As the ripple effects of the collapse of offshore crypto exchange FTX continue to unfold, there will be many lessons to be learned by those engaged with this nascent asset class in any capacity – retail investors, market makers and hedge funds, builders of decentralized blockchain protocols, traditional institutions just beginning to explore the space, and, of course, regulators in multiple jurisdictions. Already the sharp contrast in accountability between onshore and offshore centralized exchanges has come into focus, while questions are being raised surrounding the due diligence process and ongoing oversight by venture capital investors in the space.

The events leading to the fall of FTX and the far-reaching impact of the bankruptcy of what was the third largest centralized crypto exchange will undoubtedly have a meaningful impact on the future path of crypto. Just as the Enron scandal and Global Financial Crisis of 2008 taught us numerous lessons, as more details come to light and we begin to sort through the wreckage of FTX, we can assume there is plenty to be learned. But there is one lesson that was immediately clear even as the first stories broke about the situation at FTX, which is that proper custody of digital assets is absolutely paramount, and that many in the market had lost sight of this first principle of crypto.

All digital assets are bearer instruments that are housed on the internet. In terms of custody, investors have three choices: they can self-custody using their own hardware or software crypto ‘wallet’ with ‘keys’, they can use an institutional custody solution that relies on a third party to securely store the wallets or keys for accessing the wallets, or they can de-facto custody with a centralized exchange when they are trading or holding their digital assets in an exchange’s commingled custodial wallet. Frequently, customers will decide to custody a portion of their assets on an exchange so they can trade more easily – enjoying centralized order books, deeper liquidity, and less cumbersome execution. In the vast majority of cases, this doesn’t result in adverse outcomes and is largely uneventful from a custody perspective. However, relinquishing custody of your digital assets by custodying them on-exchange is a risk. While the details of exactly what transpired in the case of FTX are still emerging, we do know that the movement of customer assets by an exchange without customers’ permission or knowledge is only possible when the customer is using the commingled wallet custodial service of that exchange. Market participants understand this and are beginning to act accordingly. In the case of retail investors, we are seeing, and are likely to continue to see, a move away from on-exchange custody to self-custody.  Indeed, producers of retail self-custody hardware products have seen a record growth in sales over recent weeks.

At the institutional level, we are likely to see a move away from the convenience offered by the ‘fully integrated’ tech stack, and the focus shifting towards best practice in the institutional approach to digital assets operations – a disaggregated institutional custody solution. In traditional financial assets and markets, custody is considered a middle- or back-office function. In crypto, custody is, and should be treated as, a front- office function.

While it’s too early to say what the regulatory response will be to the events surrounding the collapse of FTX, I am optimistic that we will see a robust regulatory framework that facilitates the growth of this emerging market. As most would understand, the accuracy of any counterparty risk assessment is wholly dependent on the quality of due diligence users are able to conduct. For offshore exchanges, this is based on voluntary disclosures, and despite a move towards radical transparency where exchanges publish ‘proof of reserves’ by allowing look-through to their reserve wallets, this requires trust. For onshore exchanges, we may see regulators take on the role of verifier, examining reserves and using enforcement mechanisms to protect against the misuse of client assets held on exchange. This directly translates to ‘trust but verify’. If done properly, it should equate to a similar degree of protection as participants in traditional financial markets enjoy.