Crypto custodians face many threats and heightened accountability as clients entrust their assets to them. Cyberattacks are becoming more sophisticated and regulatory pressure continues to intensify, demanding higher standards of security and compliance.
In this article, we cover the many risks that firms are exposed to. We also review the types of crypto custody insurance available and key considerations for optimizing coverage.
The Crypto Threat Landscape
Rising Frequency and Sophistication of Attacks
A record $3.8 billion was lost to crypto hacks and scams in 2022. By mid-2025, $2.17–$2.5 billion had been stolen putting 2025 ahead of 2024’s pace and on track to be one of the worst years on record.
Attack vectors have evolved from phishing emails to complex DeFi protocol exploits and breaches of cold storage systems. Hackers now routinely employ flash-loan attacks and smart contract exploits to drain DeFi platforms, as seen in 2023’s $197 million Euler Finance hack.
Nation-state actors have also entered the picture. North Korea’s Lazarus Group and similar state-sponsored hackers stole an estimated $1.7 billion in crypto assets in 2022, representing nearly half of all global crypto theft that year. Their activity continues despite increased blockchain tracing and international sanctions, their activity shows no sign of slowing.
In 2025, the FBI attributed the $1.5 billion Bybit attack to Lazarus, bringing total losses linked to DPRK-associated groups to over year-to-date, based on assessments from several blockchain-analytics firms. Investigators believe much of the stolen value is channeled through mixing services and Asia-based exchanges to fund the country’s sanctioned weapons programs.
Insiders also pose risks. Breaches like the $44 million CoinDCX theft allegedly involved a long-term employee’s compromised credentials.
Institutional Capital Inflows Raise the Stakes
The stakes are rising as institutional capital continues to flow into digital assets.
According to the (January 2025) found strong institutional interest, with ~80%+ planning to increase allocations.
Among these, 85% increased their digital-asset holdings in 2024 and expect to continue expanding them. Looking ahead to 2025, 59% of respondents plan to allocate more than 5% of their total assets under management to cryptocurrencies, driven largely by hedge funds and U.S. investors.
Data reported via Standard Chartered (as cited by FinTech Weekly) suggest that around 61 publicly listed companies have adopted bitcoin treasury strategies, collectively holding approximately 848,000 BTC in the first half of 2025, roughly 4% of total bitcoin supply.
While the exact holdings and methodology should be cross-checked, this level of accumulation underscores a notable shift in corporate balance-sheet practices, with many firms increasingly treating bitcoin as a strategic asset alongside cash and securities.
The inflow of big capital raises both opportunity and risk. Considering the growing stakes, any security lapse could be catastrophic, financially and reputationally.
Regulatory Pressures Demand Better Safeguards
Regulators worldwide are implementing stricter oversight and compliance requirements. The SEC made crypto a priority area for enforcement in recent years and has expanded scrutiny of how custodians and investment advisors are securing crypto assets, aiming to ensure firms use qualified custodians and follow strict custody rules.
Global regulators are following suit, pushing for demonstrable risk mitigation in custody.
Directors and officers of custody providers are also under pressure. If a major loss occurs, they could face personal liability through investor lawsuits or regulatory penalties.
In this environment, insurance is fast becoming a core expectation, valued by both regulators and clients.
The Limitations of Traditional Security Measures
Technical Security Gaps
Even best practice technical security measures for crypto custody have shown critical gaps under real-world attacks. For example, cold storage is often touted as ultra-secure but recent mega-breaches (e.g., Bybit 2025) show even robust wallet architectures can be compromised. Likewise, multi-signature setups are a key tactic in eliminating single points of failure, but these have proven insufficient against coordinated attacks.
Managing private keys at institutional scale is complex, introducing further challenges.
Operational Risk Factors
Operational failures and human errors are leading causes of crypto security breaches. Attackers increasingly use phishing and social engineering tactics, sidestepping even the most robust security measures.
There’s also key-person risk. If too much knowledge or privilege is concentrated in one individual, the results can be disastrous. The QuadrigaCX collapse is a prime example. The founder alone held the keys and his unexpected death prevented access to $190 million in customer crypto.
Another concern is that backup and recovery procedures often go untested at scale. Firms might be creating key backups but have they practiced a large-scale recovery or key rotation? If not, when a real incident strikes, they’re testing their disaster plan for the first time under pressure.
Cross-border complexities introduce further risks. Different jurisdictions may have conflicting laws on areas like asset recovery, and crypto held under a foreign custodian can get caught up in overseas legal proceedings.
Market Structure Vulnerabilities
The structure and dynamics of crypto markets themselves can create vulnerabilities for custodians and their clients. Counterparty risk is one example. Providers may rely on third parties like sub-custodians or liquidity partners to fully deliver their services. If one of those counterparties fails (financially or technically), the custodian and its clients could suffer losses or frozen assets.
Ensuring assets are segregated is challenging, especially during periods of market stress. Enforcing strict segregation during volatile market conditions requires precise real-time coordination between systems. Any communication delays or interoperability issues complicate the process.
We also have to consider settlement and liquidity risks. Crypto markets trade 24/7, but converting crypto to fiat often involves banking hours and lags. During sudden market moves, a custodian might face delays settling trades or transferring funds, potentially causing client losses.
Large withdrawals in a panic can test a custodian’s liquidity if assets aren’t readily available, and the lack of well-established market-wide safeguards like circuit breakers means a failure at one platform can ripple outward.
The Insurance Solution for Modern Crypto Custody
Comprehensive Coverage Models
In response to these risks, the insurance industry is developing comprehensive coverage models. Here are the essential forms of crypto asset insurance:
Hot Wallet and Cold Storage Protection
Custodians can obtain crypto insurance that covers theft or loss of digital assets in hot online wallets or offline cold storage. As hot wallets are more exposed, they often have higher premiums.
