Custodial risk: what questions institutions ask crypto custodians

by | Nov 29, 2025 | Hacks & Enforcement, Security

Custodial risk: what questions institutions ask crypto custodians

Explore the core concerns institutional investors raise when selecting crypto custodians in 2025, learn how tokenized real‑world assets fit into custody models, and see a concrete RWA example with Eden RWA.

  • Institutions face complex custody challenges amid evolving regulation.
  • Key questions cover security, compliance, operational transparency, and asset recovery.
  • The article explains how custodial risk is mitigated in tokenized real‑world assets like those offered by Eden RWA.

In 2025 the crypto market has matured beyond its early hype phase. Institutional investors—asset managers, pension funds, family offices—are increasingly allocating capital to digital assets and tokenized real‑world assets (RWAs). Their participation hinges on confidence that custody solutions can protect value, meet regulatory expectations, and provide operational transparency.

Crypto custodians are no longer a niche service. They now support multi‑asset portfolios, cross‑border settlements, and complex governance models. Yet the risk of loss—whether from hacks, mismanagement, or legal disputes—remains a central concern. The question that keeps popping up in boardroom meetings is: “What questions should we ask a custodian to ensure our assets are safe?”

This article breaks down the core custodial risks, outlines the specific questions institutions pose, and illustrates how tokenized RWAs like those on Eden RWA handle custody challenges. By the end you will understand what metrics matter most when vetting a custodian and why a transparent, blockchain‑based approach can reduce exposure.

Background: Custodial risk in the crypto era

The term custodial risk refers to the possibility that an entity holding assets on behalf of another party could lose or misappropriate those assets. In traditional finance, custodians are regulated banks or depository institutions with robust compliance frameworks and insurance coverage.

Crypto introduces new dimensions: digital wallets, multi‑sig schemes, decentralised exchanges (DEXs), and tokenized securities all exist in a less mature regulatory environment. The 2024 MiCA framework in the EU and evolving U.S. SEC guidance have begun to carve out rules for crypto custodians, but clarity remains incomplete.

Key actors in the custody space include:

  • Institutional Custodians – firms that secure assets via multi‑sig wallets, cold storage, and audit trails (e.g., Coinbase Custody, BitGo).
  • Non‑Custodial Platforms – decentralized solutions where users control private keys themselves.
  • Hybrid Custodian‑DeFi Protocols – services combining on‑chain governance with off‑chain custody (e.g., RWA token platforms that lock assets in smart contracts).

Regulators are increasingly scrutinising custodial operations. The SEC’s “custody” definition now includes entities that hold securities for others, even if the holding is digital. In 2025, many crypto custodians have obtained MiCA authorisations or U.S. banking licenses to signal compliance.

How it works: From off‑chain asset to on‑chain token

The custody process for tokenized RWAs typically follows these steps:

  1. Asset Acquisition: A legal entity (e.g., an SPV or a special purpose vehicle) acquires the physical asset, such as a luxury villa.
  2. Tokenisation: The ownership interest is represented by ERC‑20 tokens issued on Ethereum. Each token corresponds to a fractional share of the property’s value and income.
  3. Custody Layer: Tokens are held in smart contracts that enforce rules (e.g., distribution of rental income). The underlying legal entity retains title, while the custodian ensures that tokens cannot be transferred without compliance checks.
  4. Governance: Token holders exercise voting rights through a DAO‑light structure. Decisions about renovations or sale are made via on‑chain proposals and off‑chain signatories.
  5. Income Distribution: Rental income, collected in stablecoins (USDC), is automatically routed to investors’ wallets by the smart contract.

This model reduces custodial risk by limiting exposure: the custodian does not hold physical property but only manages digital representations. The legal entity remains the primary owner and bears any title or tax obligations, while the on‑chain layer provides immutable auditability.

Market impact & use cases

The tokenisation of real estate has opened new avenues for diversification. Here are typical scenarios:

  • Retail Investors: Individuals can purchase fractional ownership in high‑end properties without the need for large capital or complex paperwork.
  • Institutional Funds: Hedge funds and family offices incorporate tokenized real estate into their portfolios to gain exposure to stable rental income streams.
  • DeFi Protocols: Liquidity pools that accept tokenised assets as collateral, enabling new lending products.
  • : Investors in jurisdictions with capital controls can access foreign property markets via blockchain tokens.
Traditional Model Tokenised RWA Model
Physical ownership, paper deeds, local registry Digital representation on a smart contract, transparent ledger
High transaction costs, long settlement times Low-cost, instant transfers with automated income flows
Limited liquidity; resale requires legal approval Secondary market through an in‑house or third‑party marketplace

The upside potential for tokenised RWAs lies in unlocking liquidity, reducing entry barriers, and improving transparency. However, institutional investors must weigh these benefits against the new custodial risk vectors that arise from smart contract complexity and legal uncertainty.

Risks, regulation & challenges

Despite attractive use cases, several risks persist:

  • Smart Contract Risk: Bugs or design flaws can lead to loss of tokens or misallocation of income. Audits are essential but not foolproof.
  • Custody Failure: If the custodian’s multi‑sig wallet is compromised, all token holders may lose value. Insurance coverage for digital assets remains limited.
  • Legal Ownership & Title Risk: Tokenisation does not automatically transfer legal title to investors. Disputes over property ownership can arise if the SPV fails to register properly.
  • Regulatory Uncertainty: The SEC’s stance on tokenised securities and MiCA’s evolving rules may change, affecting market access or requiring additional licensing.
  • Liquidity & Secondary Market Risk: Without a robust secondary market, token holders might be stuck holding illiquid assets for extended periods.
  • KYC/AML Compliance: Custodians must verify identities of all parties. Failure to do so can result in regulatory fines or asset seizure.

