The Importance of Cryptographic Custody

by Ben Whitby, Regulatory Affairs at Qredo

Published Oct 28, 2019 11:49:59 AM

Applying old regulations to the new world of cryptoasset custody is likely to result in the same old failings — insecurity, theft, and systemic risk that puts the economy on the verge of collapse.

Until now, these failings have been restricted to individual crypto investors, who have suffered from the loss of funds, hacks, and the inherent insecurity of an old paradigm of custody where trust is instilled in a central party.

Poorly designed processes, cold storage, and simple human error, make the crypto exchanges of today vulnerable. The recent Binance hack showed that even the most prestigious platforms can fall prey to attackers, and the QuadrigaCX saga showed how easily exchanges can collapse when insiders become bad actors.

To get around this risk, individual crypto holders can manage their own private keys — using personal wallets to avoid the risk of a centralized exchange, and keeping a low profile to avoid being targeted by thieves in 'five dollar wrench’ or ‘rubber hose’ attacks.

Institutions however, don't have the option of using approaches like this to store private keys. These big players, storing large amounts of funds, are often required by law to rely on a third party — a custodian.

The custodian models for the storage of physical assets like gold and bearer shares, have been refined over the years, adding greater and greater complexity and enabling opportunity by allowing rehypothecation.

The fundamentals of this model are based on a traditional vault, with a trusted party keeping hold of the keys or the enabler key. The current model of cold storage is no different — however clients often have no enabler key and are required to surrender both their assets and the keys that control them, replacing certainty with trust and control with hope. Assets held in cold storage are accounted for on centralised ledgers, and protected by the operational processes, systems and controls of the custodian. But as these processes are not yet regulated or audited to agreed standards, clients must make their own judgement of their security.

Qredo uses battle tested cryptographic tools to move beyond centralised systems, towards a position in line with the ethos of cryptoassets — a verified, decentralized, trustless “can’t be evil" approach, rather than the "don't be evil" promise of centralised systems.

The Qredo custody model has:

  1. No private key that can be stolen
  2. A distributed key management approach that tailors to your trusted fiduciaries
  3. An auditable approach that can be continuously monitored
  4. An approach that puts the holder in control of the assets
  5. The ability to release assets to market almost instantaneously.

Instead of storing digital assets using methods that aren't much better than lock and key, Qredo recognizes that cryptographic assets need cryptographic custody, instead of a physical attempt to control a digital asset.

By returning to encryption methods battle tested over decades, Qredo's cryptographic key management methods enables the cryptoasset industry to move into the next stage of development—creating the security and operational protocols needed for institutions to invest at scale, and the ease-of-use for cryptoassets to become a trusted part of everyday life.

New call-to-action