Token custody: the security guard of trillions of token assets

特邀专栏作者

2019-11-15 06:38

This article is about 6444 words, reading the full article takes about 10 minutes

Currently, the encryption industry is in its early stages. There are endless reports of exchanges being stolen, private keys of token assets lost, and project parties running away. Traditional big funds can only hover at the door of the encryption world.

AI Summary

Expand

Text: Song Shuangjie, CFA; Cheng Dongfeng

guide

Summary

The encryption industry is currently making great strides forward. A large number of traditional hedge funds, family trust funds, and wealth funds have begun to allocate token assets. The demand for token custody business is increasing day by day. However, token assets are easily lost, stolen by hackers, and The project party and the fund party may run away and other issues.

In order to solve the above pain points and seize the token custody market, large institutions from the United States, South Korea, Japan, the United Kingdom, Australia and other countries rushed to enter the market, including well-known companies such as Goldman Sachs and Fidelity.

Clients’ demands for token asset custody include security, compliance, asset appreciation, asset liquidity, etc. Among them, security is the core appeal of customers, mainly to prevent accidents such as loss or theft of tokens. Token asset custody business often requires a more reasonable multi-signature mechanism, reliable software and hardware design, and risk control design. Hosting platforms usually have insurance in place, just in case.

The development of the encryption industry is not yet mature, and the regulatory system is not perfect. Large-scale traditional funds face risks such as fraud, running away, and policy uncertainty. Therefore, compliance is also one of the important demands of the custody industry. Technical service capabilities and risk management levels are the main indicators for regulators to examine the compliance of encrypted custody business. According to the Bitwise report, the crypto custody business has developed rapidly in recent years, and more and more custody platforms have obtained regulatory licenses.

At present, the mainstream hosting solutions in the market include those launched by institutions such as Coinbase, Cobo, BitGo, Bakkt, and Keystore. Every institution attaches great importance to security issues and has adopted a series of measures to ensure asset security; except Keystore, which is still striving for compliance, the rest have obtained compliance licenses. In addition, custodians will also pay more attention to providing asset appreciation and liquidity.

Table of contents

1 There is a strong demand for custody of token assets in the market

1.1 Asset custody of traditional finance

1.2 Custody of Token Assets

1.3 Big institutions have entered the market

2 Security and compliance are the key requirements for token asset custody

2.1 Security

2.2 Compliance

2.3 Other demands

3 Custody and storage methods of token assets

3.1 Hot Storage

3.2 Cold Storage

4 Analysis of typical token custody schemes

4.1 Coinbase

4.2 Cobo

4.3 BitGo

4.4 Bakkt

4.5 Keystore

4.6 Summary

text

1 There is a strong demand for the custody of token assets in the market

1.1 Asset custody of traditional finance

Trusteeship refers to the act of the trustee accepting the trustee's entrustment and operating and managing the trusteeship object in accordance with the pre-specified contract. At present, the custody business of token assets is still in the early stage, and has not yet formed a standardized function like traditional finance, and needs to be further developed.

1.2 Custody of Token Assets

The encryption industry is currently making great strides forward. A large number of traditional hedge funds, family trust funds, and wealth funds have begun to allocate token assets. The demand for token custody services is also increasing day by day. The main reasons are as follows:

(1) Token assets are easily lost

Due to the decentralized nature and encryption method of the blockchain, once the private key is lost, the corresponding token assets will be completely lost. Storing tokens in a decentralized wallet ensures absolute control over private property, but it also means losing passwords in case of accidents (such as accidentally deleting wallets, forgetting mnemonics, hardware and software damage, etc.) key, the token assets can no longer be retrieved. According to ChainAlysis research in November 2017, about 2.78 million to 3.79 million BTCs have disappeared forever, corresponding to 17% to 23% of the total BTC circulation at that time.

On December 9, 2018, Gerald Cotten, the founder of the QuadrigaCX exchange, died while traveling. It is said that he was the only person who controlled the private key of the cold wallet of the exchange, resulting in the loss of user assets of 140 million US dollars in the exchange.

