Past breaches in digital asset markets show that custody failures usually stem from structural weaknesses rather than a single technical flaw. These events highlight how custody architecture, governance and operational controls determine whether assets remain protected – principles that underpin Sygnum’s custody framework.
By Thomas Brunner, Sygnum Head of Custody & Staking
When the first cracks appeared
The conversation around custody architecture began with events that exposed how fragile early digital asset infrastructure could be.
One of the earliest cases was Mt. Gox. In 2014 the exchange said approximately 750,000 customer Bitcoin and about 100,000 of its own had disappeared while the causes were still under investigation.
The scale of that loss forced the industry to confront a question that had not yet been fully answered: how should digital assets be stored and governed when they represent real value on institutional balance sheets?
For institutions evaluating digital assets today, custody design has become a core risk-management concern. The architecture of the custody environment determines how assets are isolated, who can authorise transactions and how responsibilities are distributed across the organisation.
Over time, additional incidents across exchanges and infrastructure providers added further insight into how custody environments behave under stress.
What incidents reveal about custody design
Looking across several high-profile events, certain structural themes appear repeatedly.
Connectivity is one of them. Custody environments that interact with broader infrastructure must manage the operational pathways created by that connectivity. Access credentials, system integrations and day-to-day workflows all influence the exposure surface.
In January 2018, Coincheck was hacked. Japan’s Financial Services Agency study group later said Coincheck had used a hot wallet to manage the private keys for all of the stolen NEM. In 2020, KuCoin disclosed a security incident involving transfers from its hot wallets. KuCoin said the outflow resulted from leaked hot-wallet private keys and noted that its cold wallets remained unaffected.
Operational discipline is another recurring factor. Even when strong cryptographic protections exist, weaknesses in approval procedures or unclear responsibility boundaries can create vulnerabilities. In 2022, Ronin reported that its validator nodes had been compromised. Ronin’s post-mortem stated that an attacker gained control of five of the nine validator private keys after Axie DAO allowlist access had not been revoked.
More recently, the FBI said actors likely manipulated a legitimate transaction request by a DMM employee, leading to the loss of 4,502.9 BTC. Each case differs in its technical details, yet the underlying pattern is familiar: custody resilience emerges from the interaction between technology, governance and operational processes.
Governance and segregation
Another lesson from past events concerns governance and asset segregation. Institutions need clarity around how custody responsibilities are defined and how those responsibilities are enforced.
The collapse of FTX in 2022 highlighted the consequences of weak segregation. The US Department of Justice said Sam Bankman-Fried told customers their deposits were kept safe, held in custody, kept separate from company assets, and not used by FTX, when in fact billions of dollars in customer deposits were channeled to Alameda Research. The issue in that case was not limited to infrastructure design. It also reflected governance decisions and control structures.
Institutions evaluating custody environments therefore focus on how responsibilities are assigned and how controls operate in practice. Reviews typically examine questions such as:
- How access controls and approval procedures are structured
- How operational duties are separated across teams
- How custody controls are documented and monitored
- How the custody model can be explained to regulators and auditors
Clear answers to these questions help institutions understand how assets are governed within the custody environment.
Isolation as a structural principle
As the industry has matured, one architectural principle has become increasingly important: isolation.
Japan’s 2018 FSA study group stated that private keys used to transfer assets under management should be stored in cold wallets, noting that hot wallets carry higher security risks. The group also proposed stronger disclosure, segregation and audit practices for custody providers.
Isolation also extends to the broader separation of reserve assets from systems designed for trading or operational liquidity. Assets intended for long-term holding typically require different oversight, approval processes and operational controls.
In February 2025, Bybit disclosed unauthorised activity involving an ETH cold wallet during a routine transfer. Bybit later said the transaction had been manipulated. Safe reported that the incident involved a compromised Safe{Wallet} developer machine that allowed a disguised malicious transaction to be proposed. NCC Group later wrote that malicious JavaScript in the Safe{Wallet} web application altered what signers saw when approving the transaction. That same transaction then used on-chain contract calls to alter the wallet’s logic.
