In this in-depth guide you’ll learn:
How to safeguard your treasury assets;
What type of policies you should put in place;
How to maintain privacy and why it matters; and
When it comes to treasury management for crypto your number one concern should securing your digital assets. It completely baffles me how many treasury managers think that it’s ok to manage your treasury from a MetaMask.
Hot wallets should never be used to store treasury assets!
So what other options are available to you?
There are three main solutions you can use to store your crypto securely:
Let’s do a quick run through of each of these:
A multi-sig is a multi-signature wallet. This means that it requires two or more signers to authorise transactions.
Multi-sigs are the most basic security option available to treasury managers - This is really the bare minimum you should have set up to safeguard you treasury’s crypto assets.
You can set up a multi-sig to require a majority of approvals or a threshold. In other words, your multi-sig could be set up to require
m of n - a minimum number of approved parties must sign the transaction before it can be executed. For example, 2 of 3 or 3 of 8, etc.;
m of m - all approved parties are required to sign a transaction before it can be executed. For example, 2 of 2 or 5 of 5, etc.
There are some clear benefits to using a multi-sig to secure your treasury assets. The first being that it removes the single point of failure you have with only one signer. So you might choose to have your keys held by different people in different locations. And in the event that one of the keys is stolen or compromised, your assets would still be secure.
However, there are also some major disadvantages to using a multi-sig. Such as:
Lack of privacy - because a multi-sig requires each party to sign the transaction separately, each signature is visible on-chain. This makes it possible for hackers to track and trace treasury managers through their wallet addresses.
Operationally inflexible - the treasury policy of a multi-sig is attached to the wallet address. This means it’s impossible to adjust the policy without switching to a new wallet and transferring your assets out.
Hard to manage keys - because a multi-sig uses as many keys as there are signers it can make it can make it a nuisance to administer, especially in the event of key recovery. Each of the keys is attached to a third-party wallet. And you’ll need to make sure that the seed phrase to each of these wallets is secured safely and backed up in the event of disaster recovery.
Whilst threshold cryptography is nothing new, it’s use to secure custody of crypto assets has only been around for a few years. And it’s rapidly rising in popularity.
MPC stands for multiparty computation. Similar to a multi-sig, an MPC wallet can be set up to require m of m or m of n parties to approve every transaction before it can be executed. The major difference between MPC and multi-sig is that with MPC there is only one private key!
Whereas with multi-sig each party holds their own private key, which is used to sign a transaction. With MPC, the private key is sharded into multiple pieces. Each piece of the key is then stored in a separate location or on a separate device. These pieces are only used cryptographically to approve a transaction. Which means that the pieces never come together to form a whole key at any point in time.
This removes the single point of failure to protect your treasury assets, whilst making it near impossible for a hacker to ever get a hold of your private key. Even if a hacker gains access to and corrupts the key shards stored by up to a threshold of m parties, your private key will be safe and operations can continue.
Now you may be thinking “well, that’s not so different from a multi-sig, so why bother…”. Well, there are some MAJOR benefits to using MPC.
Backup and Disaster Recovery
With MPC your private key can always be recovered.
MPC is operationally flexible
MPCs flexibility is a significant advancement over multi-sig. MPC allows for ongoing changes to the quorum without having to change your public address.
MPC offers structural anonymity
Because each party signs the transaction off-chain, there’s no way for malicious third parties to see who is involved in approving transactions.
There are a bunch of other advantages to using MPC over multi-sig but I won’t go into too much detail as I’ve already discussed here: MPC versus Multi-sig
So it should be pretty obvious by now, why you should choose an MPC solution over a multi-sig.
In fact, the biggest barrier to mass adoption of MPC is the expense. But solutions like Krayon are here to make institutional grade custody accessible to everyone.
But there’s one more custody solution to dive into.
Cold storage involves storing your private keys offline. This means that the wallet is protected from cyber attacks and other vulnerabilities that arise from being connected to the internet. The keys are never exposed to the internet so they can’t be stolen.
The most popular cold storage solutions are hardware wallets like Ledger and Trezor. The assets themselves are never stored in the hardware wallet. Instead, it stores your private key which gives you access to your on-chain address.
Hardware wallets are great for providing additional security to individuals, but they really suck at scale. Do you really want to be responsible for managing a hundreds of USB drives?..
