pull down to refresh

Institutional Bitcoin Custody
4068 sats \ 24 comments \ @siggy47 16h bitcoin
Since I have no intention of letting anybody hold my bitcoin, I never bothered to think about how all the treasury companies and ETFs attempt to keep all that bitcoin safe and secure. Lately, though, many bitcoiners are choosing to trust financial institutions rather than themselves with their large stacks. I wanted to find out more about these custodians. I didn’t look into the various multisig companies like Unchained. I made some notes on what I am learning.
The big players in the field:
Anchorage Digital
Coinbase Custody
BitGo Trust Company
Gemini Custody
Fidelity Digital Assets

Omnibus Wallets

The following custodians use omnibus wallets:
Fidelity Coinbase Gemini BNY Mellon JP Morgan Chase NYDIG
The term omnibus wallet refers to accounts where multiple user’s bitcoin are pooled together in a single account under the custodian’s name.
Use of these wallets is why the above institutions are sometimes referred to as “honeypots” for hackers. The SEC has addressed the issue:
https://www.sec.gov/newsroom/speeches-statements/crenshaw-remarks-crypto-roundtable-042525
Omnibus wallets also pose increased risks as compared to segregated wallets, such as exposing the assets to greater operational and external risks such as hacking and theft. Given that, should exchanges or broker-dealers be allowed to custody crypto asset securities in omnibus wallets at all?
Fidelity uses this language to describe its custody solution:
Assets are managed in an omnibus fashion while segregated at the books and record level to provide on-chain privacy and maximum liquidity and security.
Many of these entities, including Fidelity, use the phrase "Segregation at the books and records level" This is no segregation at all. It just means that accountants will keep track of who owns the coins.
Fidelity defends its use of omnibus wallets:
The misconception is that the omnibus model results in a “honeypot” of assets because omnibus custodians store assets under a single master key pair. In practice, omnibus custodians may have more groups of master key pairs than clients on platform, where a group constitutes key pairs from the different storage environments (online to completely offline). For example, for simplicity’s sake, consider an omnibus custodian that has a single client with $2 billion in assets. The custodian may choose to distribute the assets in $100 million chunks over twenty key pair groups (and divide each $100 million chunk further across the separate storage environments). Because omnibus custodians do not need to tie key pairs to clients, they can more effectively manage risk by using their discretion to decide how many key pair groups to generate and how to distribute assets across them.
The wording scares me because it is vague and discretionary. There is no method.
In practice, omnibus custodians may have more groups of master key pairs than clients on platform.
Who decides this, and under what circumstances?
The custodian may choose to distribute the assets in $100 million chunks over twenty key pair groups (and divide each $100 million chunk further across the separate storage environments).
There are no mandates? Who decides this, and under what circumstances?
Because omnibus custodians do not need to tie key pairs to clients, they can more effectively manage risk by using their discretion to decide how many key pair groups to generate and how to distribute assets across them.
Who are the guys whose judgment we are trusting?
"Segregation at the books and records level" is no segregation at all. It just means that accountants will keep track of who owns the coins.

SOC 1 & SOC 2 Reports

SOC stands for service organization control. Here is a link that explains the reports:
https://www.accountingtools.com/articles/the-difference-between-soc-type-1-and-type-2-reports
These are just audits. Are they important? Yes, I guess so. It's better to have them than not.

Insurance

Most custody providers provide crime insurance coverage and disaster recovery in case of data center failure. You get fiat compensation for your bitcoin.

