The future of digital asset custody: Building trust at scale

The digital asset market recently grew to over US$3 trillion,¹ comprising thousands of crypto assets and increasingly tokenized securities. Events like the launch of listed Bitcoin futures contracts on the Chicago Mercantile Exchange in 2017 and US crypto exchange-trade products in 2024 have catalyzed ever greater institutional interest. Our most recent digital asset client survey² underscores this trend, with two-thirds of respondents likely to increase their allocation to digital assets in the next five years.

This growing exposure, however, hinges on one critical factor — trust. Large financial institutions will only deploy funds at scale if they are confident those assets are safe. In traditional finance, robust custody arrangements have long underpinned trust by safeguarding client assets. The same standard will be expected for digital assets as secure, reliable custody will be essential to institutional adoption. Without strong custody solutions, institutions risk hacks, loss of funds and legal uncertainty, all of which will undermine confidence.

This article explores the current challenges in digital asset custody models and why the future growth of digital assets depends on the emergence of bank-grade custody frameworks to protect investors and scale with the market.
 

Challenges with current digital asset custody models

As institutions deepen the extent of their interaction with digital assets, they often encounter an ecosystem of custody options that fall short of the standards expected in traditional finance. The following digital asset custody models typically exist — holding assets on exchanges, self-custody or using crypto-native custodians — but each has exposed serious weaknesses. Understanding these pain points is key to diagnosing what needs to change.
 

Exchange custody: Hard lessons from FTX and a history of exchange hacks

Many investors initially stored digital assets on crypto exchanges, which combine execution and custody under one roof. However, recent failures revealed the dangers of such a model. The collapse of FTX in 2022 serves as a pertinent example. As a leading exchange, FTX held billions in client assets, but as we learned through its bankruptcy, those funds were commingled and misused (via Alameda Research) with relatively limited oversight. An estimated US$10 billion³ in client assets went missing; a catastrophic breach of trust enabled by the absence of basic protections like asset segregation. It was subsequently revealed that gaps in oversight allowed FTX to misappropriate customer funds at will, with no independent custodian or audit to prevent it. This scandal underscores the core problem of exchange custody: Clients can effectively become unsecured creditors of the exchange, reliant on its internal controls and honesty. If those fail — through fraud or poor risk management — customers can be left with nothing.

Even when outright fraud isn’t the issue, exchanges are vulnerable to cyberattacks and operational lapses. A recent example is the Bybit hack⁴ in February 2025, in which hackers (reportedly the North Korean Lazarus group) stole approximately US$1.5 billion of crypto — one of the largest exchange thefts ever. According to Bybit’s forensic report,⁵ attackers compromised an external wallet platform (Gnosis Safe) and tricked exchange staff into blindly signing a malicious transaction. Such incidents are unfortunately not rare in the history of crypto. From Mt. Gox in 2014, Bitfinex in 2016, to Coincheck in 2018, exchange hacks have repeatedly demonstrated the precariousness of keeping assets on trading platforms.

Some exchange operators prioritize liquidity and speed over security, and many operate in lightly regulated jurisdictions. The result is a track record of poor risk controls and inadequate consumer protections. Customers on these platforms typically lack clarity on whether their assets are segregated or insured, and they have little legal recourse if the exchange fails. The exchange custody model has proven fragile. These events erode trust and reinforce why institutions are wary of entrusting large sums to unregulated exchanges.
 

Self-custody: Operational burdens and key management risks

Some institutions may consider self-custody, meaning the institution holds its own private keys (often in hardware or secure storage) without relying on third-party custodians. Self-custody offers direct control, which is an appealing notion in crypto’s ethos of “be your own bank.”

For an individual, controlling your own wallet can indeed reduce reliance on intermediaries. But for institutions, self-custody introduces significant operational complexity and risk. Managing cryptographic keys at scale is a non-trivial task. It requires specialized hardware, secure facilities, trained personnel and robust internal risk management protocols to avoid loss or theft. Unlike typical traditional assets, a lost or stolen private key can mean irrecoverable loss of funds reflecting the bearer nature of the asset.

As institutional digital asset portfolios grow, the challenges of scaling self-custody become apparent. Self-custody solutions may also have limitations in supporting the trading and operational needs of institutions. Fast-moving trading strategies, for example, can be hampered by the slower access and strict procedures needed to manually manage keys in cold storage. Likewise, maintaining 24/7 security monitoring against global cyber threats is a heavy burden for a non-specialist firm. There is also the human factor — the risk of employee error or insider malfeasance when relatively small internal teams handle private keys.

