see staking as a potentially useful revenue stream while they wait for tokenisation of securities and funds to accelerate. But potential buyers of the service are inhibited by uncertainty about the consequences if a staking investment goes wrong. Documentation has not yet settled whether custodians are acting in a fiduciary capacity and assuming liability for any losses or on a title transfer basis, in which the investors own nothing but an unsecured claim. Decentralised apps (DApps), which run autonomously through smart contracts on Decentralised Finance (DeFi) networks, will struggle to attract institutional support as long as investors lack trust in the ability of smart contracts to secure entitlements and ownership. That lack of confidence reflects a lack of confidence in the legal underpinning of DApps and the smart contracts they rely on to clarify who owns and owes what when something goes wrong. This matters when the number of digital asset custodians that offer or are planning to offer staking services is increasing.

Are data hacks a risk in digital asset custody?

Yes. Digital asset custodians collect a lot of personal and corporate information about their customers when conducting due diligence as part of the on-boarding process. Hackers do steal this information, which then allows criminals to attempt social engineering frauds in which they exploit the knowledge they have stolen. These are the same as the phishing, vishing and SMShing emails, text messages and telephone calls that follow hacks of any database that contains customer information.

Do institutional investors have different expectations of digital asset custodians? 

No. Investors seek the same benefits from a digital asset custodian as they do from a traditional custodian. They want their assets safekept from loss, theft and fraud; to be made whole if assets go missing; their entitlements, such as interest and dividends and distributions, collected; their transactions settled; to obtain additional earnings from lending or re-using assets in custody; to remain in compliance with relevant laws and regulations; and to be insulated from the operational, technological and technical complexities of obtaining these benefits. Much of what sounds novel is in fact familiar. An “air drop” or a “fork,” for example, is a corporate action, and investors will find their custody agreement is a good guide to how their custodians will treat them.

How do retail investors choose digital asset custodians?

Retail investors in cryptocurrencies tend to entrust their assets to the cheapest service provider. This gives the cryptocurrency exchanges where retail investors buy and sell cryptocurrency a distinct advantage. Many exchanges still commingle proprietary and customer assets rather than segregate them. There are incentives to commingle, especially lower “gas” fees to settle transactions. Commingling is also what enables exchanges to offer retail investors low prices for custody. But it puts customer assets at risk if the exchange fails. Though regulations such as the European Union (EU) Markets in Crypto-Assets Regulation (MiCAR) do aim to ensure that assets are segregated, there are no independent due diligence agents capable of empowering retail investors to choose custodians on an informed basis.

Are regulators also treating digital asset custodians in the same way as traditional custodians?

Yes. MiCAR, for example, regulates cryptocurrency custodians as Crypto-Asset Service Providers (CASPs) in much the same way the EU regulates traditional custodians. The focus on authorised entities, prudential requirements, governance, asset segregation arrangements, authorised sub-custodians and insolvency regimes are familiar. MiCAR also makes custodians liable for actual losses of customer assets attributable to them, but this is in line with the obligations EU-based custodians assume in the mutual and hedge fund sectors. Where regulatory approaches might move away from past practice is in confronting issues not previously experienced, such as an “air dop” or “fork” or smart contract that goes wrong.

Is there a risk that the courts will treat the role of a digital asset custodian differently from a traditional custodian?

The courts will expect custodians to protect the assets of customers in the same way that they expect traditional custodians to protect conventional forms of property. They will assess whether the custodial relationship is a pledged or title transfer one, whether and how the assets were segregated, where the custodian is based, what sub-custodians were used and so on. So the principles the courts will apply in tracing responsibility are familiar. The issues that are likely to arise with digital asset custody are not entirely novel and they will be addressed in completely traditional ways. Case law on “forks,” for example, is already quite developed in the United States, though less so in the United Kingdom.

What are the fundamental requirements that investors should seek from any digital asset custodian?

At a high level, proper due diligence on a digital asset custodian should focus on five issues. These are ensuring that private keys are kept securely, customer asset segregation arrangements are appropriate, records of client transactions and assets are kept, private and public records of customer assets are reconciled, and contractual arrangements maximise protection of customer assets. These considerations apply equally to traditional custodians. Yet the temptation to make unreflective comparisons between digital and traditional custody offerings should be resisted. In digital asset custody, the risk-reward ratio of the choices an investor makes is much higher than in traditional custody. It is easier for a traditional custodian to offer a keen price because costs can be spread over a much larger volume of business. The same is not true of the as yet relatively small digital asset markets. Nor is blockchain technology as mature or as thoroughly tested as conventional technologies. This affects the safety of services such as staking as well as safekeeping services. Not all digital asset custodians are equally equipped to look after any type of digital asset either. A buy-and-hold investor needs a different service from an investor that trades cryptocurrencies round-the-clock across multiple venues, necessitating continuous movements of collateral. Innovation is constant too, and the ability of custodians to keep abreast of innovations in digital assets will vary.

What are the legal and regulatory priorities for buyers of digital asset custody services? 

If a custodian fails, the first consideration is location. Digital asset custodians do engage in regulatory arbitrage, and buyers must be mindful of the risks. Even if the custodian is ostensibly located in the United Kingdom, assets may be held by a sub-custodian in Bermuda, which means the insolvency proceedings will take place in Bermuda. The second consideration is the custody agreement: What does it say will happen to the assets if the custodian fails? Wherever the assets have ended up, the courts must proceed from where they should be rather than where they are. Obviously, a respectable jurisdiction with a higher cost of compliance, such as Switzerland or a major EU member-state that has implemented MiCAR and accepts supervision by the European Securities and Markets Authority (ESMA), implies that the provision of a digital asset custody service will cost more. But in principle a successful draft custody agreement must seek to maximise legal customer asset protections, even if they cost more. The third consideration is what the custodian can do to the customer. A customer acting on their own account is in a less vulnerable position than one acting on behalf of third-party clients. If a third-party client is a money launderer or financier of terrorism or a sanctions evader or a criminal, the custodian will have claims against the customer. If the custodian is based in a jurisdiction where it is incentivised or comes under regulatory pressure to freeze customer assets, that can lead to a loss of control by the customer.

What sorts of losses have customers of digital asset custodians incurred so far?

Losses are not visible until they are large. Custodian banks are hacked every day but absorb small losses. Even large losses are never fully explained. It follows that the best way to manage the risk of assets being lost is to appoint a regulated custodian backed by a major bank that subscribes to industry-wide customer asset protection insurance programmes and, if these fail to make customers whole, that is also capable of absorbing unexpected losses on its own balance sheet.