WHO REALLY GUARDS BITCOIN'S BILLIONS: A DEEP DIVE INTO INSTITUTIONAL CUSTODY, PHYSICAL VAULTS, SOVEREIGN RISK, AND THE CUSTODY GAP HIDING IN PLAIN SIGHT

The infrastructure securing over $800 billion in institutional Bitcoin is more sophisticated — and more fragile — than most investors realize.

Published March 2026 by David Astman | Bitcoin & Tech Wealth Edge Research

EXECUTIVE SUMMARY

As corporate and institutional Bitcoin treasury adoption accelerates in 2026, a critical and largely overlooked question emerges: who is actually guarding the Bitcoin, how secure are those arrangements, and what risks remain unsolved?

This report provides the most comprehensive public analysis of institutional Bitcoin custody infrastructure, examining physical security protocols, multi-signature architectures, sovereign seizure risk, and a first-of-its-kind Bitcoin Power Score (BPS) custody rating for the top 50 public Bitcoin treasury companies.

Our key finding: the majority of corporate Bitcoin treasuries have disclosed nothing about their custody arrangements — a gap that represents a meaningful risk for institutional investors and a significant opportunity for companies willing to lead on transparency.

SECTION 1: THE CUSTODY LANDSCAPE — WHO HOLDS INSTITUTIONAL BITCOIN

The institutional Bitcoin custody market has evolved from a niche, unregulated backwater into one of the most competitive and sophisticated segments of global financial infrastructure. As of early 2026, the top 10 custodians collectively secure approximately $800 billion in crypto assets under custody — with a two-tier structure that is reshaping how serious capital is deployed.

The Market Structure

Coinbase remains the dominant custodian by assets, securing roughly $280 billion in formal cold storage AUC and over $516 billion in total platform assets as of Q3 2025. Its dominance is structural: Coinbase was selected as custodian for eight of 11 spot Bitcoin ETFs at launch, creating an entrenched network effect that is difficult for competitors to displace.

But the custody landscape is bifurcating. Two distinct use cases are emerging with different optimal custodians for each.

Scale storage and ETF custody is dominated by Coinbase Prime and Fidelity Digital Assets. These custodians are optimized for holding large quantities of Bitcoin securely over long time horizons, with institutional-grade compliance, audit trails, and insurance coverage.

Active collateral management and Bitcoin-backed financing is being won by Anchorage Digital and Copper. When Cantor Fitzgerald launched its $2 billion Bitcoin lending business in March 2025, it explicitly selected Anchorage and Copper as its custody and collateral management partners — citing their settlement speed and collateral management infrastructure as decisive factors.

The most sophisticated institutional actors are now deploying both. BlackRock added Anchorage as a secondary custodian for IBIT in April 2025 while retaining Coinbase as primary holder. ARK 21Shares went furthest — its Bitcoin ETF now employs four simultaneous custodians: Coinbase, Anchorage, BitGo New York Trust, and BitGo Trust Company, allocating holdings based on real-time concentration risk analysis.

Coinbase and Fidelity are built for holding. Anchorage and Copper are built for doing things with Bitcoin while held — borrowing against it, settling collateral calls in real time, enabling yield.

Top 10 Custodians at a Glance

AUC figures reflect formal cold storage custody where disclosed. Platform assets are higher.

SECTION 2: INSIDE THE VAULT — HOW BITCOIN IS ACTUALLY SECURED

The physical and technical security infrastructure protecting institutional Bitcoin is more sophisticated than most investors appreciate. Understanding these layers matters because they collectively determine what attack vectors remain credible — and which are effectively eliminated.

Layer 1: Physical Vault and Bunker Infrastructure

Top-tier custodians store private keys inside facilities ranging from bank-grade vaults to hardened structures originally designed for military or nuclear purposes. These locations are deliberately kept secret — location knowledge itself is a security vector.

