The secure custody of digital assets is one of the biggest challenges for institutional investors in the crypto sector. In particular, the custody of private keys requires the highest security standards and comprehensive risk management. ecrop offers you a reliable and regulated solution (license pending): crypto custody according to KWG and CryptoAssetTransferV. With our multi-level security architecture based on the principle of “Security in Depth” and incorporating state-of-the-art technologies like Hardware Security Modules (HSMs) and Multi-Factor Authentication (MFA), your crypto assets are optimally protected.

Why is secure custody of crypto assets so important?

Crypto assets exist exclusively as digital entries on the blockchain. The ownership and control of these entries are enabled through cryptographic keys (Private Keys). The loss or theft of these keys, or even just the loss of control over them, leads to the irrevocable loss of the associated crypto assets. The secure custody, management, and control of Private Keys are therefore crucial for protecting your digital assets. In addition to the technical challenges, the custody of crypto assets also involves regulatory risks that need to be minimized.

The ecrop Solution: Maximum Security and Compliance through Multi-Custody Approach

ecrop uses a multi-custody approach that combines the advantages of cold storage and state-of-the-art security technology to ensure the highest possible protection for your crypto assets while maximizing flexibility and availability for transactions. This approach allows us to meet our customers’ individual needs while maintaining the highest security standards and complying with all relevant regulatory requirements.

  • Cold Storage Architecture: Your Private Keys are generated and stored offline in Hardware Security Modules (HSMs). HSMs are specialized hardware devices that offer a high degree of tamper protection and are ideal for secure storage of cryptographic keys.

  • Multi-level Security Architecture: Our multi-level security architecture includes:

    • Access Controls: Strict, role-based access control (RBAC) limits access to sensitive data and functions to a minimum number of authorized persons.
    • Multi-Factor Authentication (MFA): MFA requires multiple independent factors for authentication, significantly increasing security.
    • Four-Eyes Principle: Critical operations, such as transaction approvals, follow the four-eyes principle. Two authorized employees must independently review and approve the activity.
    • Encryption: All data is encrypted both at rest (AES-256) and during transmission (TLS 1.3).
    • Firewalls and Intrusion Detection Systems: Firewalls and intrusion detection systems monitor network traffic and system activities in real-time and block potential threats.
    • Regular Security Reviews: Penetration tests, security audits, and vulnerability scans by internal and external experts ensure continuously high security levels.
    • Incident Response Plan: A detailed incident response plan defines clear processes and responsibilities in case of security incidents and ensures quick and effective response.

Regulatory Requirements:

As a BaFin-regulated company, ecrop fulfills all relevant regulatory requirements for crypto custody:

  • KWG Compliance: Custody is provided in accordance with the requirements of KWG and CryptoAssetTransferV.
  • Data Protection Compliance: Personal data is processed in accordance with GDPR and BDSG.
  • Regular Audits & Security Reviews: Internal and external audits ensure compliance with all regulatory requirements and security standards.

Core Functions in Detail:

  • Custody Services:

    • Secure Custody: Store your crypto assets securely in cold storage. Various cryptocurrencies and tokens are supported.
    • Wallet Management: Manage your wallets easily and intuitively through our user-friendly web portal. You have full insight into your holdings and transaction history at all times.
    • Automated & Manual Deposits and Withdrawals: Benefit from automated processes for quick and efficient transactions. Manual transactions are also possible.
    • Use Case: An institutional investor wants to hold various crypto assets securely long-term. With ecrop’s custody services, they can store their assets in cold storage and benefit from maximum security and compliance.

  • Key Management:

    • Secure Key Generation: ecrop generates unique key pairs for each customer in HSMs using cryptographically secure random number generators (CSPRNGs). The keys are never stored or transmitted unencrypted.
    • Secure Key Storage: Private keys are stored offline in HSMs and are protected against unauthorized access.
    • Regular Key Rotation: Keys are regularly rotated according to a defined schedule and as needed to minimize the risk of compromise.
    • Secure Recovery Procedure: A secure and documented procedure for key recovery is available in case of emergency.
    • Multi-level Access Controls & Encryption: Access to keys is strictly controlled and requires authorization from multiple persons (MFA and four-eyes principle). All key data is encrypted.
    • HSM Technology: The use of HSMs provides maximum security and tamper protection for your keys.

  • Transaction Management:

    • Secure and Efficient Processing: ecrop ensures secure and efficient processing of crypto transactions.
    • Real-time Transaction Status Tracking: You can track the status of your transactions in real-time at any time.
    • Integration with Trading Platforms (future): Seamless integration with existing trading platforms enables smooth trading of crypto assets.
    • Automated Verification and Approval: Automated verification and approval processes accelerate transaction processing.

  • Reporting & Compliance:

    • Comprehensive Reporting: Comprehensive reporting functions for customers and supervisory authorities provide full transparency and meet all regulatory requirements.
    • Detailed Audit Trails: Detailed and audit-proof audit trails document all transactions and system events and enable complete traceability.
    • Export Functions: Flexible export functions allow you to export data in various formats and integrate it into your existing systems.
    • API Integration: Powerful APIs enable automated data querying and processing as well as integration with your existing systems.
ROI & cost-benefit-analysisCrypto Register