The Evolution of Crypto Custody

1. Self-Custody: The Promise vs. Operational Reality

Crypto is built on a core idea: self-custody. No middlemen, no banks, no dependencies. In practice, however, this model often fails when faced with operational hurdles.

Losing a private key means an irreversible loss of assets. There is no customer support, and recovery is impossible. Securing a seed phrase—the sequence of words that acts as the ultimate master key—requires robust protection against loss, fire, theft, and human error.

The most common practical solution? Storing the phrase in a bank vault. Where the promise of independence from the banking system begins, it essentially ends.

2. Omni-Wallets: How Banks and Exchanges Store Crypto

Banks and exchanges that offer crypto services address the custody challenge through omni-wallets: a shared wallet holding all customer funds that are allocated internally via accounting ledgers.

Advantages:

• Lower transaction fees (internal transfers are handled off-chain)
• Reduced operational overhead

Structural Risk:
Customers don't own the assets on the blockchain, only on the provider's ledger. In the event of insolvency, these funds become part of the bankruptcy estate.

The FTX Case Study (November 2022):

• Customer assets were not segregated on-chain.
• During bankruptcy proceedings, crypto assets were pooled with the rest of the estate.
• Customers found themselves at the back of the line as unsecured creditors.

3. How Wallet-as-a-Service Works

Wallet-as-a-Service (WaaS) bridges the gap between institutional-grade security and the usability of decentralized applications. It eliminates the need for omni-wallets without forcing users into full self-custody.

The Core Principle (Multi-Party Computation / MPC):
The private key is never fully assembled in a single location. Instead, it is divided into fragments (key shards) that are stored across separate systems—typically divided among the provider, the user, and sometimes independent third parties.

Transactions are only executed when enough shards come together. Since no single party has full access to the assets, the key is never reconstructed outright; it is solely used for generating a signature.

For the end user, the interface feels exactly like a conventional wallet. Interaction with DeFi protocols, smart contracts, and standard token transfers works seamlessly, as the on-chain signature matches that of a true self-custodial wallet.

4. The Three Central Risks

4.1. Loss of Access During Provider Downtime

If a WaaS provider goes offline, asset access hinges entirely on the agreed-upon recovery protocol. The central question is: Can the user restore access to their assets independently of the provider?

Many providers lack a defined process for this, making it the most significant operational risk involved.

4.2. Provider Insolvency

Unlike omni-wallets, WaaS platforms with dedicated wallet architectures allocate assets directly to the user on-chain. This improves the legal position significantly in a bankruptcy scenario.

However, this doesn't guarantee automatic protection. The legal and contractual framework plays a more decisive role than the underlying technology.

4.3. Unauthorized Provider Access

Using MPC does not automatically imply that the provider cannot access funds. Depending on the architecture, a provider might hold a threshold of key shards that would, in theory, allow them to sign transactions without user involvement.

The crucial metric to assess is the shard distribution: how many are held by the provider, and how many are controlled by the user or independent third parties?

5. Market Overview

The following breakdown compares providers based on target audience, operational freedom, DeFi compatibility, and resilience against attacks.

Institutional Actors

Fireblocks is the market leader for asset managers, banks, and exchanges. They offer an MPC architecture, a robust policy engine for transaction rules, and are SOC 2 Type II certified. Strict minimum volume requirements apply.

DeFi protocols can be accessed through the policy engine. Transactions are secured using whitelisting (pre-approved recipient addresses), transfer limits, and multi-step approval workflows. In the case of social engineering attacks, the combination of the policy engine and distributed key shards prevents unauthorized fund transfers.

SOC 2 Type II is an auditing standard developed by the American Institute of Certified Public Accountants (AICPA). It confirms that a service provider has successfully maintained controls over data security, availability, and confidentiality for a continuous period of at least six months. Unlike Type I, which only tests the existence of controls at a specific point in time, Type II evaluates their operational effectiveness.

Regulated Custody with WaaS Components

Tangany holds a crypto custody license and is heavily regulated as a financial services provider. This is highly relevant for European actors looking to ensure MiCA (Markets in Crypto-Assets) compliance.

DeFi usage is limited, as the core focus is on secure custody and regulated transfers rather than interacting with smart contracts. In the event of a social engineering attack, regulated manual transaction checks serve as a backstop. If hacked, the provider bears liability within its regulatory obligations.

Fintech and Developers

Dfns and Web3Auth cater to companies integrating WaaS into their own products. These are primarily meant for building custom wallet infrastructure rather than direct internal use.

DeFi compatibility is fully customizable, but the overall security level depends heavily on how the service is implemented. The integrating company, not the WaaS provider, takes complete responsibility for social engineering protection and hack resilience. Without an internal policy engine and strict transaction rules, operational risks are noticeably higher.

Consumer Segment

Privy targets end users of decentralized applications (dApps) who lack technical backgrounds. While not built towards institutional standards, it's relevant for understanding the broader market spectrum.

Basic DeFi interactions are supported. Authentication relies on social logins (e-mail, Google, Apple). While convenient, this turns social engineering into the primary attack vector: anyone who compromises the login account can potentially initiate transactions. Key control remains largely with the provider.

6. Due Diligence Checklist for Financial Actors

Before finalizing a contract with a WaaS provider, ensure the following five points are thoroughly verified:

1. Wallet Structure: Is it a dedicated wallet per user or an omni-wallet? Can this be verified on-chain?
2. Key Control: How many shards is the provider controlling versus the user? Can the provider sign transactions unilaterally?
3. Recovery Plan: What happens in the event of insolvency or downtime? Is the recovery process contractually guaranteed and technically executable without the provider's involvement?
4. Regulatory Status: Is the provider fully licensed as a custodian, or merely a technology vendor? The distinction is critical for liability.
5. Auditing: Ensure SOC 2 Type II is the minimum baseline. Have independent third parties conducted penetration tests?

7. Conclusion

Self-custody and omni-wallet custody represent two extremes. WaaS positions itself directly in the middle, leveraging the benefits of both models while mitigating their absolute drawbacks.

No provider can completely eliminate counterparty risk. However, a cleanly structured WaaS implementation—featuring dedicated wallets, independent key shards, and a solid contractual recovery plan—is currently the most operationally sound solution for professional actors.

It's fundamentally better than locking a seed phrase in a bank vault, and structurally safer than placing blind trust in an omni-wallet.

The defining questions aren't just technical. They are written into the contract.