Assessing Risk in Bitcoin Custody

Editor’s Note, May 30, 2023: Swan is in the process of adding two new Qualified Custodians, Fortress Trust, and BitGo Trust Company. We have also moved most functions away from Prime Trust. We continue to believe that using a Qualified Custodian and withdrawing into self-custody is the best framework to minimize custody, bankruptcy, and regulatory risk.

With the recent fallout from the bankruptcy filings of the world’s second-largest crypto exchange, yield products, lenders, stablecoin schemes, and crypto brokers, it is time to take a step back and understand the risks of letting someone else hold your Bitcoin. In this article, we will examine risk across the general landscape of Bitcoin custodians.

For Bitcoiners, self-custody of your Bitcoin is the best and least risky path. However, it is also true that, in most cases, the only way to acquire Bitcoin regularly or in size is to do so through an online service of some type. This necessitates taking some risk for the duration of the exchange process, even if your counterparty is another person. Furthermore, some use cases may require the use of a custodian on an ongoing basis due to specific regulations, such as using a qualified custodian for registered investment advisors, IRA accounts, and other entities that may be required to avoid self-custody.

We identify four broad categories of Bitcoin custodians: 

We identify three broad categories of risk:

Below is a risk summary matrix. We’ll look into the specific categories and how to choose a custodian.

Let’s start with the obvious. Your keys, your coins. Not your keys, not your coins. If you send Bitcoin elsewhere, there is no guarantee that you will ever get it back. Nobody can offer this guarantee because the Bitcoin blockchain only recognizes private key ownership. That means that the return of transferred Bitcoin to any third party, even if under a legal written contract to return your Bitcoin, cannot be enforced on the blockchain. Please see our article on the Best Bitcoin wallets of 2023 to find an appropriate self-custody solution.

When it comes to real-world property rights, those are enforced by laws and courts. Putting your Bitcoin somewhere other than your own custody has risks. When you use a third-party service, even if you are using them to withdraw to self-custody immediately, your best bet is to find a service that is transparent with these risks, operates under a robust regulatory framework in a jurisdiction with strong property rights and rule of law, uses sound technology and business practices to secure it, and minimizes your time in custody if possible.

Next, we’ll examine risk categories and how they may play out in real life.

We will begin with the most obvious and highest risk category:

These platforms are marketed as providing “yield” or returns on your investment. Such platforms generally have complete discretion over your Bitcoin. They may send it to another third party, which itself may lend it to any other parties. They may lock it up in some other blockchain to engage in “DeFi yield farming, ” and this blockchain may have a bug or get hacked. They may park it with another fund that blows up. There are no returns without risk, and we believe the risk in most investment platforms is grossly underpriced. In other words, getting paid 6% for sending someone your bitcoin, never to see it again, seems like a pretty bad trade for the world’s fastest-growing asset class.

Bitcoiners have warned about this for years, yet it took a few recent disasters to drive the point home. At this stage in its development, Bitcoin is best thought of as long-term savings. Yes, it will be volatile, but if you’re reading this, you likely agree with our view that Bitcoin’s purchasing power will rise over time.

Setting aside investments, any agreement to swap fiat for Bitcoin will likely involve a step during which your fiat money sits with a counterparty before you receive the Bitcoin. This is where exchanges, brokerages, and qualified custodians come in.

During this step, the Bitcoin keys are held by the custodian. Because Bitcoin is not FDIC or SIPC insured, you have no backstop if your custodian loses your Bitcoin. You likely also have no legal recourse, as you will typically sign a disclaimer with the understanding that there are no government backstops for digital assets.

Exchanges are places where buyers and sellers meet to trade Bitcoin for assets like digital dollars and altcoins, most of which are scams that eventually collapse in price. Brokerages are like exchanges, though they typically sell you their own Bitcoin outside of a traditional order book. Exchanges and brokerages may vary widely in how they treat customer assets. Some exchanges may keep customer assets segregated from their own assets under some regulatory framework. It is likely that most exchanges, especially those domiciled outside the US, do not follow such asset segregation policies. The recent collapse of FTX drives that point home. Furthermore, exchanges may be very complex from a technical standpoint. The more functions an exchange performs (trading, staking, leverage, derivatives, etc.), the higher its surface area for security weaknesses or buggy code, and the more likely it is to be exploited and have your funds stolen.