(2) Token assets are easily stolen by hackers

Reports of token exchange assets being stolen by hackers are common. In June 2011 and February 2014, 850,000 BTC was stolen twice, Mt. Gox, the largest encrypted token trading platform, declared bankruptcy. In June 2018, two exchanges in South Korea, Coinrail and Bithumb, were stolen from encrypted tokens worth US$40 million and US$30 million respectively. On May 8, 2019, the well-known token trading platform Binance was hacked and 7,074 BTC were stolen...

On November 7, 2017, there was a bug in the Parity Wallet MultiSig (multi-signature) contract, which caused a loss of about 500,000 ETH, including the development funds of 300,000 ETH raised by Polkadot's Web3 Foundation through Crowdsale.

The figure below summarizes the incidents in which token exchanges and institutions were hacked and lost tokens. The horizontal axis shows the price of BTC at the time of the hack, and the vertical axis shows the loss caused by the hack (converted to BTC to calculate ).

(3) Multi-party trust issues

Blockchain start-up projects generally raise funds through platform tokens such as BTC, ETH, or BNB. Due to the lack of supervision, the project party may embezzle funds or even run away. The same is true for quantitative teams and funds. Custody can provide third-party asset supervision and improve transparency.

On June 29, 2019, PlusToken, known as the "No. 1 capital market", officially ran away. According to rough estimates from public information, the amount involved may be on the scale of 20 billion yuan. PlusToken claims to be the world's first blockchain ecological application, an ecosystem that integrates cross-chain wallets, decentralized trading platforms, global payments, smart arbitrage, computing power mining, and blockchain industry chains. PlusToken claims that the main source of profit is the smart dog "moving bricks", promising high returns to investors, and quickly attracting money by "pulling people".

As token assets are getting more and more attention, in order to prevent security issues such as loss and theft of tokens, as well as multi-party trust issues, there is a strong demand for token custody services in the market.

1.3 Big institutions have entered the market

The first regulated token custody entity is born. In September 2018, BitGo announced that its encrypted token custody service, BitGo Trust, was approved by the South Dakota State Banking Department. BitGo has thus become the first regulated custody entity designed and created specifically for token assets, and will mainly provide institutional clients with encrypted asset custody services.

According to reports, traditional Wall Street asset custodians such as Goldman Sachs, JP Morgan Chase, Bank of New York Mellon, and Northern Trust Bank are currently considering launching encrypted token custody business. Bank of America, the second largest bank in the United States, has also submitted a patent application to the United States Patent and Trademark Office (USPO) called "Blockchain Encryption Tracker", which aims to provide a security for encrypted tokens. means of storage.

BTC futures exchange Bakkt may acquire Digital Asset Custody Company (DACC) for $11 million, according to an analysis of Intercontinental Exchange’s (ICE) second-quarter financial report.

American financial services giant Fidelity Group announced on March 8, 2019 that its Fidelity Digital Assets (Fidelity Digital Assets) has begun operations, but it is currently only open to selected customers.

Giants in other countries have also taken a fancy to the hosting business.

In November 2017, Shinhan Bank, South Korea's largest financial institution, announced the launch of token custody business, mainly for institutional investors.

In May 2018, Japan's Nomura Holdings (Nomura), together with digital token companies Ledger and Global Advisors, jointly founded a token custody consortium called Komainu.

In July 2018, the Australian consulting company Decentralised Capital announced a partnership with Gustodian Vaults, a private financial company in Goliath, to launch encrypted token custody services.

In August 2018, the custody platform Kingdom Trust (Kingdom Trust) announced that the British insurance giant Lloyd's of London (Lloyd's of London) will provide insurance for the company's managed token assets.

2Security and compliance are the key requirements for token asset custody

2.1 Security

For example:

Security verification - login password, Google secondary verification, KYC certification;

Hot and cold separation - separation of hot and cold wallets, dynamic distribution of assets;

HSM (Hardware Security Module, hardware security module) - provides bank-level security protection, and can realize functions such as tampering certificate, tampering destruction, etc. The former will leave traces of tampering behavior, and the latter will make tampering behavior trigger keys and other information destruction mechanism.

