Skip to main content

Overview

The Custody feature provides enterprise-grade digital asset custody solutions with support for multiple providers (MPC, Multisig, HSM), granular policy controls, RBAC, allowlisting, and complete audit logging. Designed for institutional users requiring maximum security and compliance.

What You Can Do

Multi-Provider Custody

Integrate Copper, Fireblocks, BitGo, or self-custody solutions

Policy Engine

Define transaction policies with quorum requirements and conditional rules

RBAC & Permissions

Role-based access control for address generation, transfers, approvals, and key rotation

Audit & Compliance

Complete audit trail with SOC2, ISO27001, and Travel Rule compliance

Key Capabilities

Custody Providers

The platform supports multiple custody models:
  • Model: MPC (Multi-Party Computation)
  • Jurisdiction: UK, US
  • Certifications: SOC2, ISO27001
  • Quorum: 3-of-5
  • Fees: ~$0.50/tx
  • Status: Operational

Segregated Accounts

The custody interface displays all accounts with:
  • Account Name: Descriptive label (e.g., “Treasury • Segregated”)
  • Custody Model: MPC, Multisig, or Self
  • Segregation Type:
    • Segregated: Dedicated accounts with isolated keys
    • Omnibus: Pooled accounts (lower cost, less isolation)
  • Provider: Which custody service holds the assets
  • Net Assets: Total USD value in account
  • Top Assets: Primary holdings (BTC, ETH, USDC, etc.)
  • Policy ID: Associated governance policy
  • Status: Active or Restricted
Example accounts from the codebase: 
{
  name: "Treasury • Segregated",
  segregation: "Segregated",
  providerId: "copper",
  custodyModel: "MPC",
  netAssetsUSD: 412900000,
  topAssets: [
    { symbol: "BTC", amount: "2,500", color: "#C8A24A" },
    { symbol: "ETH", amount: "15,300", color: "#7C88C2" }
  ],
  policyId: "pol1",
  status: "Active"
}

Asset Distribution

Visualize custody holdings by:
Pie chart showing:
  • BTC: 45.2% (4,500 BTC)
  • ETH: 32.1% (23,800 ETH)
  • USDC: 18.4% ($156.3M)
  • Others: 4.3% ($35M)
Toggle between views with the distribution view selector.

Policy Engine & RBAC

Define granular access controls: Role Permissions Matrix:
RoleGenerate AddressInitiate TransferApproveModify PolicyRotate Keys
Admin
Ops
Approver
Viewer
Policy Expression Example: 
transfer.usd > 100000:
  required: 2 of [Admin, Approver]
  within: working_hours
  geo: allowed_jurisdictions
Policies can specify:
  • Quorum requirements (n-of-m approvers)
  • Time-based rules (business hours, cooldowns)
  • Amount thresholds
  • Geo-fencing
  • Asset-specific rules
Policy modifications require approval workflow. Changes don’t take effect until quorum is met.

Policy Simulator

Test policies before applying:
1

Open Simulator

Click “Simulate” button in Policy Engine section
2

Configure Test Scenario

Enter:
  • Amount (USD)
  • Asset (BTC, ETH, USDC)
  • Time of day
  • User role (Admin, Ops, Approver)
3

Run Simulation

Click “Run Simulation” to see if transaction would be approved, require additional approval, or be denied

Allowlists & Travel Rule

Manage approved destinations:
Pre-approved withdrawal addresses:
  • Label (e.g., “Coinbase Exchange”)
  • Asset (BTC, ETH, USDC)
  • Full address
  • Network (Bitcoin, Ethereum, etc.)
  • Added by (user email)
  • Last used date
Example entry:
{
  label: "Coinbase Exchange",
  asset: "BTC",
  address: "bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh",
  network: "Bitcoin",
  addedBy: "[email protected]",
  lastUsed: "2024-11-14"
}