Qualified Custodians are specialized entities that do not broadly perform the function of exchanges. They have a small attack surface because they specialize in custody services. They do not directly interact with end users, which means the surface area for social engineering attacks is significantly reduced. Finally, they operate under regulations that are often more strict than banks. For example, Nevada trust companies must maintain legal segregation between customer assets and their own under NRS 669. Qualified custodians spend a large portion of their budget on security and compliance. They do not have other “distracting” business lines like exchanges do.

Finally, we must touch upon the risks of self-custody. While we continue to recommend self-custody as the north star for every Bitcoiner, we must also understand that it is not without risk. Private keys for self-custody must be secured from theft, damage, and loss. Should the need arise, loved ones must be left with instructions and training on recovery. That said, we are excited to support and develop a growing segment of collaborative custody products, which we believe will offer a path to getting assistance securing a backup key. 

Following the spectacular collapse of many cryptocurrency funds, exchanges, and investment platforms in 2022, the risk of bankruptcy should be evaluated carefully. 

As before, platforms that offer returns are the ones that have the highest risk. Bitcoin and crypto investment funds will freely lend, rehypothecate, and lock your coins in various investment schemes and other blockchain protocols full of security holes. The cryptocurrency space is rife with mispriced risks and trades that seem to magically generate money for free for six months before ultimately blowing up. Remember, there is a finite number of Bitcoin in the world, making consistent Bitcoin-denominated yield generation on a long-time scale effectively impossible.

Many strategies in 2021 were based on games of arbitrage, where traders would find exploitable holes in various DeFi platforms or between the real world and the digital world with products like GBTC (Grayscale Bitcoin Trust), where traders hoped to capitalize on the price difference between a fund that was not redeemable for Bitcoin and actual Bitcoin. These strategies turned out to be completely unsound and led to the collapse of the parties that engaged in them. The bankruptcy risk for any scheme purporting to generate yield on Bitcoin is exceptionally high — approaching near-certainty. When these inevitable collapses happen, there is also almost no chance you’ll ever get your money back.

While an exchange or broker may not take the kind of risks that investment platforms and yield generators do, they may, in fact, have some operations that expose them to unnecessary risk beyond the risk of holding your coins correctly. Some exchanges may run lending and leverage operations, which may be affected by market volatility. Some have grown by leveraging themselves on self-printed tokens, such as in the cases of FTX and Celsius. Many exchanges do not operate in a regulatory structure that requires them to segregate customer funds, especially in non-US jurisdictions. Given the complexity of most major exchanges' operations, a bankruptcy court would likely take longer to distribute customer assets, should such a distribution even be possible.

A Qualified Custodian business tends to be dramatically simpler. Because they only engage in a few simple activities, such as digital asset custody and possibly connecting with trading desks and traditional banks, a qualified custodian has a relatively low risk of bankruptcy. They do not engage with or market to retail customers, are not generally affected by market moves in cryptocurrency, do not borrow/lend/take on leverage, and generate fees from basic services such as custody, API access, and financial rails. In a market downturn, such a business could likely downsize and weather the storm. In the case of bankruptcy proceedings, due to the robust regulatory framework that requires the custodian to maintain segregation of customer assets, the customers may be reasonably sure to get their investments back in whole and quickly.

Note: That since no qualified custodians that custody of digital assets have gone bankrupt — until such a case is tested in court with digital assets, this statement is speculative. This statement is speculative until such a case is tested in court with digital assets. However, there is good reason to believe it is true based on how to trust companies are structured.

The government is out to get cryptocurrency companies. The alarm bells have been sounding in 2022 following the alleged fraud perpetrated by FTX and gross mismanagement of assets and risk by others. The more risky the behavior of your counterparty, the more likely it is to get shut down by the government. A complete shutdown isn’t needed for you to be impacted. For example, the state may order operations to be frozen and funds to be withheld.

Investment Platforms are obviously the highest risk and target for the government. Following the collapse of BlockFi, many questions will be raised about how risk should be disclosed to customers and what responsibility such platforms have to their clients. Only send money to a yield-generating platform if you understand that you are at risk of a total and complete loss.

Most exchanges can be seen as casinos that promote speculating or betting on what is likely to be unregistered securities. As the SEC begins to crack down on this behavior, many exchanges may (likely) find it necessary to delist the vast majority of their coins. This will, in turn, drive revenue to zero and wipe out their whole reason for being, leading to the possibility of having to wind down their business. 

