Cryptocurrency custody has become one of the most important pieces of digital asset infrastructure, but it’s also one of the least understood. It’s the layer that prevents the kinds of losses a blockchain can’t reverse. Analysts estimate that around 20% of all Bitcoin supply is permanently inaccessible because early holders lost the keys controlling those funds, among other reasons. That’s not a market failure; that’s a custody failure.

Annual onchain transaction volume is now measured in trillions of dollars, and that activity depends on custody infrastructure in the background. With custody, the details matter: how keys are generated, where they live, who can authorize a transaction, and how access is recovered when something breaks.

Below, we’ll describe the custody models institutions rely on, the technologies that support them, and the trade-offs each design creates.

What’s in this article?

• What is crypto custody?
  
• How do custodial models handle key management and asset control?
  
• What technologies enable secure crypto custody?
  
• How does custody reduce risk for institutions and platforms?
  
• What challenges and trade-offs exist across custody approaches?
  
• How can organizations choose the right custody solution?
  
• How Stripe can help
  

What is crypto custody?

Crypto custody is the storage and management of private keys that prove ownership of digital assets (e.g., crypto) and enable access to them.

On a blockchain, this ownership allows a person or business to prove that they control an address and the cryptocurrency in it. Whoever can use that key can move the asset. If the key is lost or copied, the asset is effectively gone. There’s no administrator to reset it. Crypto custody is the discipline built around that risk: it’s the set of controls that keep keys safe and usable over time.

Banks, financial technology (fintech) companies, and large platforms now hold or use digital assets as investments, customer balances, and payment flows. Providers such as Stripe handle key management and the blockchain interaction behind features such as stablecoin payments. This enables businesses to use crypto in products and treasury without designing and operating their own custody stacks.

How do custodial models handle key management and asset control?

Custody models generally answer two questions: who holds the private keys, and who has the authority to move funds?

Here’s a look at the different custody models.

Self-custody: Full control with unforgiving margins

In self-custody, an individual or organization creates and stores its own private keys, typically in hardware wallets, offline machines, or encrypted devices. This offers direct, onchain control with no intermediary involved, but the margin for error is thin. A lost seed phrase—a key recovery method—or a compromised laptop is enough to permanently strand assets. There’s no built-in redundancy, no recovery desk, and no institutional oversight. It can work for crypto-native teams with strong security habits. But for other businesses, it can concentrate too much risk in one place.

Third-party custody: Controlled access with defined processes

Third-party custodians take on key generation, storage, and transaction authorization. Keys live inside their infrastructure, and access is governed by rules such as approval thresholds, withdrawal limits, transaction whitelists, and identity checks. The client instructs, and the custodian signs.

Here, the risk shifts from individual employees to a system designed for audits, segregation of client assets, recovery paths, and regulatory scrutiny. A business trades direct control for institutional safeguards, disciplined processes, and a real chance at continuity if something fails.

Shared-control models: Splitting keys and splitting authority

Between self-custody and third-party custody models is a third option: shared-control models. These are designed to distribute key material and decision-making.

Shared-control models often involve:

• Multisignature wallets, where multiple independent keys must sign a transaction

• Hybrid arrangements, where a custodian and client each hold a key

• Institutional variations, where multiple organizations can be involved in running direct custody in-house or using a subcustodian for the underlying key infrastructure

These models treat custody as both a technical and governance problem. By spreading authority across people, devices, or organizations, they reduce the odds that a single compromised party or a single mistake can move funds without oversight.

What technologies enable secure crypto custody?

Custody technology exists to protect private keys while keeping them usable. The tools involved cover storage, hardware isolation, cryptography, and the guardrails around them.

Here’s a closer look at each of these layers.

Cold, warm, and hot storage to manage exposure

Custodians categorize keys by how frequently they’re needed.

• Cold storage: This option keeps keys fully offline: in hardware devices in controlled rooms, air-gapped machines, and encrypted backups in multiple locations. This is where long-term reserves live since businesses use them infrequently.

• Warm storage: This form of storage uses hardened servers with strict access rules. It allows for quicker access without exposing keys broadly.

• Hot storage: These wallets stay online for real-time activity. They hold minimal balances because they face the highest risk of attack.

This structure gives institutions predictable access without placing their entire balance sheet online.

Hardware security modules to isolate key material

Hardware security modules (HSMs) generate and store keys inside tamper-resistant hardware. Keys never leave the device, and signing happens internally. Any attempt at physical interference prompts a wipe, erasing the keys so they can’t be misused. Custodians use HSMs where they need both speed and strong protection from insider or external extraction.

Multisignature wallets to distribute transaction approval

Multisignature, or multisig, wallets require multiple independent signatures. A 2-of-3 or 3-of-5 setup spreads authority across devices or teams and reduces the chance that a single compromise or mistake leads to an unauthorized transfer. If one signer is offline or a device fails, the threshold can still be met safely.

Multiparty computation to collaborate to sign without assembling a key

Multiparty computation (MPC) systems generate key shares rather than one private key. Shares live on separate devices. When a transaction needs approval, the devices jointly produce a valid signature; the full key never exists in one place. MPC also makes it easier to rotate participants or thresholds without changing wallet addresses.

