h hoge.gg
Subscribe
BTC$67,432.18+2.34%ETH$3,521.44+1.08%SOL$178.62-0.62%BNB$612.30+0.41%XRP$0.6234-0.18%ADA$0.4521+3.12%DOGE$0.1623+1.86%AVAX$38.71-1.24%LINK$17.84+0.92%HOGE$0.00004120+4.21%
BTC$67,432.18+2.34%ETH$3,521.44+1.08%SOL$178.62-0.62%BNB$612.30+0.41%XRP$0.6234-0.18%ADA$0.4521+3.12%DOGE$0.1623+1.86%AVAX$38.71-1.24%LINK$17.84+0.92%HOGE$0.00004120+4.21%
● Wallets & Exchanges

Crypto Custody Compared: Who Actually Holds Your Keys in 2026

BitGo's Wall Street debut puts a number on institutional crypto custody. Here's how self-custody, multisig, MPC wallets and qualified custodians actually differ, and where each has failed.

On January 22, 2026, BitGo Holdings rang in its first day of trading on the New York Stock Exchange under the ticker BTGO, becoming the first company to take a pure-play crypto custody business public. The IPO priced at $18 a share, raised roughly $213 million, and valued the company at just over $2 billion, built on $104 billion in client assets under custody, nearly double what BitGo held a year earlier (BitGo). Wall Street underwriting a custody business at that scale would have sounded far-fetched a decade ago, back when custody mostly meant a hardware wallet in a desk drawer.

The same industry spent early 2026 watching Zondacrypto, once Poland’s largest crypto exchange, collapse because a single missing founder held the only private keys to a cold wallet reportedly worth around $330 million, while its hot wallet reserves had quietly drained by 99.7 percent in the months before anyone noticed (Disruption Banking). A year earlier, Bybit lost $1.5 billion in a single transaction after attackers compromised the interface its own signers used to approve a routine multisig transfer. Custody, in other words, is not a solved problem. It is a set of trade-offs between convenience, control, and counterparty risk, and the right answer changes depending on who holds the assets and why. This piece walks through the main custody models in use in 2026, self-custody, multisig, MPC wallets, exchange custody, and qualified custodians, and compares how each actually performs when something goes wrong.

Self-Custody: Hot Wallets, Cold Wallets and the Seed Phrase Problem

Self-custody means holding your own private keys, full stop. No intermediary can freeze the account, no exchange can pause withdrawals, and no custodian can go bankrupt with the coins sitting inside its estate. It also means there is no help desk. Lose the seed phrase and the funds are gone; expose it and the funds are also gone.

The self-custody market splits broadly into hot wallets, software connected to the internet and convenient for frequent transactions, and cold wallets, hardware devices or air-gapped systems that never expose the private key to an internet-connected machine. Ledger, the largest hardware wallet maker, says its devices secure more than 20 percent of the world’s crypto assets, an estimate that implies roughly $400 billion sitting in cold storage behind its hardware across more than 7 million customers. By Ledger’s own research, only about 10 million of an estimated 400 million crypto holders worldwide practice what it calls secure self-custody, meaning most retail holders still leave their assets with a third party by default (CoinLaw).

More sophisticated self-custodians split a single seed phrase using Shamir’s Secret Sharing or add a passphrase on top of it, so that no single physical backup, if found, is enough to move funds; the added security comes with added operational complexity, which is part of why most casual holders never adopt it. Newer smart contract wallets built on account abstraction standards now add social recovery and spending limits on top of self-custody, narrowing the gap with custodial convenience without reintroducing a single third party as the sole point of failure. The trade-off never fully disappears, though. Self-custody shifts all operational risk onto the holder, which is exactly why institutions, exchanges, and most retail users end up relying on one of the shared-control or third-party models described below for at least part of their holdings.