Fidelity Digital Assets operates inside a hardened room structure that is TEMPEST-shielded and radio-frequency blocked, with 24/7 on-site security and multi-person access controls requiring staff to physically travel to separate locations to retrieve hardware for a single withdrawal. TEMPEST shielding — the same electromagnetic protection standard used by the NSA — prevents the passive eavesdropping of computer activity via radio wave emissions.

Prosegur's crypto custody unit deploys over 100 military-grade security measures inside armored vault facilities across its global network, with Hardware Security Modules housed inside military-protected tamper-evident briefcases that permanently erase their contents if physically compromised.

Layer 2: Air-Gapped Cold Storage

The signing hardware that holds private key material has never been connected to the internet and has had its network interface cards physically removed. The only data pathway is via physical media such as MicroSD cards or USB drives, handed off by authorized personnel following documented procedures.

Copper employs optical air-gapping, where data passes via light beams rather than electrical signals, eliminating even the theoretical risk of electromagnetic side-channel attacks.

Layer 3: Hardware Security Modules

HSMs are FIPS 140-2 Level 3 certified tamper-proof microprocessors — the same security certification required for US government cryptographic applications — that generate and store private keys in a secure enclave. If any physical tampering is detected, the device executes an immediate and permanent zeroization, destroying all cryptographic material stored inside. Keys generated within an HSM never exist in plaintext outside the device.

Layer 4: Multi-Signature and MPC Key Splitting

No complete private key exists in any single location or under any single person's control. There are two primary architectural approaches.

Multi-Signature (Multi-Sig): The private key is split into N shards, and a transaction requires M of those shards to sign. BitGo's standard is 2-of-3 — client holds one key, BitGo holds one key, a recovery key is stored separately. Fidelity's institutional threshold is minimum 3-of-5, requiring three separate authorized parties to physically travel to separate vault locations.

Multi-Party Computation (MPC): Used by Coinbase and Anchorage. The private key is mathematically distributed such that it is never assembled in its complete form anywhere — not even during the signing process. Each party computes their cryptographic contribution independently and the signature is produced without any party ever possessing the complete key.

Layer 5: Geographic Distribution

Key shards are stored in physically separate locations across different countries and jurisdictions. No single natural disaster, government seizure at a single location, or physical attack can compromise enough shards to authorize a transaction. The specific locations are never publicly disclosed.

Layer 6: Operational Controls and Segregation of Duties

No single employee can execute a transaction alone. Dual-control procedures require two people to authorize sensitive operations. Mandatory vacation policies detect fraud by forcing coverage by other employees. Background checks, continuous monitoring, and insider threat programs are standard. Fidelity requires multiple key holders to physically travel to separate vault locations to retrieve HSM devices for a single withdrawal.

Layer 7: Third-Party Audits and Proof of Reserves

Coinbase undergoes annual SOC 1 Type II and SOC 2 Type II audits by Deloitte and Touche. BitGo holds SOC 2 Type 2 certification. Fidelity completes SOC 1 and SOC 2 Type 2 annually. Proof-of-reserves mechanisms allow cryptographic verification of holdings without revealing which wallets belong to which clients.

The vault security is genuinely extraordinary. The risk that remains is not a hacker in a dark room — it is a lawyer in a suit carrying a court order.

SECTION 3: THE RISK NO VAULT CAN SOLVE — REGULATORY SEIZURE

Every layer of physical and cryptographic security described above becomes irrelevant when a government serves a custodian with a valid court order. In 2022, the US Department of Justice recovered 94,636 Bitcoin from the Bitfinex hackers — not by breaking any encryption, but by serving legal process on Coinbase, which executed the transfer under legal compulsion. The Bitcoin was perfectly secured in cold storage. The vault was never breached. The court order was simply obeyed.

For institutional investors in corporate Bitcoin treasuries, this is the single risk that no amount of technical sophistication resolves. It is a sovereign risk — determined entirely by the political and legal environment of the jurisdiction in which a custodian is chartered.

