Skip To Content
Menu

Knowledge Base

Crypto custody is moving beyond a “hot vs. cold” model

5 min. read

When BTC reached its first apex and institutions began to show interest in the crypto space, cold storage was the be-all end-all custody technology – despite its inherent inefficiencies. Then, internet-connected hot wallets appeared and offered greater speed, but presented fresh operational issues. 

Today, we’re seeing a new standard arise. Institutions today require a level of security, efficiency, and regulatory flexibility that outdated security solutions like these simply can’t provide, so they’re looking to newer technologies to fill the gap. And as custody technologies improve, we’re seeing more and more institutions dive into the space. 

But how did we get here? What’s changed in the world of institutional crypto custody, what’s the winning formula today, and what’s next?

Let’s start off with a little history lesson. 

The last generation of crypto custody tech

During the previous generation of institutional digital asset custody, institutions relied on custody providers to secure their assets using tech like cold storage and multisig – and this led to various inefficiencies and security issues. 

Cold storage custody

Cold storage was initially thought to be an inherently more secure option for custodying crypto.

In the cold storage era, custody providers’ processes meant that customers were subject to manual withdrawal times, and account managers on the custody side had to confirm a customer’s identity to allow them to move crypto at all. Obviously, this wasn’t adequate for businesses that were actually trying to profit through moving crypto with any frequency. 

This older sort of custody is sometimes described as “pirate custody” – as you’re basically burying your private keys in a “treasure chest.” In general, moving crypto out of cold storage takes around 24-48 hours. This custody style is essentially incompatible with any business model that requires easy and fast access to/movement of crypto. 

And cold storage has a key flaw in the security area, as well: a person needs to be physically involved to move crypto from cold storage to online, meaning there is a single point of failure in regards to that human interaction. 

Multisig custody

After cold storage came multisig (multi-signature) hot wallets, which solved some of the efficiency issues of cold storage by being connected to the internet, but also came with their own security and operational problems. 

Multisig (multi-signature) is a digital signing process that enables two or more users to sign transactions as a group. Multisig wallets add an additional layer of security to crypto by requiring signatures from multiple parties rather than just one signature from a single private key holder. 

While multisig offers a potential solution to the problem of the “single point of failure” (which single-share private key wallets have), it also introduces new issues. This is because, when multisig was first introduced in 2012, the blockchain space was different in a variety of ways. For example, bitcoin was the only cryptocurrency, so the concept of creating a security technology that would seamlessly work across multiple blockchains was irrelevant; similarly, the ability to scale a security technology for a growing team was less relevant in that era.

In today’s digital asset landscape, multisig-based solutions are losing steam because they’re not protocol agnostic (e.g., incompatible with Ethereum), and otherwise operationally inflexible (e.g., multisig can be a roadblock to an expanding team looking to change their private key signing process). 

Today’s technologies: MPC and beyond

MPC (multi-party computation) has quickly become a force to reckon with in crypto security since it first hit the industry in 2018. 

MPC is a cryptographic technology that allows multiple parties to each hold secret information and then solve a problem that requires the input of all these secrets in a decentralized way, without ever sharing the secret information with one another. Like multisig, it removes the single point of failure when applied to crypto; however, it’s also protocol agnostic (e.g. compatible with any blockchain) and far more scalable than multisig.

As MPC grows in prominence, more and more custody providers are centering their security strategy around this technology. While MPC is the strongest protection available for private keys, digital assets holders are also realizing that a solution that only accounts for private key attacks isn’t secure enough for today’s cybercriminals.

To have a fully secure custody solution, you need to secure deposit addresses and credentials in addition to private keys. This means utilizing technologies like a deposit address authentication network, policy engines, and chip-level hardware isolation in tandem with MPC to ensure that all angles of attack are protected from outsider and insider attacks. 

What’s next

As the world continues to grapple with the coronavirus pandemic, cybercriminals have shown no sign of letting up – in fact, they’re actually taking advantage of remote work environments to hack at a higher frequency than ever. As these criminals utilize new strategies, it continues to be important to evaluate the newest security technologies and not fall victim to issues with last-gen tech.

One technology that’s growing in prominence is MPC-CMP – the newest generation of MPC cryptography

The MPC-CMP algorithm was developed by the Fireblocks cryptography team alongside Professor Ran Canetti, the founder of universal composability and an innovator in MPC science. It improves the transaction speed of MPC by 800%, while also improving security through automatically refreshing key shares and offering compatibility with cold storage (which is important in regions that have strict regulations around hardware isolation).

In tandem with other layers of protection (such as a policy engine and chip-level hardware isolation), MPC-CMP enables greater speed, scalability, and regulatory flexibility for businesses utilizing crypto.

As the industry moves forward, expect to see custody solutions rely on next-gen cryptography like this layered with other technologies.

About Us

Fireblocks is an easy-to-use platform to create new blockchain based products, and manage day-to-day digital asset operations. Exchanges, banks, PSPs, lending desks, custodians, trading desks, and hedge funds can securely scale their digital asset operations through the Fireblocks Network and MPC-based Wallet Infrastructure. Fireblocks serves thousands of organizations in the financial, payments, and web3 space, has secured the transfer of over $6 trillion in digital assets and has a unique insurance policy that covers assets in storage & transit. Find out why CISOs and Ops Teams love Fireblocks at www.Fireblocks.com.

Topics

  • Digital Asset Custody
  • Wallets
Ready for a deeper dive?

Get a Fireblocks Platform Demo

Find out how Fireblocks helps your digital asset business to grow fast and stay secure.

g2 & 4.5/5 stars