Institutional adoption has surged with monthly active blockchain users up 30–50% YoY. Stablecoins now process $3 trillion on-chain in a single month (Aug 2025), and total stablecoin capitalization over $250 billion. Fintech payment firms are integrating stablecoins for fast, low-cost payouts. A recent survey found 71% of Latin American enterprises already use stablecoins for cross-border payments. Average remittance fees (~6.5% for $200 via banks) can be reduced by ~60% using stablecoins, as seen in corridors like sub-Saharan Africa. PayPal’s launch of a USD stablecoin (PYUSD) and Visa’s ongoing USDC settlement pilots highlight how incumbents are adopting crypto to improve Treasury and merchant settlement efficiency.
Tokenization of real assets accelerates: Over $26.5 billion in real-world assets (RWAs) have been tokenized on-chain, a 70% increase since January. Nearly 90% of that value is in private credit and U.S. Treasuries, with BlackRock’s Ethereum-based money market fund (BUIDL) alone at $2.9 billion AUM.
Big deals and tie-ups: TradFi and crypto infrastructure are converging via M&A. Coinbase acquired Deribit (crypto options exchange) for $2.9 billion in Aug 2025. Stripe’s $1.1 billion purchase of a stablecoin platform Bridge closed earlier in the year. Ripple’s attempted $5 billion takeover of Circle (USDC issuer) was a shot across the bow in the stablecoin arena.
Regulators set new guardrails: The U.S. enacted its first federal stablecoin law (GENIUS Act) in July 2025, creating a licensing regime for issuers and clarifying that properly backed payment stablecoins are not securities. In parallel, the EU’s MiCA framework is rolling out strict stablecoin reserve and supervision rules, and Hong Kong’s regulator will license stablecoin issuers from 1 Aug 2025, all giving traditional players more legal certainty.
Banks move from pilots to production: Banks are leveraging blockchain for core uses like 24/7 cross-border transfers, collateral markets, and deposit tokens. JPMorgan’s Onyx network (deposit token system) now settles about $2 billion daily in internal transfers. In July, a consortium led by 20+ banks (Fnality) executed an on-chain intraday repo swap of tokenized central-bank funds against government bonds, confirming near-real-time DvP settlement.
Asset managers tokenize funds at scale: 2025 saw major asset managers launch on-chain fund shares. Franklin Templeton’s OnChain U.S. Government Money Fund (FOBXX) grew to $700+ million AUM (its shares trade on Stellar with connectivity to Polygon and Arbitrum L2). BlackRock’s USD Digital Liquidity Fund (BUIDL) crossed $2 billion on Ethereum, and Apollo’s new tokenized credit fund raised $100 million within months. These initiatives cut settlement times to T+0 and broaden investor access, for example minimums of ~$100 via wallets.
Technical foundations maturing: Public blockchain infrastructure is more enterprise-ready. Ethereum layer-2 networks (for example Base and Arbitrum) offer throughput and fees orders of magnitude better than L1, with transactions for $0.01 and 1–2 second finality, attracting institutional use without sacrificing Ethereum’s security. Privacy and compliance add-ons, from zero-knowledge proof compliance modules to permissioned asset wrappers, are being layered on to meet bank-grade requirements, allowing sensitive transactions on public chains with selective disclosure.
Managing new risks: Institutions are proceeding cautiously with controls. Stablecoin reforms aim to eliminate run risk by mandating 1:1 reserves and audits. Leading custodians carry SOC 2 reports and use advanced key management such as MPC key sharding and HSMs to prevent single-point breaches. Smart contracts and bridges, the biggest technical risk areas, are vetted via formal audits and capped exposure. Early pilots implement circuit-breakers (pause switches) and redundancy (multichain or fallback systems) to ensure financial stability even if blockchain components fail.
State of Adoption
Activity on blockchain networks has hit all-time highs in 2025, indicating genuine adoption rather than speculation. Across major Layer-1s and Layer-2s, monthly active address counts are in the millions to tens of millions. Notably, Solana leads with ~57 million monthly active addresses, benefitting from high-throughput DeFi and NFT apps. Established networks like Ethereum still see ~9.6 million monthly actives despite higher fees, while newer Ethereum L2s like Base (launched by Coinbase) already host 21.5 million monthly active addresses by leveraging ultra-low fees and a ready user base.