Many institutions lack the in-house expertise and infrastructure to manage these risks effectively. While self-custody may satisfy ideological purity, it can be impractical in large-scale adoption. It places the full weight of security and fiduciary responsibility on the investing institution itself, which is a daunting proposition if something goes wrong. An asset manager that self-custodies on behalf of clients could face devastating liability if a hack or mistake leads to loss of funds, with no external well-capitalized custodian to compensate for losses. While some tech-savvy funds try self-custody, many institutions will likely view this as too risky and cumbersome. They would rather entrust assets to a specialist custodian with the systems and insurance to protect those holdings — provided that custodian can be trusted.
 

Crypto-native custodians: Progress and pain points

Between exchanges and pure self-custody, a middle ground emerged in recent years in crypto-native custodians. These are firms dedicated to holding digital assets on behalf of clients, often employing advanced technologies like air-gapped hardware security modules, multi-signature wallets or multi-party computation (MPC) to secure private keys. Notable examples include independent custodians (e.g., Anchorage, BitGo) as well as segregated services offered by crypto companies (e.g., Coinbase Custody, Gemini Custody). In theory, these custodians address many exchange and self-custody issues as they focus on safekeeping only (no commingled exchange business) and offer professional key management so the institution does not have to. Early crypto custodians attract significant business from hedge funds, family offices and even some banks as subcustodians.⁶ However, this model faces serious challenges, revealing that not all custodians are created equal.

One set of issues is operational failures and security incidents at crypto custodians, stemming from technology vulnerabilities or mismanagement. BitGo, one of the pioneering crypto custodians, was involved in a high-profile incident⁷ with the exchange Bitfinex. Bitfinex relied on BitGo’s wallet technology, yet in 2016 the exchange was hacked for 119,756 BTC (worth approximately US$66 million at the time) despite the multi-signature setup. Investigations later suggested that Bitfinex had not implemented all the security controls recommended by BitGo. In other words, the custody technology provider’s safeguards were only as good as the exchange’s adherence. This incident exposed a weakness. If a crypto custodian’s client (like an exchange) bypasses or misconfigures the controls, even robust technology can be undermined. It also highlighted the lack of regulatory oversight at the time. No regulator ensured that Bitfinex followed proper custody practices, unlike in traditional finance where a bank’s custodian operations are periodically examined.

Custody technology itself can have flaws, as shown by a recent vulnerability disclosure⁸ involving Fireblocks (a digital asset custody technology provider) and BitGo. In late 2022, researchers at Fireblocks discovered a critical vulnerability in BitGo’s threshold signature wallets for Ethereum, which could potentially allow an attacker to extract private keys with a relatively simple attack. Fireblocks demonstrated the exploit and alerted BitGo, which patched it in 2023. While no funds were reported lost, the episode proved that even leading custodial software could be exposed to undiscovered bugs, putting client assets at risk. Crypto custody technology is still maturing. While newer cryptographic methods like multi-party computation (MPC) show promise, they require rigorous peer review and testing. Without industry standards or regulatory certification of custody solutions, institutions often have to trust the vendor’s word, which is not always reassuring.

Beyond technology, governance and financial stability prove to be Achilles’ heels for some crypto-native custodians. A stark example is the downfall of Prime Trust,⁹ a US custodian that many crypto startups and exchanges relied on for fiat and crypto custody. Prime Trust, chartered as a trust company in the state of Nevada, collapsed in 2023 due to severe mismanagement. Court filings revealed Prime Trust “lost access” to certain cryptocurrency wallets (meaning it lost the private keys) and subsequently used customer money to buy crypto to cover the shortfall. The firm ended up with an US$82 million liability to clients and only US$68 million in digital assets under custody, rendering it unable to honor withdrawals. Nevada regulators intervened, declaring Prime Trust had “materially and wilfully breached its fiduciary duties to its customers by failing to safeguard assets.” The company was placed into receivership and shut down.

This saga highlights multiple points of failure, including poor operational controls (losing keys), lack of asset segregation (commingling customer funds to backfill losses) and insufficient capital or insurance to absorb the loss. It also underscores the variance in regulatory oversight among jurisdictions. Prime Trust operated under arguably more permissive Nevada authorities, and problems went unchecked until it was too late, whereas a similar breakdown might have been caught earlier under a stricter regime. The Prime Trust case sent shockwaves to many crypto businesses that had assumed a regulated trust company would be a safe custodian. It reinforced the notion that not all regulated custodians are equal, and the quality of oversight truly matters.

