Opinion by: Ido Sofer, founder and CEO at Sodot.
The crypto industry leads in innovation, but security lags behind. For years, custody risk meant one thing: theft of private keys. The industry hardened storage with cold wallets, air-gapped systems and MPC, then added transaction security and policy controls. Those protections remain vital, but focusing only on private keys misses a larger shift.
Custody now extends far beyond on-chain private keys.
Modern custody is a complex, automated system that executes many transaction types across exchanges, staking providers, liquidity venues, custodians and internal systems. Trading firms and asset managers use API keys, validator keys, deployment credentials and system-level secrets that can move capital directly or indirectly. Many of these credentials live in secret managers that, by design, return the full key to any authenticated process. That convenience is structurally fragile: if the execution environment is compromised—by an external attacker, a coerced employee or a malicious dependency—the full key is exposed. Custody risk has moved from dormant on-chain keys to a live execution layer where capital moves in milliseconds and exposure happens in real time.
The evolution of custody security
Security evolved in stages: secure key storage, then policy and multi-party controls governing key use. The next step is clear: apply zero-exposure and policy-driven discipline to every credential and secret. API keys, deployment credentials and execution secrets now carry material risk. Extending private-key best practices across this broader attack surface is no longer optional; it’s the defining challenge of execution risk.
Execution risk is now a primary vector for large-scale exploits. Attackers increasingly target off-chain weaknesses—API keys, server credentials and other secrets used for trading, deployment, staking and custody. High-profile breaches, including the Bybit incident, began with off-chain compromise of credentials and then resulted in on-chain fund loss.
How big is the execution risk?
It’s structural and widespread. Firms connect to dozens of centralized and decentralized venues and vendors; each integration introduces credentials, access controls and dependencies. Development, ops, trading, risk and security teams must manage these, creating complexity that compounds over time. Maintaining consistent security policies across a fragmented ecosystem is mostly manual, prone to configuration drift and human error. A single mistake can expose millions.
Execution risk is not inherent to automation but stems from historical system design. To minimize latency, many trading systems store API keys and credentials directly inside live infrastructure. For market makers, speed is critical; even small delays reduce revenue. Full-key availability inside live systems became normalized as the simplest path to high performance. The problem isn’t fast capital movement—it’s unilateral authority embedded where execution happens. When authority is concentrated at the point of execution, it becomes the most predictable and attractive attack vector.
Why existing controls fall short
Existing tools and policies are inadequate for modern complexity. Exchanges, custodians and OTC desks may enforce strong controls individually, but synchronizing governance across a fragmented landscape is nearly impossible. Manual, siloed controls yield inevitable gaps. Counterparty vulnerabilities—bugs, misconfigurations, inconsistent enforcement—compound risk: a trading firm’s geofencing or policy may be nullified by a partner’s buggy implementation.
What must change
The lesson from private-key security applies universally: eliminate full-key exposure and enforce strict, context-aware policies around credential usage. Secret managers were built for convenience; returning full keys to authenticated processes distributes authority across live systems at precisely the moments capital moves. That model must be replaced.
What’s required are zero-key-exposure architectures where no single machine or employee holds unilateral control, combined with enforceable, context-aware policy controls. Multi-party computation (MPC) is one way to realize that model, but the principle is broader: extend private-key security best practices across the entire execution layer. By treating API keys, deployment credentials and execution secrets with the same zero-exposure, policy-driven discipline applied to on-chain keys, the industry can reduce the single largest vector for catastrophic loss.
Opinion by: Ido Sofer, founder and CEO at Sodot.
This opinion article presents the author’s expert view, and it may not reflect the views of Cointelegraph.com. This content has undergone editorial review to ensure clarity and relevance. Cointelegraph remains committed to transparent reporting and upholding the highest standards of journalism. Readers are encouraged to conduct their own research before taking any actions related to the company.