On-chain transaction counts reflect similar growth: for example, Tron, popular for payments, now averages 8.6 million transactions per day, a 12% QoQ increase, indicating heavy stablecoin and gaming activity. Even Bitcoin, primarily a value store, sees over 10 million active addresses monthly as institutional adoption via ETFs drives usage. The key trend is differentiation between retail-driven networks (high volume micropayments, gaming) and institution-focused networks (fewer transactions but larger values).
Stablecoin Utilization
Dollar stablecoins have become a de facto settlement medium across exchanges, remittances, and DeFi. On-chain stablecoin transfer volumes are growing. August 2025 alone saw about $3 trillion moved on-chain via stablecoins, a +92% month-on-month spike. Much of this volume is driven by a few large networks. Ethereum and Tron process the bulk of stablecoin transactions, with Ethereum used for higher-value DeFi and institutional flows, and Tron dominating retail USDT transfers (Tron handled 273 million stablecoin transactions in May 2025). Ethereum currently hosts ~65% of total stablecoin supply (helped by USDC and DAI), while Tron carries about 30% (mainly USDT issuance). Stablecoin usage is bifurcating. On exchanges, they facilitate ~80% of all crypto trade volume as the quote currency, whereas on-chain they enable instant cross-border payments and yield farming. A notable development is the growth of non-USD stablecoins for FX diversification, such as Singapore’s XSGD and EUR stablecoins, though USD-backed coins still make up ~95%+ of the market by value. Stablecoins are now critical plumbing. Circle’s USDC and Tether’s USDT combined settle trillions annually and are increasingly held by corporates as digital cash.
Tokenized Assets & Real-World Asset (RWA) Growth
Beyond payments, 2025 has proven a breakout year for tokenized real-world assets. Tokenized U.S. Treasury products and money market funds have seen particularly rapid uptake amid high interest rates. The total AUM of tokenized Treasurys and related funds on public chains exceeded $5.7 billion by April 2025 and kept climbing. By mid-2025, an estimated $26.5 billion of RWAs were on-chain, spanning government bonds, private credit, real estate, and fund units. Several on-chain mutual funds are now live. Franklin Templeton’s OnChain U.S. Government Money Fund, a ’40 Act fund investing in T-bills, has $744 million in traditional AUM as of Aug 31, 2025 and uses Stellar and Polygon for its share ledger. BlackRock’s USD Digital Liquidity Fund (BUIDL), launched in late 2024, gathered over $2 billion within a year by offering tokenized shares of a money market fund to crypto platforms. Even alternative assets are joining in. Private equity giants like KKR and Apollo have tokenized portions of credit funds, enabling accredited investors to buy in with lower minimums and faster liquidity. Notably, Apollo’s tokenized diversified credit fund (ticker ACRED via Securitize) reached $106 million in on-chain AUM by June 2025. These examples underscore that tokenization is no longer theory, it is producing investable products with material assets, often using public chains such as Ethereum and Polygon for settlement while maintaining traditional oversight through SEC-regulated fund structures.
Capital Markets and Equity Events
Traditional capital markets are also interacting with blockchain through IPOs and M&A. While 2023 saw the first IPO of a crypto-native firm, 2025 has instead featured established firms acquiring blockchain infrastructure. Over 200 crypto-related M&A deals were announced in H1 2025, totaling approximately $20 billion, versus only $2.8 billion in all of 2024. For instance, in August 2025 Coinbase (NASDAQ: COIN) finalized its purchase of Deribit, the world’s largest crypto options exchange, for $2.9 billion, instantly making Coinbase the top global player in crypto derivatives. In the payments sector, Stripe acquired Bridge, a stablecoin payment startup, for $1.1 billion to integrate crypto-to-fiat interoperability into its merchant network. Traditional banks are also active.
Standard Chartered increased its stake in crypto custody platform Zodia, and Nasdaq made a strategic acquisition of a digital asset custodian, though these deals were smaller and often undisclosed. Meanwhile, no major crypto company IPO has occurred post-Coinbase. Instead, some, like Circle, pursued SPAC or direct listing paths but held off due to market conditions. The net effect is consolidation, with larger, regulated players such as exchanges, fintechs, and banks buying capabilities like derivatives platforms, custodians, and tokenization tech rather than building from scratch. This M&A trend is expected to continue, supported by clearer regulations and attractive valuations in the crypto bear market.