Much like a hot wallet, if your hardware wallet is lost, the assets are backed up with a single seed phrase. But you still have to secure your hardware wallet on location. You also need to make sure your seed phrase is stored safely in case you ever need to recover your wallet.
Fortunately, there are platforms that offer cold storage as a service. Making it much easier to scale. Not all cold storage solutions are built the same. But the best platforms use HSMs (hardware security modules) to safeguard your keys. A HSM is a physical computing device that safeguards and manages digital keys, performs encryption and decryption functions for digital signatures, strong authentication and other cryptographic functions.
Now there are some downsides to cold storage. The obvious one being that because your private keys are stored offline, it takes longer to sign transactions. Every time you want to sign a transaction your keys will need to be retrieved from cold storage and this takes time.
The other risk to cold storage is that your keys are stored on a single physical device. You’ll want to guarantee that that device is stored in a secure location and encrypted. And you also need to make sure that there are secure processes involved before anyone can access that device. Of course, all of this infrastructure means that cold storage is expensive. But depending on your treasury balance, you might want to consider paying for it!
The very best digital asset treasury management solution would be some combination of MPC and cold storage.
When we talk about treasury policy there are two main areas:
For the benefit of this guide I’m going to focus on internal controls and some of the processes you should consider. If you’re interested in learning more on general treasury policy management and risk management, I’d recommend checking out this article.
Having strong internal controls is vital to safeguard your treasury assets. At the same time, you don’t want hinder the treasury function. So how can you balance security and autonomy? Let’s discuss!
Depending on the size of your organisation, you may want to vary the number of parties involved in approving transactions. But at bare minimum a two of three approval process should be sufficient. Under no circumstances should one party have the ability to transfer all assets without additional approvals. You should also consider the likelihood that any two parties can collaborate. And if you’re managing a sizeable treasury you should consider implementing a much bigger quorum, perhaps 4 of 5 or 5 of 8, etc.
It’s important to establish rules for your organisation to determine who can access your treasury. You’ll want to think about:
There will be cases where you don’t want every single transaction to have to be approved by multiple parties. You don’t have to do this upfront. In fact, it may be better to keep require every transaction to be approved initially. However, over time if you find yourself making the same types of transaction over and over again, it could be more efficient to enable spending limits for specific teams or team members.
With everything on-chain its important to consider what information you might not want in the public domain.
Structural anonymity is an important consideration when managing a digital treasury. It’s vital that hackers can’t track and trace your approved persons on-chain. Which is why I highly recommend using an MPC solution instead of a multi-sig.
If you’re paying vendors, employees or suppliers etc. in crypto then you should also consider how you route your payments. Whilst DAOs may be major proponents of transparency, it’s not suitable for every organisation. Bare in mind whatever payments you make from wallets linked to you will be traceable on-chain. As such, you may want to route confidential payments through a centralised exchange to avoid payments.
Not all platforms will let you do this, but if you can, it’s a good idea to whitelist contract addresses that are frequently used by your organisation.
If you’re actively trading crypto then this will be vital. You’ll want to give your traders a degree of autonomy. And you don’t want to have three or more people signing off potentially hundreds of transactions per day.
Similarly, for Web3 gaming DAOs or guilds - you’ll want to whitelist contracts for games so you don’t need to bother administrators every time a member wants to use an NFT for a game.
You may wish to set spend limits for specific teams or individuals. For example, let’s say you wanted the marketing team to manage their own budget on a monthly basis. You’d want to be able to set this limit and give them the autonomy to spend without requiring multiple approvals.
You won’t always want the same quorum for every transaction or for every wallet. So it’s important that whichever treasury management platform you choose, it’s flexible enough to meet your organisation’s requirements. For example, being able to change the required quorum for different wallets under your organisation. Or being to make certain transaction types or amounts exempt from approvals. This kind of flexibility will be vital to scaling your organisations treasury and maintaining efficiency.
There are a tonne of wallet dashboards out there now, but when it comes to crypto treasuries, they’re not all fit for purpose.
You’ll want to make sure you can connect all of your wallets regardless of chain. And that all assets are visible for every wallet you’ve connected.
On top of this, it can be helpful to group wallets to account for internal transfers. Otherwise these may appear as taxable events.
Ok, we're biased. But we really do believe that we're building the best crypto treasury management platform on the market! And we'd love for you to give it a go.
We actively engage with our users so that we can continue to ship new features that make our product better for them. Have an idea for a new feature? Drop us an email.
In the mean time, here are some of the features we offer: