The Office of the Comptroller of the Currency (OCC) announced in a letter that US national banks and federal savings associations are authorized to provide cryptocurrency custody services for customers.
This announcement will most likely have a positive impact in the adoption of cryptocurrencies by mainstream investors and savers, as it provides regulatory clarity to the institutional activity in the crypto industry.
However, the infrastructure and methodology required to custody cryptocurrencies is very different from the traditional asset custody. Banks are going to have to perform a technology leap to start offering custody to their customers, as digital asset custody introduces unique challenges.
One of the main differences with traditional custody, is that the main element in digital asset custody is a private key used for signing transactions, instead of the digital asset itself. The digital assets are merely records available in a public blockchain.
A private key is a piece of random cryptographic text that allows the owner to sign cryptocurrency transactions that are published to the blockchain. In this sense, the private keys are the equivalent of the digital assets. If a malicious party gains access to the private keys by any means, they will be able to sign transactions on behalf of the cryptocurrency owner or custodian. Therefore, they are the critical piece of information that must be custodied.
Another essential difference is that, due to the nature of the blockchain infrastructure that supports cryptocurrency, transactions cannot be reversed once published to the blockchain, even if they are fraudulent or known to have been obtained illicitly. This fact makes the custody process even more critical.
Institutional private key custody is not a new problem and vendors like CYBAVO have been developing cryptocurrency custody solutions to safely protect the private keys from potential threats, from physical loss to cyber thefts performed by hackers.
Some lessons have been learnt from previous attacks that have successfully stolen private keys from large companies like cryptocurrency exchanges and other institutions.
One of these key points is that any potential single point of failure must be eliminated from the custody system. Information must be stored securely also in a resilient way. A multiple level authorization process should be defined for the keys usage. Some approaches like MPC technology remove the single point of failure by eliminating the entire private key as a single entity, dividing it into different shares held by different independent parties.
Besides that, strong policy enforcement must be in place to ensure that the usage of the digital assets strictly reflects the custodian or the customers’ expected behavior.
Digital asset custody solutions should also be ready to fulfill the strict compliance requirements in terms of information access, transparency and control to which financial institutions are subject.
CYBAVO’s experience in institutional custody can help to tackle the challenges banks and other financial institutions will face building the infrastructure to provide digital asset custody to their customers.