Casa Blog - Bitcoin Security Made Easy
Please note this article is provided for informational purposes only and is not intended as financial, legal, tax, accounting, or investment advice. Casa urges you to consult a qualified professional for any such advice or service.

When Satoshi Nakamoto unveiled the bitcoin whitepaper in 2008, they described a system in which payments could be sent without going through a financial institution. That system allowed bitcoin owners to hold their own private keys making them the independent owner of their bitcoin.

Today, that innovation has caused worlds to collide. As bitcoin has incrementally gained traction, financial institutions new and old have come to embrace this technology on behalf of their customers and their shareholders. Whether it’s viewing bitcoin as an alternative asset or simply wanting to bet on the fastest horse, institutional adoption continues to grow, and many institutions are choosing self-custody to safeguard and maximize their bitcoin’s potential. 

Whoever holds the keys has custody

transaction-diagram-bitcoin
Private keys are where ownership begins in bitcoin. (Source: Bitcoin whitepaper, 2008)

Bitcoin uses public-private key cryptography for signing and verifying messages. By holding keys and keeping them away from third parties, an individual or organization can reserve the ability to send a bitcoin transaction. This is known as self-custody.

This cryptography-first approach represents a departure from the traditional framework for monetary systems. Today, fiat currency remittances generally involve a third party for methods, such as wire transfers, ACH, and SWIFT transactions. Other assets, such as real estate and stocks, vest their ownership in documentation — titles, deeds, certificates — that are not intrinsically pegged to the asset itself. These claims are underwritten by third parties and verified through the court system — in other words, a geopolitical regime.

As a software protocol, the bitcoin network is indifferent to these concerns. To send a bitcoin transaction, one must provide the necessary cryptographic proof, beginning with private keys. This distinction positions bitcoin as an alternative asset with self-custody playing a crucial role.

Custodial options 

Today, there are a variety of methods for holding and securing private keys with the largest distinction being whether one holds the keys themselves or outsources that responsibility to a third party, such as a custodian or trust company.

Exchanges are the most basic way to obtain bitcoin, and purchased assets remain there by default until withdrawal. Some exchanges have relationships with separate custodians, but the premise is generally the same: a third party holds the keys. This allows an institution to eschew any perceived risk of self-custody, but leaving assets with exchanges and custodians has a tendency to backfire during market-clearing events, bankruptcies, and breaches, as seen with Mt. Gox, FTX, Prime Trust, Fortress Trust, and many others.

Exchanges are great for buying and selling bitcoin, but they fall short at securing it long-term in part because storing large quantities for multiple customers invites more risk of attacks and collusion.

Spot ETFs combine the hands-off approach of using crypto custodians with the capital markets of Wall Street. ETFs are a simple way to obtain exposure to bitcoin, but they may not be redeemable for spot bitcoin depending on the offering and jurisdiction. In most cases, ETFs are created and redeemed using cash, and bitcoin is held with another institution. Because ETF holders do not hold keys, they are prevented from sending transactions on the bitcoin network. Rather, the fate of their bitcoin rests with the fate of the custodian and traditional financial system. 

Why ETF investors should consider self-custody
Will spot ETFs replace holding bitcoin in self-custody? Don’t bank on it.

Hardware wallets are dedicated electronic devices for holding keys and signing transactions. These devices store keys in a physical secure element. They are the most typical form of self-custody for retail investors, but sole reliance on them is seldom practiced at the institutional level. Because they contain one key, hardware wallets can be a single point of failure. The risk of using single keys is significant for it exposes assets to any number of catastrophic events ranging from hacks, a broken device, and even the actions of a rogue employee.

Multisig wallets bring necessary redundancy to self-custody. These tools secure assets with more than one key, providing institutional investors with flexibility and robust protection against theft and accidents. Multiple keys allow an organization to rotate out of a compromised key and deploy team signing in keeping with its delegation of authority. Often, multisig wallets are combined with a service provider like Casa that holds one key as a failsafe in the event of key loss or compromise.

Multiple signatures are required to send assets from the wallet, which provides a check and balance for transactions. Each signature results in more data processed on-chain, which slightly increases transaction fees, but the peace of mind associated with preventing single points of failure is worth it in the eyes of many institutions.

Multi-party computation (MPC) can be thought of as a blend of the two above methods. MPC wallets split a single key into shards, which are distributed across multiple parties. A sharded key can create multiple points of failure since one ultimately needs an entire key to produce the necessary signature. Hence, MPC setups can prevent end users from recovering their setups independently in adverse circumstances. MPC is sometimes implemented between custodians and institutions.

Of the above methods, hardware wallets and multisig wallets are ways to achieve self-custody.

The benefits of self-custody for institutional investors

Bitcoin emerged immediately following the financial crisis when counterparty risk and contagion ran amok. Today, bitcoin continues to provide a contrast to the traditional financial system through a decentralized network predicated on cryptographic proof. Self-custody allows institutions to explore that vision by preserving optionality and long-term contingency planning. 

And one doesn’t have to wait for a long-tail event to explore that potential. Bitcoin’s design is transparent in several ways: open source code, a public ledger, and a finite supply. With keys in possession, an institution can generate receive addresses and audit those balances independently at any time with block explorers or even with a bitcoin node.

When an institution holds its own keys, its team can enjoy portability and recoverability since a private key can be imported into a new device. This freedom has proven especially attractive for family offices and institutions who have a long time horizon and are cognizant of geopolitical risk.

Most of all, self-custody is an essential protection against third-party custodial risk, which is more prevalent with bitcoin since it functions as a bearer asset.

The potential caveats of self-custody

Security protocols invariably come with trade-offs. Managing private keys does require some personal responsibility. If an organization is distributing keys across a team, it’s important to choose team members with enough maturity and training to handle devices, but one doesn’t have to be technical to participate. Tools like the Casa app have reduced much of the complexity with a smooth user experience.

With an advanced option such as multisig, there are operational points to consider related to key distribution and maintenance. When not transacting, it’s best to spread keys out to avoid having a quorum in any given location. Once set up, it’s prudent to perform health checks on devices to ensure they are in working order and ready to sign when called upon. Be mindful of the distance between keys, and be prepared to travel.

Security is also a discipline of continuous improvement. There are carrying costs associated with self-custody at the institutional level but these can be limited to a few basis points, much like the expense ratio of an ETF. For security to remain viable, a modest ongoing investment should be allocated. 

Last but not least, there are geopolitical factors to consider. The regulatory treatment of bitcoin and digital assets is evolving, and self-custody is just one subset of those considerations. While self-custody is underpinned by cryptography — in other words, math — and hard to restrict in a practical sense, countries have tried to impose restrictions on several occasions. Consult with a qualified legal professional to understand these factors on a more granular level.

Conclusion

Bitcoin enables a different kind of ownership, one bolstered with cryptographic signatures rather than the physical backing of nation-states, and self-custody is the best way to deliver on bitcoin’s original promise of a peer-to-peer financial system. 

Taking possession of private keys can help institutions allocate to bitcoin in keeping with this potential while remaining resilient against a host of security threats. With self-custody, an institution can invest in bitcoin and hold the keys for that future.


Take self-custody with organizational resilience

Casa builds institutional-grade vaults for companies all around the world with best-in-class service. With multiple keys, your organization can have redundancy and peace in mind. Contact us here.