The institutions are coming. The herd is arriving. Institutional participation in the digital asset market is imminent.
As this happens, it’s worth considering how the entry of highly regulated financial companies will change the marketplace infrastructure for crypto, which, until now, has been largely oriented to retail investors. Institutions will have different and higher requirements across the transaction chain, notably in the custody of digital assets.
Digital assets are bearer assets, raising implications for trading and safeguarding, and surfacing considerations for institutional asset managers looking to allocate capital to a digital asset fund.
With a bearer asset, ownership is determined by possession alone. If I hold a $10 note, it’s mine. If I hold a $300 million bearer bond, it’s mine. In the same way, if I hold a private key to a bitcoin wallet that holds 10 BTC, then it’s mine (probably).
We say “probably” because most bearer instruments are difficult to copy. Various counterfeiting measures have been built into them such as serial numbers, holographic images, stamps, ultraviolet threads etc. A private key for a bitcoin wallet, on the other hand, is simply a string of 32 alpha-numeric characters that can be copied with a pencil, an iPhone camera or a good memory. A $10 note would have to be stolen to be usable, whereas a bitcoin private key can simply be copied.
Private keys are therefore the most vulnerable form of bearer asset, and once they have been exposed to a human, it is impossible to prove unique ownership. They may have been copied and there will be no record of the copy having been made.
The safeguarding of these private keys thus becomes a critical issue for digital assets. The original design for a blockchain record of assets is based around a wallet model. The use of the word wallet indicates the security issue. In practical terms, why would you want to store more value in a digital wallet when you would feel comfortable in a physical wallet? Owners may feel that they have cryptographic security, but do they have physical security?
There are numerous examples of people who have been . It may be a shock to learn that one very large crypto fund revealed to me that it holds the private key across three bits of paper, held by three individuals. I advised them that for their personal safety never to reveal their methodology again to another person. To illustrate how unsafe, it is perhaps sufficient to say that crypto exchanges in aggregate lose the entire contents of their hot wallets roughly every six months.
Various technical solutions have emerged with the objective of making the wallet more secure, including . But while reducing the risks (supposedly), these fundamentally don’t address the nature of the risk. Robbing $1 billion from a bank remains a high-cost, high-risk exercise. Robbing a bitcoin owner with $1 billion held in a personal wallet is significantly easier and with much lower risk.
The first implication for safeguarding is that the wallet model is inadequate for high value (>$1,000). Its design and architecture leave it too vulnerable, and no technological improvements, however innovative, will ever resolve this challenge. “Better” is never going to be “sufficient.”
One alternative model is the account structure where a trusted third party takes control of the assets and separates the authorization processes from the private key management. This is how a bank works and it requires trust, regulation and governance, most of which are anathema to the progenitors of the cryptocurrency world.