The US Sovereign Risk Profile

US-regulated custodians — Coinbase, Fidelity, BitGo, BNY Mellon, Anchorage, and Gemini — are subject to the full legal enforcement apparatus of the United States government. This includes court orders, Department of Justice subpoenas, Treasury OFAC sanctions designations, and in extreme scenarios, emergency powers under the International Emergency Economic Powers Act (IEEPA).

The current political environment under the Trump administration is the most pro-Bitcoin in US history. Executive Order 14233, signed March 6, 2025, established the Strategic Bitcoin Reserve and declared Bitcoin a long-term strategic national asset. The OCC and FDIC removed pre-approval requirements for banks engaging with crypto.

However, the word "currently" carries critical weight. An executive order is revocable by any future president on their first day in office. The legal infrastructure for seizure — IEEPA, OFAC, DOJ subpoena authority — was not dismantled. The gold confiscation of 1933 via Executive Order 6102, which required American citizens to turn over their gold holdings to the Federal Reserve, remains the most frequently cited historical precedent for what a future adversarial administration could theoretically attempt with Bitcoin.

Jurisdiction Comparison

Switzerland is the gold standard. Its 2021 DLT Act embeds crypto bankruptcy protection directly into Swiss banking law — not just regulation, but statute. That means a custodian bankruptcy cannot touch client Bitcoin regardless of the outcome. No US custodian can make that guarantee.

SECTION 4: THE CUSTODY GAP — TOP 50 BITCOIN TREASURIES ANALYZED

We analyzed the publicly available custody disclosures for the 50 largest corporate and institutional Bitcoin treasury holders. The results are striking.

The Disclosure Landscape

Only 5 of 50 companies (10%) have publicly disclosed, verifiable custody arrangements in SEC filings or formal press releases. A further 4 of 50 (8%) have disclosed some but not all custody arrangements — including Strategy (MSTR), the world's largest corporate holder. Another 14 of 50 (28%) have custody arrangements that can be reasonably inferred from public information but have not been formally disclosed. And 27 of 50 (54%) have made no public disclosure of any custody arrangement whatsoever.

54% of the top 50 corporate Bitcoin treasury holders have disclosed nothing about where their Bitcoin is held, who guards it, or what legal protections apply. This is not a minor gap — it is a systemic disclosure failure.

Notable Disclosures and Gaps

Strategy (MSTR), despite being the most analyzed Bitcoin treasury in the world, has only partially disclosed its custody arrangements. SEC filings confirm that only NYDFS-regulated trust companies are used, Coinbase has confirmed the relationship publicly, and blockchain analytics firm Arkham Intelligence has traced holdings to Fidelity. The full allocation and complete custodian list have never been disclosed. For a company now holding over 761,000 Bitcoin worth approximately $63 billion, this opacity is notable.

Metaplanet stands out as the gold standard of custody disclosure. The Tokyo-listed Bitcoin treasury company publicly confirmed its partnership with SBI VC Trade — naming the custodian, the regulatory framework, the fee structure, and the specific services utilized. This is exactly what institutional-grade disclosure should look like.

At the opposite end, companies including Twenty One Capital (XXI), Boyaa Interactive, Meitu, and Trump Media & Technology Group have adopted Bitcoin treasury strategies with zero public information about custody arrangements.

The ETF Paradox

Perhaps the most counterintuitive finding in our analysis is that spot Bitcoin ETFs have built more advanced custody architectures than the corporate Bitcoin treasury companies that claim to be the conviction plays.

BlackRock's IBIT employs a dual-custodian model: Coinbase for primary cold storage, Anchorage Digital for active services. ARK 21Shares has four simultaneous custodians. Fidelity FBTC added BitGo as secondary custodian in February 2026.

Every example of the sophisticated dual-custodian architecture — separating cold storage from active collateral management — is an ETF issuer, not a corporate Bitcoin treasury. The implication is significant: an institutional investor buying IBIT has clearer custody architecture documentation, more custodian diversification, and more robust sovereign risk mitigation than an investor buying MSTR shares.

