05_Digital Asset Custody

Question 1

Reasons for Loss of Crypto Assets

Answer 1

• sent to invalid addresses
• stuck in wallets with lost keys
• loss of physical wallet

Question 2

Evolution of Custody Technology

Answer 2

• safes
• commercialization of safe deposit boxes that could be billed (20th century)
• increasing security requirements due to growth of data volume (21st century)
• new era of digital storage with invention of blockchain (secure storage of keys)

Question 3

Role of traditional banks

Answer 3

• saving & deposit
• lending & financial advice
• physical network & services
• traditional assets
• centralized structure
• insurance and coverage

Question 4

Role of digital asset custodian

Answer 4

• cryptocurrencies and other digital assets
• decentralized structure
• mostly only
• blockchain settlements
• technical knowledge & maintenance
• insurance but no coverage

Question 5

What is wallet

Answer 5

• wallets are digital, limited physical existence
• technically do not store crypto
• holdings live on blockchain, accessed using your **private key **
• crypto wallets store your private keys safe and accessible

Question 6

Digital Asset Wallet

aka Crypto Wallets / Hot Wallet

Answer 6

• secure digital vault
• storage & transaction tool
• multi-currency support
• interact with blockchain
• public &** private keys**
• access & control over assets
• security and privacy
• backup and recover
• easy to trade assets

e.g. Metamask, Phantom, Trust Wallet

when connected to internet subject to hacking, cyberattacks etc.

Question 7

Types of Wallets

Answer 7

• Digital Asset Wallet
• Cold Wallet
• Hardware Security Module (HSM)
• Warm Wallet

Question 8

Cold Wallet

2 overarching

Answer 8

Hardware Wallet
- offline air gapped -> no direct vulnerability to hacks
- Risk of losing your holdings (loss of wallet)
- can be costly
- no instant access to holdings -> transfer of assets is time intensive & requires connection to network

Paper Wallet
- key is written on piece of paper
- store at secure location
- use of funds difficult -> digital mone can only be used on internet

Question 9

Hardware Security module (HSM)

Answer 9

• physical device designed to be tamper-resistant and tamper-evident
• multiple physical measures that safeguard and manage digital keys
• facilitates encryption, decryption, signing and verification
• private key is generated within HSM
• private key is never exposed -> cannot be copied or hacked

Question 10

Warm Wallet

Answer 10

• software / mobile wallet
• form of digital storage that can be accessed through a computer or phone
• often used to interact with DeFi applications, NFTs or exchanges
• always connected to internet -> vulnerable to hacking or phishing attacks
• allows for instanteous transfer of funds
• vulnerable to government regulations -> if governments bans crypto, your warm wallet funds can be seized
• often available for free

Question 11

Private Key
vs
Public Key

Cryptographic Key Pair is the hear of this technology

Answer 11

Private key
- very large random number

Public key
- can be derived from the private key, but not vice versa

Wallet address
- public key is hashed to create a wallet address -> more convenient

Question 12

Key Generation of Private & Public Key

Answer 12

1. Random Number Selection
2. Elliptic Curve Cryptography (ECC): private key is inputted into an elliptic curve multiplicaiton formula
3. Public key generation: coordinates of second point on curve represent public key
4. Hashing: public key is hashed using SHA256 algorithm, producing shorter, 160-bit hash
5. Wallet Import Format: the private key can be converted into a wallet import format for importing & exporting ease of use

Question 13

Bitcoin Transaction process

Answer 13

1. Formulate Transaction
2. Build Transaction message
3. Sign Transaction
4. Broadcast Transaction
5. Transaction into Memory Pool
6. Nodes Validate & receive rewards
7. Block added to Blockchain
8. Confirmation and validation

Question 14

Wallet recover - seed phrase

Answer 14

• series of words (12-24)
• seed phrase like master password
• access to seed phrase = access to wallet
• seed phrase unlike private key
• private key allows to sign transaction
• seed phrase = access to wallet and all private keys in wallet

Question 15

Attack Vectors

on private key

Answer 15

• brute force attacks: guessing private key with excessive testing
• implementation flaws: errors in programming exploited by hackers
• backdors: secretly embedded master-keys that defy algorithm known by only few
• quantum computing: brute forcing on steroids
• human errors: loss or theft of private keys

Question 16

Definition
Multi Party Computation (MPC)

Answer 16

• Share responsibility: splits private key data among parties, eliminating single points of failure
• Secure Computations: Parties compute on their key share, results are combined for the oepration without revealing the full key
• Distributed Transactions: txs are real-time and key shares can be geographically spread
• Flexible Access Control: allows subset of parties to approve transaction
• No Single key: each party holds a key share, and they collaborate to sign txs
• Enhanced Security: MPC avoids assembling full private key, minimizing attack surface
• Resilience: MPC resist external hacks and internal collusion, as all parties would need to be compromised
• Privacy Preserving: MPC enables computations on private data without exposing it

Question 17

1. Hardware Wallet
2. Software Wallet
3. Web Wallet
4. Custodial Wallet

Description

Answer 17

1. **Hardware devices **specifically built to store public-private key pairs
2. application installed on a device, such as a smartphone or computer
3. accessed through an internet browser, quick transactions and high availability
4. Wallet infrastructure for securing public-private key pair

