Assessing Risk in Bitcoin Custody
Swan encourages our clients to withdraw their Bitcoin to self-custody by offering free and automatic withdrawals.
Editor’s Note, May 30, 2023: Swan is in the process of adding two new Qualified Custodians, Fortress Trust, and BitGo Trust Company. We have also moved most functions away from Prime Trust. We continue to believe that using a Qualified Custodian and withdrawing into self-custody is the best framework to minimize custody, bankruptcy, and regulatory risk.
With the recent fallout from the bankruptcy filings of the world’s second-largest crypto exchange, yield products, lenders, stablecoin schemes, and crypto brokers, it is time to take a step back and understand the risks of letting someone else hold your Bitcoin. In this article, we will examine risk across the general landscape of Bitcoin custodians.
For Bitcoiners, self-custody of your Bitcoin is the best and least risky path. However, it is also true that, in most cases, the only way to acquire Bitcoin regularly or in size is to do so through an online service of some type. This necessitates taking some risk for the duration of the exchange process, even if your counterparty is another person. Furthermore, some use cases may require the use of a custodian on an ongoing basis due to specific regulations, such as using a qualified custodian for registered investment advisors, IRA accounts, and other entities that may be required to avoid self-custody.
We identify four broad categories of Bitcoin custodians:
Exchanges and Brokerages. This includes both casino-like exchanges like FTX and Binance, where practically anything gets listed and can be bet on, as well as bitcoin-focused broker apps.
Qualified Custodians. These companies meet the SEC’s Custody Rule criteria (206(4)-2 of the Advisers Act), which gives customers an enhanced level of protection from misuse or misappropriation. These companies tend to operate under state-level trust company regulations, including Prime Trust and BitGo.
Self-Custody, including single-sig, multi-sig, or collaborative custody with the assistance of a trusted third party for one or more of your keys.
We identify three broad categories of risk:
Custody Risk. This covers the risk of theft or loss of private keys due to mismanagement.
Bankruptcy Risk. This covers the likelihood of the counterparty going bankrupt, the likelihood that customer assets are earmarked and present at the time of bankruptcy, the complexity and expediency of bankruptcy proceedings, and the likelihood that the court will ensure depositors are made whole before other creditors.
Regulatory Risk. This covers state action against the custodian ranging from losing some or all of their business, being forced to shut down entirely, or assets in custody being frozen by the state.
Below is a risk summary matrix. We’ll look into the specific categories and how to choose a custodian.
Let’s start with the obvious. Your keys, your coins. Not your keys, not your coins. If you send Bitcoin elsewhere, there is no guarantee that you will ever get it back. Nobody can offer this guarantee because the Bitcoin blockchain only recognizes private key ownership. That means that the return of transferred Bitcoin to any third party, even if under a legal written contract to return your Bitcoin, cannot be enforced on the blockchain. Please see our article on the Best Bitcoin wallets of 2023 to find an appropriate self-custody solution.
When it comes to real-world property rights, those are enforced by laws and courts. Putting your Bitcoin somewhere other than your own custody has risks. When you use a third-party service, even if you are using them to withdraw to self-custody immediately, your best bet is to find a service that is transparent with these risks, operates under a robust regulatory framework in a jurisdiction with strong property rights and rule of law, uses sound technology and business practices to secure it, and minimizes your time in custody if possible.
Next, we’ll examine risk categories and how they may play out in real life.
We will begin with the most obvious and highest risk category:
These platforms are marketed as providing “yield” or returns on your investment. Such platforms generally have complete discretion over your Bitcoin. They may send it to another third party, which itself may lend it to any other parties. They may lock it up in some other blockchain to engage in “DeFi yield farming, ” and this blockchain may have a bug or get hacked. They may park it with another fund that blows up. There are no returns without risk, and we believe the risk in most investment platforms is grossly underpriced. In other words, getting paid 6% for sending someone your bitcoin, never to see it again, seems like a pretty bad trade for the world’s fastest-growing asset class.
