Ask the Expert: What goes into building a crypto custody platform?
We sat down with Chad Cantrell, Bakkt’s Senior Director, Crypto Engineering, for an enlightening discussion about the most important considerations when developing a crypto custody platform.
Recently, Bakkt evaluated the landscape of crypto custody and made a strategic decision: To invest in new tools and approaches for custody that focused on what matters most to both institutional and retail investors. Our tremendous foundation and reputation as a secure and trusted crypto custodian in this space gave us the credibility to re-imagine how the future of custody could look.
As we endeavored on this path, we encountered a number of decisions and important pivots that we thought we’d share from an engineering perspective. Ultimately, we determined the following to be some of the most critical considerations in our efforts:
The first important topic of engineering interest that has significant impact on a custody platform is the concept of ledgering.
There are two key types of ledgering: centralized omnibus and distributed. The great irony here is that omnibus, in a way, seems antithetical to the whole concept of crypto. But in reality, it brings several advantages along with it. For example, moving funds from one centralized wallet to another is simply a matter of moving numbers in a database. Whereas moving funds from wallet A to wallet B on-chain incurs gas or networking fees. On the other hand, managing future functionality such as staking returns to custodied assets within omnibus gets to be quite code heavy as compared to per-customer, per-wallet returns in a distributed environment.
The next important topic is key management. Ultimately what matters the most regardless of what ledger strategy you utilize is the topic of keys. Questions such as: Who has access to them? How easy is it to get them? What is the plan if they are lost or compromised?
From an operations perspective, as well as an engineering perspective, the entire approach to custody must prioritize security of keys. Any fracture, however fine, is a compromise to the entire system. Furthermore, the type of key signing structure in place has implications for hardware choices, networking, and storage needs. Multisig is considered to be the most bomb-proof signing protocol, but the hardware storage and networking access associated with this comes with increased cost. Key sharding or MPC are more dynamic and flexible but will be more device-locked, presenting an entirely different set of storage and security questions. The choice depends on your views; both are secure and require operational management either way. There’s not a wrong answer here, but the impact of this decision more or less drives how you build out your custody platform.
Once your ledger and key strategy have been formulated, one of the most complex aspects of building out a custody platform is policy flow.
Whether for institutional or retail use, the process of how keys are utilized and engaged for signing needs additional controls. These controls include protocols for who can initiate, and who and how many can approve. This is outside of, and front-runs, what would normally be considered signing a transaction for both multisig and MPC. The initiation for signatures or co-signers wouldn’t even be engaged unless certain policy criteria are met and qualified.
This level of additional controls bolsters security, communication, and alert measures to ensure the best possible chance of protecting your customers' assets as well as your companies' liabilities.
These controls can certainly be hard coded throughout your system’s code, but we felt very strongly that a better approach would be to engineer systems that allow us to respond to customer security needs more granularly.
The important callout here is that building a custody system that is too rigidly tied to specific policy control processes can limit your ability to respond to customer security needs in an agile way.
The future and security
Finally, build for the future. Build secure platforms and code that are highly abstract, micro-serviced, and as ignorant of the rest of the system as possible.
The truth is, we don’t know much of what this amazing advancement in financial assets will bring in the next decade. For all we know, stock trading may just be fully blockchained in the coming years. Art ownership, investment returns, banking — the possibilities are incredibly optimistic and endless!
What we do know is that Blockchain works on and depends on keys, and that managing keys, controlling access to those keys, and building trust with customers is paramount.
With that in mind, we want to build custody systems that enable partners to trust us to the highest degree. Code that is thoughtfully platformed, engineered abstractly and prioritizes security of keys will help to advance this industry into the best possible future.
Chad Cantrell currently serves as Senior Director, Crypto Engineering here at Bakkt. He comes to Bakkt with over 16 years of engineering, product strategy, project, and team building experience working with noted companies such as StitchFix and TaskRabbit. In 2021 he dove headfirst into crypto and left Silicon Valley to help manage and build crypto native integrations and blockchain solutions at Exodus Wallet. Chad came to Bakkt in 2022 to help innovate and advance institutional and retail custody of assets and bring Bakkt into the future of scalable digital asset management. Chad remains a passionate proponent and believer in crypto and blockchain advancements, and is dedicated to seeing the continued market disruption that digital assets bring.