The Security Dilemma of Cryptocurrency Asset Custody: From the Theft of U.S. Government Addresses to Michael Saylor's "Institutional Custody" Controversy
Author: Weilin, PANews
On October 25, a U.S. government-associated address was reportedly attacked, resulting in approximately $20 million worth of USDC, USDT, aUSDC, and ETH being transferred to the attacker's address. This incident has once again sparked widespread concern about the security of storing Bitcoin and other crypto assets.
Meanwhile, comments made by MicroStrategy CEO Michael Saylor regarding "institutional custody" of Bitcoin have also ignited considerable controversy. Many users in the Bitcoin community believe that "institutional custody" goes against the core spirit of self-custody in cryptocurrency. What specific methods are there for crypto asset custody? This emerging custody market is also attracting the attention of traditional financial institutions.
U.S. Government Address Attacked, Saylor's "Institutional Custody" Comments Spark Controversy
On October 25, Arkham Intelligence tweeted that a U.S. government-associated address was suspected to have been attacked, with approximately $20 million worth of USDC, USDT, aUSDC, and ETH transferred from address 0xc9E……C34c to the attacker's address 0x348……0A9f. This U.S. government-associated address 0xc9E had previously received assets seized by the U.S. government related to the Bitfinex exchange hack. Now, these funds have been transferred to wallet address 0x348 and are beginning to be converted into ETH.
The hacker may be a novice player, as the exchanged ETH was sent to centralized exchange Binance and two new addresses. Transferring stolen funds to a centralized exchange is akin to walking into a trap. Unsurprisingly, on the evening of October 25, the hacker reportedly began returning funds to the U.S. government, with their wallet sending 13.19 million aUSDC and 2,408 ETH (worth approximately $6.1 million) to the government address. Currently, the hacker's method of attack remains unclear, but this incident has prompted reflections on the security of whale Bitcoin and other crypto asset storage.
Another recent controversy is related to this topic. In an interview with the media, MicroStrategy founder Michael Saylor suggested that Bitcoin should be held in custody by "too big to fail" financial institutions, such as regulated entities like BlackRock and Fidelity, as he believes this would be a safer choice with less volatility and risk of loss. In response to concerns about increased centralization and government control, Saylor stated that these views mainly come from "paranoid crypto anarchists" and that such fears are exaggerated.
His comments were met with strong opposition from the Bitcoin community. MicroStrategy CEO Michael Saylor
Saylor's remarks immediately drew criticism from several prominent figures in the crypto community, including Ethereum co-founder Vitalik Buterin. "I’m happy to say I think Michael Saylor's comments are just crazy," Buterin commented on X. "He seems to explicitly advocate for regulatory capture to protect cryptocurrency. There are many precedents for such strategies failing, and to me, that’s not the essence of cryptocurrency."
Jameson Lopp, co-founder and CTO of Casa, also stated that self-custody of Bitcoin is not just about being a paranoid hermit. Trusting third-party custody can lead to many long-term negative consequences. First, concentrating coins in the hands of a few increases the risk of systemic loss and confiscation. Second, Bitcoin holders may be deprived of rights when participating in governance activities such as running nodes or trading forks. Additionally, because institutions do not care about more advanced crypto features, the debate around decentralization becomes more conservative. Finally, permissionless scaling is deprioritized because we can scale through trusted third-party IOUs.
Another well-known figure in the Bitcoin community, Max Keiser, reacted to Saylor's comments with apparent sarcasm. He wrote on X, "Recent attacks on self-custody show a regressive tendency, favoring those traditional central bank charlatans who 'fix' Bitcoin."
Michael Saylor had to reassure the community, explaining, "I support those who are willing and able to self-custody, support everyone's right to self-custody, and support the freedom of individuals and institutions worldwide to choose their form of custody and custodians. Bitcoin benefits from various forms of investment from all types of entities and should welcome everyone."
Why Self-Custody is Important, and How Custodians Hold Crypto Assets?
The rise of Bitcoin is closely related to its decentralized nature. If power begins to concentrate too much, a few colluding individuals can profit at the expense of network security. By holding their own private keys, Bitcoin users can fully control the accessibility of their assets.
Nevertheless, Michael Saylor's concerns are not without merit, as losing mnemonic phrases and private keys, or making operational errors and falling victim to hacking, can render assets irretrievable. For whales like MicroStrategy and U.S. government addresses, suffering a hacking attack can have a significant negative impact on crypto assets.
Some custodians also provide asset storage services under such security or regulatory demands, supporting digital transactions through advanced encryption technologies and hardware security measures. Typically, crypto custodians should mitigate risks through various security technologies (such as multi-signature wallets and offline cold storage). Some staking (PoS) custodial services also offer users staking rewards.
With Bitcoin ETFs expected to gain SEC approval in early 2024, more institutional capital is flowing into the cryptocurrency market. This trend makes robust custody solutions essential. Recently, Robinhood Markets and Galois Capital reached settlements with U.S. regulators over custody-related errors, highlighting the importance of qualified custody for institutional investors.
There are mainly three types of custody solutions available to institutions: self-custody, where the institution manages its own private keys and is responsible for asset security; co-custody, where the institution shares some management rights with licensed third-party service providers; and centralized custody, where the institution fully relies on service providers to store assets with multi-layer security protection. The best method depends on the institution's priorities, capabilities, and risk tolerance.
Currently, major providers of custody services in the market include Coinbase Custody, BitGo, Gemini Custody, Anchorage, Hex Trust, Cobo Custody, Bakkt, Bitcoin Suisse, and others, most of which are crypto-native custody companies. These companies build their services from the ground up to meet the specific needs of digital asset storage and security.
Taking Cobo, led by Shen Yu, as an example, the company offers products including fully managed wallets, which use a three-layer (hot, warm, cold) storage architecture protected by bank-grade hardware, including HSM and Intel SGX, to ensure asset security. It also provides MPC (multi-party computation) wallets, where private key sharding ensures that no unauthorized party can unilaterally move users' assets.
Custody Service Market Valued at Approximately $300 Million
The current cryptocurrency market, valued at approximately $2 trillion, has created a demand for crypto custody services. According to Bloomberg, this market is currently valued at around $300 million, with an estimated annual growth rate of 30%. This has attracted the attention of traditional financial institutions.
However, the cost of protecting digital assets is high. Hadley Stern, Chief Business Officer of the Solana custody tool Marinade, stated that crypto custody fees can be ten times higher than protecting traditional assets (such as stocks and bonds), reflecting the unique challenges faced in this field.
Custody fees are typically charged annually as a percentage of the value of the assets under custody, usually below 1%. For example, Gemini Custody charges 0.4% or $30 per asset per month, whichever is higher. There are also account opening fees and withdrawal fees, the latter being charged each time cryptocurrency is withdrawn from the custody account.
Despite the high costs, major players like BNY Mellon, State Street, and Citigroup have shown strong interest in entering the crypto custody space. However, their full entry faces a significant obstacle: regulatory uncertainty.
Overall, as the crypto asset custody market develops and faces controversies, the balance between security and decentralization becomes increasingly important. Whether choosing institutional custody or self-custody, investors need to carefully assess their respective risks. Only by finding a balance between security, transparency, and user control can the safe and efficient development of digital assets be ensured.