Multisig Custody: Shared Control, Shared Attack Surface

Multisignature (multisig) wallets split signing authority across multiple independent keys, typically held by different people or devices, and require a set threshold, say 3-of-5 or 2-of-3, to approve any transaction before it executes on-chain. Safe, formerly Gnosis Safe, is the dominant implementation, securing signing authority for exchanges, DAO treasuries, and institutional trading desks alike. Safe alone has become the default signing layer for a large share of DAO treasuries, protocol foundations, and exchange operational wallets, precisely because its contracts are open source, widely audited, and battle-tested across years of mainnet use. The appeal is straightforward: no single compromised laptop or rogue employee can move funds alone.

The weakness is rarely the underlying cryptography; it is everything built around it. On February 21, 2025, Bybit lost roughly $1.5 billion in Ethereum after the Lazarus Group, a hacking unit linked to North Korea, compromised a Safe developer’s machine and injected malicious code into the interface Bybit’s signers used to review and approve transactions (Halborn). Bybit’s signers, including co-founder and CEO Ben Zhou, believed they were approving a transfer to a known, whitelisted address. What they actually signed altered the smart contract logic of the cold wallet itself, letting the attackers redirect the funds. “I checked the code, but I didn’t check fully if, normally, also the address, the destination address, is not inside of that multisig signing,” Zhou later said, describing how the compromised interface masked what the signature actually authorized (American Banker).

Bybit was not an isolated case. WazirX lost roughly $230 million in July 2024 when attackers exploited a mismatch between what its Safe multisig interface displayed and what it actually signed, and Radiant Capital lost around $50 million that October after malware and blind signing let attackers push a malicious ownership-transfer call through a 3-of-11 signer set. In each case the signing threshold itself held; enough legitimate signers approved a transaction because the interface lied to them about what that transaction actually did. Security researchers now push clear signing standards that decode a transaction’s real effect in human-readable form before a signer approves it, alongside basics like withdrawal delays and independent transaction simulation, protections Bybit lacked at the time of its hack.

MPC Wallets: No Single Key to Steal, But Still Software

Multi-party computation (MPC) wallets solve a related problem differently. Instead of several independent keys signing on-chain, as in a multisig contract, an MPC wallet splits a single private key into cryptographic shares distributed across separate parties or devices. Those shares jointly compute a valid signature through a cryptographic protocol without the full key ever being reconstructed in one place, on one device, at any point. Fireblocks popularized the approach with its MPC-CMP protocol and now describes itself as enterprise digital asset infrastructure built around that technology, serving more than 2,400 organizations and over 80 banks across more than 150 blockchains, with a valuation of roughly $8 billion from its most recent funding round (Fireblocks).

The underlying cryptography, generally a variant of threshold signature scheme using ECDSA or EdDSA, has been public and peer-reviewed for years; what varies between vendors is the surrounding key-management software, hardware security modules, and policy engine, which is where most real-world MPC incidents actually originate. The practical difference from multisig matters. An MPC wallet looks like an ordinary single-signature address on-chain, so it behaves identically across any chain without deploying a separate smart contract on each one, and it does not reveal a signer set to anyone watching the blockchain. Multisig, by contrast, is fully visible on-chain and needs its own contract deployment, and audit, on every chain it supports, but its signer threshold is independently verifiable by anyone, a property MPC cannot offer since its security lives inside vendor software and key-management infrastructure rather than public ledger logic. Consumer-facing MPC wallets such as Zengo apply the same idea to individual users, removing the seed phrase entirely in favor of key shares split between a device and a server.

Neither design eliminates the interface risk that hit Bybit. An MPC wallet’s policy engine, the software deciding which transactions get co-signed, is itself an attack surface; compromise the machine requesting the signature, or the approval workflow around it, and it makes no difference that no single party ever held the whole key. MPC removes one class of failure, a stolen or leaked complete private key, without removing the class that keeps recurring across the industry’s biggest custody hacks: attackers manipulating what a human signer actually sees and approves.