Regulatory Milestones
Since June 2025, several regulatory milestones have shifted the landscape for banks, asset managers, and fintechs using blockchain. In the U.S., Congress passed the Guiding and Establishing National Innovation for US Stablecoins Act (GENIUS Act) on July 17, 2025, the first federal law specifically governing stablecoins. This law, signed by the President on July 18, 2025, defines payment stablecoins and requires issuers to be licensed via OCC or state regimes with prudential standards such as 100% reserve backing and monthly disclosures. It also removed such stablecoins from the SEC’s purview by excluding them from the security definition, providing clarity for banks considering issuing their own tokens.
The Act will take effect by latest January 2027, 18 months after enactment, or earlier if regulators implement rules sooner, so firms have a transition period to adjust compliance. In Europe, the MiCA regulation, Markets in Crypto-Assets, fully came into force in 2025, with rules on stablecoins, called asset-referenced tokens and e-money tokens, now active. MiCA requires, among other things, that Euro-pegged stablecoins maintain redemption at par without fees and have a presence in the EU, prompting some non-EU stablecoin issuers to pull back or get licensed. Additionally, MiCA mandates that crypto service providers, including exchanges and custodians, obtain licenses by early 2025, causing banks and asset managers to partner with regulated entities or secure their own licenses.
In Asia, Hong Kong’s Monetary Authority published its stablecoin regulatory framework in July 2025, with a licensing regime effective 2024/25 and an explanatory note on requirements such as auditing and float management released at the end of July. Hong Kong aims to accept applications from stablecoin issuers and wallet providers, positioning itself as a regional hub under a regulated umbrella, a notable shift from its earlier cautious stance. Singapore had earlier, in 2022, introduced guidance for stablecoin issuance, for example MAS reserve requirements, so by 2025 major financial centers are converging on similar standards. These regulatory moves directly affect TradFi adoption. Banks now have clearer permission to issue deposit tokens under banking law in the U.S. and EU. Asset managers can launch tokenized funds knowing the distribution platforms will be licensed. Fintechs have more clarity on KYC and AML expectations for crypto services. The overall impact is a reduction in regulatory uncertainty. Executives can no longer say they will wait for regulators; instead the rules are here, and the imperative is to comply and execute within them.
Banks
Priority Use Cases
Banks in 2025 are focusing blockchain efforts on money movement and settlement use cases where legacy infrastructure is slow or fragmented. High on the list is tokenized deposits, essentially digital representations of bank deposits that can move on chain instantly. This enables 24/7 intrabank and interbank transfers, which is valuable for corporate treasurers and for internal liquidity management. JPMorgan has been a pioneer: its JPM Coin system (now branded as Partior/Kinexys for some offerings) allows institutional clients to transfer dollars globally on a permissioned blockchain. As of mid-2025 JPM’s network was moving about $2 billion per day in on-chain deposit value among its branches and clients, cutting cross-border settlement from hours to minutes.
JPMorgan is now preparing to pilot JPMD, a deposit token on a public blockchain, likely Ethereum or an L2, to extend this service beyond its private network. Other top use cases are instant cross-border payments, for example using stablecoins or CBDC-like tokens to avoid correspondent banking delays, collateral mobility, tokenizing collateral to enable intraday or instantaneous pledging and release, and intraday repo markets. In July 2025, a group of banks including BNP Paribas and Lloyds demonstrated intraday repo settlement on-chain: one bank’s treasury repo’d bonds to another for a few hours, with central bank money tokens used for payment, all on a DLT network with immediate unwinding. This points to a future where banks can optimize liquidity every hour, not just overnight, potentially saving capital and reducing failed trades. Another use case seeing traction is FX settlement: projects like Baton Systems and HSBC’s FX Everywhere have used shared ledgers to achieve PvP settlement of cross-currency trades without Herstatt risk.
