Why would a crypto exchange have bank-grade custody?
Digital asset custody, the process of securely storing crypto, is one of the most important aspects of your crypto journey.
Given the current market sentiment, there is increasing talk about the custody of users’ funds, especially on centralized exchanges. Miha Miklič, our Deputy CTO, dives into the topic to explain what custody is and how Bitstamp safeguards your assets in cooperation with our partner custodian BitGo.
We’re certain you’ve heard at least one story about how someone’s crypto either got lost or was stolen. People have lost or forgotten private keys to an estimated 4 million bitcoin to date. All these instances could have been avoided with proper custody of assets.
In traditional banking, the law requires financial institutions to provide custodial services, but with crypto, you as a crypto owner can be your own custodian while also having the option to have your crypto in custody with institutions. Let’s say you have a banknote. Do you stuff it in a sock and hide it in a closet? You could and it would be a form of self-custody. Do you deposit it in your bank account? In this case, you have authorized a third-party custodian to safeguard your banknote. In crypto, you also have self-custody and third-party custody options.
We use the term crypto custody to describe the process of storing and securing digital assets. Technically, digital assets aren’t stored in any traditional sense as transactions and their data exist on the blockchain. When we talk about crypto custody, we refer to guardianship of the private keys – the crucial part of any crypto wallet that enables access to the assets held in it. These private keys are used to “sign” transactions – to provide the approval for them to be processed.
When purchasing cryptocurrency on any exchange, it’s crucial to consider where the coins or tokens will be stored and how you’ll be able to access them. Crypto exchanges normally offer withdrawal options for users to withdraw funds from the exchange to their own wallets. If you withdraw crypto to a personal wallet, you have it in self-custody and only you hold the private keys for it and can access the assets in it. If you want to keep your crypto in self-custody, you can use software (hot) wallets, which come in the form of desktop wallets, mobile wallets and online wallets, and hardware (cold) wallets, which store your private key in a secure hardware device. In any case, with self-custody you’re the only one with full control of the private keys and therefore the assets – you are your own custodian. This also means you’re responsible for the security of the wallet and bear all the risks. If you lose the physical device or the private keys that give you access to it, your crypto is lost.
Although there's still room for improving the simplicity and overall user experience of keeping your crypto in self-custody, developers have made major strides in recent years to make the process easier, along with enabling integration with various service providers, including exchanges.
How does a crypto exchange store your crypto?
If you prefer not to have to deal with the risks of self-custody, find the technology associated with it too difficult, or are frequently trading your crypto, you can turn to third-party custody, for example, via a crypto exchange. You should choose regulated financial institutions that have acquired state-level or national licenses that enable them to offer custodial services.
When any cryptocurrency is deposited to your account on an exchange, the assets get stored in one of two basic types of wallets: either a hot or a cold wallet.
An exchange hot wallet is an online wallet, meaning it is connected to the internet and is mainly facilitating immediate client deposits and withdrawals. Since there is a high volume of transactions, this process is fully automated.
Cold storage or a cold wallet is a wallet where keys are generated in a so-called “air-gapped” environment, using specialized hardware and computers without connection to the internet; they are offline. The system processes for accessing the funds held here can get quite complex to ensure the highest security levels as cold wallets hold significantly higher values than hot wallets.
Given the hot wallet’s nature, it’s best practice for the exchange to hold the majority of assets offline and have minimal operational value in hot wallets for the purpose of undisrupted processing of client withdrawals. In Bitstamp’s case, the ratio is 95:5 - 95% of all assets are stored offline for additional security and we keep the 5% online to enable smooth and fast withdrawals.
You’re welcome to read more about what kinds of security measures we deploy to safeguard your assets.
With security and reliable trade execution as our priorities, we, as a rule, use state-of-the-art technology in every aspect of our operations. Therefore, we have also chosen the best option for the safekeeping of your funds – a regulated qualified custodian, which brings additional rigor and assurance to the security of assets.
