MPC vs Traditional Keys
- MPC reduces key concentration risk.
- Traditional keys can simplify operational coordination.
- Control gains often come with coordination cost.
- Human failure and system failure must be modeled separately.
Custody is not a technical problem. It’s a system of risk, policy, and irreversible decisions — and the quality of those decisions shows up during incidents, not demos.
The goal is simple: reduce blast radius, make approvals explicit, and keep money-moving paths operable under stress.
Layering is a policy decision. Each layer exists to constrain risk and create gates for irreversible moves.
Layer 01
Risk boundary
Why it exists
Execution speed and immediate transaction handling.
Protects against
Operational latency failures and liquidity bottlenecks.
Layer 02
Risk boundary
Why it exists
Controlled access for predictable operational flows.
Protects against
Exposure concentration and rushed key usage.
Layer 03
Risk boundary
Why it exists
High-assurance storage for strategic reserves.
Protects against
Remote compromise and day-to-day operational leakage.
Layer 04
Risk boundary
Why it exists
Governed movements for critical custody boundaries.
Protects against
Single-point human or system failure during large transfers.
Rule of thumb
If recovery is unclear, the design isn’t done — even if the happy path is perfect.
Deposit is not the same problem as withdrawal. Treat them as separate products.
Internal movement is where most risk hides — because it’s rarely user-visible.
Latency, batching, and liquidity decisions define outcome quality under load.
Strategic trade-off
The decision isn’t “build vs buy”. It’s “where do we want irreversible risk to live” as volume and criticality grow.
Partnering accelerates launch, but pushes critical dependencies outside your boundary.
External custody can simplify narratives, while complicating operational reality.
As volume grows, “vendor risk” becomes “business continuity risk”.