Live Pilots and Systems
Several bank-led blockchain networks are now live or in late-stage pilots. Aside from JPM’s Onyx, one prominent example is Fnality International, a consortium of roughly 15 major banks including UBS, Barclays, Santander, MUFG, and more, building a series of permissioned payment systems backed by central bank deposits. In December 2023 Fnality’s UK network, settling sterling, received Bank of England approval and processed its first live transactions with Lloyds and Santander using an omnibus BoE account. By July 2025, BNP Paribas joined Fnality’s UK system and executed an on-chain interest rate swap payment with Lloyds, effectively one leg of a swap’s cash flow paid in tokenized GBP, achieved in seconds with full DvP as the swap’s collateral moved vs payment. This scale of multi-bank participation in a DLT payment utility is a milestone because it shows that a regulated blockchain network can carry out real wholesale payment obligations. Another example is Partior, a cross-border interbank network co-founded by DBS Bank, JPMorgan, and Temasek, which has been facilitating live SGD, USD, JPY transfers on a permissioned chain in the Asia region. On the retail side, Signature Bank’s Signet platform, before Signature’s closure, and Silvergate’s SEN showed U.S. banks the utility of tokenized deposit platforms for 24/7 corporate payments, and their absence has other banks now considering similar networks under federal oversight.
Public vs Permissioned, Decision Map
A key strategic decision for banks is whether to use public blockchains or permissioned, private or consortium, ledgers for these use cases. Thus far, many banks have favored permissioned chains or quasi-private L2s where participants are known and rules can be enforced. Examples include Fnality, members only with central bank oversight, and JPM Coin, bank-operated. Permissioned systems give comfort around privacy and control but sacrifice the broad interoperability of public networks. However, the tide is slowly turning. Banks are experimenting with public chains for certain assets, especially where they need to reach a wide variety of counterparties, for example issuing tokenized bonds or deposits that any qualified investor can hold on Ethereum. To reconcile public networks with compliance, banks are employing add-on solutions, for instance using permissioned wrappers or smart contracts that restrict token transfers to whitelisted addresses to ensure KYC, or leveraging layer-2 networks that allow a bank to run a permissioned validator set while still anchoring to a public L1. Privacy is another concern because blockchain transactions are transparent by default. Banks are evaluating privacy stacks like zero-knowledge proofs and viewing keys. A zero-knowledge proof can validate that a transaction meets certain conditions, like AML checks or debt covenants, without revealing the underlying details to the world.
Integrating blockchain with banks’ core systems is non-trivial. Leading institutions have set up internal digital asset units to connect DLT platforms with traditional ledgers such as general ledger, payment hubs, custody systems. A critical integration is with core banking. When a customer moves 100 dollars from a bank account into a token, the core ledger must show 100 dollars less in deposits, and the blockchain ledger reflects 100 dollars of tokens issued. This two-way link must be tight to avoid any mismatch, often achieved via API or middleware that updates in real time. Many banks initially run pilots in parallel, shadow mode, with existing systems to measure KPIs such as settlement latency, how quickly a cross-border payment settles on blockchain vs SWIFT, often about 10 seconds vs several hours in recent pilots, failure rates, where blockchain’s atomic settlement promises near-zero fail rates and one measure is a drop in FX settlement fails or unmatched trades, reconciliation time saved, with shared ledgers removing hours of reconciliation work and some projects reporting 50 to 80 percent reduction in back-office reconciliation, and liquidity or capital efficiency.
The latter is key. For example, intraday repo on DLT allows a bank to reuse collateral multiple times a day, potentially trimming the peak liquidity needed. Early trials with Broadridge’s DLR indicate banks can unlock hours of additional liquidity usage, which translated to fewer buffer funds needed. Banks will closely track how these pilots affect metrics like intraday interest cost, whether using tokenized collateral reduced overdraft fees or the need for intraday borrowing, and counterparty risk exposure, since shorter settlement cycles mean lower exposure. In summary, banks’ blockchain adoption is shifting from experimentation to pragmatic deployment where it clearly saves time, money, or capital, especially in the plumbing of payments and settlements.
Asset Managers
Tokenized Funds and Securities, AUM and Products: Traditional asset managers now have tangible assets on-chain, primarily through tokenized funds and real-world asset tokens. By September 2025, the cumulative AUM of tokenized funds has crossed the billion-dollar mark and is climbing rapidly.
