Decoding Digital Asset Custody

11 min readNov 19, 2020

When it comes to holding digital assets, security is paramount but, until recently, storing these assets in a completely safe way has been incredibly difficult. It is probably safe to say that unsecured digital assets were previously among the easiest assets in the world to steal at scale. Unlike the stars of The Italian Job or Ocean’s Eleven, who mounted full scale heists to steal gold bullion from an armoured van in Italy and cash from three Las Vegas casino vaults, crypto thieves only need to break into an exchange’s servers and copy a few files — and they can do this from anywhere.

Institutional and private wealth investors will not risk owning crypto if their own ‘digital vault’ cannot be safeguarded in the same way their cash, stocks and bonds are.

However, huge developments in the digital asset custody space in recent years have meant that investors can now pick from a multitude of solutions that allow them to secure their crypto assets in custody facilities that are safe, trusted, and regulated. This is paving the way for hedge funds, institutions, and private wealth to enter the market in a meaningful way.

Q9 Capital has invested heavily in this area and has partnered with best-in-class custody and security providers to make their services available for all of our clients. But how do these solutions work and what are the implications for the industry and clients alike?

Methods of Storing Private Keys

Digital asset ownership essentially boils down to two things: public keys and private keys.

A rough analogy for this is a username (the public key) and a password (the private key). The public key is the one displayed on the blockchain. To receive crypto, it’s simply enough for the sender to know your address, making it easy to receive digital assets. However, in order to send assets or access the holdings, verification of your identity is required — this is done using the private key.

It’s worth pointing out that you do not actually store digital assets (i.e. bitcoin) themselves in wallets or other storage devices the way you would keep your physical cash is a wallet. Rather, you just store the private keys which validate their ownership and permit their transactions.

These keys are a unique and complex combination of alphanumerics, which makes them exceptionally difficult to remember. As such, they need to be kept somewhere for safekeeping so that they can be accessed again in the future.

They should be stored in a way that is safe and secure in order to prevent them from being hacked or stolen, or being using to authorise transactions on an investor’s behalf. The keys should also be stored where they or the storage unit (i.e. a computer) cannot be accidentally misplaced, damaged, or destroyed.

Storage solutions come in a number of forms:

Some individuals keep their private keys written down on a piece of paper with a corresponding QR code — however, for obvious reasons, these keys are at risk of being damaged or being lost.

Individuals can also store these private keys offline in self-custody, i.e. on a hard disk or USB that is not connected to the internet and is resilient to malware. As they aren’t connected, this has the benefit of preventing them from being hacked. But the failure or loss of a hard disk are real possibilities, and the subsequent recovery of the digital assets could be impossible.

Online wallets are another potential storage solution but they have also proven susceptible to hacks. The same is true of digital asset exchanges. These exchanges make for fairly obvious targets as they hold lots of customers keys and process thousands of transactions. There are many famous examples of exchanges being attacked and compromised, including that of Mt Gox, where 850,000 bitcoins were stolen. This amount was valued at more than $450 million. It is believed that most or all of the missing bitcoins were stolen straight out of the Mt. Gox exchange hot wallet over time.

Digital Asset Custodians are a new and essential solution to the multifaceted issues of storing keys.

They are operated by third party specialists in technology, infrastructure, security and governance and are specifically designed to prevent the loss of an individual’s assets due to wallet theft, misplaced private keys or other hacks. These custodians play a crucial role in both eliminating any fears that investors may have and in helping bridge the gap between the institutional investment world and the digital asset industry.

What is Digital Asset Custody?

Put simply, a ‘custodian’ is anyone you entrust to secure something for you. In traditional financial markets, a custodian is an institution that provides a secure storage service for securities to minimize the risk of loss or theft. Custodians hold securities in physical or digital form and are usually referred to as custodian banks. In addition, custodians usually handle administrative tasks such as daily asset pricing, the collection of dividends, and expense tracking.

Custodying digital assets, as opposed to traditional assets like cash or securities, is more complex and requires a brand new kind of approach and infrastructure. The main difference is that digital asset custody services no longer concern the simple safekeeping of “assets” but rather the storage of the cryptographic keys that control these assets. Furthermore, these assets are a form of bearer instrument — meaning they do not carry the name of the owner. In other words, if you lose your digital assets or someone steals them, there are no options to get the money back.

