Evaluating digital asset custody providers comes down to five core areas: security infrastructure, regulatory compliance, insurance coverage, supported assets, and transparency.
The right custodian should use multi-signature security, operate under financial regulations, carry meaningful insurance, support your specific holdings, and provide clear reporting. Choosing poorly can expose your assets to unnecessary risk.
Choosing well gives you institutional-grade protection and peace of mind. This guide walks through what to look for and what questions to ask.
Why Custody Provider Selection Matters
Picking a custody provider is not like choosing a bank for your checking account. The stakes work differently.
Traditional financial assets come with established protections. Brokerage accounts have SIPC insurance. Bank deposits have FDIC coverage. If something goes wrong, there are safety nets.
Digital asset custody does not have those automatic backstops. Your cryptocurrency exists as cryptographic keys on a blockchain. Whoever controls those keys controls the assets. If your custodian has weak security or questionable practices, your holdings are directly at risk.
This is why due diligence matters so much. You are not just picking a vendor. You are choosing the security foundation for potentially significant wealth.
Security Standards to Look For
Security should sit at the top of your evaluation criteria. Here is what separates institutional-grade custody from basic storage.
Multi-signature technology is essential. This means multiple keys must authorize any transaction, so no single person or system can move assets alone. If a custodian does not use multi-sig, that is a red flag.
Cold storage should be the default for the majority of assets. Cold storage keeps keys offline, disconnected from the internet, where hackers cannot reach them. Some assets may need to stay in warm or hot storage for operational reasons, but the bulk should be cold.
Geographic distribution adds another protection layer. Keys stored across multiple secure locations in different jurisdictions guard against localized disasters, theft, or seizure.
Hardware security modules, commonly called HSMs, provide tamper-resistant key storage. These specialized devices protect cryptographic keys and are standard in institutional environments.
Ask potential custodians to explain their security architecture. Reputable providers will be transparent. Vague answers or reluctance to discuss specifics should give you pause.
Regulatory Compliance and Licensing
Regulatory status tells you a lot about a custody provider’s legitimacy and accountability.
Some custodians operate as qualified custodians under the Investment Advisers Act of 1940. This matters particularly if you work with a registered investment advisor who has compliance obligations around where client assets are held.
State trust charters are another common structure. Custodians chartered as trust companies in states like South Dakota, Wyoming, or New York operate under banking regulations that impose capital requirements and examination schedules.
International providers may fall under different regulatory frameworks. If you consider a non-US custodian, understand what regulations apply and what recourse you would have if something went wrong.
The absence of regulatory oversight is not automatically disqualifying, but it does mean you rely entirely on the custodian’s good faith and competence. For significant holdings, most investors prefer the accountability that comes with regulation.
Insurance Coverage and Asset Protection
Insurance is one of the most misunderstood aspects of digital asset custody.
Many custodians advertise insurance coverage, but the details vary enormously. Some policies only cover specific loss types. Some have limits that would not come close to covering a major breach. Some exclude certain assets or circumstances.
Questions to ask about insurance: What exactly does the policy cover? What are the per-incident and aggregate limits? Does it cover employee theft and internal fraud? Does it cover hacking losses? Are all supported assets covered, or only certain ones?
Beyond insurance, ask about asset segregation. Your holdings should stay separate from the custodian’s own assets and from other clients’ assets. This protects you if the custodian faces bankruptcy.
Some custodians offer bankruptcy-remote structures where assets are held in ways that creditors cannot reach even if the custodian fails. This is not universal, but worth asking about.
Supported Assets and Blockchain Networks
Not all custodians support all assets. This seems obvious, but it is easy to overlook.
If you hold primarily Bitcoin and Ethereum, most institutional custodians will have you covered. But if your portfolio includes XRP, Stellar, Avalanche, or newer tokens, you need to verify support before committing.
Ask about the process for adding new assets. Some custodians proactively add support for emerging assets. Others are conservative and slow to expand offerings. Depending on your investment approach, this could matter.
Also consider whether you need support for staking, lending, or other yield-generating activities. Some custodians offer these services directly. Others do not. If earning yield on holdings is important to you, confirm the custodian can accommodate that.
Reporting and Transparency Capabilities
You need clear visibility into your holdings. Quality varies widely across providers.
Good custodians provide real-time or near-real-time reporting through secure client portals. You should be able to see balances, transaction history, and pending activities without contacting support.
Audit capabilities matter for tax reporting and peace of mind. Can you easily generate reports for your accountant? Can you export transaction data in standard formats?
If you work with external advisors or a wealth management firm, ask whether the custodian provides reporting integrations. Some offer advisor portals that let your financial team view holdings and generate consolidated reports.
Transparency about operations matters too. Does the custodian publish proof of reserves? Do they undergo regular third-party security audits? SOC 1 and SOC 2 certifications indicate an independent auditor has verified the custodian’s controls and procedures.
Fee Structures and Pricing Models
Custody fees vary considerably across providers.
Some custodians charge a percentage of assets under custody, typically ranging from 0.25% to 1% annually. Others charge flat monthly or annual fees. Some use tiered structures where the percentage decreases as assets increase.
Beyond custody fees, watch for transaction fees, withdrawal fees, and setup fees. These add up, particularly if you trade frequently or move assets regularly.
Consider the total cost when custody is bundled with other services. If you work with an advisor who includes custody as part of a comprehensive digital wealth management relationship, the custody cost may be embedded in the overall advisory fee rather than charged separately.
Cost should not be the only factor, but you should understand what you pay and what you get for it.
Questions to Ask Potential Custody Providers
Come prepared with specific questions when evaluating custodians.
- On security: How do you store private keys? What percentage of assets are in cold storage? Do you use multi-signature technology? How many signatures are required? Where are keys physically located?
- On regulation: What is your regulatory status? Are you a qualified custodian? What examinations or audits are you subject to? Have you had any regulatory issues or enforcement actions?
- On insurance: What does your policy cover? What are the limits? Does coverage apply to all assets you custody?
- On operations: How long have you been operating? How much in assets do you custody? Have you experienced a security breach? What is your process for handling client issues?
Red Flags in Custody Provider Evaluation
Certain warning signs should make you think twice.
- Lack of transparency about security practices is a major red flag. Legitimate custodians are proud of their infrastructure and happy to explain it. If you cannot get straight answers, move on.
- No regulatory oversight combined with a limited track record is risky. New entrants may be legitimate, but they have not been tested.
- Insurance that sounds too good to be true probably is. If a custodian claims billions in coverage but cannot provide policy details, be skeptical.
- Poor communication during evaluation suggests poor communication after you become a client. If getting answers to basic questions takes weeks before you sign up, imagine what happens when you actually need help.
- Pressure to move quickly is inappropriate. Legitimate custodians understand this is an important decision and will give you time to do proper due diligence.
