Check out our latest blogs

Crypto exchanges move billions of dollars in user funds every day. Behind every withdrawal, every settlement, and every trade sits a custody architecture that either holds up under pressure or becomes the reason a platform fails its users.

Custody is not an operational afterthought. For exchanges, it is the infrastructure layer that determines whether client funds are secure, whether operations scale without incident, and whether the platform can satisfy regulators demanding proof of asset segregation and control. As institutional participation in digital asset markets expands across Asia-Pacific and the Middle East, exchanges are facing a harder question: is their custody setup built for what comes next?

This guide covers how digital asset custody works specifically in an exchange context, the architecture decisions that matter, the regulatory baseline taking shape across key jurisdictions, and what to look for when choosing between building in-house and working with an institutional custody provider.

What Digital Asset Custody Means for Exchanges

Custody, in its most basic form, means controlling private keys. Whoever controls the keys controls the assets. For a retail user holding their own crypto, that means managing a hardware wallet or a seed phrase. For an exchange, the definition is far more complex.

Exchanges hold assets on behalf of thousands or millions of users simultaneously. They are continuously processing withdrawals, funding liquidity pools, executing settlements, and reconciling balances in real time. This creates custody requirements that look nothing like static cold storage.

Three things make exchange custody fundamentally different from other institutional custody contexts:

• Transaction frequency: Exchanges process continuous outflows, not periodic redemptions. Custody architecture must support automated, high-throughput signing without creating security gaps.
• Multi-asset complexity: A single exchange may manage hundreds of tokens across dozens of chains. Each asset may require different signing protocols, gas management approaches, and policy rules.
• Regulatory accountability: Exchanges are increasingly required to demonstrate segregation of user funds from operational capital, maintain real-time proof of reserves, and produce auditable transaction records on demand.

Two primary models exist for how exchanges approach custody:

• Self-custody: The exchange controls its own key management infrastructure. This gives maximum operational flexibility but requires dedicated security engineering, hardware investment, and ongoing compliance effort.
• Third-party custody: An institutional custodian manages key security and transaction signing on behalf of the exchange. The exchange retains operational control through configurable policies while outsourcing the cryptographic infrastructure.

Many larger exchanges operate hybrid models, managing hot wallet operations in-house while using a third-party custodian for cold storage of the majority of reserves.

Hot, Warm, and Cold Wallet Architecture

Every exchange operates across multiple wallet tiers, each designed to balance liquidity against security. Understanding how these tiers function and interact is fundamental to assessing whether a custody setup is fit for purpose.

The ratio between tiers is a direct reflection of an exchange’s risk appetite and operational maturity. Keeping more than 10 percent of total reserves in hot wallets is considered high-risk practice in institutional contexts. Most well-run exchanges target 5 percent or below, automating refills from warm storage as hot wallet balances are drawn down.

The critical challenge is automation with governance. Rebalancing between tiers should be triggered by policy, not manual intervention, with configurable approval workflows and spend limits that keep human error out of routine operations while preserving oversight for large or unusual transactions.

MPC vs. Multi-Signature: What Exchanges Need to Know

The two dominant approaches to cryptographic key management for institutional custody are multi-signature (multi-sig) and Multi-Party Computation (MPC). Both are used in production exchange environments, and both have meaningful tradeoffs.

Multi-Signature

Multi-sig requires that a minimum number of co-signers (M of N) each hold a complete private key and independently approve a transaction. For example, a 3-of-5 setup means any three of five keyholders must sign before a transaction executes.

Multi-sig is battle-tested and fully transparent at the protocol level. However, it has real operational limitations for exchanges:

• Each keyholder stores a complete private key, creating multiple physical attack surfaces.
• Signing requires sequential participation across all required signers, which adds latency to time-sensitive operations.
• Managing multi-sig across high transaction volumes requires coordination overhead that can slow operations.

Multi-Party Computation (MPC)

MPC distributes key material as shares across multiple nodes, and a full private key is never reconstructed at any single point. Transaction signing occurs through a cryptographic threshold computation across participating nodes, producing a valid signature without any node holding the complete key.