Exchange Custody: What Happens When You Hit Deposit

When a retail user deposits crypto on Coinbase, Kraken, Binance, or OKX, the assets typically land in an omnibus wallet, a pooled address controlled by the exchange rather than one unique to that customer. The exchange’s internal ledger tracks who owns what; the blockchain itself only shows the exchange’s aggregate balance. Custodians and exchanges commonly describe keeping the large majority of client assets, often cited informally as 95 percent or more, in cold storage precisely to limit what a hot-wallet compromise could expose, though independent verification of any single platform’s actual split is difficult without a full audit. This structure is efficient and lets exchanges offer instant trading, but it also means a customer’s balance is really a claim on the exchange’s solvency and record-keeping, not a specific on-chain address the customer controls. How exchanges actually handle that responsibility varies widely, a theme covered in more depth in HOGE Wire’s comparison of Coinbase, Binance, Kraken, and OKX.

To close the trust gap, most major exchanges now publish some version of proof of reserves. The common method uses a Merkle tree: an independent accountant snapshots customer balances, aggregates them into a cryptographic structure, and publishes a Merkle root that lets any individual customer verify their own balance was included in the total without exposing anyone else’s holdings. Binance, Kraken, OKX, Bybit, KuCoin, and several others now publish some form of third-party-reviewed proof of reserves, though quality and frequency vary considerably across providers.

Proof of reserves has a real limitation: it typically proves assets existed at a single moment, not that liabilities are reported accurately or that reserves stay in place afterward. Zondacrypto’s collapse showed the gap starkly. Its hot wallet Bitcoin balance fell 99.7 percent, from about 55.7 BTC in August 2024 to just 0.18 BTC by March 2026, spread across 511 outgoing transactions worth more than $21 million, even as the exchange kept pointing customers to a cold wallet holding roughly 4,500 BTC as its security reserve (Disruption Banking). A single clean snapshot, however cryptographically rigorous, cannot substitute for continuous, independent monitoring between snapshots.

Qualified Custodians: The Institutional Tier

For funds, registered investment advisers, corporate treasuries, and anyone carrying a fiduciary duty to third parties, just self-custodying it is rarely an acceptable answer. US securities law has long required registered investment advisers to hold client assets with a qualified custodian, a category defined under the Investment Advisers Act that traditionally meant banks, registered broker-dealers, and futures commission merchants. That bar has mattered more since 2024, as spot bitcoin and ether ETFs, pension-adjacent allocators, and insurance companies all began sizing crypto positions large enough that a hack, an insolvency, or even ambiguous legal status at the custodian level could become a material event for the fund itself, not just an inconvenience.

BitGo, now public, reported $104 billion in assets under custody in its IPO filings, with custody and staking together making up more than 80 percent of its revenue. CEO Mike Belshe framed the listing as a maturity signal for the sector as a whole. “We went public because the industry is maturing,” he told CryptoNews, arguing that institutions increasingly want infrastructure they can diligence and underwrite the way they would any other regulated counterparty (CryptoNews).

Coinbase runs the largest US-based custody operation by most public measures, reporting more than $350 billion in assets under custody and serving as custodian for more than 80 percent of US spot bitcoin and ether ETF assets, a role that makes it structurally important to products it does not itself issue (Coinbase). Anchorage Digital became the first federally chartered digital asset bank when it received a national trust charter from the OCC in January 2021, a distinction it held alone for years before the OCC widened the field in 2025 and 2026. Fidelity Digital Assets, backed by a much larger traditional asset management parent, picked up its own OCC trust charter in 2025 and custodies bitcoin, ether, litecoin, and solana under SOC 1 and SOC 2 audit certifications. Ripple built a custody arm largely through acquisition, buying the bank-focused platform Metaco in 2023 and later adding Standard Custody & Trust Company and its New York limited-purpose trust charter, one of only nine such charters issued at the time. Copper.co took a different path, exiting direct custody in 2023 to focus on ClearLoop, an off-exchange settlement network that lets institutions trade across more than 50 exchanges without moving assets out of custody first.

Comparing the Institutional Custodians

The table below summarizes how the major institutional custodians position themselves as of mid-2026. Reported figures come from company disclosures and are not always directly comparable, since firms measure assets under custody differently and not every provider discloses insurance or charter details with the same granularity.