Controls to provide stability

Technology only works reliably when paired with predictable procedures, such as controlled key-generation ceremonies, multifactor and role-based access, regular penetration testing, or insurance policies tied to those controls. These routines keep custody functional through hardware failures, personnel changes, and unexpected events.

How does custody reduce risk for institutions and platforms?

The real risk in crypto for institutions is simple: a private key that’s lost, stolen, or misused can lead to an irreversible transaction. Blockchain ecosystems verify signatures, not context. Custody exists to reduce the number of ways that kind of failure can occur.

Custody can mitigate points of failure in the following ways.

Protecting against key loss

Most historical losses came from basic mistakes: misplaced keys or seed phrases, corrupted wallet files, or devices no one backed up. Custody replaces those personal, fragile practices with controlled key generation, redundant backups, and storage spread across locations. Access depends on a system, not a single person holding a single credential.

Blocking unauthorized transactions

A private key sitting on one device or tied to one login is too concentrated. Custody adds separation. A compromised laptop or stolen employee credential doesn’t automatically become a valid transaction because the actual signing keys are protected behind multiple required checks.

Ensuring continuity

Keys need to remain usable through hardware failures and staff turnover. Custody provides recovery processes, identity verification steps, and documented key rotation paths so access survives device loss, personnel changes, or infrastructure rebuilds.

Meeting regulatory expectations

When firms hold customer assets, custody maps to what regulators already expect. This typically looks like segregated accounts, audited controls, and documented resilience. Using a qualified custodian gives institutions a clearer compliance posture as digital asset oversight becomes more explicit.

What challenges and trade-offs exist across custody approaches?

Every custody model solves one set of risks but introduces another. Institutions end up choosing which constraints matter most for their operations. These are a few of the main considerations.

Security and access

Cold storage limits exposure but slows down the movement of funds. Hot and warm setups support real-time activity but sit closer to the network’s attack surface. Modern tools such as MPC and HSM-backed signing narrow the gap, but institutions still have to decide how much liquidity stays online and how much delay they’re willing to accept for stronger protection.

Internal overhead

Strong controls reduce points of failure, but they also require coordination, device management, and predictable processes. These controls work well when activity is routine, but they add overhead during periods of high volume or time-sensitive decisions. The protection is real, and so is the effort.

Control versus dependence

Running custody internally gives an institution full control over keys, policies, and response plans. It also makes the organization responsible, sometimes legally, for audits, compliance, infrastructure, and security engineering 24 hours a day. Using a custodian shifts much of that accountability outward, but the institution now relies on another organization’s stability, controls, and operational discipline.

Regulatory expectations

Certain firms, especially those holding client assets, might be required to use qualified custodians or meet strict standards for segregation and oversight. These rules can limit which models are viable, even if a different setup might be more technically appealing or efficient.

How can organizations choose the right custody solution?

The right custody setup depends on what an organization is trying to protect, how often it needs to move assets, and how much operational and regulatory responsibility it’s prepared to accept. Here’s how businesses can choose the setup that best fits their needs.

Start with the use case

A trading desk that needs crypto payments, a fintech platform holding customer balances, and a corporate treasury storing long-term reserves all have different movement patterns and risk tolerances. Knowing how frequently assets will be used and who needs to authorize those movements narrows the options quickly.

Decide where control should live

Self-custody or direct institutional custody gives full control over keys and policies, but also makes the organization accountable for security engineering, monitoring, audits, and continuity. Using a qualified custodian shifts those responsibilities outward. The trade-off is about whether the team has the expertise to run sufficient custody infrastructure every day.

Evaluate the architecture

Whether in-house or outsourced, the underlying design matters. Look for descriptions of key generation practices, storage environments, approval workflows, recovery procedures, and how the provider handles upgrades or rotations. Strong custody providers can show audit reports, insurance verification, and details on how they segregate client assets.

Plan for change

Custody needs change as volume grows, asset types expand, or regulatory expectations shift. A sustainable solution is one that can adapt without forcing a full redesign. Organizations need systems where it’s possible to migrate or rotate keys without putting assets at risk.

How Stripe can help

Stripe Payments provides a unified, global payments solution that helps any business—from scaling startups to global enterprises—accept payments online, in person, and around the world. Businesses can accept stablecoin payments from almost anywhere in the world that settle as fiat in their Stripe balance.

Stripe Payments can help you:

• Optimize your checkout experience: Create a frictionless customer experience and save thousands of engineering hours with prebuilt payment UIs, access to 125+ payment methods, including stablecoins and crypto.

• Expand to new markets faster: Reach customers worldwide and reduce the complexity and cost of multicurrency management with cross-border payment options, available in 195 countries across 135+ currencies.

• Unify payments in person and online: Build a unified commerce experience across online and in-person channels to personalize interactions, reward loyalty, and grow revenue.

• Improve payments performance: Increase revenue with a range of customizable, easy-to-configure payment tools, including no-code fraud protection and advanced capabilities to improve authorization rates.

• Move faster with a flexible, reliable platform for growth: Build on a platform designed to scale with you, with 99.999% historical uptime and industry-leading reliability.

Learn more about how Stripe Payments can power your online and in-person payments, or get started today.