For exchanges, MPC offers several operational advantages over multi-sig:

• No complete key ever exists in one place, eliminating the single-point-of-failure that a compromised keyholder represents in multi-sig.
• Signing is faster and parallelizable, better suited to high-throughput transaction environments.
• Key rotation and governance changes can happen without moving assets or changing addresses.
• Supports complex approval workflows natively, including tiered authorization, time delays, and spending limits.

MPC is the current standard for institutional exchange custody. The main consideration for compliance teams is that MPC proofs are harder to audit independently than on-chain multi-sig signatures. Exchanges operating in heavily regulated jurisdictions should confirm that their chosen provider has third-party cryptographic attestation of their MPC implementation.

Regulatory Requirements for Exchange Custody

Regulatory expectations around exchange custody are hardening across APAC and MENA. What was once treated as an optional compliance consideration is now a licensing condition in most jurisdictions where exchanges operate at scale.

Key Regulatory Frameworks by Region

• Singapore (MAS): The Monetary Authority of Singapore requires licensed digital payment token service providers under the Payment Services Act to maintain segregated custody of client assets, maintain adequate liquid assets, and submit to annual audits. MAS has indicated ongoing work on custody-specific guidance for exchanges and custodians.
• UAE / Dubai (VARA): The Virtual Assets Regulatory Authority has established detailed custody requirements under its exchange rulebook, including mandates for cold storage of client assets, a minimum percentage held with regulated custodians, and real-time reserves reporting capability.
• Hong Kong (SFC): The Securities and Futures Commission requires licensed virtual asset trading platforms to hold at least 98 percent of client assets in cold storage, with daily reconciliation of hot wallet balances against client liabilities.
• Taiwan (FSC): The Financial Supervisory Commission has issued custody guidance requiring exchanges to segregate customer assets and demonstrate auditable key management processes, with further institutional custody rules under development.

Across all these frameworks, three requirements are near-universal: asset segregation from operational capital, auditable transaction records, and the ability to produce proof of reserves on demand. These requirements directly map to technical decisions in custody architecture. A platform without automated audit trails, policy-based access controls, and real-time reconciliation is not just operationally vulnerable. It is non-compliant.

Self-Custody vs. Third-Party Custody: The Real Trade-Off

Exchanges evaluating their custody approach face a genuine strategic decision.

Neither path is categorically correct. The right choice depends on transaction volume, internal security capability, regulatory obligations, and growth trajectory.

The Case for Building In-House

Self-custody gives an exchange direct control over every aspect of key management and signing infrastructure. There is no counterparty dependency, no vendor risk, and no contractual constraints on operational design.

The cost of doing this well is significant. A credible in-house custody build at institutional scale requires dedicated security engineering (typically multiple HSM or MPC specialists), hardware infrastructure (HSMs, air-gapped systems, disaster recovery sites), key ceremony management, independent security audits at least annually, and a 24/7 security operations function. For exchanges with mature engineering teams and significant volume, this investment can be justified. For exchanges that are scaling or operating across multiple regulatory jurisdictions simultaneously, the operational overhead often outweighs the control benefit.

The Case for Third-Party Custody

Institutional custody providers offer pre-certified compliance frameworks, production-tested MPC or HSM infrastructure, and managed security operations that would take years to replicate in-house. The deployment timeline is faster, the compliance certification burden is shared, and incident response is part of the service contract.

The tradeoff is a degree of operational dependency. Exchanges need to evaluate a custody provider’s SLA on transaction signing latency, their key recovery and business continuity protocols, their insurance coverage, and their track record across production environments.

Hybrid Models

Most large exchanges with significant institutional client bases operate hybrid custody. Hot wallet operations and the associated signing infrastructure are managed in-house, where low-latency signing is operationally critical. Cold storage, where the majority of reserves sit, is managed by a third-party custodian with the segregation, insurance, and audit certifications that regulators increasingly require.

