Crypto Custody Insurance Guide
Protect institutional crypto assets with custody insurance. Compare Coinbase ($320B+ AUM), Fireblocks ($4B+ insured), BitGo, and Lloyd's of London policies. Understand crime vs specie coverage, cold/hot storage gaps, and regulatory requirements.
Custody Insurance Overview
Crypto custody insurance is specialized coverage protecting digital assets held by third-party custodians from theft, hacking, fraud, and loss. The market expanded 300% in 2024-2025 as institutions adopted crypto. Coinbase Custody alone holds $320B+ in assets for institutions, backed by AXA and Lloyd's policies covering $250M+ per client. Fireblocks pioneered enterprise custody with $4B+ in insured assets across 1,000+ institutional clients.
We analyze claims history and payout records, not just policy terms. A protocol that's never paid a claim isn't necessarily trustworthy.
Market Scale & Key Players
Coinbase Custody: $320B+ assets under custody, $250M+ per client insurance, AXA underwriter. Founded 2017, serves 500+ institutions (pension funds, family offices, hedge funds).
Fireblocks: $4B+ insured assets, covers 1,000+ institutions, $5B+ additional transaction insurance. Multi-asset support (100+ blockchains), institutional-grade security.
BitGo: $250M+ insurance policy, serves 300+ institutional clients, cold storage specialization (all assets offline).
Kraken Custody: $100M+ per client, Fidelity-backed (2023 acquisition in progress), emerging institutional player.
Institutional Custodians Comparison
| Custodian | AUM | Insured Per Client | Fee (Annual %) | Min. Account |
|---|---|---|---|---|
| Coinbase Custody | $320B+ | $250M+ | 0.1%-0.25% | $1M |
| Fireblocks | $2B+ (client AUM) | $4B+ total insured | 0.15%-0.4% | $5M |
| BitGo | $1B+ in custody | $250M per client | 0.2%-0.35% | $2M |
| Kraken Custody | $500M+ (growing) | $100M per client | 0.25%-0.4% | $500k |
| Fidelity Digital Assets | $300M+ (Bitcoin/ETH) | Unlimited (custodial trust) | Custom (0.1%-0.5%) | $10M |
Selecting a Custodian: Key Factors
- Assets under custody: Larger AUM = more robust capital reserves. Coinbase's $320B signals security credibility.
- Insurance underwriter: AXA and Lloyd's are gold standard. Avoid custodians self-insured (rare, risky).
- Cold storage %: Coinbase (98% cold) vs Fireblocks (100% cold by default). Higher cold = lower hack risk.
- Regulatory status: NY BitLicense (Coinbase, Gemini, Kraken). NYDFS approval signals compliance.
- Audit history: SOC 2 Type II certification, annual security audits, passed penetration tests. Public information on custodian website.
Insurance Policy Types & Coverage Models
Crime Insurance
Covers theft by employees, third-party theft, fraud, embezzlement. Example: Employee with admin access steals private keys.
Premium: 0.2%-0.5% of AUM annually. Coverage limit: $100M-$1B depending on custodian size.
Typical incidents: 1-2 per year across all custodians (Coinbase zero major incidents in decade).
Specie Insurance
Covers loss of custody property (physical or digital). Example: Hard drive with private keys malfunction, data loss.
Premium: 0.1%-0.3% of AUM annually. Coverage limit: Often unlimited (depends on underwriter).
Typical incidents: Hardware failures in cold storage (mitigated by redundancy and backup systems).
Errors & Omissions (E&O) Insurance
Covers custodian mistakes (wrong withdrawal address, failed transaction). Example: Accidentally send client's Bitcoin to blackhole address.
Premium: 0.1%-0.2% of AUM. Coverage: $10M-$500M depending on policy. Increasingly standard for institutional custodians.
Lloyd's of London Comprehensive Policies (2025+)
Lloyd's syndicates (underwriter groups) now offer bundled crypto insurance: crime + specie + E&O + cyber. Comprehensive policies cover 90%+ of institutional scenarios.
Premium structure: Minimum $100k-$500k/year depending on AUM. Base + variable (AUM-based). Example: $1B custodian = $250k minimum + 0.2% variable = ~$250k + $2M = $2.25M annually.
Coverage limit: $500M-$5B depending on underwriter appetite. Coinbase's multiple syndicates allow $250M+ per client with room to scale.
Coverage Gaps: Cold vs Hot Storage
Cold Storage (Offline Vaults)
Coverage: 100% insured. Assets kept in offline hardware, geographically redundant vaults (e.g., Coinbase vaults in 3+ locations).
Risk profile: Near-zero hack risk (no internet connection). Only human error or natural disaster risks (mitigated by backups).
Operational friction: 24-48 hour withdrawal window. Unsuitable for frequent trading. Coinbase uses for long-term institutional holdings (98% of custody assets).
Hot Wallets (Online, Operational)
Coverage: 50-90% insured. Higher risk drives higher premiums (2-3x cold storage cost). Some policies exclude hot wallet losses.
Risk profile: Hack exposure (connected to internet). Mitigated by: multi-sig controls (3-of-5 signatures required), air-gap isolation, monitoring.