Bitcoiners have warned about this for years, yet it took a few recent disasters to drive the point home. At this stage in its development, Bitcoin is best thought of as long-term savings. Yes, it will be volatile, but if you’re reading this, you likely agree with our view that Bitcoin’s purchasing power will rise over time.
Setting aside investments, any agreement to swap fiat for Bitcoin will likely involve a step during which your fiat money sits with a counterparty before you receive the Bitcoin. This is where exchanges, brokerages, and qualified custodians come in.
During this step, the Bitcoin keys are held by the custodian. Because Bitcoin is not FDIC or SIPC insured, you have no backstop if your custodian loses your Bitcoin. You likely also have no legal recourse, as you will typically sign a disclaimer with the understanding that there are no government backstops for digital assets.
Exchanges are places where buyers and sellers meet to trade Bitcoin for assets like digital dollars and altcoins, most of which are scams that eventually collapse in price. Brokerages are like exchanges, though they typically sell you their own Bitcoin outside of a traditional order book. Exchanges and brokerages may vary widely in how they treat customer assets. Some exchanges may keep customer assets segregated from their own assets under some regulatory framework. It is likely that most exchanges, especially those domiciled outside the US, do not follow such asset segregation policies. The recent collapse of FTX drives that point home. Furthermore, exchanges may be very complex from a technical standpoint. The more functions an exchange performs (trading, staking, leverage, derivatives, etc.), the higher its surface area for security weaknesses or buggy code, and the more likely it is to be exploited and have your funds stolen.
Qualified Custodians are specialized entities that do not broadly perform the function of exchanges. They have a small attack surface because they specialize in custody services. They do not directly interact with end users, which means the surface area for social engineering attacks is significantly reduced. Finally, they operate under regulations that are often more strict than banks. For example, Nevada trust companies must maintain legal segregation between customer assets and their own under NRS 669. Qualified custodians spend a large portion of their budget on security and compliance. They do not have other “distracting” business lines like exchanges do.
Finally, we must touch upon the risks of self-custody. While we continue to recommend self-custody as the north star for every Bitcoiner, we must also understand that it is not without risk. Private keys for self-custody must be secured from theft, damage, and loss. Should the need arise, loved ones must be left with instructions and training on recovery. That said, we are excited to support and develop a growing segment of collaborative custody products, which we believe will offer a path to getting assistance securing a backup key.
Following the spectacular collapse of many cryptocurrency funds, exchanges, and investment platforms in 2022, the risk of bankruptcy should be evaluated carefully.
As before, platforms that offer returns are the ones that have the highest risk. Bitcoin and crypto investment funds will freely lend, rehypothecate, and lock your coins in various investment schemes and other blockchain protocols full of security holes. The cryptocurrency space is rife with mispriced risks and trades that seem to magically generate money for free for six months before ultimately blowing up. Remember, there is a finite number of Bitcoin in the world, making consistent Bitcoin-denominated yield generation on a long-time scale effectively impossible.
Many strategies in 2021 were based on games of arbitrage, where traders would find exploitable holes in various DeFi platforms or between the real world and the digital world with products like GBTC (Grayscale Bitcoin Trust), where traders hoped to capitalize on the price difference between a fund that was not redeemable for Bitcoin and actual Bitcoin. These strategies turned out to be completely unsound and led to the collapse of the parties that engaged in them. The bankruptcy risk for any scheme purporting to generate yield on Bitcoin is exceptionally high — approaching near-certainty. When these inevitable collapses happen, there is also almost no chance you’ll ever get your money back.
While an exchange or broker may not take the kind of risks that investment platforms and yield generators do, they may, in fact, have some operations that expose them to unnecessary risk beyond the risk of holding your coins correctly. Some exchanges may run lending and leverage operations, which may be affected by market volatility. Some have grown by leveraging themselves on self-printed tokens, such as in the cases of FTX and Celsius. Many exchanges do not operate in a regulatory structure that requires them to segregate customer funds, especially in non-US jurisdictions. Given the complexity of most major exchanges' operations, a bankruptcy court would likely take longer to distribute customer assets, should such a distribution even be possible.
