Skip to main content

Overview

When managing crypto funds, asset managers must choose between utilizing a self-custody platform or a qualified custodian. Both providing benefits and risks in how assets are stored and protected, but also the operations of how transactions are approved, audited, and governed.

Self-Custody

Self-Custody means the end customers retains direct control of a portion of their private key material. Wallet providers, such as Fortary, are not capable of moving assets independently and final control remains with the customer. The Fortary platform provides a self-custody framework built on multi-party computation (MPC) combined with trusted execution environments (TEEs). This model balances user control with enterprise-grade security and operational flexibility.

Our MPC-Based Self-Custody Model (3-of-3)

Each transaction requires three signatures to authorize:
  1. MPC TEE Node 1 & 2 – Controlled by our secure infrastructure, this node participates in the signing process within a TEE (Trusted Execution Environment), ensuring key material cannot be exposed or exfiltrated. In separate geographical locations for redundancy and resilience
  2. Client Mobile Device Key – The third and final key share is held entirely by the client on a dedicated mobile device.
All three keys are required to complete a transaction. This ensures:
  • No single entity (including us) can move funds independently.
  • The client retains final signing authority.
  • Keys never exist in full form in any single location, reducing attack vectors.
Clients can optionally maintain copies of the third key on multiple mobile devices. These are identical copies—not distinct key shares—offering convenience for multi-operator teams or backup devices.

Qualified Custody

A qualified custodian is a regulated financial institution—such as a trust company, bank, or broker-dealer—that holds digital assets on behalf of clients. Under this model, the custodian maintains exclusive control of the private keys that secure the client’s funds.
  • Limited Client Control: Because the custodian controls the keys, clients depend entirely on the custodian to execute withdrawals or approve transactions.
  • Regulatory Oversight: Qualified custodians are subject to fiduciary and compliance requirements, ensuring segregation of assets and adherence to jurisdictional standards.
  • Operational Simplicity: Customers delegate key management, signing, and recovery processes to the custodian.
This approach is ideal for institutions requiring regulatory compliance, third-party assurance, or audited segregation of assets. However, it introduces custodial risk, where the safety of assets depends on the custodian’s security posture, internal governance, and solvency.