Crypto is a bearer asset. Whoever controls the private key controls the funds, and theft of that key — whether by an external hacker, a malicious insider, or a social-engineering scheme — results in immediate, irreversible loss. For exchanges, qualified custodians, staking operators, and any firm holding crypto for itself or others, that reality makes Crime & Custody insurance, often written as specie coverage for digital assets, one of the most important lines in the stack.
Hot Wallets vs Cold Storage
Insurance programs treat the two very differently because the threat profiles are not comparable.
- Hot wallets are internet-connected. They are necessary for operational liquidity — processing withdrawals, settling trades, moving customer funds — but their constant exposure to the network makes them higher frequency targets. Available limits on hot-wallet coverage are smaller, and the coverage is typically sized to operational float rather than total holdings.
- Cold storage keeps signing material offline, often in hardware security modules and behind formal key-ceremony procedures. The threat surface is far smaller, so underwriters offer higher available limits against cold-stored assets. This is also where specie coverage concepts apply most directly — insuring high-value assets held in secure, offline custody.
A sound custody architecture keeps the minimum necessary balance hot and the bulk cold, and the insurance program is built to mirror that split.
What Crime & Custody Covers
The coverage responds when crypto itself is stolen. Depending on the form and endorsements, covered perils include:
- Theft of digital assets via external hacking and private-key compromise
- Hot-wallet theft, sized to operational float
- Cold-storage theft, with higher available limits
- Employee dishonesty and insider theft of crypto or keys
- Social engineering and fraudulent funds-transfer, where endorsed
- Physical and logical loss of key material from custody or storage systems
The throughline is theft of the asset. This is distinct from a smart-contract exploit, which is covered under Smart Contract Liability, and from a data breach, which is a cyber event. Many custodians carry all three because one incident can touch all three exposures.
Private-Key Compromise and Employee Theft
Two failure modes dominate custody claims. The first is private-key compromise — an attacker obtains signing material through a breach, phishing of admin credentials, or compromise of the systems that touch keys. Once they sign a transaction, the funds are gone with finality.
The second is employee and insider theft. Because keys are the keys to the kingdom, a single dishonest insider with the right access can cause catastrophic loss. This is why underwriters care so much about segregation of duties and multi-party controls — no one person should be able to move significant funds alone.
Why Insured Limits Run Below Assets Under Custody
This is the single most important expectation to set with any custody client: insured limits are almost always far below total assets under custody (AUC). A custodian holding billions cannot insure the full balance — the global market simply does not offer that much capacity at any reasonable price, and what capacity exists is layered across multiple Lloyd's of London syndicates and specie markets to assemble a meaningful limit.
In practice, limits are structured to cover hot-wallet float plus a defined cold-storage sublimit, not the entire balance sheet. A responsible program is transparent about this from the start: insurance transfers a meaningful, defined slice of the custody risk, and the rest is managed through the storage architecture itself.
What Underwriters Want to See
Custody underwriting is rigorous and controls-driven. Expect detailed scrutiny of:
- Multisig and MPC key management — no single point of failure
- Hardware security modules (HSMs) and formal key-ceremony procedures
- Proof of reserves and segregation of customer assets
- Segregation of duties and least-privilege access to signing systems
- Withdrawal controls, allowlisting, and anomaly monitoring
- SOC 2 reporting and a documented incident-response plan
Strong controls do more than lower premium — they determine whether meaningful limits are available at all. A custodian that can demonstrate cold-storage-first architecture, robust key management, and proof of reserves accesses materially better terms than one relying on hot wallets and informal controls.
The Bottom Line
Crime & Custody is how a crypto firm transfers the risk that its assets — or its customers' assets — are stolen. Build custody cold-storage-first, harden key management, prove your reserves, and structure limits around hot-wallet float plus a cold-storage sublimit. Just go in clear-eyed: this coverage protects a defined slice of what you hold, not the whole balance.