Digital asset custody is the safekeeping of the private keys that control crypto assets, and it has become the entry ticket for institutional participation in crypto markets. The numbers explain why: bitcoin alone carries a market capitalization of $1,267.1B as of early July 2026, and when the first US spot bitcoin ETFs launched in January 2024, eight of the eleven issuers independently selected Coinbase Custody Trust Company to hold their coins.
Custody sounds like a back-office function. It isn't. For institutions, the custody decision determines who bears counterparty risk, how fast positions can settle, what happens in an insolvency, and whether an auditor or regulator will sign off on the whole program. That makes custody a market-structure decision, not an IT decision, and 2025 rewrote its rules: the SEC withdrew the accounting guidance that kept banks out, the OCC confirmed national banks can hold and trade crypto for clients, and the GENIUS Act put stablecoin reserve custody into federal statute.
This article maps the four custody models institutions actually use, defines who counts as a qualified custodian, and walks through the regulatory reset that now shapes every custody conversation.
What Is Digital Asset Custody?
Digital asset custody is the safekeeping of the cryptographic private keys that control crypto assets. Because blockchains settle bearer instruments, whoever holds the key holds the asset. Institutions therefore treat custody as a control question: who can generate, store, and use keys, and under what governance.
The distinction from traditional custody matters. A securities custodian holds book entries at a depository, and a mistaken transfer can usually be reversed through legal process. Onchain transfers are final. If a private key leaks or a signed transaction sends funds to the wrong address, no court order claws the assets back. Custody in crypto is therefore less about warehousing and more about controlling the ability to sign.
The asset base under custody keeps widening. Beyond bitcoin and ether, institutions now custody stablecoins, whose total supply stands at $310.6B as of July 2026 per DeFiLlama, plus tokenized funds such as BlackRock's BUIDL and staked positions that earn rewards while sitting in storage. Each asset type adds operational wrinkles a custodian must handle, from stablecoin mint-and-redeem flows to validator key management.
Who provides this service splits into two camps: regulated third parties, covered by charters such as the NYDFS limited purpose trust that Gemini Trust received in 2015 and Coinbase Custody Trust received in 2018, and the institution itself, running its own key infrastructure. Most of this article is about how to choose between and combine those camps.
How Does Digital Asset Custody Work?
Custody systems work by generating private keys in secure hardware, splitting or isolating them across cold and hot environments, and gating every transaction behind policy controls such as multi-approver quorums, withdrawal whitelists, and time delays. The custodian signs transactions only when a request clears those controls.
The lifecycle starts with key generation, typically inside hardware security modules (HSMs) during a witnessed ceremony, so no single person ever sees a complete key. Keys then live in one of three storage tiers. Cold storage keeps keys on devices with no network connection, which maximizes security and slows withdrawals to hours or days. Hot wallets keep keys online for instant signing, which suits operational float but widens the attack surface. Warm setups sit between the two, online but behind heavier controls.
Governance does the real work. Institutional custody platforms enforce transaction policy engines: a $50 million withdrawal might require three named officers to approve, a destination address on a pre-cleared whitelist, and a 24-hour delay. Fireblocks, which received its own NYDFS trust charter in August 2024, describes the pattern as protecting client funds with "enterprise-grade MPC security, policy-based access controls, and segregated wallet structures."
Custodians also increasingly rely on sub-custody. The OCC's Interpretive Letter 1184, issued May 7, 2025, confirmed that national banks may conduct custody activities through a sub-custodian and may buy and sell custodied assets at the customer's direction, provided third-party risk management keeps pace. That lets a bank offer crypto custody to its clients while a specialist runs the key infrastructure underneath.
Verification closes the loop. Institutional custodians undergo SOC 1 and SOC 2 examinations, and many now publish onchain proof-of-reserves attestations so clients can confirm that wallet balances match ledger liabilities. The audit trail matters as much as the vault: an institution's own auditors will ask for evidence that policy controls fired on every transaction, not just that the keys stayed cold. Custody programs that can't produce that evidence fail diligence regardless of how strong the cryptography is.
What Are the Main Crypto Custody Models?
Institutions choose among four custody models: direct self-custody, third-party qualified custodians, MPC arrangements that split key shares across parties, and hybrid setups that tier assets between cold and hot storage. Most large treasuries combine at least two models, matching each pool of assets to its usage pattern.
Direct self-custody
The institution generates and holds its own keys, usually in HSMs or hardware wallets under internal multi-signature policy. Self-custody removes third-party counterparty risk entirely and eliminates custody fees, but it converts every security obligation into an internal one: key ceremonies, disaster recovery, insider-threat controls, and audit evidence all land on the institution's own staff. It suits crypto-native firms with deep security teams far better than it suits a corporate treasury holding tokens as a sideline.
