The answer to that question could decide the biggest winners in a multibillion-dollar race to determine what companies will be the leading custodians of cryptocurrencies, which are increasingly being used by money managers and other institutions for themselves or their clients.
As with traditional assets, such as stocks, bonds or gold, SEC-registered investment advisers are required by law, with certain exceptions, to hold assets with a qualified custodian—a specialized financial firm that holds a customer’s assets separate from the customer’s financial manager or brokerage firm. Custodians generally charge a small percentage of the assets they hold—up to about 0.5%.
For cryptocurrencies, the role of custodian is especially important, since all a thief or hacker needs to steal cryptocurrency is the string of private keys, or codes, assigned to that specific asset.
As a result, a roster of companies ranging from fintech startups to some of the biggest names in the financial-services industry are now competing to play the role of cryptocurrency custodians.
Companies fighting for this business include custody providers BitGo Inc. and Anchorage Trust Co. and cryptocurrency exchanges Coinbase, Gemini and Paxos.
Larger companies are showing interest, too. Fidelity Investments now offers custody services through Fidelity Digital Assets. And New York Stock Exchange owner
is developing a bitcoin futures platform and in April acquired Digital Asset Custody Co.
Stamp of legitimacy?
Establishing a supply of trusted custodians could help pave the way for bigger institutions to invest in cryptocurrencies. There has long been uncertainty about regulatory requirements and the logistics of holding digital assets. After some well-known digital-token thefts, cryptocurrencies face a perception that they aren’t safe, since a hacker attack or security misstep could mean losing your coins forever. Thus, secure custody practices not only address the custody requirements for registered investment advisers but also could offer a stamp of legitimacy for cryptocurrencies.
Currently smaller individual crypto investors don’t typically need the more expensive and more involved security procedures that custody services provide. But with the growth of custody services for institutions, many of their techniques and services will eventually become more widely and inexpensively available to individual investors, some providers say.
“Eventually it will move to the consumer side,” says
a partner at early crypto investor Pantera Capital. “Custody providers are targeting institutional entities because that is where the money is, but eventually it will get down to consumers. Hopefully then everyone can have that peace of mind.”
Total cryptocurrency funds going into companies focusing exclusively on custody have totaled nearly $13 billion since 2016, including close to $2.5 billion already this year, according to research firm Chainalysis. This doesn’t include major exchanges, which also have custody companies or units.
Hot and cold
Ownership of cryptocurrencies is designated by public and private “keys” that are long strings of numbers and letters. Any person with the private key can initiate a transaction—thus the heightened vulnerability to loss and theft.
Custodians are working on the best ways to secure private keys, and one of the major differences in approach among competitors is whether keys are stored online or offline—a choice between “hot wallets” or “cold storage,” as the two methods are referred to, respectively, in the industry.
WSJ Pro Venture Capital
Read more of our premium in-depth coverage designed to help industry professionals monitor and act on decisions that influence policy.
Cold storage makes a key virtually inaccessible to hackers. It keeps the code stored on a device that isn’t accessible from the internet—the equivalent of writing the code down on a piece of paper and storing it in a physical vault that a person must access before they can transfer the key online. The downside is that this necessarily slows down access times, sometimes to as much as 24 hours. After a client requests access, the custodian authenticates it as a legitimate request, then typically sends the instruction to its employees at a separate location, where the vault containing the assets is.
A “hot wallet,” by contrast, is a type of bitcoin wallet that is connected to the internet. The customer uses a traditional password to access their crypto, and the exchange where the customer trades their cryptocurrency holds the keys. But the keys can be accessed online (by the customer, or by a hacker if they get the password). Hot wallets enable faster access for trading, and many consumer crypto exchanges use them to store customers’ crypto funds.
But hot wallets can be compromised. In May, Binance, one of the largest cryptocurrency exchanges, said hackers stole more than $40 million in an attack.
BitGo, Coinbase Custody, Gemini, Paxos, Fidelity and other companies use cold storage for institutional clients. BitGo, which started out offering hot wallets, has expanded to providing custody and other services for institutional investors.
Some other companies have taken different approaches. Anchorage has developed technology—which it says is different from cold storage—to keep crypto keys disconnected from the internet but still accessible quickly. It does this by using specialized hardware that automates the process of accessing the keys. This eliminates human access and reduces human error, says
co-founder and chief executive at Anchorage.
Mr. McCauley says his company still uses humans to review transactions before they are sent. With Anchorage’s system, transactions can be done in as little as a few minutes, he says.
“Cold storage tends to devolve into a human process,” says Mr. McCauley. “Those processes humans follow are subject to error. Individual humans type in pass phrases unlocking assets; it means it’s fundamentally subject to human error.”
co-founder and chief executive of BitGo, believes that speed isn’t always good. Large customers “don’t want you to move $100 million in a few minutes,” he says. “If you can [move it that fast], you’re subject to coercion. In our opinion the prudent thing to do today is use a combination of hot and cold storage.” For clients who need to access assets quickly, Mr. Belshe recommends keeping a portion of cryptocurrency in a hot wallet for faster access and the rest in cold storage for maximum security.
Coinbase Custody, according to CEO
uses cold storage and involves “multiple humans reviewing details of transactions.”
“We also think people remain an important piece of this puzzle,” he says.
Mr. Geron is a Wall Street Journal reporter in San Francisco. He can be reached at firstname.lastname@example.org.
Copyright ©2019 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8