Custody Rules

This principle defines who holds the cryptographic keys and the process for authorizing transactions. Self-custody grants a single user full control via a private key, while multi-party computation (MPC) or multi-signature (multisig) schemes distribute signing authority.

• Single-signature wallets are simple but create a single point of failure.
• Multisig wallets (e.g., 2-of-3) require multiple approvals, enhancing security for treasuries.
• MPC splits a single private key into shares, allowing for collaborative signing without exposing the full key.

Rules that specify which addresses or entities are permitted to initiate or approve specific actions. This is the policy layer of custody, often implemented via smart contracts or institutional wallet software.

• Whitelists: Restrict withdrawals to pre-approved destination addresses.
• Spending Limits: Impose daily or per-transaction caps on asset movement.
• Role-Based Access: Define distinct permissions for administrators, approvers, and viewers within an organization.

Rules that enforce mandatory waiting periods between transaction initiation and execution. This is a critical security mechanism to detect and prevent unauthorized transfers.

• A timelock on a vault smart contract might require a 48-hour delay for large withdrawals.
• This delay allows human oversight to intervene, cancel suspicious transactions, or investigate potential compromises.
• Timelocks are a foundational feature of decentralized autonomous organization (DAO) treasuries and institutional custody solutions.

Pre-defined procedures for regaining access to assets if primary keys are lost, or for transferring control upon a specified event. This addresses the custodial dilemma between security and accessibility.

• Social Recovery: Designated guardians can collectively help a user reset access.
• Inheritance Wills: Smart contracts can transfer assets to a beneficiary after a verifiable event or time delay.
• Hardware Security Module (HSM) secret sharing: Fragments of recovery keys are distributed among trusted entities.

The distinction between where custody logic is executed and validated. On-chain rules are immutable and transparent, enforced by smart contract code. Off-chain rules are managed by traditional software and legal agreements.

• On-Chain Example: A Gnosis Safe multisig wallet's transaction approval logic is executed on the Ethereum Virtual Machine.
• Off-Chain Example: An exchange's internal compliance engine blocking a withdrawal based on a risk score.
• Hybrid approaches are common, where off-chain policy engines trigger on-chain transactions.

The principle that custody rule configurations and all related actions should be verifiable. For on-chain systems, this is inherent via the public ledger. For off-chain systems, it requires deliberate design.

• On-chain audit trails provide immutable proof of all policy changes and transaction approvals.
• Proof of Reserves protocols allow custodians to cryptographically verify they hold client assets without revealing all positions.
• Transparency in rule sets builds trust with users and regulators by making security assumptions explicit.

Traditional custody is governed by established bodies like the SEC (for securities) and banking regulators, with clear rules for qualified custodians under regulations like the Investment Advisers Act of 1940. Digital asset custody operates in an evolving landscape, with recent guidance (e.g., SEC's SAB 121) creating new accounting and disclosure requirements, while state-level trust charters provide some regulatory clarity for crypto custodians.

This is the core technical distinction. In traditional custody, a bank or broker holds legal title and physical/electronic control. For digital assets, custody is defined by who controls the private keys required to sign transactions on the blockchain.

• Custodial: A third-party service holds the keys.
• Non-Custodial (Self-Custody): The end-user retains exclusive key control, often via a hardware wallet or seed phrase.

Traditional settlement relies on centralized intermediaries (e.g., DTCC) and can take days (T+2). Digital asset transfer occurs peer-to-peer on the blockchain network. Settlement is near-instant and final, but irreversible. The custodian's role shifts from managing ledger entries to securely broadcasting signed transactions to the network.

Traditional audits (e.g., by accounting firms) verify custody statements against internal ledgers. For digital assets, Proof of Reserves (PoR) has emerged as a critical standard. Using cryptographic techniques like Merkle trees, custodians can prove they hold client assets without revealing individual balances, enhancing transparency and trust in a trust-minimized environment.

Traditional bank deposits are protected by government insurance (e.g., FDIC up to $250k). Digital asset custodians typically use a combination of:

• Commercial crime insurance for theft.
• Cold storage for the majority of assets.
• Multi-party computation (MPC) or multi-signature wallets to eliminate single points of failure. Coverage is private and rarely matches total assets under custody.

Traditional custody risks are largely operational (human error, internal fraud) and mitigated by internal controls. Digital asset custody introduces unique technological risks:

• Key management flaws (loss, theft).
• Smart contract vulnerabilities in decentralized protocols.
• Blockchain network risks (consensus failures). Mitigation requires deep cryptographic expertise and robust security engineering.

A Qualified Custodian is a regulated entity (e.g., bank, trust company, broker-dealer) legally permitted to hold client assets. Key attributes include:

• Regulatory Oversight: Chartered and examined by a state, federal, or other competent authority.
• Segregation & Accounting: Must maintain separate ledgers for each client and provide regular statements.
• Internal Controls: Robust operational procedures to prevent loss, theft, or misuse of assets.
• Independent Verification: Often requires an annual surprise examination by a public accountant (e.g., under Rule 206(4)-2 for investment advisers). The debate continues over which crypto-native entities qualify.

Proof of Reserves (PoR) is a cryptographic auditing method used by custodians and exchanges to demonstrate they hold sufficient assets to cover client liabilities. Key mechanisms include:

• Merkle Tree Proofs: Clients can cryptographically verify their balance is included in the total claimed holdings without revealing other balances.
• On-Chain Attestation: Publicly verifiable blockchain transactions show custody addresses and total holdings.
• Third-Party Attestations: Auditors (not full financial audits) verify the procedures and data.
• Liabilities vs. Assets: Advanced PoR also attempts to prove that total client liabilities do not exceed the verifiable on-chain assets, though proving liabilities without compromising privacy remains a challenge.

A legal and regulatory framework where a licensed entity (e.g., a bank or trust company) safeguards client assets under strict compliance rules. This is the traditional model for institutional asset custody.

• Requirements: Defined by regulations like the SEC's Rule 206(4)-2 for investment advisers.
• Contrast with DeFi: Involves legal liability, audits, and insurance, contrasting with code-based decentralized custody.

An entity governed by on-chain smart contracts and member votes, representing a collective custody model. Treasury management is a primary application of complex custody rules.

• Custody Model: Assets are typically held in a multi-signature wallet or a specialized treasury module (e.g., SafeSnap).
• Rule Enforcement: Spending proposals and execution are governed by transparent, code-enforced voting thresholds and timelocks.

A user-centric custody design that replaces a single private key with a network of trusted contacts or devices ("guardians") who can help recover access. This mitigates the risk of permanent key loss.

• Mechanism: If a user loses their primary device, a majority of guardians can authorize a wallet recovery process.
• Example: Vitalik Buterin has advocated for this model as a more user-friendly alternative to seed phrases.

A physical computing device that safeguards cryptographic keys and performs cryptographic operations. It is a foundational hardware component for enforcing high-security custody rules.

• Function: Generates, stores, and uses keys in a physically secure, tamper-resistant environment, never exposing the raw key material.
• Application: Critical infrastructure for exchanges, custodians, and blockchain validators to secure signing keys.