Also, hosting platforms usually have insurance in place, just in case. BiGo, Coinbase Custody, Fidelity, Gemini, and Kingdom Trust have all purchased insurance, and insurance companies include well-known insurance companies such as Lloyd's of London, AIG, Allianz, Chubb, and XL Group.

2.2 Compliance

The development of the encryption industry is not yet mature, and the regulatory system is not perfect enough. Large-scale traditional funds face risks such as fraud, running away, and policy uncertainties, and can only hover at the gate of the encryption world.

In view of the above risks, compliance is one of the important demands of customers for custody business. Technical service capability and risk management level are the main indicators inspected by regulatory agencies.

BitGo is the first blockchain security platform in the United States to obtain a certificate asset custody service license. In order to seize the market for token custody business, BitGo acquired Kingdom Trust, a custody company with US$12 billion in custody assets, in January 2018.

According to the Bitwise report, the crypto custody business has developed rapidly in recent years, and more and more custody platforms have obtained regulatory licenses.

2.3 Other demands

In addition to the two core requirements of security and compliance, convenience, liquidity, custody fees, and asset appreciation are also indicators for customers to measure asset custodians.

Custodians have different settings for hot and cold wallets, transfer threshold fees, and multi-signature settings, resulting in differences in the security and convenience of different hosting solutions. Future escrow services will even include functions such as mortgage dividends, proxy voting, token forks, and tax declarations. For example, Coinbase announced its investment in Staked.us in early February 2019, and announced on March 29 that its custody system supports customers to save Tezos in cold wallets while staking dividends, etc.

3Custody and storage methods of token assets

3.1 Hot Storage

Hot storage is a storage method that stores encrypted tokens in online wallets for frequent access by nodes. The token assets in hot storage have higher liquidity, but it is also easy to cause the private key to be stolen because it is directly connected to the network.

3.2 Cold Storage

Cold storage is to store the private key of the token asset offline, such as using a hardware wallet or other storage media to store and disconnect from the network, or print out the QR code of the private key and store it in a safe.

Cold storage is not exposed to the internet or hacked, but shifts the risk to a human-dependent management process. Once the hardware wallet is lost, the pass is also difficult to retrieve. Additionally, cold storage is less accessible and liquid.

4Analysis of Typical Token Custody Schemes

4.1 Coinbase

Coinbase launched Coinbase Custody, an encrypted token custody solution for institutional customers, in early July 2018. Founded in 2012, Coinbase is currently the world's largest encrypted token compliance exchange, storing token assets with a market value of more than $20 billion. In terms of security, Coinbase Custody provides a new cold storage solution, which has undergone rigorous penetration testing and password design review, and plans to conduct regular third-party inspections to ensure the continuous security of the platform.

In terms of compliance, Coinbase Custody is operated by an independent capital entity, Coinbase Trust Company, LLC, regulated by the New York Department of Financial Services (NYDFS), and will regularly undergo large-scale financial and security audits in the manner of traditional financial custody institutions.

In terms of liquidity, during business hours, Coinbase Custody can respond to applications for withdrawing tokens from cold wallets within 2 hours, and within 24 hours during non-business hours. With the one-stop trading service provided by the compliance platform Coinbase Pro, Higher liquidity can be obtained.

In terms of value-added, Coinbase Custody plans to add value-added services to the custodian system, including Staking (staking dividends) that may be profitable, and voting governance of the DPoS consensus mechanism, etc.

According to different business needs, Coinbase Custody will charge an implementation fee (Implementation Fee) of 0 to 10,000 US dollars, and the custody fee is 50 basis points annually, or 0.5%.

The types of tokens that Coinbase Custody can currently keep include BTC, ETH, XRP, LTC, BCH, EOS, XLM, XTZ, LINK, ETC, ZEC, MKR, BAT, OMG, ZRX, ZIL, DAI, GNT, MANA, KNC, There are 28 types of NMR, LOOM, CVC, FOAM, KIN, XYO, ORBS, and BCAP, which are expected to be further expanded in the future.

