The Risks of Concentrated Custodianship: Why the Bitcoin ETF Approval Raises Concerns

crypto assets. The recent surge in interest for a bitcoin exchange-traded fund (ETF) has raised concerns about the concentration of risk and the security of custodianship in the cryptocurrency industry.

One of the main concerns is the reliance on Coinbase as the custodian for most bitcoin ETF applicants. While Coinbase has a strong reputation and has never been hacked, it is important to remember that no system is completely unhackable. Given enough time and resources, any target can be compromised. This is a lesson that cybersecurity experts have learned over the years.

The concentration of assets in a single custodian is also a cause for concern. Crypto assets, like bitcoin, have a cash-like nature, which means that once they are stolen, they are gone. Unlike traditional assets, such as equities or bonds, which are legally protected, bitcoin is a bearer instrument. If a crypto custodian makes a mistake, it could result in the loss of all the assets under its custody.

The threat of global crypto-crime is also significant. Groups like North Korea’s Lazarus Group have already stolen billions of dollars worth of crypto assets, and there is no sign of them stopping. With the potential influx of billions of dollars into a bitcoin ETF, custodians like Coinbase could become prime targets for hackers. Even well-known threat actors like Russia’s Cozy Bear APT group might find institutional crypto assets increasingly appealing.

To address these concerns, it may be necessary to rethink the regulatory designation of “qualified custodian.” Currently, this designation does not necessarily ensure that blockchain-based assets are adequately secured. Digital asset custodians should be subject to more oversight by better-trained regulators under more rigorous state and federal standards.

In the traditional financial industry, risk management typically involves multiple layers of oversight, including business management, risk evaluation, and auditing. Additionally, external auditors and regulators provide further scrutiny. However, new crypto custodians like Coinbase and BitGo may struggle to provide the same level of redundancy and oversight due to their limited headcount.

While it is not a reflection of the intentions or skills of these organizations or their employees, the reality is that securing tens of billions of dollars in crypto assets requires a level of oversight that may be challenging for these new institutions to provide.

In conclusion, the concentration of risk and the still-evolving nature of security practices in the cryptocurrency industry raise concerns about the security of custodianship for bitcoin ETFs. It may be necessary to reevaluate the regulatory designation of custodians and subject them to more oversight by better-trained regulators. Additionally, the limited headcount of new crypto custodians poses challenges in providing the necessary level of redundancy and oversight for securing large amounts of crypto assets.