CustodianRegulatory StatusReported Assets Under CustodyNotable Feature
BitGoPublic company (NYSE: BTGO); South Dakota trust charter$104 billionFirst pure-play custodian to IPO; up to $700 million in Lloyd’s-backed insurance
Coinbase Custody / PrimeNYDFS limited-purpose trust charterMore than $350 billionCustodian for over 80% of US spot bitcoin and ether ETF assets
Anchorage DigitalOCC national trust bank charter (since January 2021)Not fully disclosed publiclyFirst federally chartered digital asset bank
Fidelity Digital AssetsOCC national trust bank charter (since 2025)Not fully disclosed publiclyBacked by Fidelity Investments; SOC 1 and SOC 2 certified
Ripple Custody (Metaco / Standard Custody)NY limited-purpose trust charterNot fully disclosed publiclyServes bank clients including BNP Paribas Securities Services and HSBC
Copper.coUK-regulated; exited direct custody in 2023Not applicable (settlement network)ClearLoop off-exchange settlement across 50-plus exchanges

Regulation: The SEC’s Custody Rule, the OCC and the State Trust Debate

In the US, the SEC’s Custody Rule, formally Rule 206(4)-2 under the Investment Advisers Act, requires registered investment advisers to keep client funds and securities with a qualified custodian. For years the crypto industry’s core problem was that almost nothing clearly met the traditional definition: too few banks or broker-dealers were willing or able to custody crypto assets directly, pushing advisers either toward a handful of niche providers or away from crypto entirely. The stakes go beyond adviser paperwork. Every US spot bitcoin and ether ETF relies on a custodian holding the underlying coins, which is why Coinbase’s dominant share of that business ties its own operational health directly to products issued by asset managers that otherwise have nothing to do with Coinbase directly.

Two regulatory moves reopened that door. In January 2025, the SEC rescinded Staff Accounting Bulletin 121 with SAB 122, removing a rule that had forced banks and custodians to record client crypto holdings as a balance-sheet liability equal to the full value of assets held; under the replacement guidance, firms only need to reflect their own realistic risk of loss rather than the entire custodied balance, removing a major disincentive for banks to enter the business at all. Separately, the OCC issued Interpretive Letter 1183 in March 2025, confirming that crypto-asset custody is permissible for national banks and eliminating a supervisory non-objection process that had effectively required advance permission before a bank could offer it (OCC). By January 2026, the OCC had approved national trust bank charters for Circle, Ripple, and Paxos, widening the field of federally regulated custody providers well beyond Anchorage’s early lead.

The most contested move came from the SEC itself on September 30, 2025, when its Division of Investment Management issued a no-action letter allowing certain state-chartered trust companies, not just federally regulated banks and broker-dealers, to act as qualified custodians for crypto assets held by registered funds and advisers. SEC Chair Paul Atkins has framed the broader effort, which he calls Project Crypto, as clearing a path toward formal rulemaking on digital asset custody and market structure. Not every commissioner agreed with the shortcut. Democratic commissioner Caroline Crenshaw dissented sharply in a statement titled “Poking Holes,” warning that the relief bypassed normal rulemaking procedure and weakened protections built into the existing custody regime. “Degrading our custody framework is a serious matter,” Crenshaw wrote, arguing the change rested on the mistaken premise that no qualified federal custodians were available and that it was granted without the public comment or economic analysis such a shift would normally require (SEC). The broader shift in the SEC’s posture toward crypto is covered in more depth in HOGE Wire’s rundown of SEC crypto enforcement in 2026.

The Global Picture: MiCA’s Safekeeping Rules and the GENIUS Act

Outside the US, the EU’s Markets in Crypto-Assets Regulation (MiCA) takes a more prescriptive approach to custody than the American patchwork of bank charters and no-action letters. A crypto-asset service provider holding client assets under MiCA must legally and operationally segregate those assets from its own corporate funds, including keeping client wallets separate from proprietary wallets on-chain, and must safeguard any client funds it receives by placing them in a segregated account with a credit institution or central bank by the end of the following business day (A&O Shearman). Such providers must also maintain a formal custody and administration policy, keep a register of client crypto-assets and positions, document their ICT security controls, and regularly reconcile internal ledgers against both custodian statements and actual on-chain balances, a considerably more detailed rulebook than anything in US federal law today. The philosophical difference is notable: US policy has largely proceeded through bank charters and case-by-case interpretive letters, while MiCA imposes one detailed, uniform custody rulebook on every authorized provider across all EU member states at once.

The GENIUS Act, signed into law in the US in July 2025, applies a narrower but equally strict custody logic to payment stablecoins specifically. Issuers must back tokens with reserves held at least 1:1 in cash, insured bank deposits, or short-dated Treasury instruments, and the custodians holding those reserves, whether the issuer itself or a separate regulated entity, are barred from commingling reserve assets with their own funds or pledging and rehypothecating them except in narrow, defined circumstances (Congress.gov). Issuers must also publish monthly reserve attestations along with CEO and CFO certifications, rules that effectively turn stablecoin reserve custody into its own regulated sub-category, distinct from exchange or institutional crypto custody generally.

Insurance and Proof of Reserves: What They Cover, What They Don’t

Institutional custodians typically carry crime and specie insurance through the Lloyd’s of London market, and the headline numbers sound reassuring in isolation. BitGo carries a $700 million insurance tower: $100 million in primary coverage available to all customers plus $600 million in excess coverage available on a dedicated, loss-payee basis. Coinbase separately carries a $320 million commercial crime policy, which it describes as the largest policy of its kind covering hot wallet theft at any digital asset exchange or custodian.

What these policies actually cover matters more than the headline figures. Specie and crime coverage generally responds to theft, external hacking, or employee dishonesty affecting assets the custodian directly controls, not to a custodian’s own insolvency, fraud, or simple loss of keys. That distinction would have offered little comfort to Prime Trust’s customers in 2023. The Nevada-regulated trust company, once considered a reliable qualified custodian for numerous crypto platforms, was found sitting on an $82 million shortfall, with its books showing just $7.5 million in real Bitcoin reserves against a $61.5 million stockpile of an illiquid token it had substituted in their place, before filing for bankruptcy with as much as $500 million in liabilities (Bitcoin Magazine). No insurance policy protects against a custodian quietly swapping real reserves for something else; that is a fraud and governance failure, not a hack.

Proof of reserves sits alongside insurance as a transparency tool rather than a guarantee. It answers whether the assets existed at the moment of the snapshot, not whether they will still be there tomorrow, and it typically says nothing about liabilities unless paired with an equally rigorous liabilities audit. Institutions serious about vetting a custodian tend to look at all three legs together, audited reserves, meaningful insurance limits, and the underlying regulatory charter, since each one covers a gap the others leave open.

Custody Models Side by Side

Putting the models next to each other makes the trade-offs concrete. None is strictly better than the others; each fits a different combination of asset size, technical sophistication, and counterparty tolerance.

Custody ModelWho Controls the KeysOn-Chain VisibilityBest Suited ForTypical Failure Mode
Self-custody (hot wallet)Individual holder, connected deviceStandard address, fully visibleFrequent transacting, DeFi activityPhishing, malware, device compromise
Self-custody (hardware/cold)Individual holder, offline deviceStandard address, fully visibleLong-term personal holdingsLost seed phrase, physical theft
Multisig (e.g. Safe)N-of-M independent signersSmart contract, fully visibleDAOs, exchange treasuries, teamsCompromised signing interface
MPC walletKey shares across parties, never combinedAppears as single-signature addressInstitutions, exchanges, consumer appsCompromised policy engine or approval flow
Exchange custody (omnibus)Exchange controls pooled walletExchange’s aggregate balance onlyActive trading, smaller balancesExchange insolvency or fraud
Qualified custodian / trust bankRegulated third party under charterVaries by custodianFunds, RIAs, fiduciariesCustodian fraud or governance failure

When Custody Fails: Three Case Studies, Three Lessons

The three biggest custody failures of the past three years each broke a different link in the chain, which is exactly why no single fix, more regulation, more insurance, or more cryptography, solves custody risk on its own.

