A Third Method for Post-Trade Bitcoin Custody

Custody May 26, 2020

An increasing number of Canadians are buying bitcoin through various trading platform, exchanging dollars for bitcoin which they wish to keep. Following some high-profile incidents involving such trading platforms, regulators have begun to worry about how the funds of retail clients are kept safe. In CSA Staff Notice 21-327, Guidance on the Application of Securities Legislation to Entities Facilitating the Trading of Crypto Assets, CSA Staff outlined some of their views.

This guidance highlighted two very common arrangements between trading platforms and their end customers:

  1. A customer exchanges dollars for bitcoin. Following this, the customer keeps their bitcoin with the trading platform. They may elect to withdraw it later.
  2. A customer exchanges dollars for bitcoin. Following this, the bitcoin is sent to the purchaser.

In the guidance, CSA Staff appear to recommend that all trading platforms transform themselves into platforms that look like (2) above. That is, the customer should find themselves holding the bitcoin following their purchase. It should not be the case that bitcoin continues to be held by the platforms.


Throughout the guidance, the term delivery appears. This simply means that the trading platform is sending the customer’s bitcoin to an address over which that customer directly maintains signing authority.

If you do not understand what we mean when we say signing authority, we’ve written a from-the-basics primer on it and other concepts that are prerequisites for everything being discussed here.

User-controlled wallets

At Knox, we strongly encourage anyone involved in bitcoin to learn how to hold it. Principally this means that they must be capable of managing their own private keys, and be absolutely certain that they never:

  1. Allow someone to see their private keys
  2. Lose access to their private keys

If 1. were to occur, the party that learned their private keys can impersonate them by trivially forging their signature, stealing everything they hold.

If 2. were to occur, all of their holdings would be lost forever.

That we would encourage this might seem a contradiction given our main business, but it's right for Bitcoin, and a step that anyone capable and willing should strongly consider. And there is now a great deal of software and hardware available for anyone to do this relatively easily.

Still, having spent years recommending this to anyone who will listen, we have learned that, for many Canadians, this isn’t a desirable option. The objections are numerous.

Threat of accidental divulgence

Many Canadians feel that fact 1 above is scary enough. Keeping secrets perfectly concealed is very hard. Knowing that anyone at any time learning their keys will lead to an incontrovertible loss of all the bitcoin they’ve ever purchased is hard for many investors to stomach.

Anxiety of information loss

Many people have lived through losing important files, or otherwise misplacing some piece of information. For some owners, the idea that a large amount of wealth could disappear in an instant on losing a piece of information is not acceptable.

The Ideal

To those who don’t wish to maintain their own private keys, the ideal would be: leave bitcoin elsewhere after purchasing it, without the risk of finding themselves in a situation like that faced by QuadrigaCX's customers.

The trouble is, for regulators who carry the mandate of protecting Canadian investors, this is a hard problem to contend with. For those Canadians willing to maintain their own wallets, the call is as simple as asking that purchased bitcoin be sent immediately to an address over which the purchaser maintains direct signing authority. However, noting that many Canadians don’t want to hold bitcoin in their own wallets, regulators will have to find other alternatives. And regulators at present have yet to find a way of vetting how the trading platform is securing its bitcoin, which makes it difficult for them to perform their core mandate.

It is also important to consider the situation from the perspective of a trading platform. Besides maintaining a liquid order book allowing for efficient price discovery for market participants, at present trading platforms are often forced into holding their clients’ assets. This is due to market participants’ frequent unwillingness to hold bitcoin themselves. It is difficult and costly to safely hold bitcoin purchased by their users, and exposes trading platforms to additional risks and liabilities for which they are not compensated. So far it has been the cost of doing business. If the issue were as simple as asking their customers to maintain their own wallets, there would be no dilemma.

We present a third arrangement to those listed previously, and believe this fulfills the needs for all parties:

  1. A customer exchanges dollars for bitcoin. Following this, the customer keeps their bitcoin with the trading platform. They may elect to withdraw it later.
  2. A customer exchanges dollars for bitcoin. Following this, the bitcoin is sent to the purchaser.
  3. A customer exchanges dollars for bitcoin. Following this, the bitcoin is sent to an independent agent that can keep funds safely.

Ensuring funds are safely held

In the Knox Custody Risk Management registry, we present some of the practices we believe are important to follow in order for the aforementioned safekeeping agent to keep funds safely. At its heart, Knox is a risk management firm. Specifically, one that specializes in risk management as it relates to safely creating, storing, and using private keys for Bitcoin. We live and breathe this, and the list of linked controls, which are indicative of what we ourselves do, are useful for anyone wishing to judge the safety of holding. As a responsible counterparty, part of the ethos we would like the industry to push forward is “Don’t trust, verify.

The ability to exercise a comprehensive set of controls is extraordinarily difficult and costly. For this reason, amongst others, we strongly encourage regulators to consider the third way mentioned above. We do not believe it is appropriate for trading platforms to face such a burden. At the same time, as much as we wish that Canadian investors would maintain their own wallets, we know from experience that many do not wish to do so. We believe they ought to have the right to use a strong safekeeping agent like Knox that is at the forefront of risk management as it relates to managing Bitcoin private keys.

And as we’ve pointed out before, we believe comprehensive insurance coverage for customer assets is an important part of being a responsible independent custodian.

Find out more

We live and breathe security controls. Those linked above only scratch the surface of the many controls we have implemented to keep our clients’ Bitcoin holdings safe. If you would like to learn more, please reach out. We would love to speak further about our system, and anything to do with Bitcoin, security, insurance, or related topics.

Email us at: info@knoxcustody.com or give us a call at: +1(647)560-9475

Great! You've successfully subscribed.
Great! Next, complete checkout for full access.
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.