Bankruptcy Remote Custody

By definition, this term means the risks are remote, not eliminated. The only way to enjoy real protection from a custodian’s insolvency is a segregated wallet, and even then, the risk is not completely eliminated.
https://www.sec.gov/files/ctf-input-world-federation-exchanges-2-2025-3-18.pdf
After doing some research, I’m at the point where I have to say "Not Your Keys, Not Your Coins" makes as much sense as ever. It might be scary to be solely responsible for your own net worth, but trusting these institutions is scarier. I find it unusual that experienced stackers, knowing that bitcoin is a revolutionary asset very different from anything that has existed before, will trust their stack with legacy, old school banks or firms whose decades of security experience is useless in protecting this new beast, and who’s record of trustworthiness is dismal. Either that, or they choose “crypto” exchanges whose track record for honesty and competence is questionable at best. Gemini’s troubles are well known, and Coinbase is downright terrifying.
The old school, “respectable banks” are worse. Imagine handing over your bitcoin to JP Morgan Chase or BNY Mellon.
I’ll stick to my coldcard for now.
write
preview
related posts
36 sats \ 1 reply \ @PictureRoom 4h
What about Strike? That's probably one of the only companies that I have 99% trust in. But even then, I don't keep any of my stack on exchanges. The question regarding bitcoin backed loans as collateral comes to mind...
reply
0 sats \ 0 replies \ @siggy47 OP 4h
I don't know Strike. It's not available where I live. I did check, and they don't reveal specifics of how they custody user's bitcoin.
reply
173 sats \ 4 replies \ @justin_shocknet 15h
trusting these institutions is scarier
In both scenarios you're trusting process.
As an individual, your process is as fragile as your ability to design/remember/document it, and the discipline of following it once implemented.
End result is a single point of failure, you.
Institutional processes are more complex as a trade-off of redundancy and continuity.
Institutions may be relatively new to Bitcoin, though the likes of Fidelity have been building their custody set-up longer than most of you have been in Bitcoin. (First Lightning meetup I went to was at Fidelity HQ in 2018 and they were already balls-deep for years prior to that)
Institutions have also generally managed to maintain systems for things far more valuable than Bitcoin operational for decades (there are countless SCADA systems that could evaporate trillions in value if compromised).
There's a place for both, eggs in multiple baskets and all that, particularly when you consider them as tools for speculative attack.
coldcard
I can't knock the coldcard specifically as I haven't studied it, but this is something technical incompetence leads people to purchase purely on vibes and marketing. HWW's are the Bitcoin equivalent of a weight-loss pill, they don't obviate the work required to use them correctly or even to determine if they're in fact the right process for you.
This same company also has another product they can easily sweep funds from, by using a combination of their private + public entropy. How many people buying that understand this?
The only correct way to use a HWW is in a multi-vendor set-up, almost no one does this, because now you're replicating the complexity of an institution.
reply
16 sats \ 3 replies \ @siggy47 OP 15h
TLDR, most of us are screwed unless we're very technologically competent and are willing to deal with a complex setup?
I like the idea of breaking up your stack into different pieces secured in different ways. I guest that gets complex too, though.
reply
108 sats \ 0 replies \ @justin_shocknet 15h
different pieces secured in different ways
Yep, but also personal conditions bring their own complexity you have to respond to. Heirs for example.
A self-custody set-up designed for recovery by others, while also not being vulnerable to others, is always going to be more complex than a beneficiary record at a large institution.
Borrowing against an ETF is less tax-complex than hedging/tax-avoidance strategies when you have yet another problem being liquid solves.
I hate the word nuance, most of the time it's cover for pussy-footing around inconvenient truths, but if we're being prescriptive on solutions there's no way around it.
reply
36 sats \ 1 reply \ @justin_shocknet 15h
Screwed? Depends on your framing.
Sovereign optionality is one of the most important aspects of Bitcoins incentive structure, that doesn't mean most people can or should exercise that option.
The option of not using the central banks unit of account is the more important option.
There'd be a lot less sad hipsters if they had their priorities straight and weren't so hung up on other peoples choices.