SECTION 5: THE BITCOIN POWER SCORE — CUSTODY JURISDICTION METHODOLOGY

At Bitcoin & Tech Wealth Edge, we have developed the Bitcoin Power Score (BPS) as a standardized framework for evaluating the quality, conviction, and institutional rigor of corporate Bitcoin treasury strategies. Custody jurisdiction is one of the BPS inputs, weighted at approximately 8-10% of total score.

The BPS Custody Jurisdiction Scale (5-Point)

Selected DATCO Custody Scores

SECTION 6: THE EMERGING DUAL-CUSTODIAN STANDARD

The most sophisticated custody architecture currently in operation combines two distinct functions: primary cold storage custody and active collateral/financing custody. These functions have different optimal providers, different speed requirements, and different risk profiles.

As of March 2026, every confirmed example of this dual-custodian architecture is an ETF issuer:

The first corporate Bitcoin treasury to publicly announce a dual-custodian structure will establish a new institutional credibility benchmark for the entire DATCO category.

SECTION 7: WHAT INVESTORS SHOULD DEMAND

Based on this analysis, we recommend that institutional investors evaluate corporate Bitcoin treasury companies against the following minimum disclosure standards before allocating capital.

Named custodians: Every custodian relationship should be publicly disclosed in SEC filings, investor presentations, or formal press releases.

Custody jurisdiction: The regulatory jurisdiction of each custodian should be disclosed. This determines the sovereign seizure risk profile of the holding.

Segregation confirmation: Companies should explicitly confirm whether assets are held in segregated accounts or omnibus structures.

Insurance coverage: The amount and provider of crime and cyber insurance covering the Bitcoin holdings should be disclosed.

Multi-custodian structure: For holdings exceeding $500 million, single-custodian arrangements represent unacceptable concentration risk.

No rehypothecation confirmation: Companies should explicitly confirm that custodians are not lending, rehypothecating, or otherwise encumbering the held Bitcoin.

Annual audit: SOC 2 Type II or equivalent audit of the custody arrangement should be completed annually and results made available to institutional investors.

CONCLUSION: THE INFRASTRUCTURE GAP IS THE OPPORTUNITY

The Bitcoin custody infrastructure securing institutional holdings is, at its best, genuinely extraordinary — air-gapped vaults, TEMPEST-shielded facilities, multi-signature architectures, geographic distribution across multiple jurisdictions, and institutional-grade audit trails.

But the systemic disclosure failure across the top 50 corporate Bitcoin treasury companies represents a meaningful gap between where institutional custody standards are and where they need to be for this asset class to fully mature. Over half of the top 50 holders have disclosed nothing. The ETF issuers have built more sophisticated custody architectures than the self-described Bitcoin conviction companies.

At Bitcoin & Tech Wealth Edge, we view this gap as both a risk to monitor and an opportunity to capitalize on. The companies that lead on custody transparency — naming their custodians, disclosing their jurisdictions, confirming their segregation arrangements, and adopting the dual-custodian model — will command institutional credibility premiums that others cannot match. The Bitcoin Power Score custody component is our framework for identifying and rewarding that leadership.

The next milestone in Bitcoin treasury credibility is not another company buying more Bitcoin. It is the first DATCO that discloses its full custody stack, adopts dual-custodian architecture, and publishes its methodology for sovereign risk management.

DISCLOSURES

This report is published by Bitcoin & Tech Wealth Edge for informational and educational purposes only. Nothing herein constitutes financial, legal, or investment advice. All AUC figures are estimates based on publicly available information including SEC filings, S-1 disclosures, company press releases, and industry analyst estimates as of March 2026. Custody disclosures reflect publicly available information only. BPS scores are proprietary estimates subject to revision.

The author may hold positions in securities discussed in this report. Past performance is not indicative of future results. Bitcoin and digital assets involve substantial risk of loss.

DATCO (Digital Asset Treasury Company) and Bitcoin Power Score (BPS) are proprietary frameworks developed by Bitcoin & Tech Wealth Edge. All rights reserved.

© 2026 Bitcoin & Tech Wealth Edge. All rights reserved. bitcoinwealthedge.com