Custody, Insurance and Audit
- Crypto Custody
- Unlike the custody of fiat currency, for the custody of virtual assets the custodian usually “holds” the private key of the cryptocurrency on behalf of the customer since digital currency only exists in the distributed ledger of the blockchain. The custody of virtual assets can be divided into the following three categories:
- Self Custody
- Self custody methods include using consumer hardware wallets, creating complex setups for the duplication, storage, and backup of printed-out private keys.People need to manage their own private keys very carefully as there is no third-party involved to manage the risk of loss. If you want complete control of digital assets and have the capacity to correctly backup and store the private key, self-custody is a good choice.
- Partial Custody
- Partial Custody is a self-managed wallet that offers some level of third-party assistance and related institutional controls or protections.This option is suitable for those investors who want to control the crypto holdings but also want certain a level of assurance and institutional protection.Two Factor Authentication (“2FA”) requires the users and the third party to cooperate as part of signing process. With the multi-signature protection, the third-party possess a key for co-signing the transactions.
- Third-party Custody
- Third-party custody solutions allow customer funds to be held and managed entirely by a solution provider. The owner fully entrust their crypto assets to the custody provider.Third-party solutions are best suited to investors and institutions, such as asset managers, hedge funds, and/or high-net-worth individuals. This is the only solution capable of offering bank-level protection for crypto security and safety, with the most robust level of third-party control.Two forms Online “hot wallets” store signing keys in internet-connected systems or in network-available hardware devices. These systems do not require a physical presence to complete transactions, could provide greater speed and liquidity, but are also more vulnerable to network attacks.Offline “cold storage” hold signing keys in hardware devices that are physically isolated with no connection to the internet. Offline solutions are generally slower to execute, but there is a significantly lower risk of unauthorized transfers.
- There are two major types of insurance policy used in the crypto industry:
Specie Insurance: generally insures high-value, portable items, such as fine art and diamonds when they are on location. For digital assets, specie policies usually focus on physical damage or loss of private keys (including employee misuse or theft) in cold storage.
Crime Insurance: more comprehensive and additionally covers losses due to online hacking, insider theft and fraudulent transfer. It covers both hot wallet and cold storage, including fiat and crypto currency. Coverage for hot wallet is generally much more expensive than cold storage only.
Collateral Asset Pool Audit
- In the Collateral Asset Pool, the credit protection is normally achieved by issuing loans with a face value that is lower than the value of the underlying collateral pool.
- The Collateral Asset Pool Audit is normally conducted by the traditional financial audit firms, to provide third party assurance to the underlying value of the collateral asset pool.
- It has the same purpose as audit in the asset management sector. The investors, regulatory bodies and other stakeholders can rely on the third party audit to confirm the asset value is sufficient to cover the liabilities.
Smart Contract Audit
- The focus of the Smart Contract audit is to verify that the smart contract system is secure, resilient and working according to its specifications.
- The audit activities can be grouped in the following three categories:
- Security: Identifying security related issues within each contract and within the system of contracts.
- Sound Architecture: Evaluation of the architecture of the system through the lens of established smart contract best practices and general software best practices.
- Code Correctness and Quality: A full review of the contract source code.