There are two broad categories. First, tokenized money market and bond funds that offer on-chain access to low-risk yield instruments. Second, tokenized alternative assets such as private equity, credit, and real estate that offer liquidity and access to traditionally illiquid assets. In the first category, multiple large firms have launched tokenized money market funds.
Franklin Templeton’s OnChain U.S. Government Money Fund, investing in U.S. Treasuries, is one example, now at 700 million dollars plus in AUM. Its innovation was to use a public blockchain, the Stellar network, as the official share register, making it the first SEC-registered fund with a main record on-chain. This fund’s shares, BENJI tokens, can now also be interacted with on Polygon and Arbitrum, broadening distribution while Stellar remains the source of truth. BlackRock launched a private liquidity fund, BUIDL, in late 2024 whose tokenized shares live on Ethereum mainnet. By mid-2025 BUIDL was reportedly the largest tokenized RWA product globally, with nearly 3 billion dollars in AUM, distributed via Coinbase and other digital asset platforms to qualified investors.
Competitors like WisdomTree have introduced tokenized treasury funds and even tokenized cash, for example WisdomTree’s Prime funds. WisdomTree had about 315 million dollars in various tokenized fund assets by mid-2025. On the alternatives side, Hamilton Lane and KKR both tokenized portions of private equity funds in 2022 and 2023, and those efforts have grown. For example, Hamilton Lane’s tokenized feeder funds for flagship PE vehicles reportedly brought in a few hundred new investors and tens of millions in on-chain subscriptions.
Apollo’s tokenized credit fund, ACRED, launched in early 2025 on Ethereum through the Provenance or Centrifuge platform and quickly surpassed 100 million dollars in on-chain investment by June, including a 50 million dollar ticket from a crypto yield fund. Importantly, these tokenized funds are not separate crypto funds. They are the same pools that traditional investors can buy through normal channels, but now also available as digital tokens. The distribution strategies vary. Franklin’s and WisdomTree’s products are multichain to meet investors on different networks. BlackRock’s BUIDL and Apollo’s credit fund chose a single chain, Ethereum, with a single transfer agent, often a fintech partner like Securitize or Tokensoft, to simplify control.
We are also seeing tokenized indices and ETFs on the horizon. BlackRock is exploring tokenizing broad equity ETFs, such as an S&P 500 tracker, subject to regulatory approvals. If approved, that could unlock trillions in equity assets to 24/7 trading on-chain. Current tokenized fund AUM might be small relative to TradFi, for example 100 million here, 300 million there, but the growth rates are high and the direction of travel is set. Even conservative BlackRock is public about eventually tokenizing all assets.
Technical Building Blocks
Preferred Networks (2025)
Institutions are gravitating toward a handful of blockchain networks that best meet their needs for throughput, finality, cost, and ecosystem maturity. On the public side, Ethereum remains dominant due to its large developer base and liquidity, and it is the first choice for tokenizing assets that need broad interoperability (for example, funds and securities that may interact with DeFi). However, Ethereum L1’s limitations (~10–15 TPS, variable fees) mean most institutional activity is either happening on Layer 2 networks (like Arbitrum, Optimism, Base, Polygon’s ZK networks) or on alternative L1s optimized for enterprise.
For example, many tokenized bond pilots in Europe used Ethereum sidechains or permissioned Ethereum instances for privacy, and funds like Franklin’s chose Stellar initially for its low cost and built-in compliance features. Polygon is popular for tokenized assets too, thanks to adoption, low fees, and EVM compatibility. According to industry data, Polygon, Ethereum, and Arbitrum were the top three networks by RWA token value in 2024, until Base’s arrival added another option. We also see increasing use of Cosmos SDK chains or Polkadot parachains for institutions that want more customization.
Some European digital bond markets are on permissioned Cosmos chains with selected validators, for example Euroclear’s DLT bond platform running on a customized ledger. In terms of throughput and finality, institutions look for networks that can finalize a transaction in under 5 seconds and handle bursty activity.
Solana and Avalanche often come up. Solana offers high TPS and ~400 ms block times, which is attractive for trading applications, and some TradFi trading firms are using Solana for on-chain options or forex experiments. Avalanche’s subnets allow bespoke networks that still settle to Avalanche’s mainnet, and several banks have trialed regulatory sandbox subnets with KYC at the chain level to test asset issuance.