Third-party qualified custodians
A regulated entity, such as a chartered trust company or bank, holds keys on the client's behalf in segregated accounts. This is the default for registered investment advisers and funds, because SEC rules push adviser-held client assets toward qualified custodians, and it is the model behind the spot ETFs. Coinbase notes it was selected as custodian for 8 of the 11 spot bitcoin ETFs at their January 2024 launch. The trade is counterparty exposure and fees in exchange for regulatory cover, insurance, and someone else's security team.
MPC and shared-key arrangements
Multi-party computation splits a private key into shares held by different parties or devices, and signing happens without the full key ever being assembled in one place. MPC blurs the self-custody versus third-party line: an institution can hold one share, its provider another, and a backup service a third, so no single compromise moves funds. Providers such as Fireblocks and Copper built institutional platforms on this design. The mechanics, share-refresh schemes, and vendor differences deserve their own treatment, covered in the MPC wallet deep-dive.
One model deliberately missing from this list is leaving assets on an exchange. An exchange balance is a claim against the venue's omnibus wallets, governed by its terms of service, and it concentrates trading risk and custody risk in the same counterparty. Some exchanges route institutional balances into affiliated trust companies, which changes the analysis, but the default exchange account is a trading tool, not a custody arrangement, and institutional policies increasingly say so explicitly.
Hybrid cold and hot tiering
In practice, institutions run tiers rather than a single model. A common split keeps the large majority of assets in cold storage with a qualified custodian, a working balance in MPC-controlled warm wallets for settlement, and a small hot-wallet float for payments and gas. The tiering decision is a liquidity ladder: each rung trades yield-on-security for speed.
Model | Key control | Regulatory fit | Settlement speed | Main risk |
Self-custody | Institution holds full keys | Weak fit for advisers and funds | Fast, policy permitting | Internal error or insider threat |
Qualified custodian | Custodian holds keys in segregated accounts | Strongest fit; satisfies SEC custody rule | Hours to days from cold storage | Counterparty and concentration risk |
MPC arrangement | Key shares split across parties | Varies; depends on provider's charter | Near-instant within policy | Vendor dependence, newer legal ground |
Hybrid tiering | Mixed by tier | Inherits fit of each tier | Fast float, slow reserves | Operational complexity |
A rough decision path for a treasury team choosing where an asset pool belongs:
If the assets belong to advisory clients or a registered fund, use a qualified custodian; the SEC custody rule effectively decides for you.
If the assets are corporate treasury held for the long term:
If the firm has a dedicated security team, self-custody in cold storage is viable.
If not, a qualified custodian's cold storage is the safer default.
If the assets move daily for settlement or payments, use MPC-based warm wallets under transaction policy.
If the assets earn staking rewards, confirm the custodian supports staking before committing; many cold-storage setups don't.
Who Counts as a Qualified Custodian?
A qualified custodian under SEC rule 206(4)-2 is a bank or savings association, a registered broker-dealer, a futures commission merchant, or a qualifying foreign financial institution that holds client assets in segregated accounts. In September 2025, SEC staff extended no-action relief covering state-chartered trust companies holding crypto.
The definition comes from the Investment Advisers Act custody rule, 17 CFR 275.206(4)-2(d)(6), which lists the four eligible entity types. It was written for securities markets, and for years the open question was which crypto custodians fit. State-chartered trust companies, the charter type held by Coinbase Custody Trust, Gemini Trust, BitGo New York Trust, and Fireblocks Trust under NYDFS supervision, argued they qualified as "banks." Anchorage Digital took the federal route and describes its national association as "the first federally chartered crypto bank in the U.S. and an unequivocal qualified custodian."
On September 30, 2025, the SEC's Division of Investment Management issued a no-action letter stating staff would not recommend enforcement where advisers and funds use state-chartered trust companies as crypto custodians, subject to disclosure of material risks. The strongest case against celebrating that relief came from inside the building: Commissioner Caroline Crenshaw's dissenting statement argued the staff letter pokes holes in investor protections that notice-and-comment rulemaking should have addressed. She has a point about process, and institutions should treat no-action relief as weather, not climate: durable, rule-level certainty is still pending. The practical takeaway stands anyway, since the letter describes what examiners will not pursue today. The full entity-type breakdown and its edge cases are covered in what is a qualified custodian.
How Did US Regulators Reshape Custody in 2025?
Three moves in 2025 reset US custody rules: the SEC's SAB 122 removed the balance-sheet penalty on bank custody in January, OCC letters 1183 and 1184 confirmed national banks can custody and trade crypto for clients, and the GENIUS Act wrote stablecoin reserve custody into federal law in July.
Start with the accounting fix. Staff Accounting Bulletin 122, published January 23, 2025, rescinded SAB 121, the 2022 guidance that made custodians record safeguarded crypto as a liability with a matching asset on their own balance sheets. For a bank, that treatment inflated the balance sheet and triggered capital charges, which is why almost no major US bank offered crypto custody while SAB 121 stood. Rescission turned custody back into an off-balance-sheet service.