A Qualified Custodian business tends to be dramatically simpler. Because they only engage in a few simple activities, such as digital asset custody and possibly connecting with trading desks and traditional banks, a qualified custodian has a relatively low risk of bankruptcy. They do not engage with or market to retail customers, are not generally affected by market moves in cryptocurrency, do not borrow/lend/take on leverage, and generate fees from basic services such as custody, API access, and financial rails. In a market downturn, such a business could likely downsize and weather the storm. In the case of bankruptcy proceedings, due to the robust regulatory framework that requires the custodian to maintain segregation of customer assets, the customers may be reasonably sure to get their investments back in whole and quickly.
Note: That since no qualified custodians that custody of digital assets have gone bankrupt — until such a case is tested in court with digital assets, this statement is speculative. This statement is speculative until such a case is tested in court with digital assets. However, there is good reason to believe it is true based on how to trust companies are structured.
The government is out to get cryptocurrency companies. The alarm bells have been sounding in 2022 following the alleged fraud perpetrated by FTX and gross mismanagement of assets and risk by others. The more risky the behavior of your counterparty, the more likely it is to get shut down by the government. A complete shutdown isn’t needed for you to be impacted. For example, the state may order operations to be frozen and funds to be withheld.
Investment Platforms are obviously the highest risk and target for the government. Following the collapse of BlockFi, many questions will be raised about how risk should be disclosed to customers and what responsibility such platforms have to their clients. Only send money to a yield-generating platform if you understand that you are at risk of a total and complete loss.
Most exchanges can be seen as casinos that promote speculating or betting on what is likely to be unregistered securities. As the SEC begins to crack down on this behavior, many exchanges may (likely) find it necessary to delist the vast majority of their coins. This will, in turn, drive revenue to zero and wipe out their whole reason for being, leading to the possibility of having to wind down their business.
Qualified Custodians with state-level licensing have minimal exposure to government regulation. The biggest threat here is state-level regulations that may impede the functioning of trust companies that custody Bitcoin. We expect such laws to resolve over time, as jurisdictions that are friendly to trust companies will attract all business.
If you do decide that you require the services of a custodian or trading counterparty, even if it’s just for the short duration of exchanging dollars for Bitcoin, here are the things to look for.
Clear terms of service that indicate that you alone are the owner of the Bitcoin you are purchasing and storing with the custodian. If you see terms that indicate that the counterparty has ownership or is free to do what they want with your coins, avoid the service at all cost.
A well-understood and tested regulatory framework designed with safeguarding customer assets as its first priority. Trust company structures and other structures that clearly indicate segregation of customer assets and that the company cannot rehypothecate your assets are ideal.
Operation in a jurisdiction with a strong history of property right enforcement and rule of law. The US has a strong rule of law environment with courts that generally do a good job of enforcing property rights.
A large security and compliance budget. All things being equal, companies that focus almost exclusively on custody are going to devote more of their resources to security than companies that have many competing business lines. Look for well-funded and mature operations.
Battle-tested technology securing the storage of Bitcoin keys. Common technology for Bitcoin custody includes cold (offline) keys or MPC technology that avoids keeping a constituted private key online.
Security and procedural audits, including Soc 2 Type II reports that indicate that the company has a mature internal controls framework and is following it.
A mature and experienced management team that has demonstrated diligence and prudence in operations.
Incentive-aligned business models. Some companies like exchanges and investment schemes want to hold your coins to invest them or have you actively trade them. Others encourage self-custody and do not make money when holding your coins because they cannot rehypothecate or lend them.
The risk of losing Bitcoin to custodians varies massively. Those that offer yield and are in questionable jurisdictions represent an extremely high degree of risk, as has been demonstrated numerous times. Those utilizing qualified custodians and operating in jurisdictions with strong property rights have thus far not betrayed the trust put in them. Of course, taking self-custody eliminates placing trust in others altogether. Still, it comes with the responsibility of not losing or disclosing the keys to your coins.