4.2 Cobo

Cobo was co-founded by F2Pool founder Shenyu (Mao Shixing) and former Facebook senior scientist Jiang Changhao in November 2017, and is committed to creating a one-stop token asset storage and management platform. The Cobo product line includes a token asset wallet that supports Staking — Cobo Wallet, an institution-oriented wallet development and token asset custody solution — Cobo Custody, and the world’s first military-grade secure hardware digital wallet — Cobo Vault.

Cobo Custody provides three services: WaaS (Wallet as a Service), StaaS (Staking as a Service), and large asset custody.

Cobo WaaS: supports digital asset custody of more than 40 public chains and supports wallet development, and provides Amazon cloud services in the field of token assets;

Cobo StaaS: Utilizes the consensus mechanism of the proof of rights and interests of the blockchain, while hosting the token assets for customers, it also brings value-added benefits of Staking;

Custody of large amounts of assets: Cobo Custody manages all or jointly manages its assets with customers through a multi-signature scheme combined with hot and cold separation.

In terms of compliance, Cobo has obtained a Hong Kong trust license.

Cobo Custody is currently the largest custody service provider in Asia, serving nearly 120 customers, including almost all well-known exchanges, mining pools, Tokenfunds, and quantitative teams in China.

4.3 BitGo

Founded in 2013, BitGo is a California-based token asset trust company that focuses on safe, compliant and liquid custody solutions.

In terms of security, hot and cold wallets are separated, and cold storage reaches the security level of a bank-level vault. Strict tests have been carried out on key issues such as private key storage, disaster recovery, redundant backup, and cold wallet export. In order to deal with the risk that the custody assets may be hacked and stolen, BitGo has insured $100 million in insurance.

In terms of compliance, BitGo announced that its encrypted token custody service, BitGo Trust, responds to audit requirements by fully recording user activities and transactions, and has been approved by South Dakota regulators.

In terms of liquidity, BitGo has a dedicated manager for the liquidation and settlement of assets, and provides liquidity through multiple channels on the premise of ensuring safety as much as possible.

4.4 Bakkt

Bakkt, a BTC futures exchange launched by Intercontinental Exchange ICE, has acquired DACC (Digital Asset Custody Company), a digital asset custody company, to jointly develop a secure digital asset storage solution. At the same time, Bakkt cooperated with Bank of New York Mellon (BNY Mellon) to establish a "geographically distributed" private key storage system (that is, to split the private key and store it in different geographical locations).

In order to comply with regulatory requirements and obtain the status of a qualified custodian, in January 2019, Bakkt launched the delivery warehouse Bakkt Warehouse, and applied to the New York State Department of Financial Services (NYSDFS) for a custody license in April, Currently approved.

On November 11, 2019, Bakkt stated that with the approval of NYSDFS, its custody service can be provided to any institution, not limited to its BTC futures customers.

4.5 Keystore

Keystore was established in 2018 and has operation centers in Shanghai and Hong Kong. Its founding team has many years of experience in asset management at home and abroad, and is committed to solving the technical threshold, security risks, process specifications and Auditing standards and other issues, security hosting is one of Keystore's main businesses.

Keystore's hosting products are divided into two modes: full hosting and self-hosting, and security is guaranteed through multiple methods such as multi-signature, multi-account, and bank-level risk control. In terms of privacy, Keystore uses the customer's digital certificate to encrypt the financial data end-to-end, and the financial data is only visible to the customer, maintaining the neutrality of the service. In terms of compliance, Keystore is currently actively applying for local compliance licenses in the Asia-Pacific region. In the future, it will be committed to building a global one-stop service platform for blockchain token assets, providing more diversified services on the basis of safe custody. Financial and Derivative Services.

4.6 Summary

At present, the token asset custody business is still in its early stage. Due to the relatively small market value of the entire encryption market, the custody business has not yet been launched on a large scale. However, it can be seen from the deployment of custody business by major giants that the prospect of token custody is broad, and it will "pave the way" for trillions of funds to enter the encryption market in advance. Since encrypted tokens are actually programmable, future token custody is expected to provide more diverse services than traditional financial asset custody.

For the original text of the report, please refer to the research report released by [Tongzhengtong Research]: "Token custody: the security guard of trillions of token assets - blockchain topic 191114"