Skip to main content
A glowing laptop with an iPhone on top of the keyboard.

Key Considerations for Protecting Crypto Assets

Digital Assets • March 24, 2025
Learn how your organization can help safeguard cryptocurrency assets.

It is estimated that organizations lose 5% of revenue to fraud each year, with an average loss of $1.7 million dollars.1 Asset misappropriation, or the unauthorized use of an organization’s assets for personal gain, accounts for 89% of those cases.2 In almost every case, the existence of controls reduces the overall loss and duration of the fraudulent act.3 That’s important to know, especially if your organization is considering adding bitcoin or other cryptocurrencies to its balance sheet as the unique challenges and opportunities of cryptocurrencies require new and different approaches to asset security that may not exist with other common assets. Once crypto assets are spent, they can never be recovered, making it crucial to consider various protective measures. In addition, those responsible for establishing internal controls should read on, especially if obtaining an audit.

As organizations explore crypto assets, relying solely on traditional control methods may not suffice. By understanding the unique factors at play and adopting the following strategies, organizations may be able to better protect their crypto assets. In this white paper, we will delve into six essential aspects of protecting crypto assets:

  1. Strategic Objectives
  2. Secure Methods & Wallets
  3. Private Key Management
  4. Security Infrastructure & Management
  5. Audits & Accountability
  6. Risk Management & Volatility

1. Strategic Objectives

Consider why you are adding bitcoin or other cryptocurrencies to your balance sheet. Clearly defining strategic objectives guides decision making and strategy, and having a well-defined vision of what this initiative aims to achieve can help align actions with long-term goals.

  • Goal Setting & Vision: Set clear, measurable goals for short-, medium-, and long-term objectives to maintain focus within a volatile market.
  • Risk Management & Mitigation: Take measures to manage and mitigate risks by identifying potential risks, gauging their impact, and developing strategies to address them.

2. Secure Methods & Wallets

One of the most critical components when entering the crypto-asset market is the choice between custodial and non-custodial solutions. In a custodial model, there is typically more convenience, but it may carry higher counter-party risk. For the non-custodial model, this would generally grant full control to the organization over their crypto assets, but requires more personal responsibility in securing the private keys. A hybrid approach may provide the best of both worlds.

Selecting a wallet type depends on security needs and preferences:

  • Custodial Methods: A central custodian holds the private keys on behalf of the organization. They may offer ease of use but require trust in the custodian and may face higher security risks.
  • Self-Custody (Non-Custodial): Organizations control their private keys and crypto assets, requiring them to manage their own security and backup measures.
  • Multi-Signature (Multi-Sig) Wallets: Require multiple private keys to authorize a transaction, distributing control across multiple parties or devices.
  • Multi-Party Computation (MPC) Wallets: Use cryptographic techniques to split private keys into shares managed by different parties, helping enhance security.

Effective management over the method in which an organization would like to custody their assets can be critical for securing assets and reducing the risk of unauthorized transactions. For more insight on the method of custodying crypto assets, see our FORsights™ article, “Custodial & Non-Custodial Digital Asset Wallet Risk Management.”

3. Private Key Management

If choosing to use self-custody, the security of private keys is paramount in safeguarding crypto assets. Organizations may carefully consider secure storage solutions such as hardware wallets, secure vaults, cold storage, and hot wallets, each offering varying levels of protection:

  • Hardware Wallets: Physical devices that store private keys offline, providing strong security against online threats. These also may be referred to as cold storage solutions.
  • Secure Vaults: Physical locations, such as a lockbox or safety deposit box, offer high-level security for private keys and seed phrases. These vaults should be secured with protections such as lock and key, keypad entry system, and/or biometrics.
  • Cold Storage: Offline storage methods that prevent exposure to online risks, typically used for long-term storage.
  • Hot Wallets: Online wallets that allow quick access to private keys for active trading and transactions. Unlike cold storage, private keys are exposed to risk as they maintain a constant connection to the internet for ease of access.

Clear guidance on who can access and manage private keys is imperative to enhance security and accountability over the management of crypto assets. Putting these measures into place may significantly reduce the risk of unauthorized access and potential loss of assets.

4. Security Infrastructure & Management

Developing secure infrastructure over hardware used to access the internal network within the organization is crucial when considering the integrity and reliability of the safeguarding of crypto assets. The implementation of IT General Controls around these technical resources is paramount in improving posture against various threats within the cybersecurity landscape.