Audit & Activity Log

Comprehensive audit trail showing:
  • Time: Timestamp of event
  • Event: Action taken (Transfer Approved, Address Generated, Policy Modified, Key Rotation)
  • Actor: User or system that initiated
  • Object: Target of action
  • Result: Success, Failed, or Pending
  • Tx/Ref: Transaction hash or reference ID
Example events: 
{
  time: "2024-11-15 14:32",
  event: "Transfer Approved",
  actor: "[email protected]",
  object: "BTC Transfer 0.5",
  result: "Success",
  txRef: "0xabc123..."
}
Filter Options:
  • All events
  • Security events only
  • Policy changes
  • Transfers
  • Key operations
Export:
  • CSV export for compliance reporting
  • SOC2 audit requirements
  • Internal security reviews

Key Custody Metrics

The custody dashboard displays:
  1. Total Under Custody: $862.4M (+2.3% / 30d)
  2. Accounts: 8 Segregated / 4 Omnibus
  3. Active Providers: 4 providers (all operational)
  4. Last Audit: Q3 2024 (Compliant)
  5. Policy Posture: 12 Active / 0 Breaches (30d)
  6. Key Health: 100% (Next rotation: 45d)
All metrics update in real-time as custody operations occur.

Operations Panel

Quick actions available:
  • Generate Address: Create new deposit address for any supported asset
  • Start Transfer: Initiate withdrawal (requires approvals based on policy)
  • Key Rotation: Schedule MPC key refresh ceremony
  • Provider Health: Monitor custodian system status and latency
Compliance Links:
  • Last Audit Report (PDF)
  • SOC2 Certificate
  • ISO27001 Documentation

How to Use Custody

1

Review Custody Accounts

Navigate to Custody page to see all segregated accounts, providers, and total assets under custody.
2

Check Asset Distribution

Toggle between “By Asset” and “By Provider” views to understand concentration risk and diversification.
3

Manage Policies

Review policy engine section:
  • Verify RBAC permissions are correct
  • Use simulator to test policy changes
  • Submit policy modifications if needed (requires approval)
4

Update Allowlists

Add new withdrawal addresses:
  • Click “New Address” button
  • Enter label, address, and network
  • Submit for approval (if policy requires)
  • Address becomes active after approval
5

Monitor Audit Log

Filter audit events to:
  • Investigate security incidents
  • Verify approval workflows
  • Track key rotations
  • Export for compliance reporting
6

Schedule Key Rotation

Click “Rotate Keys” to schedule ceremony:
  • Coordinate with quorum participants
  • Follow provider-specific procedures
  • Verify completion in audit log

Security Best Practices

Key Rotation: Rotate MPC keys every 90 days maximum. The system shows “Next rotation: 45d” to remind you.
Diversify custody across multiple providers to reduce single-point-of-failure risk. The platform supports 4+ providers simultaneously.
Use segregated accounts for high-value holdings and omnibus accounts for operational liquidity. This balances security with cost efficiency.
Always verify the provider status is “operational” before initiating large transfers. Check the Provider Health panel for system status.

Compliance Features

  • SOC2 Type II: Service Organization Control compliance
  • ISO27001: Information security management
  • CCSS: Cryptocurrency Security Standard
  • Travel Rule: FATF compliance for large transfers
  • Audit Trails: Complete event logging
  • Proof of Reserves: Cryptographic verification (via providers)

Troubleshooting

Transfer requires approval but shows no approvers:
  • Check policy quorum requirements
  • Verify approver users have correct roles
  • Review RBAC permissions matrix
  • Contact admin to adjust policy
Key rotation failing:
  • Ensure all quorum participants are available
  • Verify MFA/2FA for all participants
  • Check provider system status
  • Contact provider support if issue persists
Allowlist address not working:
  • Verify address format is correct for network
  • Ensure address was approved (if policy requires)
  • Check asset and network match transaction
  • Review audit log for rejection reason

Build docs developers (and LLMs) love

Get started for freeTalk to us