Corporate treasuries know what trapped capital costs. Idle balances sitting across currencies, banks, and jurisdictions where reallocating liquidity is slow, politically fraught, and operationally expensive. The problem isn't new. What's new is that the same structural dynamic is being repackaged and sold back to them as Bitcoin custody.
The pitch is familiar: regulated custodian, insurance coverage, fee transparency, compliance frameworks. These are the proxies institutions have long used to signal safety. In traditional finance, where assets are intermediated by design, transactions are reversible, and central banks provide backstops, the model generally holds. But Bitcoin operates on fundamentally different architecture. It's a bearer asset. Control is defined by cryptographic keys, not account credentials or contractual promises. Transactions are final. There's no administrator to reverse mistakes, no authority to freeze funds, no lender of last resort.
Yet the custody solutions being marketed to corporate treasuries largely ignore this distinction. They abstract keys behind layers of internal controls, pool assets, and enforce governance through policies, approvals, and service agreements, not through the asset itself. From an organisational perspective, this feels reassuring. Responsibility appears externalised. Liability seems contained. But the underlying structural problem remains: capital sits with a third party who controls movement, settlement timing, and counterparty relationships.
The history of concentrated custody in crypto is instructive. Mt. Gox, which collapsed in 2014 after losing approximately 850,000 Bitcoin to theft, is still working through creditor repayments, with the deadline now extended to October 2026 after multiple postponements. FTX, which filed for Chapter 11 bankruptcy in November 2022 with over $8 billion in customer shortfalls, has distributed roughly $7 billion to creditors so far, with further distributions scheduled through 2026. In both cases, customers who had deposited assets with a centralised custodian found themselves in long, opaque recovery processes with limited control over their funds or the timeline for return.
These weren't peripheral players. FTX was the third-largest cryptocurrency exchange by volume before its collapse. The failures demonstrated how concentrated custody creates honeypots, single points of failure that attract attack, whether through cyber-intrusion, internal misconduct, regulatory intervention, or operational breakdown. Insurance, where it existed, was capped, conditional, and slow to pay. Customers became unsecured creditors, queuing behind bondholders and other priority claimants.
The regulatory environment has shifted since then. The SEC rescinded Staff Accounting Bulletin 121 in January 2025, removing the requirement that forced banks to book custodied crypto as balance sheet liabilities, a rule that had effectively prevented traditional financial institutions from offering custody services at scale. The repeal has opened the door for banks to enter the custody market, and the institutional crypto custody sector is projected to grow from $3.28 billion in 2025 to nearly $8 billion by 2032.
More custodians, more competition, more regulatory clarity, but none of this changes the structural question facing corporate treasuries. The custody model being sold is still one of delegation: assets pooled, keys abstracted, governance enforced off-chain through policies and service agreements rather than by the asset itself. If an institution does not control the keys, it does not control the asset.
The alternative isn't theoretical. Bitcoin's protocol supports multisignature arrangements where spending conditions, approval thresholds, time delays, and recovery paths can be encoded directly into how assets are held. A 2-of-3 multisig structure, for example, distributes keys across independent institutions so that no single party can move funds unilaterally, and no single point of failure can compromise the asset. Multi-institution custody models using this architecture eliminate the custodian as a single point of failure while maintaining governance structures familiar to corporate boards: segregation of duties, on-chain audit trails, and explicit authorisation requirements for any movement of funds.
This isn't about ideology. It's about operational reality. A corporate treasury evaluating Bitcoin custody should ask the same questions it would ask about any capital allocation: Who controls movement? What happens if the counterparty fails? How quickly can capital be redeployed if conditions change? The answers matter more than the fee schedule.
The crypto custody market will continue to mature. Traditional banks will enter. Insurance products will expand. Compliance frameworks will standardise. But for treasury teams already managing trapped capital across fragmented banking infrastructure, the question isn't whether a custodian is regulated or insured. It's whether the custody model recreates the same structural inefficiency they're already paying for, or whether it offers something genuinely different.
Bitcoin allows governance, recoverability, and control to be built directly into how assets are held. The technology exists. What remains is the willingness to evaluate custody models on structural terms rather than fee schedules and brand familiarity.
References
[1] U.S. Securities and Exchange Commission, Staff Accounting Bulletin No. 122, January 23, 2025
[3] Mt. Gox Rehabilitation Trustee Notice, October 2025, Extension of Repayment Deadline to October 31, 2026
