Guides
Start typing to search…
  1. Guides
  2. Custody Starter Architecture

Custody Starter Architecture Overview

Overview

Custody starter architecture is the recommended integration pattern for individual enterprises that want to maximize security while maintaining operational flexibility. This architecture uses a three-wallet structure per coin that balances security requirements with day-to-day operational needs. If your use cases requires multiple enterprises, see Crypto-as-a-Service (CaaS).

This guide walks you through setting up the following:

  • Custody wallet - A qualified custody cold wallet where you keep majority of your assets. This wallet has the strictest security protocols that govern the movement of assets between it and the standby wallet.
  • Standby wallet - A self-custody hot wallet for intermediate funds. This wallet contains a smaller balance than your custody wallet and has less strict policies to enable more flexibility.
  • Deposit/withdraw wallet - A second self-custody hot wallet for daily operations. This wallet contains the smallest balance of the three wallets and it has the most freedom and flexibility, enabling small withdraws without approvals.
  • Whitelists - The policies that govern the movement of assets between the three wallets.
  • Receive Addresses - Unique receive address on the deposit/withdraw wallet for everyone in your enterprise.

Architecture Diagram

┌─────────────────────────────────────────────────────────────────────┐
│                         Your Enterprise                             │
├─────────────────────────────────────────────────────────────────────┤
│                                                                     │
│  ┌──────────────────┐    Whitelist    ┌──────────────────┐          │
│  │  Custody Wallet  │◄───────────────►│  Standby Wallet  │          │
│  │   (Cold Storage) │                 │    (Hot Wallet)  │          │
│  │                  │                 │                  │          │
│  │ - Majority of    │                 │ - Intermediate   │          │
│  │   assets         │                 │   funds          │          │
│  │ - Strictest      │                 │ - Admin approval │          │
│  │   policies       │                 │   for withdrawals│          │
│  │ - Admin approval │                 │                  │          │
│  │ - Velocity limits│                 │                  │          │
│  └──────────────────┘                 └────────┬─────────┘          │
│                                                │                    │
│                                           Whitelist                 │
│                                                │                    │
│                                                ▼                    │
│                                   ┌──────────────────────┐          │
│                                   │ Deposit/Withdraw     │          │
│                                   │     Wallet           │          │
│                                   │   (Hot Wallet)       │          │
│                                   │                      │          │
│                                   │ - Smallest balance   │          │
│                                   │ - No policies        │          │
│                                   │ - Free spending      │          │
│                                   │ - Customer deposits  │          │
│                                   │ - Customer withdraws │          │
│                                   └──────────────────────┘          │
│                                                                     │
└─────────────────────────────────────────────────────────────────────┘

Wallet Roles

WalletTypeBalancePoliciesPurpose
Custody WalletCustody coldMajority of assetsStrictest: admin approvals, velocity limits, whitelistLong-term secure storage.
Standby WalletSelf-custody hotIntermediate amountAdmin approval for withdrawals, whitelistBuffer between cold storage and operations.
Deposit/Withdraw WalletSelf-custody hotSmallest amountNoneDay-to-day customer transactions.

Fund Flow

  1. Deposits: Wallets outside of your enterprise can deposit into the deposit/withdraw wallet.
  2. Accumulation: Periodically move accumulated assets from the deposit/withdraw wallet to the standby wallet.
  3. Cold Storage: Move excess funds from the standby wallet to the custody wallet for more secure storage.
  4. Withdrawals: People in your enterprise can withdrawal to wallets outside of your enterprise using the deposit/withdraw wallet.
  5. Replenishment: When the deposit/withdraw wallet runs low, replenish from the standby wallet.
  6. Major Replenishment: When the standby wallet runs low, replenish from the custody wallet.

Security Benefits

  • Limited Exposure: Only a small portion of assets are in the most accessible wallet.
  • Layered Security: Multiple approval checkpoints before accessing cold storage.
  • Whitelist Restrictions: Funds can only move between designated wallets.
  • Audit Trail: All fund movements require explicit authorization.

Policy Recommendations

WalletRecommended Policies
Custody WalletRequire multiple admin approvals, velocity limits (e.g., max withdrawal per day), whitelist to standby wallet only.
Standby WalletMay require admin approval for withdrawals, whitelist to custody and deposit/withdraw wallets only.
Deposit/Withdraw WalletNo policies (or minimal), allows spenders to withdraw freely for daily operations.

Prerequisites

Steps

Set up your custody starter architecture by following these guides:

  1. Set Up Custody Wallet - Set up your cold storage wallet.
  2. Set Up Standby Wallet - Set up your intermediate hot wallet.
  3. Create Whitelists - Configure whitelist policies between wallets.
  4. Set Up Deposit/Withdraw Wallet - Set up your operational hot wallet.
  5. Create Receive Addresses - Create addresses for individuals in your enterprise.

See Also

Updated 1 day ago