Even top-tier crypto-native firms are not immune to missteps. Coinbase, which provides custody to institutions alongside its exchange, suffered from similar incidents. In 2021, over 6,000 customer accounts were compromised due to a flaw in its two-factor authentication (2FA) process.¹⁰ Hackers exploited a vulnerability in Coinbase’s SMS-based 2FA to bypass login security, resulting in thefts from thousands of accounts. More recently, Coinbase was also hacked, which is expected to result in financial impact exceeding US$400 million.¹¹ The hackers bribed customer service representatives based in India to steal client data. However, In both instances it is noted that Coinbase made commitments to make customers whole, but the events are a reminder that even well-resourced companies can have security oversights — in this case, weaknesses that a bank might have identified in routine IT audits and regulatory oversight. The incident tarnished Coinbase’s otherwise strong reputation and illustrated why many institutions still perceive crypto-native firms as having a more startup mindset and risk profile, with growing pains that can directly impact client assets.

Crypto-native custodians made important strides to bring professional custody solutions to the digital asset market. Firms like Anchorage, Coinbase Custody and Gemini Custody have developed secure storage technologies and processes, and many now carry insurance policies to cover certain losses. However, the sector as a whole experiences repeated tests and some high-profile failures — from security breaches to operational collapse — revealing an underlying need for stronger governance. Common weaknesses include patchy regulatory oversight (state-level, off-shore or none at all), less mature risk management frameworks, limited capital buffers and uncertain legal status of assets in bankruptcy. These challenges prompt calls for higher standards. As the industry learns from these lessons, attention is increasingly turning to a model long trusted in traditional finance — custody by regulated banks.
 

Bank custodians provide a foundation of trust

Given the apparent shortcomings, institutional investors and regulators alike recognize that regulated banks could dramatically improve trust and safety in digital asset custody. Banks are, of course, the original custodians. For centuries, institutional assets from securities to gold have been held by banks or trust companies subject to rigorous laws and oversight.

Bringing that pedigree into the crypto realm offers several clear advantages:

• Robust regulatory oversight and compliance: Banks operate under strict regulatory supervision. In the US, for example, a crypto custodian operating as a New York trust company or a national bank is subject to oversight by regulators like the New York’s Department of Financial Services (NYDFS), the Federal Reserve/Office of the Comptroller of the Currency (OCC), and annual examinations. Regulators impose detailed rules on how custody must be conducted. Notably, NYDFS — which has one of the most demanding crypto regulatory frameworks — explicitly requires licensed custodians to protect customer assets, maintain detailed records and avoid false or misleading representations. In early 2023, NYDFS issued guidance¹² reiterating that customer crypto assets should remain the property of the customer and be safeguarded as such. In short, a bank-backed custodian cannot easily play fast and loose with customer funds without breaking the law. By contrast, Nevada’s more relaxed regulatory environment allowed Prime Trust to operate with far less scrutiny until it was insolvent. Regulators also enforce comprehensive compliance programs (Know Your Customer/Anti-Money Laundering, operational risk, audits) to create a culture of accountability. The difference is evident. When Anchorage Digital Bank (a crypto-focused bank) showed compliance deficiencies, the OCC promptly issued a consent order¹³ requiring improvements — a level of enforcement not often seen in the unregulated crypto custodian space.
• Asset segregation and fiduciary duty by design: A hallmark of bank custody is that client assets are segregated from the bank’s own assets and safeguarded under fiduciary responsibility. Regulations in jurisdictions such as the United States and United Kingdom mandate this segregation to protect clients. For instance, the UK’s Client Asset Sourcebook (CASS) requires custodians to segregate client assets, so that they are not part of a firm’s estate if it fails. The Financial Conduct Authority is now considering to apply these same CASS principles to crypto custodians,¹⁴ emphasizing clear ownership records and wallet segregation for clients’ coins. In the US, regulators similarly expect crypto custody to mirror securities custody practices — meaning the custodian holds assets for the benefit of the client, not as an owner. The NYDFS guidance emphasizes that equitable and beneficial interest must always remain with the customer for virtual assets in custody. Practically, this means a regulated bank or trust custodian cannot legally use or pledge client crypto for its own purposes; those assets should be bankruptcy-remote. This stands in sharp contrast to incidents like FTX, where lack of segregation enabled abuse. Banks are structurally geared to meet such standards; separating client accounts and upholding fiduciary duty is in their DNA and legally enforced. This provides stronger assurance to clients that their assets won’t go missing in a corporate failure.
• Loss-absorbing capital and insurance: Unlike thinly-capitalized startups, banks are required to hold significant capital reserves precisely to absorb losses and protect clients. They undergo capital adequacy assessments (e.g., Basel standards) and maintain buffers that crypto custodians have not historically needed to. Additionally, banks often carry extensive insurance and can secure supplementary coverage for digital assets. Some crypto custodians do carry private insurance, but insurance markets for crypto remain nascent and often exclude certain events. A large bank can leverage its balance sheet and insurer relationships to obtain broader coverage. Moreover, a bank with a diverse balance sheet and revenue streams is far less likely to suddenly go bankrupt than a single-purpose crypto firm — providing clients more confidence in the custodian’s solvency. When problems occur, banks have the capital to make customers whole in many cases, or at least regulators can facilitate an orderly resolution (e.g., transfer of custody to another institution). Crypto investors learned the hard way that many native custodians had no such backstop. When they failed, customers simply became unsecured creditors. The bank model, by contrast, is built on absorbing shocks. Requiring well-capitalized custodians is key to ensuring one loss doesn’t cascade into customer losses and broader financial instability.
• Mature risk management frameworks: Banks bring substantial experience in risk management, internal controls and corporate governance. They must implement multi-layered security controls (often scrutinized by regulators and external auditors) including cyber and operational risks. For digital asset custody, banks can integrate those controls — e.g., strict dual controls for private key access, robust transaction monitoring, independent internal audit reviews, etc. It is common for banks to have independent second and third lines of defense, such as risk management and audit functions, overseeing activities undertaken by the business. This level of organizational maturity helps detect issues early and prevent the kind of lapses that felled crypto companies. A culture of risk management also means transparency and reporting. Clients can receive independent System and Organization Controls reports or audit attestations from credible parties about how their assets are handled. Banks are accustomed to such scrutiny, whereas many crypto firms are opaque. The difference was illustrated in how FTX and others operated in a near audit vacuum, whereas a bank-regulated entity is subject to ongoing supervision and exams that enforce discipline. As a result, institutional clients are more likely to feel comfortable with a bank’s processes. In practice, this means robust risk controls are not just for show; they directly translate to fewer incidents and greater uptime and reliability, all of which build trust.
• Regulatory clarity and legal recourse: Banks operate in a world of well-defined legal frameworks, which can greatly reduce the uncertainty for institutional crypto investors. Questions like, “If my custodian goes bankrupt, will I get my assets back?” or “What happens if there is a fraud or hack?” are more readily answered when a reputable bank is the custodian. In the US, crypto held at a bank in custody is typically not considered part of the bank’s assets. There is growing legal clarity that such assets are held in trust for the client. The NYDFS explicitly notes that under its regime, customers retain beneficial ownership of custodial crypto, which implies strong claims in insolvency. If something does go wrong, a regulated financial institution offers clear avenues for recourse. Customers can complain to regulators, seek restitution from insurance or the institution’s capital and trust a resolution process (administration/receivership) will treat them equitably. The contrast with unregulated crypto custody is stark. In cases like Celsius or unlicensed exchanges, customers ended up entangled in complex bankruptcy proceedings¹⁵ with uncertain outcomes. Simply put, legal frameworks and enforcement are crucial components of trust. When institutions know the rules of the game and that those rules are enforced by authorities, they are far more willing to participate. Bank custody provides that clarity.