Prime Trust demonstrated that regulatory labels are not proof of anything. It held a state trust charter, called itself a qualified custodian, and told customers and partner platforms it held fully backed reserves, then quietly substituted illiquid tokens for real Bitcoin over the better part of a year before Nevada regulators intervened. The lesson for anyone relying on a custodian is that a charter describes what a company is allowed to do, not what it is actually doing; ongoing verification, not a one-time credential check, is what catches problems like this earlier.

Bybit showed that even best-practice multisig can fail if the layer humans actually look at, the signing interface, gets compromised instead of the cryptography underneath it. The fix the industry has converged on is clear signing, decoding exactly what a transaction does in human-readable terms before anyone approves it, plus transaction simulation and withdrawal delays that give a team time to catch anomalies. Audit firms that specialize in this kind of infrastructure review, a field covered in HOGE Wire’s look at who actually secures DeFi, have leaned harder into reviewing operational signing workflows since Bybit, not just smart contract code.

Zondacrypto inverted the usual not-your-keys-not-your-coins warning. The exchange’s own reserve wallet, the one meant to reassure customers, was controlled by a single missing individual, so the asset positioned as backup security became a single point of failure for the entire platform once that person could not be reached. Multisig and MPC exist precisely to prevent this scenario at the custodian level; a cold wallet is only as safe as the number of people who can independently access it, and that number should never be one.

Institutional Adoption: Why a Custodian’s IPO Is a Signal

BitGo’s public listing matters beyond its own balance sheet because custody sits upstream of almost every other institutional crypto product. Spot bitcoin and ether ETFs need a custodian holding the underlying assets; Coinbase’s role as custodian for the large majority of US ETF assets is what makes it systemically relevant to products it does not itself issue. Corporate treasuries face a similar dependency at smaller scale. Bitcoin miners such as Marathon Digital and Riot Platforms hold tens of thousands of BTC on their balance sheets as part of their core business models, and how, and where, those holdings are custodied is as material to shareholders as hashrate or energy costs, a dynamic explored in HOGE Wire’s comparison of Marathon and Riot’s diverging strategies. Beyond miners, a broader set of publicly traded companies have added bitcoin to their corporate treasuries in recent years, and each one faces the identical custody decision at a larger scale: self-custody with internal controls, a multisig treasury, or an outsourced qualified custodian, with the choice showing up in shareholder disclosures either way.

Custody questions have also followed capital into newer corners of the market. Liquid restaking, where users deposit staked ETH into protocols and receive a liquid receipt token in return, effectively stacks a custody layer on top of a custody layer: the restaking protocol’s smart contracts hold the underlying stake, and problems at that layer can cascade into DeFi positions built on top of the receipt token, a mechanism explained in more depth in HOGE Wire’s explainer on restaking risk. None of these products, ETFs, treasury holdings, or restaked derivatives, work without someone answering the basic custody question first: who actually holds the keys, and what happens if they fail.

Choosing a Custody Model: A Practical Framework

There is no universal answer, but the trade-offs cluster around a few practical questions. How large is the balance relative to what the holder can afford to lose entirely? How often does it need to move? Who else has a legitimate claim on the funds, or a legal duty to protect them? And how much operational discipline, multiple reviewers, hardware devices, withdrawal delays, can realistically be sustained over years rather than just at setup? Time horizon matters as much as balance size. A position meant to be held for a decade can tolerate the operational friction of cold storage or a qualified custodian’s onboarding process; a trading balance that needs to move daily cannot, which is why most serious holders end up splitting assets across more than one model rather than picking a single one for everything.