Due to the technical challenges involved in securely storing and managing cryptographic assets, third party crypto custodians provide a critically important service. The domain expertise it takes to build such solutions, as well as to design effective governance controls, is crucial to the industry and an important stepping stone between the virtual and traditional banking world.

The big players in this space include BitGo, Kingdom Trust, Ledger and Coinbase Custody. Additionally, some leading financial institutions such as BNY Mellon, Goldman Sachs, Fidelity and Northern Trust have reportedly been exploring crypto custody as a possible addition to their existing service offerings.

Landscape of Global Digital Asset Custody Solutions

How Does Digital Asset Custody Work?

Digital asset custody facilities usually incorporate a combination of two storage methods:

“hot wallets” (online) and “cold storage” (offline). A simple analogy would be to think of cold storage as holding cash and assets deep underground in the vaults of a bank where they cannot be accessed. Hot storage, meanwhile, is similar to holding the cash and assets in a safety deposit box in a room adjacent to the bank’s lobby, making them much easier to access when needed.

Hot Wallets ~

Hot wallets are software systems connected to the internet that allow investors to store, receive and send tokens. This means that the assets are online and ready to be traded, making them capable of greater speed and liquidity.

Being networked, however, means that they are more vulnerable to attacks delivered through the network, which could result in the creation of unauthorized transfers or the potential compromising of the signing keys. Possession of a signing key is the only requirement to move funds. Digital asset investors typically only keep a portion of their holdings in a hot wallet — usually the assets they intend to trade or spend in the near future. The remaining bulk of their assets stays in cold storage until they are needed for specific transactions.

Many of these hot wallets rely on an algorithm called Shamir’s Secret Sharing, whereby a ‘secret’, such as a transaction or a private key, is divided (or ‘sharded’) among three or more distinct parts, which must be reassembled to reveal the cryptographic hash. This is a more robust version of multi-signature protocols because it can be applied agnostically to any distributed ledger.

Cold Storage ~

Cold storage, on the other hand, is “air gapped”. This means the assets are held in a device that has no connection to the internet. This protects the wallet and keys from unauthorized access, cyber hacks, malware and other vulnerabilities to which a system that is connected to the internet is susceptible.

All the transactions can be agreed to offline, and then broadcast to the blockchain network being used. Because the private key does not come into contact with a server connected online during the signing process, even if an online hacker comes across the transaction, they would not be able to access the private key used for it. Cold storage adds a manual step to the process of accessing the assets but, in turn, provides another layer of security.

Most custodians also use a multi-signature approach, meaning that to access and move the assets, multiple parties holding different parts of the private key need to sign the transaction together. Using the bank storage analogy again, this would be similar to both you and the bank manager having separate sets of keys, with both keys being entered and turned simultaneously to open the safety deposit box or the vault. This mitigates against one single point of failure and lowers the risk of unauthorised transfers.

Because of this extra security, offline solutions are generally slower to execute on customer instructions because their key-storage systems can only be accessed at their physical locations. As such, these systems are best suited to long-only and buy-and-hold investors.

Other factors and considerations ~

It is not enough for a storage center to just be “offline”. Governance, regulation, and insurance also play major parts in the role of a digital asset custodian. Human governance, controls, processes and responsibility separation are important parts of a custodian’s overall design and protect against human error or intended theft from a rogue member of staff. They should be set up to disperse the level of control among parties and ensure that no single individual can take over or corrupt that process.

Custodied assets should also be insured against loss, damage, and theft by reputable underwriters and operated under a strict regulatory framework. Many digital asset custodians also provide asset servicing and reporting functionality on top of their core safekeeping offerings.

The Q9 Capital Custody Gateway

However, many of these top digital asset custodian solutions are only available to large institutional investors, meaning that they are out of reach for individual investors who want to go direct and have their assets stored in a truly secure way. Furthermore, when investors are provided with a cold storage offering, they aren’t provided with any options or flexibility about the country or solution they want their keys stored. This is why Q9 Capital has developed an innovative Custody Gateway that provides all our clients with access to state-of-the-art facilities and allows them to diversify their private keys amongst several options.

