Coinbase Logo

How we keep digital assets safe

Tl;dr: Coinbase was selected as the custodian of choice for eight of 11 spot bitcoin ETF mandates. Winning those mandates was a rigorous, competitive process that delivered a clear message: the world’s largest institutions trust Coinbase to keep their clients’ digital assets safe because of the quality, security, and track record of our institutional custody solutions. Here, we outline the foundational principles of our digital custodian.

By Alan Leung


, March 4, 2024

Coinbase Custody Timeline (3)

Crypto custody is having a moment in the spotlight – and rightfully so. With the SEC’s approval of spot bitcoin ETFs, many investors, financial advisors, and institutions are exploring the space for the first time to understand how digital assets are stored and protected. This scrutiny is good – and we welcome it.

When ETF providers selected a custodian, they conducted the most extensive diligence process we’ve been through – and maybe the most rigorous process conducted for any new asset class. Their process pitted our custody solution against the market – examining its structure, track record, and how well it integrates within an ETF’s operations. The result was that eight of the 11 ETF providers independently came to the same conclusion: Coinbase had the best product to serve as the primary custodian of their clients’ assets.

These decisions validate our company-wide approach to be the safest, easiest, and most trusted bridge to the cryptoeconomy. Over 12+ years, we compiled a track record of safekeeping digital assets at scale and developed the leading institutional-grade custody solution. Now, Coinbase serves as the foundation of the spot ETF movement.

Here’s why institutions trust Coinbase to safeguard assets.

We have a track record of securing customer assets at scale

We have a standard when it comes to our custodial platform: zero tolerance for errors. That standard has dominated our philosophy over 12 years, a track record we compiled without a risk event. Now, we safeguard $193 billion in digital assets, including $101 billion in institutional assets under custody (as of Q4 2023).

This track record is no accident. We hire top talent. Our team includes world-class and internationally-recognized applied researchers. Then, we give them the tools and resources they need to continuously invest in technology, processes, and systems in order to ensure we maintain the leading institutional-grade custodial platform.

Today, we leverage advanced cryptographic key-sharding techniques to maintain a comprehensive system that combines physical security, consensus computation, and strict, audited process controls.

Our institutional clients are able to further decentralize and tailor access to their operating model by leveraging enterprise security features, such as strict permissioning, multi-user consensus, and transfer policies that ensure no single individual within their organization can act maliciously or be coerced into executing unauthorized transactions or instructions.

We are rigorously regulated and audited

Coinbase Custody Trust Company, LLC (CCTC), our US-based custodian, is a fiduciary under New York state law and a qualified custodian under the Investment Advisers Act of 1940. It is regulated by the New York Department of Financial Services (NYDFS), which also regulates New York’s chartered banks.

While other states have granted charters to digital asset custodians, no other states have the experience or rigor of the NYDFS. NYDFS has regulatory oversight of financial institutions holding more than $9.1 trillion in assets (NYDFS 2022 Annual Report). Further, it supervises 17 institutions that are deemed Global Systemically Important Banks and has group-wide supervisory authority over two of the largest multinational insurance companies. In total, it has regulatory oversight of 1,300+ banks and financial institutions and 1,960 insurance companies and related entities.

Our commitment to safeguarding digital assets goes further. As a public company based in the US, Coinbase is also subject to regular audits of our financials. In addition to providing an accurate picture of our business health, audits ensure we properly segregate and maintain separate accounts for our corporate and client assets.

In February 2020, CCTC became one of the first crypto custodians to complete SOC 1 Type II and SOC 2 Type II examinations, which verify that we have substantial internal processes and controls in place to safeguard client assets. The SOC 1 Type II reports test internal controls and systems over financial reporting. The SOC 2 Type II tests internal controls and systems related to security of the platform. In 2022, the SOC 1 Type II and SOC 2 Type II examination process expanded to include all of Coinbase Prime, including CCTC, Coinbase, Inc., and Coinbase Custody International Ltd.

Custodial funds are legally segregated and insured

CCTC is separate from other parts of Coinbase, including our industry-leading crypto spot exchange. Client funds are segregated at the account, sub-account, and on-chain wallet address level, such that clients can independently monitor wallet activities on-chain.

Legally, client funds are bankruptcy remote. This isolates custodial assets and protects them from the financial position of any Coinbase entity or any other client in the event of insolvency.

In addition, Coinbase maintains a substantial commercial crime insurance policy that covers theft of fiat currency or digital assets from Prime Trading or Vault. Our ability to actively manage the hot and cold wallets of our trading balance based on our insurance coverage provide clients with financial protection against a range of potential security risks. We believe our policy is the largest commercial crime policy covering hot wallets of any digital asset exchange or custodian. Over the past eight years, we have significantly increased the size of our commercial crime coverage while securing year-on-year premium decreases over the past two years, which is indicative of our insurance partners’ views of our strong processes and risk profile.

Trading is operationally efficient

Our custody solution fits seamlessly into institutional needs for trading and settlement. With integrated trading, financing, and custody, ETF providers and institutional clients can easily and quickly move funds to take advantage of Coinbase Prime’s advanced trading algorithms and execute a variety of different order types, including TWAPs to target a reference rate. They can also tap our advanced agency trading desk for customized order execution strategies or fixed price block execution with third-party counterparties, settling those trades directly on Prime.

All of this cuts down on the complexity and cost of trading, settlement, and custody, as well as the risk for ETF providers.

We are all in on crypto

At Coinbase, we are focused on building the cryptoeconomy. We offer custody of more than 400 assets across 38 different blockchains. And our clients can do more than just custody assets: they can participate in the entire cryptoeconomy – earning rewards with staking or participating in governance, all from a single interface.

Crypto is always evolving, so Coinbase is continuously investing to improve our technology and operations to ensure our clients’ digital assets remain safe and secure so they can confidently take part in the crypto economy.

Coinbase logo


Alan Leung

About Alan Leung

Alan Leung is the current CISO at Coinbase Custody, and has helped provide leadership to this business since 2018. Alan comes from a background in cyber security, previously working at Blue Cross Blue Shield, and Citibank performing roles as VP of Cyber Security Operations.