Local sites:

Contact
#Custody

The critical role of security in digital asset custody

The institutional future of digital assets depends on three elements: an infrastructure providing comprehensive market access, opportunities for yield and bank-grade security.

Share article:

Custodians play a significant role across all three of these elements. Drawing from a deep understanding of delivering digital asset security, this blog dives into the current digital asset security landscape, the threats lurking for institutions, and how Zodia Custody utilises industry-leading security practices to safeguard your assets.

Evolving security challenges in digital assets

The early days of the digital asset landscape were littered with examples of breaches, theft and cybercrime. Fortunately, the threat landscape of today is much improved, primarily due to the maturing ecosystem with players building rigorous and secure environments.

The 2024 Crypto Crime Report produced by Chainalysis notes that funds stolen from crypto platforms fell by more than 50% in 2023 – driven perhaps in part by a cooler market, but also by a maturing ecosystem.

But the job isn’t done — yet. The Chainalysis report notes that individual incidents are still on the rise, and finds a total of $1.7 billion worth of digital assets were stolen in the past year alone. The current cybersecurity threats impact both individual retail and global institutional investors alike, though of course institutions may face a greater concentration of risk through exposure to larger value of assets.

These risks entail anything from simple human error to cybercrimes committed by sophisticated adversaries such as private key theft, account takeover, and application hacking. External threats can be bigger, and potentially more insidious — such as “bad actors” or states actively trying to hack and disrupt businesses in the digital asset ecosystem using various hacking techniques and vulnerabilities, to negligence and fraud from within the ecosystem itself.

We see this in the same Chainalysis report. It notes how compromised private keys were driving the largest share of hacks in the second half of 2023, followed closely by smart contract-related abuses. Likewise, hacking groups affiliated with certain states were also more active last year, but, again the good news is they were able to steal less compared to 2022 – partially due to the overall muted market conditions.

Falling prey to any of these issues presents a dual risk of loss impacting the bottom line, alongside long-term reputational damage.

So, with a mindset of prevention being better than cure, it is imperative that we are open and transparent when discussing security measures. Below, we’ll do exactly that — diving into how a custodian can safeguard against these vulnerabilities, but also put protections in place for other eventualities.

Staying ahead of the risks

If security is a major element of the pathway to greater institutional adoption, then it is crucial that our ecosystem is able to apply the rigour and robustness learnt through decades of providing financial services into digital assets. It has to be more than a first line of defence — security has to be weaved into everything we do.

Much like in traditional finance, custodians have a leading and vital role to play here. Be it risk management, counterparty insolvency protection, or regulatory compliance – a similar framework of safety can be applied to digital assets as evolved from a solid foundation of traditional finance. And that’s exactly what we’ve done. We work the full threat spectrum; protecting against various potential vulnerabilities and mitigating evolving threats.

Third-party cold storage infrastructure is a powerful and proven defence against a variety of threats. By adhering to the principle of isolation and storing client assets offline in specialised hardware wallets, we can provide an added layer of protection against unauthorised access and cyberattacks.

While isolation as a whole boosts security, it can create fresh operational hurdles and delays, particularly during transactions if they are reliant on manual processes which are also vulnerable to human error.

To mitigate this, we use a combination of the security of cold storage infrastructure with a measure of automation for transactions. This involves mirroring the data import pattern as per best practice outlined by the UK’s NCSC for moving data in and out of our disconnected environments, and rigorously verifying information integrity before any transfer occurs. This means institutions benefit from both security and instant access to holdings.

We also actively and routinely test our defences. We undertake regular security audits, penetration testing, and private bug bounties. Taking this proactive approach and enlisting the help of third-party experts to meticulously assess the resilience of our systems, processes and protocols, ensures any potential weaknesses and vulnerabilities are found and addressed. We have also done extensive scenario analysis to ensure there is no single point of failure – as a result, our defences do not hinge on one person or control. Should the worst happen, institutions will always be able to regain their holdings.

Through these measures and active testing of defences, we are strengthening our infrastructure continuously as demand for digital assets grows, meaning investor assets always remain safe. We’re also keeping an eye on the wider industry, and learning from the latest threats and breaches to improve our own controls as the landscape evolves. Security is not a stagnant, single activity, but a constant process of vigilance and enhancement — this is core to our DNA.

Zodia Custody – a partner for institutions

Security is an industry-wide challenge. By prioritising it, we pave the way for greater institutional adoption. As an institution-first custodian, we provide robust security measures and foster open dialogue in the industry.

Security is a crucial conversation, and we’re committed to leading it. Let’s build a future where digital assets are a secure and trusted asset class for institutions. Partner with Zodia Custody, and unlock the full potential of crypto with complete peace of mind.

This article is provided to you for your information and discussion only. It should not be regarded as an offer or solicitation to buy or sell any products or services in any country to any person to whom it is unlawful to make such an offer or solicitation.

Share article:

Stay up-to-date

Sign up for the latest news, research and events from Zodia.

    We care about your data in our privacy policy.

    Get in touch

    Our friendly team is always here to chat

      Institutional Investor Disclaimer

      The products and services offered by Zodia Custody and its affiliates are exclusively available to institutional investors, including accredited or professional investors, in accordance with applicable law and regulatory requirements. These products and services are not intended for the general public or for retail investors. By accessing this site and engaging with Zodia Custody or its affiliates for their products and services, you confirm that you qualify as an institutional investor and are not a member of the general public nor are you operating in the capacity of a retail investor.

      Accept and enter