Notably, although this incident involved a so-called “cold wallet,” critical components of the system -including the web interface and smart contract interactions – remained internet-facing. This underscores that “cold storage” does not inherently eliminate exposure to online attack vectors, and should not be assumed to be categorically more secure than well-designed hot wallet systems.
Events like these highlight how custody architecture must consider not only where keys are stored, but also the online interfaces and on-chain smart-contract logic through which transactions are initiated and approved.
How we apply these lessons at Sygnum
Past incidents show that custody failures often arise from weak asset segregation, compromised private keys, or unclear operational controls. At Sygnum Bank, the custody framework is designed to mitigate these risks directly.
First, client assets are held off-balance sheet and ring-fenced from the bank’s balance sheet, ensuring that assets remain the property of the client and are bankruptcy-remote under Swiss law. This structure addresses governance and segregation failures seen in cases such as the collapse of FTX, where customer deposits were commingled with company funds.
Second, private keys are protected through military-grade hardware security modules and Multi-Party Computation (MPC). These controls reduce the risk associated with compromised private keys or hot wallet exposure, which played a role in incidents such as Coincheck hack and KuCoin hack.
Finally, transaction approval and operational processes operate within an audited control environment (ISAE 3000 and ISAE 3402). These governance controls help prevent the type of operational or approval process vulnerabilities highlighted in incidents such as the Ronin Network bridge hack.
Together, asset segregation, hardware-based key protection, distributed cryptographic controls and audited governance processes form a custody architecture designed to reduce the structural risks observed in past digital asset breaches.
Custody as infrastructure
Digital asset markets continue to evolve, and custody is becoming part of the infrastructure that supports institutional participation.
Past incidents have shown how architecture, governance and operational discipline influence the resilience of custody environments. Institutions allocating digital assets today examine how those elements interact over time.
When custody architecture is transparent and well governed, institutions can evaluate how digital assets are protected and managed. That clarity supports long-term participation in digital asset markets.
As adoption continues to grow, custody design will remain central to how institutions safeguard and govern digital assets across market cycles.
Disclaimer: The information in this publication pertaining to Sygnum Bank AG (“Sygnum”) is for general information purposes only, as per date of publication, and should not be considered exhaustive. This publication does not consider the financial situation of any natural or legal person, nor does it provide any tax, legal or investment advice. This publication does not constitute any advice or recommendation, an offer or invitation by or on behalf of Sygnum to purchase or sell any assets. No elements of precontractual or contractual relationship are intended. While the information is believed to be from accurate and reliable sources, Sygnum makes no representation or warranties, expressed or implied, as to the accuracy of the information. Sygnum expressly disclaims any and all liability that may be based on such information, omissions, or errors thereof. Any statements contained in this publication attributed to a third party represent Sygnum‘s interpretation of the data, information and/or opinions provided by that third party either publicly or through a subscription service, and such use and interpretation have not been reviewed by the third party. Sygnum reserves the right to amend or replace the information, in part or entirely, at any time, and without any obligation to notify the recipient of such amendment / replacement or to provide the recipient with access to the information. Simultaneously, there is no obligation of Sygnum to inform recipients of information, if before provided information later becomes outdated, inaccurate or obsolete, unless otherwise provided by applicable law. The information provided is not intended for use by or distributed to any individual or legal entity in any jurisdiction or country where such distribution, publication or use would be contrary to the law or regulatory provisions or in which Sygnum does not hold the necessary registration, approval authorisation or license. Except as otherwise provided by Sygnum, it is not allowed to modify, copy, distribute or reproduce, display, license, or otherwise use any content for commercial purposes.
Sign up for Future Finance
Join our 40,000 strong global community to future proof your investments. Sign up now to be the first to receive our news, product launches, industry reports and educational series.