Qualified Custodians with state-level licensing have minimal exposure to government regulation. The biggest threat here is state-level regulations that may impede the functioning of trust companies that custody Bitcoin. We expect such laws to resolve over time, as jurisdictions that are friendly to trust companies will attract all business.

If you do decide that you require the services of a custodian or trading counterparty, even if it’s just for the short duration of exchanging dollars for Bitcoin, here are the things to look for.

The risk of losing Bitcoin to custodians varies massively. Those that offer yield and are in questionable jurisdictions represent an extremely high degree of risk, as has been demonstrated numerous times. Those utilizing qualified custodians and operating in jurisdictions with strong property rights have thus far not betrayed the trust put in them. Of course, taking self-custody eliminates placing trust in others altogether. Still, it comes with the responsibility of not losing or disclosing the keys to your coins. 

At Swan, we have chosen a Nevada chartered trust company under NRS 669, as our partner for qualified custody because we believe they are the best at ticking the boxes we have laid out above. Swan establishes a direct relationship between our clients and custodian, the client’s qualified custodian. Clients enter into this agreement when they sign up for Swan and make an informed decision about the risks of third-party custody.

To further protect our clients from risks, Swan cannot disburse customer assets without the customer’s direct authorization. This is why when Swan customers withdraw their investments, they get an email confirmation directly to their inbox. Should Swan become unavailable or compromised, the client’s direct relationship with our custodian will offer their assets the highest degree of protection.

Bitcoin at our custodian is secured using a geo-distributed quorum of MPC (multi-party computation) wallets. This technology does not keep a key online that can be stolen, lost, or hacked. Instead, an attacker would have to compromise a large percentage of the human/device quorum across a large geographical area in real-time. The time they have to perform such an attack is limited, as the key shares are rotated frequently. 

Our custodial management team is experienced, risk-averse, and comes from the world of banking and traditional asset custody. The team spends large amounts of its time and budget on security, controls, and compliance to ensure safe operation.

Swan encourages our clients to withdraw their Bitcoin to self-custody by offering free and automatic withdrawals. A majority of the Bitcoin on our platform is withdrawn, providing an ongoing demonstration that the Bitcoin purchased on our platform actually exists on-chain. 

Click here to watch a FREE webinar teaching self-custody led by Stephan Livera. Learn why self-custody is an integral part of your Bitcoin journey, how it works, and how Swan makes it easy for you.

Clients who purchase Bitcoin using wires or direct deposit (push ACH) can withdraw coins within 24 hours of the purchase time. This lag is required to settle larger trades. For customers using ACH pull, additional lock times are designed to protect Swan from ACH reversals. These times range from 10-30 days but are actively being reduced through risk-based work. Customers purchasing large amounts of Bitcoin are encouraged to use wires to avoid such a lock time or may contact customer support to receive an early unlock.

Finally, we choose a custodian because they have a simple business model that is incentive aligned, where Swan pays for the services they provide. We do not make money when we keep customer coins in custody, so there is no incentive for us to pressure customers to do so. Our business model is also simple, with most of our revenue generated from simple fiat to Bitcoin transactions, aligning our incentives with our clients — convert as much fiat to Bitcoin as possible, and take it into self-custody.

As for the movement toward “proof of reserves, ” this may be a misguided effort because it is impossible to demonstrate liabilities in real-time, making such a proof misleading at best and causing false complacency. If the qualified custodian does not have every digital asset they claim to have, they are acting fraudulently in violation of their regulatory framework. If you believe a custodian is committing fraud, then they could just as easily commit fraud by showing false proof of reserve attestation by hiding their liabilities or by borrowing the reserves off-chain. 

There are two ways to enforce property rights in Bitcoin. You can either withdraw your Bitcoin to self-custody or delegate property rights enforcement to the state through a system of laws and courts. If you must leave your Bitcoin in custody, the best option is to pick a custodian that you believe is not fraudulent and is operating with a robust regulatory framework, and has demonstrated maturity and risk aversion, similar to how you would pick a traditional fiat bank.

Our determination is that a qualified custodian offers the best combination of risk factors for a qualified custodian for our clients. Still, the relationship with this custodian is at the customer’s discretion. Each customer should weigh the risks of storing coins at a custodian against the dangers of self-custody, as appropriate.