The term custodian can refer to different types of entities; however, a qualified custodian is a specific type of entity.
Mike Belshe, CEO of BitGo, explains how qualified custodians are different from regular custodians:
“A qualified custodian is a regulated entity (similar to a bank or a trust) that has a fiduciary duty to its clients, holds clients’ funds in segregated accounts, and meets rigorous regulatory standards and audits that help protect client funds against loss, theft or misuse.
Whoever holds the keys controls the crypto, therefore working with a qualified custodian — rather than just a “custodian” — becomes critical for cryptocurrency exchanges. Being able to trust the custodian is paramount, and a qualified custodian has a fiduciary responsibility to look out for the best interests of its partner.
Qualified custodians may offer several services that provide extra security, including:
- Cold storage, where the keys are kept offline
- Remoteness from bankruptcy, so your funds are protected if the company goes under
- Segregated accounts, so funds are never commingled
- Backup keys
- Battle-tested security technology
- Redundant human processes
- Additional insurance against theft, loss or misuse”
Custody at Bitstamp
BitGo is one of our custodial partners, and they provide secure safekeeping of and access to funds. They offer both hot wallets and cold custodial wallets. Many of their clients keep a portion of their funds in hot wallets for greater liquidity and the rest in cold storage for maximum security.
All the wallets held there have their keys divided into multiple pieces, held in different locations, and several of these are required to sign any transaction. This means an attacker would need to compromise the majority of them in multiple locations in order to gain control of one of these wallets.
Moreover, BitGo’s custodial wallets are provided by four regulated trust companies, each of which serve as a qualified custodian. They also maintain up to $250M in insurance coverage against loss, theft and misuse.
Read more about what makes a good custodian.
Securing your assets is an ongoing process
The work of an exchange to safeguard user funds does not end with the selection of a reliable custodian. How the exchange leverages the custodian’s platforms also matters. For example, a custodian should not hold all their assets in one wallet – they should be dispersed across multiple wallets, ideally managed within the insurance levels they carry.
Exchanges that manage their own custody have to be trusted that they take appropriate measures to effectively separate their own balances from the users’. On the other hand, exchanges that use third party custodians need to have a mechanism in place that guarantees the integrity of the balances on the custodian’s side vs. what the exchange owes to its users.
In our case, our third-party custodian, BitGo, provides independent reporting to Bitstamp and certain key stakeholders of what balances it holds. This allows us to reconcile our own internal records against these reports. There are daily, weekly and monthly processes that our financial control team follows to do this.
The chosen custodian should provide security features that can be deployed to additionally protect the funds in custody and are compatible with the exchange’s security principles. Alignment is more easily achieved if common certifications are held on both sides. In the case of Bitstamp and BitGo, synergy is easily achieved as both companies hold SOC 2 Type 2 attestation which is annually renewed via independent third-party audits. In addition, different users’ funds kept with third-party custodians should be separated from each other. At Bitstamp, we’ve managed to address all of this with BitGo to keep our users’ assets safe and secure.
“Being a pioneer in the field, we have always spearheaded the technological advancement of the industry. Therefore, it makes perfect sense to use specialized third-party custody solutions offered by BitGo which enable us to protect all our customers’ assets to the fullest. Keeping funds safe is an ongoing process and when done right, when everything clicks and keeps on clicking, is both beautiful and bullet-proof.” - Miha Miklič, Bitstamp Deputy CTO
We hope this article gives you a better understanding of what goes on in the background and what it takes to keep your funds safe, secure and yours only.
Upcoming webinar - Restoring trust in crypto: how industry veterans are taking the lead
Tune in with Bitstamp and our custodial partner BitGo. Dive deep into bank-grade custody and find out how we safeguard your crypto.
When: Wednesday, December 7, 2022, at 3:30 PM UTC
JB Graftieaux, CEO at Bitstamp
Mike Belshe, CEO at BitGo
Register here for the "Bitgo and Bitstamp Webinar, Restoring Trust in Crypto"
Welcome to the Bitstamp way.