On-Exchange vs. Third-Party Crypto Custody: What Institutions Need to Know

Key Takeaways:

• On-exchange custody centralizes control with the trading platform, exposing assets to counterparty risk, withdrawal delays, and potential security breaches. 

• Third-party regulated custody separates asset storage from trading platforms. The security models and regulatory status can vary significantly between providers.

• Institutions managing external capital typically favor third-party regulated custody to meet compliance, governance, and audit requirements. 

• The choice between custody models depends on risk tolerance and use case 

---

Institutional investors venturing into digital assets face a critical decision: where and
how to custody their crypto holdings. With the global crypto custody market projected to grow from $2.92 billion in 2024 to $6.03 billion by 2030 at a 12.82% CAGR, how digital assets are held isn't just a technical consideration, it directly affects security, regulatory compliance, liquidity, and operational control. 

Two dominant custody models are commonly used in the industry today: on-exchange custody and third-party regulated crypto custody. 

Each has unique advantages and trade-offs depending on your risk profile and business needs. Let’s explore the key differences and when one may be more appropriate than the other. 

What Is On-Exchange Custody?

On-exchange custody refers to storing crypto assets within an exchange's own wallet infrastructure. The exchange holds the private keys that control access to the assets, allowing users to trade seamlessly without having to manage keys themselves. 

This model is convenient and efficient for active traders who require fast access to liquidity. It simplifies the user experience and minimizes operational overhead. Many exchanges implement strong security systems and offer some form of insurance coverage. 

However, this approach comes with critical limitations that recent data underscores: 

• Users do not control their private keys and are dependent on the exchange's solvency. 

• Client assets are typically pooled with those of the exchange, exposing them to potential counterparty risk. 

• In 2024, hackers stole $2.2 billion worth of cryptocurrency, with major exchange breaches including DMM Bitcoin's $305 million loss and BingX's $52 million theft. 

• Users may be subject to withdrawal delays, account restrictions, or lack of clarity during regulatory interventions. 

• Phishing attacks targeting wallet users increased by 40% in 2024, while SIM-swapping attacks resulted in over $150 million in losses, highlighting the persistent security vulnerabilities in centralized custody models. 

In short, while on-exchange custody offers transactional efficiency, it also introduces risk through centralization and limited transparency over how assets are stored and managed. 

What Is Third-Party Regulated Crypto Custody?

Third-party regulated crypto custody involves entrusting assets to an independent, regulated custodian that specializes in securing digital assets. The cryptocurrency custodial services market is expected to grow at a 20.7% CAGR from 2023 to 2028, driven by institutional demand for secure storage solutions. 

These custodians, often trust companies, have a legal and fiduciary responsibility to safeguard client holdings. 

Key Features of Third-Party Regulated Custody: 

• Segregated account structures, which keep client assets separate from the custodian's balance sheet. 

• Advanced security protocols, such as cold storage, multi-signature or multi-party computation (MPC) key management, and hardware security modules. 

• Institutional-grade controls, including customizable workflows, whitelisting, policy enforcement, and audit logging. 

• Transparency and legal recourse in the event of disputes, with clearly defined rights and obligations.

Third-party regulated custodians focus on safeguarding assets in a compliant and secure environment. This model offers a high level of control and accountability, making it ideal for institutions that prioritize regulatory compliance, governance, and risk mitigation. It also aligns more closely with fiduciary responsibilities placed on funds, family offices, and financial advisors. 

Comparing On-Exchange and Third-Party Regulated Custody

The choice between on-exchange and third-party regulated custody depends on the use case and risk profile of the asset holder. 

On-Exchange Custody:

• Prioritizes convenience and trading speed, making it attractive to active traders and market participants with frequent liquidity needs. 

• Offers immediate access to markets and integrated trading tools but often lacks robust operational controls. 

• During Q1 2024, DeFi scams accounted for 60% of all crypto heists, with smart contract vulnerabilities being the primary attack vector, demonstrating greater risk exposure due to asset commingling and platform-level vulnerabilities.

Third-Party Regulated Crypto Custody:

• Provides enhanced security and institutional-grade operational controls for safe asset storage. 

• Aligns with legal and compliance expectations, especially for firms operating under regulatory oversight. 

• Enables clear audit trails, third-party attestations, and often includes insurance protection to cover theft or loss. 

• Ensures business continuity planning and recovery procedures, even in adverse operational scenarios.

The growing complexity of institutional crypto operations, especially those involving staking, lending, derivatives, and cross-border settlements, further underscores the value of purpose-built custody infrastructure. 

Why Institutions Prefer Third-Party Regulated Custody 

Professional investors now hold over $27.4 billion worth of Bitcoin ETFs as of Q4 2024, representing a 114% increase from the previous quarter, demonstrating accelerating institutional adoption. Institutions tend to favor third-party custody for several key reasons: 

• Regulatory Compliance: Custodians are structured to meet national regulatory frameworks, providing legal clarity and protection. This is particularly important for funds with external investors or those operating in multiple jurisdictions. 

• Security Architecture: BitGo, for example, utilizes at least 2-key multi-signature structures where no single party can access or move assets unilaterally. Additional controls such as withdrawal limits, whitelisting, and role-based permissions ensure secure internal governance and reduce the likelihood of internal fraud. 

• Operational Integrity: Institutions require verifiable audit trails and clear ownership records for reporting and oversight. Third-party custodians deliver SOC 1 and SOC 2 compliance, as well as insurance policies that cover loss due to theft or operational failure. This helps fulfill audit, tax, and investor transparency requirements. 

• Client Governance & Policy Enforcement: Custodians offer customizable user roles, approval thresholds, time-locks, and geographic restrictions. This empowers clients to mirror internal policies in a blockchain-native context. 

• Insurance & Legal Protections: Unlike many exchange platforms, custodians typically carry crime and cyber liability insurance underwritten by leading global insurers, offering an extra layer of risk protection for the custodian.   

When to Choose Each Model

• On-Exchange Custody may be appropriate for individual investors or trading desks that prioritize short-term flexibility and require rapid execution. For users comfortable with platform risk and who are not subject to external compliance requirements, this option provides efficiency.

• Third-Party Regulated Custody is more suitable when long-term protection, asset segregation, and fiduciary duty are required. With hedge funds now accounting for 41% of all institutional Bitcoin ETF holdings, institutional investors, funds, corporates, and any entity managing external capital typically require the oversight and safeguards provided by a regulated custodian. In addition, financial advisors, compliance teams, and operational officers often prefer solutions that support multi-user governance, real-time monitoring, and event-based alerts. 

How BitGo Sets the Standard in Custody

BitGo delivers institutional-grade custody solutions tailored to the needs of sophisticated investors and financial institutions. Our platform combines cold storage with multi-signature and MPC-based key management. We support direct API-based trading from custody accounts, integration with staking protocols, and compliance features like real-time audit trails. Clients can define their own policies, including user roles, approval thresholds, and transaction limits. 

BitGo's solutions are designed to grow with your business, supporting complex treasury workflows, audit-readiness, and customizable governance frameworks. Whether your objective is to safeguard a crypto ETF, offer client-facing digital asset products, or manage multi-chain DeFi exposure, BitGo delivers the infrastructure to do so securely and at scale. 

Final Thoughts

For institutions seeking the highest levels of security and compliance, asset control with a regulated custodian is a critical strategy for safeguarding funds and maintaining operational integrity, setting it apart from approaches that rely on trading-focused platforms.

With crypto activity increasing and Bitcoin ETF launches driving institutional adoption particularly in North America and Western Europe, the need for transparent, secure, and compliant custody solutions will only grow. Whether you're looking to strengthen your operational posture or satisfy institutional-grade requirements, a purpose-built custody partner like BitGo is critical to your success. 

To learn more about BitGo's custody solutions, contact our team or request a demo today.

---

Sources:

Market Data & Growth Statistics:

• Crypto custody market projections: $2.92 billion in 2024 growing to $6.03 billion by 2030 at 12.82% CAGR Crypto Custody Provider Market Size & Share 2025-2030

• Cryptocurrency custodial services market expected to grow at 20.7% CAGR from 2023 to 2028 Cryptocurrency Custodial Services Market Analysis | Size

• Global digital asset custody market: $684.8 billion in 2024, expected to reach $4,628 billion by 2033 Digital Asset Custody Market Size | Global Report -2033

Security Threat Statistics:

• 2024 crypto theft data: $2.2 billion stolen, with major breaches including DMM Bitcoin ($305 million) and BingX ($52 million) ChainalysisCoinLaw

• 40% increase in phishing attacks and $150 million in SIM-swapping losses in 2024 Crypto Exchange Hacks and Security Statistics 2025: Trends, Hacks, and Prevention

• DeFi scams accounted for 60% of all crypto heists in Q1 2024 2024 Crypto Theft Statistics: Role of KYC and AML - iDenfy

Institutional Adoption Facts:

• Professional investors hold $27.4 billion in Bitcoin ETFs as of Q4 2024, a 114% quarterly increase U.S. Bitcoin ETFs: Institutional adoption continues in Q4 2024

• Hedge funds now account for 41% of all institutional Bitcoin ETF holdings U.S. Bitcoin ETFs: Institutional adoption continues in Q4 2024

• Over 120 custody service providers operating globally, with the custodial market reaching $447.9 billion in 2022 Crypto custody market reached $448 billion in 2022: Report

Supporting Context:

• Global crypto activity data showing growth across all income brackets with Bitcoin ETF launches driving adoption 2024 Global Crypto Adoption Index - Chainalysis

• Specific vulnerability statistics for both custody models

• Enhanced market validation for third-party custody demand