The OCC then cleared the activity itself. Interpretive Letter 1183, issued March 7, 2025, confirmed that national banks and federal savings associations may provide crypto-asset custody and removed the prior supervisory nonobjection requirement, with the OCC noting it "expects banks to have the same strong risk management controls in place to support novel bank activities as they do for traditional ones." Letter 1184 followed on May 7, 2025, adding trading at customer direction and sub-custody arrangements. The market response was fast: BitGo, a custodian since 2013, now operates under an OCC federal charter and listed on the NYSE under ticker BTGO.
Congress supplied the statutory layer. The GENIUS Act, Public Law 119-27, enacted July 18, 2025, requires permitted stablecoin issuers to maintain identifiable reserves "on an at least 1 to 1 basis" in assets such as Treasury bills with 93-day or shorter maturity, permits issuers to provide custodial services for stablecoins, reserves, and private keys, and bars reserves from being "pledged, rehypothecated, or reused" outside narrow exceptions. It also ranks stablecoin holders' claims on reserves senior to other creditors in an issuer insolvency. For custody, the significance is that reserve safekeeping stopped being a best practice and became a legal obligation with named supervisors, which is why the GENIUS Act now anchors most institutional stablecoin reserve conversations.
Why Does Custody Choice Matter to Institutions?
Custody choice determines counterparty risk, insolvency treatment, insurance coverage, and settlement speed. An institution that picks the wrong model either strands assets behind slow cold-storage withdrawals or concentrates them with a single provider. Boards and auditors now review custody arrangements the way they review prime brokerage relationships.
The regulatory answer matters too, and it now cuts in custody's favor. An adviser or fund that holds client crypto outside a qualified custodian invites examination findings; a bank that offers custody after SAB 122 and the OCC letters faces no balance-sheet penalty for doing it. For the first time, the compliant path and the commercially attractive path point in the same direction, which is why custody mandates that stalled for years closed quickly through late 2025.
The insolvency question comes first in every diligence checklist. Assets in a segregated trust account at a chartered custodian are structured to sit outside the custodian's bankruptcy estate; assets on an exchange's omnibus ledger historically were not, which the 2022 exchange failures made expensive to learn. Charter type, account structure, and governing law decide whether "your" coins are property or a claim.
Concentration is the newer worry. As of April 2026, over 84 percent of US spot bitcoin ETF assets sat with a single custodian, a dependency Forbes described as a "choke point" for the market. Nothing about that custodian's track record has to be wrong for the structure itself to be fragile. Institutions increasingly split assets across two custodians or pair a custodian with an MPC arrangement precisely to avoid this shape.
Then there is tempo. A pattern Eco's team sees repeatedly with stablecoin treasury operators: the custody decision gets made for security, then quietly remade for operations six months later, because a cold-storage-only setup can't fund same-day settlement across chains and venues. Custody design and liquidity design are the same conversation. Insurance terms and provider diligence carry similar traps, covered in custody insurance and how to evaluate custody providers.
Where This Falls Short
Institutional crypto custody still has structural gaps: ETF assets concentrate heavily with one custodian, insurance policies cover only a fraction of assets held, and the qualified custodian framework was written for securities, so staking, forks, and airdrops sit outside clear rules. Every model trades security against settlement speed.
Three limitations deserve honest weight. First, insurance rarely matches exposure: crime and specie policies are written per-vault with aggregate caps, so a custodian's headline coverage number usually protects a small fraction of total assets under custody, and clients share the pool. Second, the regulatory reset of 2025 is mostly staff letters and interpretive guidance rather than final rules; a no-action letter can be withdrawn, and Commissioner Crenshaw's dissent shows the qualified custodian question is not settled law. Third, the physics of the tradeoff has no fix: keys that can sign in seconds are keys that can be stolen in seconds, so every gain in settlement speed is paid for in attack surface.
How Eco Fits Into Custody Workflows
Eco builds stablecoin infrastructure that works alongside any custody model. Its orchestration layer routes stablecoin liquidity across chains and venues while assets stay under the institution's chosen custodian, so treasury and payment teams get one integration across markets without changing who controls their keys.
Eco does not take custody of customer assets and does not trade its own book. It operates as a neutral routing and clearing layer for stablecoin transactions, which is deliberately custody-agnostic: whether an institution self-custodies, uses a chartered trust company, or runs MPC wallets, the settlement rails work the same.
Related Reading
What is a qualified custodian?
MPC wallets: how multi-party computation custody works
How to evaluate crypto custody providers
Crypto custody insurance: what policies actually cover
The GENIUS Act, explained
How stablecoin reserves work
What is a stablecoin?
Cold storage vs hot wallets
Methodology: regulatory citations were verified against occ.gov, sec.gov, govinfo.gov, law.cornell.edu, and dfs.ny.gov on July 7, 2026. Market figures come from a DeFiLlama and CoinGecko data snapshot dated July 7, 2026. Provider claims are quoted from the providers' own published pages as of the same date.