Use case: Operational liquidity only (<2% of assets). Coinbase holds 2% hot for day-to-day client withdrawals, 98% cold.
Coverage Exclusions (Not Insured)
- Price collapse (crypto loses 80% value)
- Regulatory seizure or government action
- Staking slash penalties
- Smart contract exploits (DeFi position losses)
- Network failures or blockchain reorg (extremely rare)
- Self-custody/key loss (hardware wallet
Optimal Institutional Custody Setup
Portfolio Allocation Strategy
60% - Primary Custodian (Cold Storage): Coinbase Custody or Fireblocks. 100% insured, 98%+ cold. Low-friction for quarterly rebalancing.
20% - Secondary Custodian (Redundancy): BitGo or Kraken Custody. Backup provider for key management resilience. Separate insurance policy.
15% - Operational (Hot Wallet): Primary custodian hot wallet for liquidity. Monthly rebalance from cold. Requires monitoring.
5% - Hardware Wallet (Self-Custody): Multi-sig cold storage (Gnosis Safe, Ledger). Keys held by separate team member. Backup for catastrophic custodian failure.
Cost Analysis ($100M Portfolio)
Primary Custodian (Coinbase): $100M × 0.2% = $200k/year
Secondary Custodian (BitGo): $20M × 0.25% = $50k/year
Governance & Multi-Sig Setup: $20k-$50k one-time setup
Total Annual Cost: ~$250k-$300k (0.25%-0.3% of AUM). Typical for large institutions.
Regulatory Requirements & Compliance
US Regulatory Framework
NY BitLicense: Required for custodians operating in New York. Coinbase, Gemini, Kraken, Fidelity Digital Assets all hold BitLicense (approved by NYDFS).
SEC Custody Rule (2023): Institutional advisors (RIAs) must use SEC-qualified custodians. Qualified custodians: Coinbase Custody, BitGo, Fidelity (all approved). Eliminates unregulated alternatives.
OCC Guidance (2021): Banks can offer crypto custody via partnerships (e.g., JPMorgan partnerships with Fireblocks). Custody counts as banking product, subject to banking regulations.
Required Security Certifications
- SOC 2 Type II: Annual audit of security controls. Coinbase, BitGo publicly share SOC 2 reports.
- ISO 27001: Information security management standard. Third-party certified.
- Penetration Testing: Annual red-team exercises by external security firms. Results reviewed by insurers.
- Proof of Reserves: Attestation that custodian holds claimed assets. Increasingly required by regulators and users.
- Cold Storage Audits: Annual audits of vault locations, key storage, physical security.
FAQ
Is my crypto on Coinbase insured?
Partially. Fiat deposits (USD, EUR, GBP) are FDIC-insured up to $250k as of 2025. Crypto holdings: 98% held in offline cold storage insured via AXA policy ($250M+ per customer). Remaining 2% online for withdrawal liquidity covered by cyber insurance. For retail, Coinbase recommends under $50k per account; institutional accounts have higher per-customer limits ($250M+).
What happens if a custodian goes bankrupt?
Custodian bankruptcy doesn't affect client assets (held separately under custody law, not custodian's balance sheet). Regulatory framework (SEC custody rule, NY BitLicense) requires segregation. However, operational issues (slow withdrawals, frozen accounts) can occur. Insurance covers custodian failure only if assets are actually lost/stolen (rare). Best practice: diversify across 2+ custodians to mitigate operational risk.
Can I get insurance for self-custody (hardware wallet)?
Limited options. Evertas (startup, 2024) offers hardware wallet insurance in select states (CA, NY pending). Heirloom covers key recovery but not theft. Most insurers require institutional custody (not self-custody) due to liability concerns. For self-custody, insurance typically covers operational loss (forgotten password, hardware failure) via specialized products, not standard crime insurance.
What's the difference between Fireblocks and Coinbase Custody?
Coinbase Custody: Specialized custody (no trading), full cold storage, AXA insurance, $250M per client. Fireblocks: Custody + operations platform (orchestrates transactions, workflows), 100% cold by default, enterprise-grade. Fireblocks costs 2-3x Coinbase but offers automation and multi-chain support. Choose Coinbase for simplicity, Fireblocks for operational complexity (many blockchains, frequent rebalancing).
Are staking rewards covered by custody insurance?
Custody insurance covers the principal staked amount but NOT staking penalties (slashing) or lost rewards from protocol failures. Example: $1M ETH staked = $1M insured if stolen, but 32 ETH slash penalty = not insured. DeFi insurance (Nexus Mutual, InsurAce) covers smart contract risks but not custody. For institutional staking, use both: custody insurance (theft protection) + DeFi insurance (protocol risk).
How do I verify a custodian's insurance coverage?
Request the Insurance Certificate directly from custodian. Should list: underwriter (AXA, Lloyd's syndicate), coverage limits, policy exclusions. Red flags: self-insured (custodian covers losses from capital), named perils (excludes certain risks), low coverage limits (<$50M for $1B+ AUM). Reputable custodians publish insurance details on website or in compliance docs. If custodian refuses to share certificate, do not use.