Skip to content
HOME / FOUNDATIONS / Crypto-native landscape / CH. X · PT 2
Crypto-native landscape

Wallets and custody


Everything a bank knows about account security assumes that the credential and the asset are different things: a compromised password is a bad day, not a loss event, because the bank's ledger, not the customer's login, is the record of who owns what. Public blockchains invert that. A wallet is not an account held with a provider; it is a cryptographic keypair, and whoever controls the private key controls the assets, with no operator empowered to reverse a transfer or restore lost access. Custody in this world is therefore not record-keeping. It is key management, and the entire institutional custody industry is a set of answers to one question: how do you hold a secret that is worth exactly as much as everything it protects?

Keys are the asset

A wallet consists of a private key (a large random number, kept secret) and a public key derived from it, which produces the address other parties send assets to. Signing a transaction with the private key is the only way to move what the address holds, and the chain will honour any correctly signed transaction, from anyone, instantly and permanently. There is no "contact the operator" path. Send to a mistyped address and the assets are gone; leak the key and an attacker's withdrawal is as valid as yours.

Most wallets derive all their keys from a seed phrase, a list of 12 or 24 ordinary English words that deterministically regenerates every keypair in the wallet. This is elegant for backup and brutal in its implications: the phrase is the estate. Anyone who reads those words, a photograph, a cloud note, a compromised printer, owns everything the wallet will ever hold. Institutional practice treats seed material the way a bank treats an HSM (hardware security module) master key, because functionally that is what it is.

One structural nuance worth knowing. The default account type on Ethereum is an EOA (externally owned account), a bare keypair with no logic attached. Smart-contract accounts wrap the account in programmable code, enabling things a bank actually wants: multiple signers, spending limits, recovery procedures, allow-listed counterparties. The industry direction of travel is towards smart accounts precisely because bare keypairs encode none of the controls a policy manual assumes.

Hot, cold, and the temperature spectrum

A hot wallet holds keys on an internet-connected system, which makes it fast and continuously exposed. A cold wallet keeps keys on hardware that never touches a network, which makes it safe and slow: moving assets can take hours and human ceremony. Every custody architecture is a placement decision along that spectrum, operational float in warm or hot tiers, reserves in cold, with governance rules on what moves between tiers and who approves it. If this sounds like vault cash versus nostro balances, that is the right instinct, with the caveat that a hot-wallet compromise settles with the finality described in the previous part.

MPC and the vendor landscape

The technology that made institutional custody credible is MPC (multi-party computation). Instead of one private key existing anywhere, the key is generated as several shares held by different parties or systems, and signatures are computed jointly without the full key ever being assembled, on any machine, at any moment. Compromising one share yields nothing, and shares can be distributed across data centres, jurisdictions, and organisations to match a governance policy. It is the cryptographic equivalent of a dual-control vault, except the vault never contains the whole combination.

The vendor landscape splits into technology providers and custodians. Fireblocks is the dominant infrastructure layer, selling MPC wallet technology, policy engines, and network connectivity that banks operate themselves. Coinbase Custody is the flagship third-party qualified custodian in the United States, holding client assets in segregated cold storage under a trust charter. Zodia, the Standard Chartered-incubated custodian, is the reference example of a bank-owned entrant built for institutional clients from the start. The build-versus-buy question is really a question about where key shares sit and whose balance sheet stands behind an operational failure.

The regulatory beat

Two developments frame what a bank can now do. In the United States, Staff Accounting Bulletin 121 (SAB 121) had required firms safeguarding crypto assets to recognise them on their own balance sheets as a liability with a corresponding asset, which made custody capital-prohibitive for banks. The SEC (US Securities and Exchange Commission) rescinded it via SAB 122 on 23 January 2025, moving safeguarding obligations to ordinary loss-contingency accounting and reopening balance-sheet-friendly bank custody.

Hong Kong is moving in the opposite direction on the same problem, towards explicit licensing rather than accounting relief. The FSTB (Financial Services and the Treasury Bureau) and the SFC (Securities and Futures Commission) consulted from June 2025 on a dedicated licensing regime for digital-asset custodians, covering cold-storage requirements, client-asset segregation, and insurance, and published conclusions in December 2025 with legislation targeted for 2026. The likely end state in most serious jurisdictions is custody as a licensed, supervised activity, which is familiar territory.

What to ask a custody vendor

A desk head evaluating vendors should get past the deck with a handful of questions. Where are key shares generated and stored, and can any single party, including the vendor, ever reconstruct a full key? What does the policy engine actually enforce at signing time (approval quorums, address allow-lists, velocity limits), and what can an administrator override? What happens in the vendor's insolvency: are assets bankruptcy-remote, in whose legal name, under which jurisdiction's regime? What is the disaster-recovery story if the vendor disappears entirely, and has key-share recovery ever been rehearsed rather than merely documented? Vendors comfortable with those questions in writing are the shortlist. The next part turns to where these assets actually trade.