Enabling trust in digital assets and protecting our customers’ virtual portfolios are core tenets of our business. This is why we have invested heavily in the area of digital asset custody and security, and provide access to top tier, insured, institutional-grade storage solutions. We have a global network of vendors, solutions and custody venues with different geographic domiciles, and our comprehensive suite of hot wallets and cold storage facilities are designed and selected to meet all of our clients’ individual needs and circumstances.

What is the Custody Gateway?

The Q9 Custody Gateway is a first-of-its-kind custody solution that provides clients with the choice of where and how their digital assets are stored. We provide clients with a range of secure, comprehensive, and institutional-grade offline (cold) and online (warm) storage solutions to choose from.

Clients are able to nominate the location/jurisdiction where their private-keys are stored and between different providers and technology solutions.

This means Q9 clients are able to select the right custody solution based on their personal and financial needs and circumstances. Clients also have the benefit of being able to easily move their assets between the different options.

Total Control of Your Assets

The Custody Gateway provides you with total control of where and how your assets are stored — including technology and location. This provides you with flexibility and allows you to diversify, manage risk and protect your assets.

Having options is extremely important when you hold digital assets. If regulations, economic policies or your personal circumstances change for any particular reason, you are able to move your assets to another country or facility — seamlessly and easily.

For example, you may not want to have assets stored locally, or there could be an issue with the country where your assets are stored such as a political crisis or natural disaster.

We also safekeep your assets in trust for future generations and treat your holdings like regular financial assets or securities, meaning they will be part of any inheritance planning and probate. This would not be the case if you kept your private-keys on a USB stick or written down on paper.

How does the Custody Gateway Work?

Once clients open an account and deposit digital assets in the Q9 warm wallet they can then allocate to cold storage and route their assets to either the USA or Internationally (split between the USA, Switzerland and Singapore).

In just a few clicks you can easily switch between different storage options and we will take care of the rest.

We are in the process of adding new custody locations and additional features for you to choose from.

Integrated Custody, Asset Mobility and Storage Choice

Q9 Capital Custody Benefits

Safe, secure trusted partner
Route and diversify assets.
Choose location, legal jurisdiction and technology solution
Access to institutional grade custody solutions
Advanced vendor due diligence
Comprehensive suite of facilities
Custodians insured against loss or theft
Strong governance and processes
Pre-negotiated wholesale rates

Vendor Due Diligence

Having a deep understanding of how custody technology works is one crucial aspect of managing digital assets. However, every third-party storage facility also has a unique infrastructure and operational framework. Because of this, we also assess our partners against an extensive set of criteria that covers all the qualitative aspects of a custodian’s business. These include:

governance
processes, people, procedures
location and regulation
insurance for loss, damage, destruction, or theft
3rd party auditing
costs and charges
user experience
reporting capabilities

We have also developed our own internal systems, workflows, processes and governance framework built around industry best practice to ensure that there is no single point of failure on either side.

Conclusion

Managing the complex processes and multiple interfaces associated with buying and storing digital assets can be an intimidating undertaking for even the most experienced investor, let alone private individuals managing their own digital portfolios. Q9 Capital has built a simple and secure platform designed to alleviate the many pain points of digital asset ownership and to provide investors with the flexibility needed when holding private-keys. We partner with best-in-class infrastructure providers and provide our clients with a safe and secure way to store their assets.

___________________________________________________________________

Q9 Capital www.q9capital.com is a full-service digital asset platform delivering a private wealth experience direct to individuals and institutions. We combine cutting-edge trading capabilities with innovative products and personalised service so you have fast, simple and safe access to the decentralised financial economy. We directly provide clients with OTC trading, Custody Gateway and coming shortly Leveraged Trading, Fixed Income, Structured Products and Tailored Solutions, all via a single online platform. Q9 is backed by the Henyep Group www.henyep.com , a diversified global financial conglomerate with +40 years of operational history.

Contact us at info@q9capital.com

www.q9capital.com

Sources