In combination, these strengths make a compelling case that regulated bank custody is the path to scale for institutional crypto. None of this is to say banks are perfect or they will eliminate all risk. Cyber threats, for instance, remain a reality, and banks entering crypto need to adapt to new technologies. But the foundational elements banks bring — regulation, capital, segregation, risk controls and legal accountability — create a much sturdier foundation for trust. Proper bank custody can fill the gaps plaguing crypto custodians ensuring customer assets are truly safe, segregated and supervised. This is the bedrock upon which a large-scale institutional market can be built.
 

Trust is the key to scaling digital assets

Institutional adoption of digital assets will only reach its full potential if underpinned by robust trust frameworks. The past decade of crypto has been a trial by fire, revealing that the old adage, “not your keys, not your coins” cuts both ways. Entrusting your keys to someone without proper controls can be disastrous, but holding the keys yourself can be equally fraught for an institution. The solution is not to shun custodians, but to demand better ones that operate with the same integrity, oversight and financial soundness institutions expect in any other asset class.

The future of institutional digital asset custody is about bringing the best of traditional custody into the digital realm. This means exchanges and FinTech upstarts must either elevate their custody practices to meet regulatory standards or cede that role to those who already have the institutional trust. Bank-led custody offers a path forward — client assets held with proper segregation, overseen by regulators, backed by capital and insurance, and managed by professionals with deep risk expertise. Such custodians can drastically reduce the risks of theft, insolvency or malfeasance plaguing the crypto industry.

In the coming years, we envision a hybrid model where specialist digital asset technology firms partner with banks, or more tech-savvy banks acquire the necessary digital asset expertise, to ensure that digital assets are custodied as safely as any stocks or bonds. Trust, once broken, takes time to rebuild, but each successful month and year of bank-grade crypto custody will help to rebuild confidence. It’s envisaged that eventually, institutional investors will treat digital assets as just another part of the portfolio, to be handled with established safeguards. Only on such a foundation of trust can institutional adoption truly scale. Digital assets may represent a new frontier, but the age-old principles of safe custody and fiduciary duty are what will carry that frontier into the mainstream.