We recommend checking out the report released this week by Tiger Research about Avalanche.
Decentralization vs Control
Institutions care about decentralization in a pragmatic sense. They want assurance that no single party, other than perhaps themselves in a private chain, can unilaterally alter the ledger or halt it. Public Ethereum and Bitcoin are seen as highly decentralized, with large validator and node sets that provide censorship-resistance. By contrast, a permissioned chain might only have a handful of nodes, which makes collusion or failure easier. To mitigate this, consortium chains like Fnality recruit many member nodes and seek legal designation, such as settlement finality protection by central banks, to bolster trust. For pure performance, high-performance L1s versus Ethereum L2s is an active debate. Many enterprise developers prefer sticking with the Ethereum ecosystem and scaling via L2 or sidechains for easier interoperability, rather than moving to a separate tech stack. This is evidenced by the rise of Layer 2 solutions geared for institutions, such as Polygon zkEVM Permissioned or Consensys Linea, where a rollup can be run with added privacy or by a set of banks.
Privacy and Compliance Modules
Given stringent regulatory requirements, adding privacy layers to blockchain transactions is essential for many TradFi use cases. A few approaches in use now: Zero-knowledge proofs are emerging as the go-to tool. For instance, AZTEC Network before its 2023 pivot was used in pilots to allow confidential asset transfers on Ethereum using ZK encryption, so one could hide not only identities but also amounts. Institutions have also leveraged ZK proofs for compliance. A trade can be done on a public chain, while a proof is provided that the trade was between two KYC’d parties and did not breach limits, without revealing the parties. Project Guardian in Singapore in 2022–2023 demonstrated this by having a ZK-based verified credential for investors. Before a wallet could execute a DeFi trade, a smart contract checked a proof that the wallet possessed a valid KYC credential issued by a trusted institution, without revealing the wallet’s identity on-chain.
Viewing keys or selective disclosure is another approach. Some enterprise-focused chains, for example R3 Corda, which is DLT rather than a blockchain, use point-to-point encryption so only involved parties see transaction details. Some newer protocols allow a third party such as a regulator to be given a key to inspect transactions if needed. In IBM’s World Wire payments network built on Stellar, participating banks could use encrypted memos that only regulators could decrypt to see transaction details for AML checks. On Ethereum, ERC-1404 and other token standards allow restrictions and potentially off-chain data exchange to accompany transfers, such as sending identity information in parallel to a transfer. There is also development of privacy pools that use ZK circuits, akin to Tornado Cash but compliant, where funds can be pooled and mixed for privacy, yet users in the pool are KYC-verified and the operator can de-anonymize if required. Some EU banks tested such a concept in 2025 to see if they can satisfy both GDPR privacy and AML traceability by having an intermediary hold the decryption capability.
Token extensions for compliance are common. Security tokens often include logic to check a whitelist or to disallow transfers exceeding certain limits. One example is the Tokeny platform used in Europe, where every token carries a smart contract that references a registry contract of eligible investors. If Bob tries to send a token to Alice and Alice’s wallet is not in the registry as an approved investor, the transfer fails. This ensures securities laws are respected on-chain. Similarly, Fireblocks introduced an engine that can enforce Travel Rule information, where metadata about the originator and beneficiary can be attached to an institutional stablecoin transfer and only read by the receiving institution, addressing FATF Travel Rule on-chain.
Custody Infrastructure
For any institution, choosing a custody solution for digital assets is foundational. The bar is high. Custody providers must offer bank-grade security and demonstrate robust internal controls. Typically, institutional custody involves a combination of technology, legal and regulatory status, and insurance. On the technology side, leading custodians use Hardware Security Modules or multi-party computation to secure private keys. HSMs are tamper-proof physical devices where keys can be stored and used to sign without ever leaving the device. MPC allows shards of a key to be held by multiple parties, for example the custodian, the client, and a recovery service each holding a piece. A transaction signature is generated collaboratively so that no single party ever has the full private key. This reduces single-point-of-failure risk and is cited by firms like Fireblocks and Zodia as a reason banks are comfortable.
