top of page

The Imperative for Institutions to Control Their Own Digital Asset Destinies

  • Lior Lamesh
  • Jul 20, 2023
  • 4 min read
Digital Asset Custody cover with "The future looks like the past." Blue diagram, charts, and "DIGITAL WALLET" text on a pale green background.


An article by GK8


Written by Lior Lamesh, Co-founder & CEO at GK8


The collapse of FTX and the ensuing banking crisis have shaken the foundations of the financial world, exposing vulnerabilities in the current digital asset landscape. In an era characterized by turmoil and mistrust, institutions are left grappling with a fundamental question: How they can truly safeguard their digital assets? A pervasive sense of fear has prompted a critical examination of existing practices. For many institutions, it has become increasingly evident that relying on exchanges and third parties to safeguard their digital assets is no longer a viable option.


As the institutional adoption of cryptocurrencies surges, so does the interest of cybercriminals. The realm of digital assets has become a playground for hackers, where anonymity and decentralization can be both a blessing and a curse. Experienced hackers view this landscape as a profitable opportunity. Seeking the most lucrative returns on their investments, hackers are increasingly targeting points of centralization such as exchanges, bridges, and smart contracts.


Amidst this climate of uncertainty, the interest in self-custody solutions is growing amongst retail investors and institutions alike. Both recognize the imperative of taking control of their digital asset destiny. However, navigating the landscape of custody solutions presents a variety of challenges. Choosing the right approach to manage and secure these assets is not an easy task. The options boil down to two distinct categories: hot wallets and cold wallets.



Cold Wallets


Cold wallets or vaults offer enhanced security by keeping private keys offline, thereby significantly mitigating the risk of cyber-attacks. Cold wallets, like vaults, are primarily used for custody or for low-frequency, high-risk transactions and interacting with smart contracts or staking functions.


Cold vaults often employ additional security technologies such as Hardware Security Modules (HSMs). However, it is important to note that these HSMs are often supplied by a third party and rarely purpose-built for blockchain technology. The provider of the HSM becomes yet another vendor on which the institution must rely for service and support.

The Achilles Heel of Cold Wallets - Crypto transactions need unique, real-time data from the blockchain to be signed and validated. In other words, almost all ‘cold solutions’, whether connected by LAN cable, Bluetooth, USB, or QR code and camera, need to connect to the network to pull this data. This means that most ‘cold’ wallets are not really cold, because at some point they need to go online, and the minute they connect is when ‘cold’ becomes ‘hot’. This connectivity is their ‘single point of failure’ and prevents them from being 100% secure.



Cold Vault Options diagram with icons: B2C Products (Micro USB Cable), HSM (Ethernet Cable), Air-Gapped (DOK/SD Card/QR code).


Hot Wallets


Hot wallets, by definition, are connected to the internet and hence, vulnerable to attack. To mitigate risk, these hot wallets use more advanced technologies such as multi-sig or MPC (multi-party computation). Their benefits include remote operation and automation. Hot wallets, like ATMs, are better suited for high-frequency, low-risk transactions.



Multi-sig (multiple-signature) wallets


Multi-sig, originally created to enable account sharing and approval, has been transitioned into a security instrument for crypto transactions. Multi-sig systems require ‘quorum’ approval for a transaction to be signed. While the ‘quorum’ depends on the policy decided upon by the client, popular multi-sig solutions require a majority of 2 out of 3 signatories for a transaction to be approved.



MPC (Multi-Party Computation) solutions


MPC has been widely adopted in the blockchain industry over the last few years. MPC utilizes a technology that uses algorithms and multiple servers to generate a private key in such a fashion that no one server hosts the entire private key at any point. Similar to multi-sig, MPC also requires a minimum number of cosigners to be involved in any signing ceremony.



Infographic of three hot wallet options: Basic, Multisig 2/3, and MPC 2/3. Each with icons illustrating connections and key security texts.

Both solutions suffer from similar critical vulnerabilities


  1. More difficult is not impossible - while hacking more than a single computer is more difficult, it is not impossible. Majority approval policies mean that cybercriminals need to hack, 2 of 3 signatories. That is why ‘hot solutions” are more suited to transactions than custody.

  2. Performance implications - In both systems, the more signatories required - the more resources required. Therefore, standard multi-sig/MPC networks don’t exceed 3-4 co-signatories because of performance implications and compute resources.

  3. Both solutions are ruled by a policy engine that defines processes and procedures, such as transaction caps, hierarchies, whitelists, and more. If a hacker is able to compromise the system housing the policy engine he can change the policy and siphon the funds.



The Need for a Multi-Tiered Solution


While each self-custody technology offers unique advantages, a multi-tiered solution combining both hot and cold technologies provides a comprehensive approach to balancing security and agility. When paired with a granular, state-of-the-art policy engine, with robust quorum policies, institutions can manage their crypto as they do their fiat. Digital asset insurance adds another layer of security and peace of mind. 


In the ever-evolving digital asset market, the imperative for institutions to seize control of their own destinies through the adoption of self-custody solutions cannot be overstated. Beyond the security considerations, self-custody empowers institutions to enhance operational and capital efficiencies. Equally noteworthy is the ability to leverage the custody infrastructure to unlock additional revenue streams, including custody as a service, staking, tokenization of tradtional assets, NFT custody, and participation in decentralized finance (DeFi) opportunities. 


The future of digital asset custody lies in robust, secure, and adaptable solutions that empower institutions to safeguard their assets while embracing the opportunities of the digital age. 


For more information:




For more information contact@gk8.io//










bottom of page