Crime Coverage for Theft, Fraud, and Social Engineering
Crime insurance covers first-party losses from employee fraud and third-party losses from hacks or social engineering attacks. These policies fill the gaps that general cybersecurity insurance might not cover.
Directors and Officers Liability Protection
D&O coverage protects against lawsuits arising from alleged negligence in security or regulatory compliance failures.
Business Interruption and Cyber Incident Response Coverage
If a major security incident forces a custodian to pause operations, a business interruption policy can cover lost revenue and extra expenses during downtime.
Risk Transfer Benefits
Effective insurance provides ongoing strategic benefits that strengthen a custody business. Key advantages include:
- Protecting balance sheets against catastrophic losses
- Enhancing client confidence through third-party validation
- Gaining competitive advantage in institutional acquisition
- Freeing up capital that would otherwise be reserved for self-insurance
Market Maturation Through Crypto Custody Insurance
Insurance is a catalyst for the maturation of crypto custody. When a custodian applies for insurance, underwriters conduct a thorough review and often require risk improvements before granting coverage, effectively spreading best practices.
Premium pricing also incentivizes stronger security, as lower risk can translate to lower premiums or higher coverage limits. Claims data, in turn, enhances industry-wide threat intelligence and helps develop standardized frameworks for custody safeguards.
Implementation Strategies for Custody Insurance
Custody Model Considerations
When implementing insurance for crypto custody, the optimal strategy depends on the custody model and business structure. Key considerations include:
- Self-custody versus third-party custody: In a self-custody model, the institution should obtain a policy directly to cover its assets, stepping into the shoes of a custodian. The policy would name the institution as insured for losses of its own crypto. If using an external custody provider, the primary insurance is held by the custodian on behalf of clients. Coverage may or may not be passed onto clients depending on individual policy terms.
- Hybrid and multi-party custody models: Some firms use a mix of custody solutions, like splitting assets between self-custody, third-party custodians, and decentralized custody solutions. It’s critical to confirm insurance responsibilities when multiple parties are involved.
- Multi-party computation (MPC): MPC setups split private keys across multiple parties or devices (often some managed by the client, some by the custodian). This can enhance security but again, it’s critical to clarify insurance responsibility.
- DeFi and smart contract custody: A growing number of companies interact with DeFi protocols or use smart contracts for custody-like functions. These models require specific coverage for smart contract risks or protocol exploits, often separate from traditional crime insurance.
Policy Structure Optimization
Custodians can optimize the structure of their policies to ensure maximum effectiveness and cost-efficiency.
Key aspects to consider include coverage limits, exclusions, claims processes, and cost-sharing mechanisms. In terms of limits, a common approach is to insure to the full value of assets in custody or slightly above for growth. Very high limits can be costly or require reinsurance or syndication.
Higher deductibles lower premium cost, meaning the firm self-insures smaller losses. Firms can opt for significant deductibles to weed out minor incidents and keep premiums manageable.
Some policies may also have co-insurance clauses, where the insurer only pays 90% of any loss, for example, and the firm pays 10%.
Typical exclusions include price movements, war, lost or forgotten keys, intentional misconduct by the insured, and government seizure.
Some also exclude the fundamental risk of the cryptocurrency’s underlying cryptography failing due to a quantum computing event, for example.
Advanced preparation in case of claims is vital as delayed notification can be grounds for denial. Be prepared to document the loss extensively — insurers will want logs, investigations, and possibly blockchain analytics to confirm the amount and cause of loss.
Cost Allocation for Client-Facing Businesses
Custodians serving external clients must decide how to allocate the cost of insurance. Some embed it in overall fees; others offer insured custody as an optional service.
Transparency with clients is key, as many exchange customers mistakenly assume they are individually covered when they’re not.
Future-Proofing Insurance Strategy
To future-proof crypto custody insurance, firms should anticipate emerging risks like quantum computing — which could eventually challenge cryptographic security. Experts debate the timeline, but early dialogue with insurers is advisable.
In terms of regulation, sudden changes might broaden liability and require terms to change at short notice. Firms should be prepared to respond to any legal changes — working with a provider with sector expertise is key here.
As tokenization expands, ensure new assets are covered and if your operations span multiple countries, consider the fact that different jurisdictions might require local insurance policies or have differing rules on what an insurance contract can cover.
Emerging Insurance Products
Novel insurance products can help firms adapt to change:
- Parametric crypto insurance: Parametric policies pay out based on a defined event, such as exchange downtime. The benefit is quick payout without long claims investigation processes.
- Smart contract coverage for automated custody systems: These products often function by the insurer vetting a particular smart contract and providing coverage if that contract is exploited leading to loss of funds.
- Staking and yield-generating asset protection: Holding staked assets introduces risks like slashing, where a validator node is penalized for being offline or acting maliciously. Specialized policies can cover slashing losses or validator downtime.
- NFT and digital collectible insurance: NFTs have been a tough area for traditional insurers but it’s an area that’s in demand. It can be compared to insuring a piece of fine art — custodians that safeguard NFTs may include specific high-value NFTs on a policy to cover against theft or destruction.
Takeaways for Brokers and Clients
Crypto custodians face growing exposure. Attacks are becoming more sophisticated, institutional investment is rising, and regulatory demands continue to increase. Even robust security measures aren’t infallible, and market dynamics add further complexity.
Relm offers specialized crypto custodian insurance, tailored to the sector’s unique risk profile and backed by deep regulatory expertise. Contact us today to learn more.