Real‑world examples highlight these risks: a 2024 hack on a multi‑sig wallet led to the loss of $35 million worth of tokens, and a legal dispute over title of a tokenised commercial property delayed income distribution for six months. Such incidents underline why institutions ask rigorous questions before entrusting custody.

Outlook & scenarios for 2025+

Bullish scenario: Regulatory clarity arrives in the U.S. and EU, leading to widespread adoption of tokenised RWAs. Custodians implement multi‑layer insurance and failover mechanisms, making institutional onboarding smooth.

Bearish scenario: A major custodian suffers a breach or fails to comply with new regulations, causing loss of confidence. Legal challenges over property title intensify, delaying returns for investors.

Base case: Institutions gradually increase allocations to tokenised RWAs while maintaining diversified portfolios. Custodians improve transparency through blockchain audit logs and third‑party verification. The market matures at a moderate pace, with liquidity improving but still lagging behind traditional real estate.

For retail investors, the 2025 landscape offers new opportunities but also demands diligence—especially when selecting custodial partners that can guarantee compliance and secure custody of digital assets.

Eden RWA: A concrete example of tokenised real‑world asset custody

Eden RWA is an investment platform that democratises access to French Caribbean luxury real estate. By combining blockchain with tangible, yield‑focused assets, it offers investors fractional ownership in high‑end villas across Saint‑Barthélemy, Saint‑Martin, Guadeloupe and Martinique.

The core mechanics are:

  • Each villa is held by a dedicated SPV (SCI/SAS) that owns the property. The SPV issues an ERC‑20 token representing a share of that villa.
  • Tokens are stored in a smart contract that automatically distributes rental income, paid out in USDC directly to investors’ Ethereum wallets.
  • A quarterly “experiential stay” is awarded via a bailiff‑certified draw, allowing a token holder to enjoy a week in the villa they partially own.
  • Governance follows a DAO‑light model: token holders vote on key decisions such as renovations or sale, ensuring aligned interests and transparent co‑construction.
  • The platform’s tech stack relies on Ethereum mainnet, audited smart contracts, wallet integrations (MetaMask, WalletConnect, Ledger), and an in‑house P2P marketplace for primary and secondary exchanges.

Eden RWA’s custody model exemplifies how tokenised RWAs can mitigate traditional custodial risk: the custodian does not hold physical property but only manages digital tokens within a secure smart contract. The legal entity retains title, while investors benefit from automated income distribution and transparent governance.

If you’re interested in exploring a structured, income‑generating RWA with clear custody protocols, consider reviewing Eden RWA’s presale offering:

Eden RWA Presale – Overview | Join the Presale Platform

Practical takeaways for institutional and retail investors

  • Verify custodial insurance coverage and understand what it protects against.
  • Request independent smart contract audit reports and verify the audit firm’s credentials.
  • Assess the legal entity’s title registration process and any regulatory filings.
  • Examine the custodian’s KYC/AML procedures, including third‑party verification of token holders.
  • Monitor liquidity metrics: average days to sell tokens in secondary markets and the presence of a dedicated marketplace.
  • Check whether custody solutions support multi‑sig wallets with hardware key management (Ledger, Trezor).
  • Ensure the custodian’s compliance team is up to date on MiCA, SEC guidance, and local jurisdictional rules.
  • Ask for detailed incident response plans and historical breach data if available.

Mini FAQ

What exactly does a crypto custodian do?

A crypto custodian holds digital assets on behalf of clients, ensuring security through multi‑sig wallets, cold storage, and audit trails. They also provide regulatory compliance, reporting, and sometimes insurance.

How is custody risk different for tokenised real‑world assets?

Tokenised RWAs shift some custodial responsibility to the underlying legal entity that owns the physical asset. The custodian mainly manages digital tokens, reducing exposure but still needing robust smart contract security.

Can I recover my tokens if a custodian fails?

Recovery depends on the custodian’s insurance policy and the design of the multi‑sig wallet. Many custodians offer indemnity clauses and have failover procedures, but guarantees vary.

Is it safer to use a non‑custodial solution?

Non‑custodial platforms give users full control over private keys, eliminating custodian risk. However, they introduce user‑error risk and lack the regulatory safeguards that custodians provide.

What should I look for in a custody audit report?

Check that the audit covers all smart contract interactions, multi‑sig logic, access controls, and compliance with relevant standards like ERC‑20. Verify that any identified issues have been remediated.

Conclusion

Custodial risk remains a central barrier to institutional adoption of crypto assets, especially tokenised real‑world assets. The questions institutions ask—about security architecture, regulatory compliance, legal ownership, and liquidity—are designed to mitigate these risks. Tokenisation models like Eden RWA illustrate how smart contracts can provide transparency while delegating physical asset management to specialised entities.

As the market matures, custodians will need to combine robust technical safeguards with clear regulatory alignment. Investors, whether retail or institutional, must scrutinise custody arrangements and stay informed of evolving standards to protect their capital in an increasingly complex digital ecosystem.

Disclaimer

This article is for informational purposes only and does not constitute investment, legal, or tax advice. Always do your own research before making financial decisions.