Question 18

1. Hardware Wallet
2. Software Wallet
3. Web Wallet
4. Custodial Wallet

Connectivity

Answer 18

1. Cold
2. Cold or Warm
3. Warm
4. Cold or Warm

Question 19

1. Hardware Wallet
2. Software Wallet
3. Web Wallet
4. Custodial Wallet

Security

Answer 19

1. High
2. Medium
3. Low
4. High

Question 20

1. Hardware Wallet
2. Software Wallet
3. Web Wallet
4. Custodial Wallet

Ease of Use, Regulation + Liability

Answer 20

1. Medium; not regulated; user liability
2. high; not regulated; user liability
3. high; not regulated; user liability
4. Depends on custodian; regulated; provider liability

Question 21

Pros of Exchange hosted wallet
Centralized Custody

opposed to decentralized custody

Answer 21

• easy entry for investors without background knwoeldge
• high convenience and operability
• user maintains access via an online app / dashboard / website

Question 22

**Cons of Exchange hosted wallet **
Centralized Custody

as opposed to decentralized custody

Answer 22

• huge counterparty risks with exchange
• security risk (exchange hacks)
• mixing of clients assets and no clear separation
• exchange has control and management of public and private keys
• need for on-chain transfers in times of high volatility across exchanges
• potential rehypothecation of client assets

Question 23

Pros of Third-party custody
Centralized Custody

Answer 23

stores digital assets on behalf of clients without necessary expertise
- specialized on safekeeping of assets
- institutional-grade tech and security
- clear transparency with publicity of public keys
- liability transfer to custodian
- handles burden of managing a complex technology stack
- regulatory compliance

Question 24

Cons of Third-party Custody
Centralized Custody

Answer 24

high level of coordination between custodian and customer required to set up
- fees involved for the service of safekeeping and liability coverage
- counterparty risk still exists being exposed to potential hacks
- not a viable option for private / retail clients

e.g. Hauck Aufhäuser Lampe, Finoa

Question 25

Pros of Decentralized Custody

Answer 25

highest security standards with self custody
- includes hot, warm, and/or cold wallets / stores
- enables complete self-suffiency and 100% control over digital assets
- supports a wide range of protocols, currencies and tokens

Question 26

Const of decentralized custody

Answer 26

high personal responsibility!!
- assets becom irretrievable when access to assets is lost
- high responsibility for assets, asset management, and associated risks
- requires expertise in digital assets

e.g Ledger Nano x (hard), Metamask, unstoppable finance (web wallet)

Question 27

Summary of Pros and Cons of
1. Self-custody
2. exchange wallets
3. third-party custodian

Answer 27

1. Self Custody
Pros:
- relatively secure
- greater control

*Cons: *
- responsibility for asset
- more susceptible to hacking or loss of assets

2. Exchange Wallets
Pros
- Simple
- ease of access
- cheap

Cons
- counterpaty risk
- comingling

3. 3rd Party Custodian
Pros
- clearly defined rules
- adjustability
- more secure, likely insured and regulated

Cost for retail use

Question 28

Why do we need regulation?

Answer 28

• regulatory initiatives lower barriers to market entry
• institutios need more security and clarity
• helps healthy and sustainable market growth
• protection against fraud and criminal activities for consumer

Question 29

MiCA

Markets in Crypto Assets

Answer 29

• unified legal framework in the EU
• investor and consumer protection
• promotion of innovation and fair competition
• definition of crypto assets as a digital representation of a value or right
• differentation: asset-referenced tokes, e-money tokes and utility tokens (obligation to create and publish a white paper)
• rules on liability under civil law in event of misleading or incomplete white papers, including possible claims for damages
• authorization requirement for the issuance of crypto assets

Question 30

Tangany Suite
Solution

Answer 30

1. digital asset core system
- self-developed cloud system
- highest level of security
- API-first approach
- modular and flexible
2. licensed freamwork
- BaFin regulate and audited
- custody and registrar license
- leveraging of our licenses
- 360 degree digital asset issuance

3. White Label
- seamless integration via API
- stay face to the customer
- 100% IT compatibility
- individual frontend

Question 31

Tangancy Core System for Digital Assets

Answer 31

1. Custody API: omnibus and segregated wallet architecture
2. Customers API: manage users, KYC sharing
3. Settlement API: Accounting system for digital assets, track user balance

4. Managed Wallets
5. Crypto Security Registrar
6. Earn (Staking & Landing)

Question 32

Industries of Tangany Solution

Answer 32

• institutions
• neobroker
• corporations
• FinTech
• Asset Manager & Funds

Question 33

Tangany Case Study
Tokenization of Real Estate Assets

Answer 33

Challenge
- traditional financial infrastructure for real estate investments from $1 would have been too expensive and restrictive for customers

Solution
- real estate is digitzed / tokenized and stored on blockchain
- cost reduction of 65% compared to alternative
- owners of tokenized real estate can trade it 24/7

Question 34

Tangany Case Study
NFTS / Web3 Application

Answer 34

Challenge
- more than 20 PC games were to be equipped with NFTs and tokes and connected to their own blockchains
- blockchain to oeprate invisibly in background

Solution
- millions of wallets were invisibly assigned to players
- game content was tokenized using NFT and transferred to players
- they can now generate welath by playing computer games