At Swan, we have chosen a Nevada chartered trust company under NRS 669, as our partner for qualified custody because we believe they are the best at ticking the boxes we have laid out above. Swan establishes a direct relationship between our clients and custodian, the client’s qualified custodian. Clients enter into this agreement when they sign up for Swan and make an informed decision about the risks of third-party custody.
To further protect our clients from risks, Swan cannot disburse customer assets without the customer’s direct authorization. This is why when Swan customers withdraw their investments, they get an email confirmation directly to their inbox. Should Swan become unavailable or compromised, the client’s direct relationship with our custodian will offer their assets the highest degree of protection.
Bitcoin at our custodian is secured using a geo-distributed quorum of MPC (multi-party computation) wallets. This technology does not keep a key online that can be stolen, lost, or hacked. Instead, an attacker would have to compromise a large percentage of the human/device quorum across a large geographical area in real-time. The time they have to perform such an attack is limited, as the key shares are rotated frequently.
Our custodial management team is experienced, risk-averse, and comes from the world of banking and traditional asset custody. The team spends large amounts of its time and budget on security, controls, and compliance to ensure safe operation.
Swan encourages our clients to withdraw their Bitcoin to self-custody by offering free and automatic withdrawals. A majority of the Bitcoin on our platform is withdrawn, providing an ongoing demonstration that the Bitcoin purchased on our platform actually exists on-chain.
Click here to watch a FREE webinar teaching self-custody led by Stephan Livera. Learn why self-custody is an integral part of your Bitcoin journey, how it works, and how Swan makes it easy for you.
Clients who purchase Bitcoin using wires or direct deposit (push ACH) can withdraw coins within 24 hours of the purchase time. This lag is required to settle larger trades. For customers using ACH pull, additional lock times are designed to protect Swan from ACH reversals. These times range from 10-30 days but are actively being reduced through risk-based work. Customers purchasing large amounts of Bitcoin are encouraged to use wires to avoid such a lock time or may contact customer support to receive an early unlock.
Finally, we choose a custodian because they have a simple business model that is incentive aligned, where Swan pays for the services they provide. We do not make money when we keep customer coins in custody, so there is no incentive for us to pressure customers to do so. Our business model is also simple, with most of our revenue generated from simple fiat to Bitcoin transactions, aligning our incentives with our clients — convert as much fiat to Bitcoin as possible, and take it into self-custody.
As for the movement toward “proof of reserves, ” this may be a misguided effort because it is impossible to demonstrate liabilities in real-time, making such a proof misleading at best and causing false complacency. If the qualified custodian does not have every digital asset they claim to have, they are acting fraudulently in violation of their regulatory framework. If you believe a custodian is committing fraud, then they could just as easily commit fraud by showing false proof of reserve attestation by hiding their liabilities or by borrowing the reserves off-chain.
There are two ways to enforce property rights in Bitcoin. You can either withdraw your Bitcoin to self-custody or delegate property rights enforcement to the state through a system of laws and courts. If you must leave your Bitcoin in custody, the best option is to pick a custodian that you believe is not fraudulent and is operating with a robust regulatory framework, and has demonstrated maturity and risk aversion, similar to how you would pick a traditional fiat bank.
Our determination is that a qualified custodian offers the best combination of risk factors for a qualified custodian for our clients. Still, the relationship with this custodian is at the customer’s discretion. Each customer should weigh the risks of storing coins at a custodian against the dangers of self-custody, as appropriate.
Sign up to start saving Bitcoin
Buy automatically every day, week, or month, starting with as little as $10.
Yan Pritzker is the co-founder and CTO of Swan Bitcoin, the best place to buy Bitcoin with easy recurring purchases straight from your bank account. Yan is also the author of Inventing Bitcoin, a quick guide to why Bitcoin was invented and how it works.
More from Swan Signal Blog
Thoughts on Bitcoin from the Swan team and friends.