Key sharding and geographic redundancy are standard. Institutional custodians often split key material across multiple data centers or even countries. For instance, Coinbase Custody might store key shards in New York, Dublin, and Singapore so that a catastrophic event in one location will not lose the keys. They also maintain disaster recovery procedures. If a shard-holding server is destroyed, there is a protocol to regenerate keys from backups held in secure vaults, typically requiring multiple executive approvals. On internal controls, many custodians have achieved SOC 1 Type 2 and SOC 2 Type 2 certifications, which are independent audits of financial reporting controls and security controls. These attestations, along with ISO 27001 certifications, give comfort that the custodian’s processes, such as employee vetting and withdrawal approvals, meet industry standards.
Additionally, regulatory charters are important. Several top crypto custodians obtained bank or trust charters. Anchorage holds a US national trust bank charter. Coinbase Custody is a New York State trust company. These charters impose capital requirements and oversight. Client assets are legally segregated and cannot be touched in bankruptcy, similar to how securities custodians operate.
Insurance matters. Most institutional custodians carry crime insurance that covers theft of digital assets up to certain limits, such as a $100 million policy. Gemini, for example, highlights that it has over $200 million in cold storage insurance via a captive insurer. Insurance does not cover all scenarios, such as some nation-state hacks, but it is a necessary checkbox for many risk committees.
Operational considerations include the ability to provide 24/7 support, SLAs for withdrawals, for example guaranteeing that assets can be moved out within about one hour of request for hot wallets and 24 hours for cold, and reporting and APIs to integrate with portfolio systems. A big differentiator now is proof of reserves or on-chain attestation. Some custodians, such as BitGo, offer tools for clients to independently verify their assets are held one-to-one by looking at on-chain addresses or auditor attestations. After the FTX collapse in 2022, institutions demand transparency that their custodian is not rehypothecating or misusing assets. Custodians also adopt accounting controls such as daily reconciliation of on-chain balances to customer ledgers, and physical security akin to vaults for any manual key fragments, with some still using deep cold storage with keys engraved in steel and stored in bank vaults.
In summary, the criteria checklist for custody includes regulatory compliance, technical security, auditability, insurance coverage, operational resilience, and scalability. Many institutions opt to multi-source custody, using two or three custodians to avoid vendor lock-in and provide backup. The landscape now has big names like Bank of New York Mellon entering digital asset custody and Nasdaq planning one, though paused, which suggests that over time, digital asset custody will be integrated into the same firms that safeguard stocks and bonds, following the same rigorous standards.
Risks and Constraints
Despite the progress, adopting blockchain as core infrastructure introduces new risks alongside traditional ones. A clear understanding of these and mitigation strategies is crucial for executives planning deployments.
Market Risks
The crypto market is known for volatility, but in TradFi use the market risk comes from underlying asset volatility if holding crypto assets and from stablecoin depegging. For instance, a corporate using USDC for treasury needs to trust that USDC will hold its $1 value and not face a run as happened briefly in March 2023. Mitigation includes sticking to fully reserved, regulated stablecoins, where new US legislation like the GENIUS Act mandates stablecoin issuers maintain 100 percent in cash or Treasuries, which should reduce risk, and setting limits on stablecoin holdings relative to liquid cash.
Another market risk is liquidity risk. If an institution tokenizes an asset, such as a loan, and relies on selling it on-chain, they could face a liquidity crunch if blockchain markets freeze or fragment. DeFi liquidity has dried up in past downturns. An asset manager could be unable to redeem a tokenized bond quickly if secondary trading is weak. To mitigate this, firms maintain backup liquidity facilities, for example a bank line of credit if an on-chain sale fails, and often restrict tokenized offerings to less liquidity-dependent structures, such as closed-end funds where investors commit to a term.
Operational Risks
These include smart contract bugs, process failures, and human errors. A bug in a smart contract could lock up assets or be exploited. A flawed custody smart contract might be drained. To control this, audits and formal verification are mandatory for any critical smart contracts, often with multiple audit firms and testnet dry runs. Some firms also keep an off-chain safety net. For example, a tokenized fund might have a legal provision that in case of contract failure, the transfer agent can revert to a manual process and issue new tokens or traditional shares to investors. Key management failures are another operational risk, such as losing a private key or having it compromised.
