Institutional Crypto Custody
Custody is where venues and issuers most often underinvest until it is too late. The difference between a hot-wallet incident and a non-event is operational architecture decided years earlier.
- Custody models
- Self · MPC · Qualified
- Insurance market
- Lloyd's + specialty syndicates
- Typical cold ratio
- 85–97% of balances
- Audit cadence
- SOC 2 Type II annual
Choosing between MPC and qualified custody
MPC gives operational control and key-distribution flexibility. A qualified custodian gives third-party segregation and easier institutional onboarding. Many venues now run both, with policy-based routing between them.
Hot/cold architecture for an active book
An active venue cannot run 100% cold. The discipline is automated, policy-bounded sweeps that keep the hot tier minimal during quiet hours and surge-capable during peak — without manual approval becoming the bottleneck.
Insurance and audit posture
Insurance is meaningful when the policy actually matches the operational reality: covered chains, covered key-compromise scenarios, and reasonable sub-limits. SOC 2 Type II audits should be annual, not a one-off marketing artefact.
Should a venue self-custody or use a third-party qualified custodian?
Most regulated venues end up with a hybrid: third-party custody for client segregated balances, in-house MPC for operational hot/warm tiers under strict policy controls.
Is crypto insurance worth the premium?
Only if the policy is read carefully. Many policies exclude the precise failure modes that actually occur. We review wordings against real incident patterns before recommending a programme.
Skip the reading — book a 30-minute call.
If this guide maps to a live decision — a listing, a market-making panel, a custody build, a jurisdiction choice — get a partner on the line. Direct, confidential, no pitch deck.