As one expert recently recounted to me, cryptoassets are, at their core, a kind of digital bearer instrument, meaning the holder is presumed to be the rightful owner, and is entitled to any associated privileges. This in turn creates significant theft and regulatory challenges, and places enormous pressure on their safekeeping.
The world can ultimately be carved out into three different kinds of custodians of cryptoassets. On the one hand are what can be described as the non-custodial wallets—though I prefer to describe as ‘self-custody.’ These kinds of custodians sell their services to individuals who are themselves ultimately responsible for protecting their private keys.
Self-custody is in some ways most risky. If people are required to custody their own assets, then the level of protection afforded to any holder of cryptoassets will be reflected in that person’s sophistication—or ability to hire someone to make the proper decisions for holding the cryptoasset. This makes, in essence, the holder of an asset the weakest link in his or her own cybersecurity.
Then there are the infrastructure-based custodians. As their name implies, these kinds of entities operate as intermediaries where trading operations occur—like exchanges and clearinghouses. In order to help facilitate trades, exchange-based custodians will often keep their customers’ cryptoassets for their account—and in the process exercise exclusive access to the private keys of customer crypto assets.
Notably within even this category are two different kinds of models. Some exchange based custodians can be understood as ‘transactional,’ insofar as they intend to keep or ‘custody’ cryptoassets only as long as necessary in order to execute a particular function. Others, by contrast, offer custodial services of an indefinite duration. Under this model, customers ultimately are able to warehouse or park their cryptocurrencies for however long they wish, usually for a fee.
Third, and finally, are non-exchange, third-party custodians. These kinds of entities offer services geared towards holding and protecting the cryptoassets of individuals.
As sophisticated, technologically savvy entities, exchanges offer heightened protection when compared to self custody. But they are also much bigger targets. Indeed, if you keep your money with an exchange, you’re keeping it at an institution that hackers will try to infiltrate. It’s precisely because of this problem that I’ve heard some infrastructure-based custodians do not want to hold customer keys indefinitely, and when they do, it is solely for transactional purposes.
Finally, some third party custodians offer more sophisticated than self-custody solutions, and arguably less conflicted than exchanges since they often offer a range of services – including market making, exchange, and custody all in one. But very frequently they offer cold-wallet solutions that offer little liquidity for customers. Think of it as a heightened safety vs. illiquidity tradeoff.