Opinion by: Ido Sofer, founder and CEO at Sodot.
The cryptocurrency industry is a relentless engine of innovation, constantly pushing the boundaries of what’s possible with decentralized technology. Yet, when it comes to a fundamental pillar like security, our progress can be misleading. We’ve built sophisticated fortresses to guard digital assets, but the battlefield has silently shifted to a new, more vulnerable front.
The Shifting Landscape of Crypto Custody
For years, the crypto world’s primary custody fear was singular and stark: the theft of a private key. The industry’s response was robust and layered. We developed cold storage, air-gapped systems, and multi-party computation (MPC) to make key theft exponentially harder. Recognizing that a safe key doesn’t guarantee a safe transaction, we then added transaction security and policy-based controls to block malicious fund movements, even if a key was somehow accessed.
These measures remain critically important. However, focusing exclusively on private keys now obscures a more profound evolution. The very definition of “custody” has expanded far beyond the protection of dormant cryptographic keys.
Custody is No Longer Just About Keys
Today, “custody” describes a complex, automated ecosystem. A modern trading firm doesn’t just hold assets; it actively moves them across a web of exchanges (both centralized and decentralized), staking protocols, liquidity pools, and infrastructure providers. Each connection requires its own set of credentials: API keys for exchange access, validator keys for staking, deployment credentials for smart contracts, and system-level secrets for internal servers.
Many of these secrets are stored in secret managers—tools designed for convenience that, by design, release the full credential to any authenticated process requesting it. This model is efficient but structurally fragile. If the execution environment—whether compromised by an external hacker, a coerced insider, or a malicious software dependency—requests a key, it receives the full, unilateral authority to move capital. The risk has migrated from static, offline storage into the live, milliseconds-fast execution layer where capital is in constant motion.
The Evolution of Security: From Storage to Execution
Security in crypto has progressed in clear stages. First, we secured keys in storage. Second, we built policy-driven controls to govern how those keys were used during transactions. The next, inevitable stage is upon us: we must apply the same zero-exposure, policy-enforced discipline to every credential capable of authorizing value movement.
This isn’t theoretical. Execution risk has become the primary vector for major exploits. Cybercriminals increasingly bypass hardened on-chain security to target the “soft underbelly” of off-chain secrets. The $1.4 billion Bybit hack in February 2025, for instance, began with a sophisticated social engineering attack that compromised an employee’s credentials, which were then used to authorize a fraudulent transaction that drained the exchange’s cold wallets. The initial breach was off-chain; the catastrophic loss was on-chain.
Why Is This Risk So Pervasive?
The scale is structural. Asset managers, market makers, and custodians integrate with dozens of venues—perhaps 40 or more exchanges and protocols. Each integration introduces unique credentials, access controls, and operational dependencies managed across development, operations, trading, and security teams. This creates immense complexity that compounds over time.
Maintaining consistent security policies across this fragmented landscape is a monumental, often manual, challenge. Configuration drift—where security settings slowly diverge from the intended standard—is almost inevitable. A single misconfigured API permission on one exchange can expose millions.
This model was born from a legitimate business need: speed. For high-frequency trading firms, latency is revenue. Pl credentials directly inside trading infrastructure eliminates delays. Over years, this “full-key availability” inside live systems became normalized as the price of performance. The problem isn’t speed itself; it’s that the authority to move capital is embedded directly within the execution environment, making it the most predictable and high-value target for attackers.
Why Current Tools Are Insufficient
Existing security tools were not built for this new reality. Secret managers provide convenient key retrieval but not granular, policy-enforced usage control. Exchanges and custodians implement strong security on their platforms, but their implementations of controls like IP whitelisting (geofencing) or transaction limits can vary in quality and may contain bugs. A trading firm’s internal policy is only as strong as the weakest counterparty’s enforcement.
Synchronizing robust, context-aware policies—considering factors like time, device, network, and transaction value—across dozens of external vendors and internal systems is a problem current solutions cannot solve at scale. The result is a patchwork of security with dangerous gaps.
Toward a New Standard: Zero-Exposure Architecture
The lesson from securing private keys is clear: eliminate full-key exposure and enforce strict, cryptographic policy controls. This principle must now blanket the entire execution layer.
The solution is not merely better secret storage. It requires a fundamental architectural shift to a zero-exposure model. In such a system, no single machine, process, or employee ever holds the unilateral, full authority to authorize a transaction. Instead, authorization is distributed and reconstructed at the moment of execution, based on dynamically verified policies.
Technologies like multi-party computation (MPC) are one implementation of this model for signing, but the concept is broader. It means re-architecting trading and custody systems so that credentials are never available in their entirety within any execution environment. Policy decisions—such as “this API key can only withdraw to whitelisted addresses under $100k during business hours”—must be cryptographically enforced at the point of use, not just logged after the fact.
The crypto industry excelled at reinventing money. Now, we must reinvent the security model that protects it. The integrity of the entire ecosystem depends on extending our hard-won expertise in key management to the vast, dynamic network of secrets that power modern crypto operations. The cost of inaction is measured in billions, and the window to act is narrowing with every millisecond of trade execution.
Opinion by: Ido Sofer, founder and CEO at Sodot.
This opinion article presents the author’s expert view, and it may not reflect the views of Cointelegraph.com. This content has undergone editorial review to ensure clarity and relevance. Cointelegraph remains committed to transparent reporting and upholding the highest standards of journalism. Readers are encouraged to conduct their own research before taking any actions related to the company.
