Opinion: Ido Sofer, founder and CEO of Sodot.

The cryptocurrency industry is usually far ahead of the curve when it comes to pure innovation and functionality, but security is another matter.

For years, the risk of storing cryptocurrencies has been defined by one concern: theft of private keys. The industry responded by strengthening warehouses with cool storage, air-gapped systems, MPC and other methods. It then recognized that key protection alone was not enough, introducing transaction security and policies to prevent malicious transactions from stealing funds, although keys remain protected. Both remain grave threats, but focusing solely on private keys obscures the deeper change.

Custody itself has expanded far beyond private keys.

“Custody” used to mean the protection of private keys. This definition no longer reflects reality. Custody has evolved into a complicated, automated system that handles various types of transactions across multiple locations, custodians, vendors and internal systems. Modern trading firms operate across exchanges, staking platforms, liquidity platforms, and infrastructure providers, each of which has API keys, validation keys, implementation credentials, and system-level secrets that can move capital directly or indirectly.

Many of these credentials are stored in secret managers, which by design return the full key to any authenticated process. Comfortable, yes, but structurally feeble. If the runtime is compromised by an external attacker, a compromised employee, or a malicious dependency, the full key will be compromised. Escrow risk has expanded beyond dormant keys on-chain and into the live execution layer, where capital flows in milliseconds and exposure occurs in real time.

The evolution of care safety

Safety of care has evolved in stages. First, the industry has secured private keys in storage. It then went beyond storage, policy embedding, and multi-party control to control how these keys were used during execution. The next step is inevitable: apply the same zero-vulnerability discipline to every key and credential. In newfangled crypto operations, API keys, implementation credentials, and execution secrets carry significant risks. Extending private key best practices to this broader area is no longer optional; this is the defining challenge of execution risk.

In recent years, execution risk has emerged as a major vector for large-scale exploits. Cybercriminals bypass onchain security mechanisms in favor of the gentle underbelly of API keys, server credentials, and other off-chain secrets necessary to facilitate trading, code deployment, staking, and security activities. Recent major breaches, including the Bybit hack, began with an off-chain hack and credential compromise that later led to the loss of on-chain funds.

How high is the execution risk?

It is immense and structured. Asset managers, trading firms, custodians and payment firms connect to dozens of CEXs, DEXs, liquidity providers and other providers simultaneously. Each integration introduces its own credentials, access controls, and operational dependencies. They are managed across development, operations, commercial, risk and security teams, creating complexity that deepens over time.

Securing these operations is a never-ending battle. Maintaining consistent security policies and access to multiple vendors is a huge problem that is largely done manually, resulting in inevitable security vulnerabilities and configuration drift.

Related: Bitcoin is infrastructure, not digital gold

Execution risk is not inherent to automation. This is a byproduct of how trading systems have been designed in the past. In many centralized exchange environments, API keys and operational credentials are placed directly into the trading infrastructure to eliminate latency. For market makers and trading firms, speed is not a feature but a business model. Even a marginal delay affects revenue.

Over time, the availability of the full key in running systems became standardized and became the simplest way to achieve high execution efficiency. Credentials are constantly on standby so transactions can be authorized immediately. The problem is not that capital flows quickly. It is that unilateral power is embedded in the operational infrastructure. And when power is concentrated where execution occurs, it becomes the most predictable vector of attack.

Existing controls are insufficient

Existing tools fall far tiny of what is required given the complexity of newfangled execution environments.

While cryptocurrency exchanges, custodians, and over-the-counter trading venues certainly have robust security policies in place for specific operations, it is extremely challenging for them to synchronize these controls across such a fragmented ecosystem. In fact, it is almost impossible to maintain consistent management across forty exchanges for any length of time. Because it’s done manually in silos, errors are inevitable, and a single mistake can put millions of dollars at risk.

Counterparty risk must also be taken into account. Exchanges and custodians can have their own vulnerabilities in the form of bugs, misconfigured infrastructure, and inconsistent enforcement mechanisms. If a trading company’s internal security code requires geofencing, but one of the exchanges it is connected to has a flawed implementation of this control, this creates a risk at the time of execution.

The risk is unbearable

The lesson the industry has learned from private key security is clear: eliminate full key disclosure and enforce strict policy controls on usage. These policies must now extend beyond on-chain private keys to include all credentials capable of authorizing the flow of value.

The solution is not simply to keep secrets better. Secret Managers are built for convenience; return the full key to any authenticated process. In live execution environments, this model distributes permissions among multiple system components while capital is in motion.

Systems with a zero-key exposure architecture are required, where no single computer or employee has unilateral control, combined with enforceable, context-aware policies that govern how credentials are used. Multi-party computation (MPC) is one way to implement this model, but the principle is broader – you need to extend private key security best practices to the entire cryptographic execution layer.

Opinion: Ido Sofer, founder and CEO of Sodot.