  • Small, frequently used balances: a reputable exchange or hot wallet is often a reasonable trade-off, provided the platform publishes credible proof of reserves and the holder accepts the counterparty risk that comes with it.
  • Long-term personal holdings: a hardware wallet, ideally with a tested backup and an inheritance plan, removes counterparty risk entirely but shifts all responsibility onto the holder.
  • Team or DAO treasuries: multisig remains the standard, but only when paired with clear signing tools, transaction simulation, and a signer threshold high enough that no two compromised or colluding signers can move funds alone.
  • Funds, RIAs, and fiduciaries: a qualified custodian is often a legal requirement rather than a preference, which makes charter type, insurance structure, and audit history the real due diligence questions.
  • High-volume institutional operations: MPC infrastructure or a hybrid model blending self-custody and third-party custody, the approach BitGo has marketed since its IPO, can balance operational speed against concentration risk.

Whichever model a holder chooses, the clearest lesson of 2026 so far is that the label attached to a custody arrangement, qualified, insured, regulated, cold, matters less than the verifiable operational reality behind it. Prime Trust was regulated. Bybit’s wallet was multisig. Zondacrypto had a cold wallet. All three still failed, for three completely different reasons.

Frequently Asked Questions

What’s the difference between custodial and non-custodial crypto wallets?

A non-custodial, or self-custody, wallet means the holder controls the private keys directly, whether through a hardware wallet, a software wallet, or a smart contract like a multisig, and no third party can freeze or move the funds without that holder’s signature. A custodial wallet, the kind used by exchanges such as Coinbase or Kraken, means a third party holds the private keys on the customer’s behalf, and the customer’s balance is really a claim recorded on the custodian’s internal ledger. Custodial setups trade some control for convenience, recovery options, and usually insurance; non-custodial setups trade convenience for full control and full responsibility.

What is a qualified custodian in crypto, and why does it matter?

In US securities law, a qualified custodian is an entity, traditionally a bank, registered broker-dealer, or futures commission merchant, that registered investment advisers are required to use when holding client funds and securities under the SEC’s Custody Rule. For years almost no institution offered crypto custody that clearly met that bar, which discouraged advisers from holding digital assets at all. That started changing after the SEC rescinded SAB 121 in January 2025 and the OCC clarified that national banks can custody crypto directly, and it widened further when the SEC allowed certain state-chartered trust companies to qualify in September 2025.

Is it safe to keep crypto on an exchange like Coinbase or Kraken?

It depends on the exchange’s practices, not just its size. Reputable exchanges publish third-party-reviewed proof of reserves, carry meaningful crime and specie insurance, and operate under a recognized charter or license, all of which reduce but do not eliminate risk, since a customer’s holdings remain a claim on the exchange rather than an asset the customer directly controls. The more cautious approach for larger or long-term balances is generally to withdraw to self-custody or a dedicated qualified custodian rather than leaving funds on any exchange indefinitely.

What’s the difference between a multisig wallet and an MPC wallet?

A multisig wallet uses a smart contract that requires a set threshold of independent private keys, such as 3-of-5, to sign a transaction, and that signer structure is visible on-chain. An MPC, or multi-party computation, wallet splits a single private key into cryptographic shares held by separate parties, which jointly compute a signature without ever reconstructing the full key anywhere, and the result looks like an ordinary single-signature address on-chain. Multisig is more transparent and independently verifiable; MPC is more flexible across chains and keeps the signer structure private, but both remain vulnerable if the interface a human uses to approve a transaction is compromised, which is what happened in the Bybit hack.

Does crypto custody insurance actually protect my funds?

Only within narrow limits. Institutional custody insurance, usually placed through the Lloyd’s of London market, typically covers theft from hacking or employee dishonesty affecting assets the custodian directly controls, up to a stated policy limit that is often far smaller than total assets under custody. It generally does not cover a custodian’s own insolvency, fraud, or mismanagement, which is what wiped out Prime Trust customers in 2023 regardless of the regulated and qualified custodian labels the firm carried at the time.

Written by the HOGE Wire markets desk.

Share 𝕏 Post Telegram