  • Robust Security Measures: Implementing firewalls, Intrusion Detection Systems (IDS), and encryption are foundational steps in protecting infrastructure. Firewalls are used to filter traffic, IDS is used for the monitoring of suspicious behavior, and encryption is used to secure data during transmission and storage.
  • Environmental Threat Safeguards: Protecting infrastructure from environmental threats, including measures such as climate control, fire suppression, and redundant power supplies, may need to be considered. These safeguards may prevent physical damage to hardware and allow for continuous operations during adverse conditions.
  • Physical Access Control: Controlling physical access to hardware devices used for cryptocurrency transactions may prevent unauthorized tampering. This can involve biometric access controls, security personnel, and surveillance systems to monitor access points.
  • Infrastructure & OS Change Management: Change management procedures over the infrastructure and operating systems can help with operational stability. Implementing a change management process could provide that updates, patches, and configuration changes are tested and documented. Typically, a ticketing system can be used by an organization for management tracking these changes over their environment.
  • Defined Administrative Levels: Establishing defined administrative levels for infrastructure access based on the principles of least privilege helps to maintain control and oversight. Role-based access control (RBAC) can be used to assign permissions based on the user’s role within the organization through the approval from appropriate management or those charged with governance.
  • Authentication: Implementation of strong password requirements, such as the use of complex and unique passwords, may help when reviewing if authentication is done by approved personnel. Utilizing robust methods like multi-factor authentication (MFA) and biometric login can confirm that only authorized users gain access to the system. Furthermore, requiring signers to be in different or the same locations for certain transactions could further enhance security measures.
  • Device & Network Security: Regularly managing network vulnerabilities and monitoring access through the use of vulnerability management tools such as antivirus, encryption, and security logging over the network can provide that only authorized personnel can access assets and help protect systems from potential threats.
  • Cybersecurity Threats & Training: Regular security awareness training for staff is essential in the protection of data within the organization. This may include topics such as social engineering, phishing attempts, safe browsing, and the handling of sensitive information.
  • Incident Response & Business Continuity: The implementation of incident response and business continuity plans is essential for response to cyber incidents and natural disasters. A detailed incident response plan may include procedures around detection, containment, eradication, and recovery steps. Also, consider the use of Managed Security Service Providers (MSSPs) for knowledge and resources if there are resource constraints. Business continuity planning can create minimal disruption during and after incidents.
  • Vendor Management: A vendor management program may assist in the organization’s understanding over third-party vendor compliance with security standards as to potentially reduce any additional risk. This may include vendor due diligence, annual risk assessments, reviews of any applicable SOC Reports, and evaluations of the performance of the duties contracted as part of the vendor relationship.
  • Cybersecurity Insurance: Cybersecurity insurance can provide financial protection during a cyber incident. This may include coverage for losses due to theft, hacks, and other criminal activities such as employee fraud. Organizations also should check if the third-party custody solution they use has insurance coverage for crypto assets.
  • Access Management: It is crucial to administer proper protocols for user access to infrastructure and applications through defined policies that address provisioning, modifications, and deprovisioning. Annual reviews of access controls can help the organization feel comfortable that only authorized users have access to these resources.
  • Allowed Addresses:Develop procedures for approving addresses that the organization has reviewed. This helps prevent the transfer of crypto assets to unverified wallets.

By integrating robust security measures for authentication and protection, as well as device and network security, addressing cybersecurity threats, and maintaining effective access management, organizations can significantly enhance the security and reliability of the infrastructure used to safeguard crypto assets.

5. Audits & Accountability

Regular audits are essential for transparency and accountability in managing crypto assets. They help identify any discrepancies in financial reporting, which is crucial for maintaining trust with the general public. Here are several key considerations to enhance the auditing process:

  • Public Blockchain Explorers: Public blockchain explorers allow for tracking transaction data based on the network used. These explorers provide detailed insights into transaction history, balances, and other pertinent data, aiding in reconciliations and audit trails. They are valuable tools for auditors to verify transactions and maintain data accuracy.
  • Reconciliation Procedures: Establishing an accurate reconciliation process is vital for maintaining proper accounting and reporting of records. Organizations should consider reconciling on-chain transaction data with off-chain records for all transactions to help accurately document their crypto asset holdings. This practice contributes to the overall integrity and reliability of the balance sheet.
  • Blockchain-Integrated Accounting Software: Implementing accounting software that pulls data directly from the blockchain can streamline the reconciliation process. Such integration allows for real-time updates and can reduce the risk of manual errors.
  • Independent Audits: Conducting independent audits by third-party firms that have experience working with organizations with cryptocurrency, such as Forvis Mazars, can add an additional layer of assurance.
  • Regulatory Compliance: Staying compliant with relevant regulations and standards can be crucial. Different jurisdictions may have varying requirements for cryptocurrency reporting and audits. Adhering to these regulations improves legal compliance, which can foster organizational confidence.

By incorporating these measures, you can reinforce the transparency and accountability of your organization’s crypto assets, helping promote trust and reliability among stakeholders.

6. Risk Management & Volatility

Strategies to enhance risk management and address volatility can be critical for safeguarding your organization’s crypto assets. Here are a few key considerations that could be implemented:

  • Diversification of Custodians: Spread assets across multiple exchanges and wallet providers to minimize the impact of any single custodian’s poor performance or security issue.
  • Centralized vs. Decentralized Exchanges: Organizations may need to balance the advantages and disadvantages:
    • Centralized Exchanges: Centralized exchanges offer convenience and user-friendly interfaces. However, they require you to trust the exchange to secure your assets, as you don’t manage your private keys. Instead, you manage your authentication to the platform, typically through email and password.
    • Decentralized Exchanges: Decentralized exchanges provide greater privacy and control without intermediaries with centralized control but tend to be less intuitive and carry different security risks. Smart contract assessments help with the reliability and security of the user’s choice to use these exchanges.
  • Market Analysis and Research: Stay informed about market trends, news, and developments in the cryptocurrency space. Research and perform effective analysis to make informed decisions and anticipate potential market shifts, and consult with financial advisors for valuable insights.
  • Contingency Plans for Market Fluctuations: Develop contingency plans for market fluctuations to respond swiftly and effectively. A part of your strategy could be to set predefined stop-loss and take-profit levels to automatically execute trades based on price movements. It may be hard to remove emotions from trading but having a clear action plan can help decision making during periods of high volatility.

Conclusion

By addressing these key considerations, organizations can navigate the complex landscape of crypto assets with greater confidence and security. This approach encourages thoughtful decision making and a robust strategy to help protect digital assets.

For more information, contact a professional at Forvis Mazars today.

  • 1“Occupational Fraud 2024: A Report to the Nations,” acfe.com.

Related FORsights
Like what you see?
Subscribe to receive tailored insights directly to your inbox.