What to Look For in a Custody Provider

If you are evaluating institutional custody providers for your exchange, use the following checklist. These are the criteria that separate providers capable of handling institutional exchange operations from those built for smaller or lower-volume use cases.

1. MPC or HSM-based key management with no reliance on software-only key storage. Verify the cryptographic approach has been independently audited.
2. Tiered wallet architecture with automated rebalancing policies, configurable spend limits, and approval workflows per tier.
3. Governance controls that support multi-tier authorization: spending limits by amount, asset type, and destination address.
4. Real-time monitoring and automated alerting for anomalous transaction patterns, failed signing attempts, and policy violations.
5. Regulatory certifications relevant to your operating jurisdictions: SOC 2 Type II, ISO 27001, and regional licensing where applicable.
6. Insurance coverage for assets under custody, with clarity on what is and is not covered under the policy.
7. Proof of reserves infrastructure that supports on-demand attestation without requiring manual reconciliation.
8. Incident response SLA with defined recovery time objectives and tested key recovery protocols.
9. API-first architecture with documented integration paths for exchange engine connectivity, withdrawal automation, and reconciliation feeds.
10. Production track record with institutional exchange clients at comparable volume, with reference clients available.

How Liminal Supports Exchange Custody Operations

Liminal operates digital asset custody and wallet infrastructure for institutional clients across Singapore, the UAE, India, and Taiwan, with over $100 billion in on-chain transaction volume processed to date.

For exchanges, Liminal’s platform provides:

• MPC-based key management with no single point of key exposure, supported by configurable signing thresholds and governance policies.
• Tiered hot, warm, and cold wallet architecture with automated rebalancing rules and per-tier spend controls.
• Policy-driven transaction workflows, including multi-tier approval requirements, time-delayed signing for large transactions, and whitelist-based destination controls.
• Real-time audit trail covering every transaction, approval, policy change, and access event, structured for regulatory review.
• Third-party security certifications including SOC 2 Type I and II and ISO 27001, with active regulatory licensing pursuits across key APAC and MENA jurisdictions including Singapore and the UAE.
• Integration via RESTful APIs, supporting direct connectivity with exchange engines, reconciliation systems, and reporting infrastructure.

Exchanges working with Liminal retain full operational control through configurable governance while outsourcing the cryptographic infrastructure and compliance overhead that would otherwise require significant internal investment to replicate.

Frequently Asked Questions

How should a crypto exchange store user funds securely?

The institutional standard is a tiered architecture: 2 to 10 percent of assets in hot wallets for real-time withdrawals, a portion in warm wallets for batch settlements, and 70 to 90 percent in cold storage. Hot wallet balances should auto-refill from warm storage via policy-driven rules, not manual intervention. Keeping more than 10 percent in hot wallets is considered high-risk practice.

MPC or Multi-sig, which is better for exchange custody?

For exchanges, MPC is generally the stronger choice. No complete private key ever exists in one place, signing is faster and parallelizable, and governance changes don’t require on-chain transactions. Multi-sig is more straightforward to audit at the protocol level, but managing multiple complete keys across high transaction volumes creates operational and security overhead that most exchanges want to avoid.

What should an exchange look for in a custody provider?

Non-negotiables are MPC or HSM-based key management with independent audit certification, configurable governance and spend controls per wallet tier, SOC 2 and ISO 27001 certifications, defined incident response SLAs, and API-first integration. Proof of reserves capability and insurance coverage are increasingly expected by regulators and institutional clients.

What are the custody compliance requirements for crypto exchanges in Asia?

Requirements vary but converge on three things: segregation of client assets from operational capital, auditable transaction records, and proof of reserves on demand. Singapore (MAS), UAE (VARA), and Hong Kong (SFC) all have specific custody mandates for licensed exchanges, with cold storage minimums and reconciliation obligations. Taiwan’s FSC has issued similar guidance.

Looking for Institutional Custody Infrastructure built for exchanges?

Connect with our team