Solutions like MPC and multi-sig with approval workflows reduce single-person risk. Many institutions implement a tiered key system. High-value transfers require multiple senior approvals enforced by multi-sig. Daily small transfers can use automated signing with limits. There is also risk of reconciliation errors. While blockchain provides a single source of truth, integrating it with legacy systems can lead to data mismatches if not careful. Firms address this by building real-time reconciliation dashboards and using oracles to feed blockchain data into internal systems. A notable operational risk is blockchain downtime or forks. Some networks, such as Solana, have had outages. If you rely on that chain for payments, you need contingency, perhaps a secondary chain or a fallback to SWIFT if outage duration exceeds a set threshold.
Similarly, a chain reorganization or a 51 percent attack could theoretically reverse transactions. For major chains like Ethereum, this is extremely unlikely now, and finality checkpoints exist, but to be safe, critical applications often wait a number of confirmations or use L2s with validity proofs where finality is cryptographically assured. Private chains avoid reorg risk by design through permissioned nodes and immediate-finality protocols, but then one must trust those nodes.
Regulatory and Legal Risks
Even with new laws, there is still regulatory risk. Laws can change. A new administration could tighten rules on self-custody or DeFi. Cross-jurisdictional issues persist. A practice allowed in Singapore might violate EU rules. Institutions cope by geofencing, ensuring their blockchain activities are offered only to jurisdictions where they are comfortable, and by obtaining legal opinions on tokenized instruments to confirm, for example, that a tokenized note is still the same security under law. A big legal risk is uncertain liability in smart contracts. If a DeFi protocol fails and causes loss to an asset manager’s fund, who is liable. Many managers structure on-chain engagements via regulated subsidiaries or invest only small portions in DeFi to limit liability, and they disclose these risks plainly to clients. Compliance departments also worry about AML and KYC risk. Interacting with public blockchains could inadvertently involve tainted funds. To counter this, firms use blockchain analytics to screen addresses and transactions in real time. For example, before a stablecoin coming in from a customer wallet is accepted, it is scanned for any association with sanctions or illicit activity. This is analogous to sanctions screening on wire transfers, using new tools.
Technical Risks
Beyond smart contract risk, scalability and performance constraints matter. If an institution suddenly puts a million daily transactions on Ethereum, gas costs could spike and throughput could choke. Scalability risk is mitigated by choosing appropriate networks, such as Layer 2s, high-speed L1s, or sharded architectures, and by designing with batching to aggregate transactions where possible and asynchronous processing when instant finality is not needed for every micro-transaction. Interoperability and bridge risk is significant because institutions often need to move assets across chains, for example a tokenized asset on one chain while liquidity sits on another. Bridges have been notorious points of failure, with billions stolen in past hacks. As a result, institutions minimize using third-party bridges. Instead, some use burn-and-mint schemes operated by trusted parties. Circle’s Cross-Chain Transfer Protocol avoids holding assets in a bridge by burning on the source chain and minting on the target chain, which reduces custodial risk. When third-party bridges are needed, institutions prefer those with robust security, such as multi-sig with many signers, insurance if possible, and audits. Some also demand bridge risk assessments from providers, and there are frameworks rating bridges on security.
Conclusion
Blockchains have moved from proof of concept to production for money movement, collateral, and fund distribution. Regulatory clarity in the U.S., EU, and Hong Kong lowers policy risk, while rising stablecoin volumes and tokenized fund AUM show real demand. The near-term winners will be banks and asset managers that pair public-chain reach with permissioned controls, measurable KPIs, and disciplined custody. Execution now is about vendor selection, privacy design, and risk controls, not whether to participate.
Sources:
*Unadjusted - Volume from addresses that are labeled as MEV Bots or Intra-Exchange, is considered an internal transaction, or that have transacted > 1k transactions or 10M transfer volume in any 30 day period.
Risk Disclaimer:
insights4.vc and its newsletter provide research and information for educational purposes only and should not be taken as any form of professional advice. We do not advocate for any investment actions, including buying, selling, or holding digital assets.
The content reflects only the writer's views and not financial advice. Please conduct your own due diligence before engaging with cryptocurrencies, DeFi, NFTs, Web 3 or related technologies, as they carry high risks and values can fluctuate significantly.
Note: This research paper is not sponsored by any of the mentioned companies.