Custody is where trust is won or lost. For small and mid‑size crypto exchanges, a single custody mistake can wipe out years of growth: misrouted funds, compromised hot wallets, commingled assets, or unclear liabilities. The good news: you don’t need enterprise‑level infrastructure to reduce custody risk. You need discipline, clear segregation rules, and a handful of processes that stop errors before they become disasters.
This guide is a practical playbook for small exchanges. It avoids theoretical fluff and focuses on what works with a limited team: how to structure wallets, how to isolate risk, how to design approvals, and how to communicate custody standards that build user confidence.
1) What “Custody Risk” Really Means
Custody risk isn’t just “wallets getting hacked.” It’s any scenario where user assets are no longer fully available, traceable, or redeemable.
- Security breaches (keys leaked, hot wallets drained)
- Operational errors (wrong chain, wrong address, manual mistakes)
- Liquidity mismatch (assets locked where withdrawals are due)
- Commingling (user funds mixed with operating funds)
- Accounting gaps (balances don’t reconcile)
2) Asset Segregation: The Core Principle
User funds must be segregated from exchange operating funds.
Practical segregation layers
- On‑chain segregation (separate wallets for customer vs operational funds)
- Internal ledger segregation (clear mapping between addresses and user ledgers)
- Access segregation (separation of duties and approvals)
3) Hot vs Cold Wallet: Right‑Sizing for a Small Team
- Hot: 1–5% for day‑to‑day withdrawals
- Warm (optional): 5–15% buffer
- Cold: 80–95% long‑term reserves
4) Multi‑Sig and Threshold Signing
- 2‑of‑3 multi‑sig for warm wallets
- 3‑of‑5 multi‑sig for cold storage
5) Withdrawal Controls That Actually Work
- Risk‑based withdrawal limits
- Address allowlists with cooldown
- Velocity checks and manual tiers
6) Reconciliation: The Safety Net
Daily reconciliation should compare total user balances with on‑chain balances per asset.
7) Proof‑of‑Reserves: Do You Need It?
PoR helps only if liabilities are matched and methodology is clear.
8) Human Error: The Real Threat
- Checklists for manual transfers
- Two‑person approvals
- Dry‑run steps for new assets
9) Incident Response
- 24/7 contact rotation
- Withdrawal pause mechanism
- Pre‑written user communication templates
10) Compliance and Legal Clarity
- Define asset ownership clearly
- Document segregation and insolvency handling
11) Building Trust: How to Talk About Custody
- Funds are segregated
- Cold storage holds the majority of assets
- Multi‑sig approvals enforced
- Withdrawals monitored for anomalies
12) A Simple Custody Blueprint
- Segregate funds
- Keep hot wallets minimal
- Implement multi‑sig
- Automate withdrawal limits
- Reconcile daily
- Document incident response
Final Takeaway
Custody isn’t about making users “feel safe.” It’s about designing systems that are hard to mess up, even on a bad day.
Leave a Reply