reply
17 sats \ 0 replies \ @halalmoney 15h
Nice. Stack sats and be of no interest to the State.
reply
101 sats \ 5 replies \ @Undisciplined 16h
It's actually a pretty good endorsement of bitcoin's security that none of these institutions have massively fumbled their bags yet.
reply
42 sats \ 3 replies \ @siggy47 OP 16h
I know. Honestly, though, I can see it happening. I can imagine a big honeypot hack giving all of us who wish we had bought bitcoin earlier to get another opportunity. I also imagine this with a tether implosion.
reply
236 sats \ 2 replies \ @Undisciplined 16h
Between those two things and the possible collapse of treasury companies, we might be in for a wild ride.
reply
142 sats \ 0 replies \ @siggy47 OP 16h
Yes. All we need is one treasury company getting too leveraged and getting caught up in fomo, or trying to rescue a pending insolvency with a Hail Mary
reply
0 sats \ 0 replies \ @028559d218 11h
amen
reply
0 sats \ 0 replies \ @justin_shocknet 15h
Technical security or political security?
There's several entities that could sweep millions of coins over night, but to do so would be opening Pandora's box.
reply
36 sats \ 0 replies \ @Solomonsatoshi 7h
Building a minimal, memory capable linux OS offline on a usb stick and installing Electrum wallet onto it completely offline then learning how to sign transactions remotely is a small investment that will be worthwhile in the long term. Store the seed phrase securely also in a completely offline manner. Avoid becoming forever dependent upon third party HW vendors.
reply
36 sats \ 0 replies \ @Bell_curve 8h
Xapo cold storage is now part of Coinbase Prime Custody
Xapo was created by Wences Cesares
reply
136 sats \ 0 replies \ @0xbitcoiner 16h
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ ░──▄▄█▀▀▀▀▀█▄▄──░█▀▀▀▀▀█░⠀⠀⠀Not⠀Your⠀Keys,⠀Not⠀Your⠀Coins⠀ ░ ░▄█▀░░▄░▄░░░░▀█▄░█▀░░░░█░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ ░█░░░▀█▀▀▀▀▄░░░█░█░░░░░█░░░░░░░░░░█▀▀▀▀▀█░░░░░░░░░░░░ ░█░░░░█▄▄▄▄▀░░░█░█▄▄▄▄▄█░█▀▀▀▀▀█░░█▀░░░░█░░█▀▀▀▀▀█─►░ ░█░░░░█░░░░█░░░█░░░░░█░░░█▀░░░░█▀▀█░░░░░█░░█▀░░░░█░░░ ░▀█▄░▀▀█▀█▀░░▄█▀░░░░░▀▀▀▀█░░░░░█░░█▄▄▄▄▄█▀▀█░░░░░█░░░ ░──▀▀█▄▄▄▄▄█▀▀──░░░░░░░░░█▄▄▄▄▄█░░░░░░░░░░░█▄▄▄▄▄█░░░ ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
reply
108 sats \ 0 replies \ @Scoresby 13h
I wonder how much Bitcoin one of the big custodians would have to lose in order for them to make an attempt at a fork to get it back.
Supposedly BlackRock has 740k bitcoin. They are using at least two custodians , but presumably there is some amount where if the custodian lost it, BlackRock would consider it better to try to push a hard fork giving them a do-over than to absorb the loss (reputationally or financially).
reply
36 sats \ 1 reply \ @optimism 16h
Despite not really finding the product necessary nor liking the people around it, I did like that Custodia's WY-SPDI implementation was speaking of doing utxo custody, not omnibus. Not sure what the status of that is today; but it felt like at least they gave some thought to it.
reply
100 sats \ 0 replies \ @siggy47 OP 16h
Yes. I should have also mentioned that Anchorage does offer a segregated account option, but I don't recall if they presented more detail.
reply
36 sats \ 0 replies \ @flat24 14h
Thank you for this good summary, totally agree with you that I would not leave my sats to these people, but it is good to know how your products work.
Lately, though, many bitcoiners are choosing to trust financial institutions rather than themselves with their large stacks.
I would not call these Bitcoiners people, they are just people taking exposure to Bitcoin, but they are not Bitcoiners.
If you let your energy store another, no matter if that energy is kept in Bitcoin, that person is not a bitcoiner.
reply
36 sats \ 0 replies \ @Coinsreporter 15h
Who are the guys whose judgment we are trusting?
There's heard behaviour (sheepishness) at play. Sheep are following another sheep and the ones leading them are no better than them. Saylors and Coinbases have built everything upon speculation which sheep are prone to follow.
I don't think those sheep are even going to leave their herd, even if they read this piece of yours...
reply
36 sats \ 1 reply \ @LibertasBR 16h
It's great to see that even corporations face difficulties and discomfort in maintaining Bitcoin. They need technical means, workarounds, to try to control or create a false sense of control over something only individuals can have.
I didn't know about all this workaround they use to sell securities. Thank you for reinforcing my disrespect for these corporations.
reply
30 sats \ 0 replies \ @siggy47 OP 16h
create a false sense of control
Exactly
reply
0 sats \ 0 replies \ @tunderwood89 13h
Yeah fair enough
reply