Institutional-grade custody with MPC technology, cold storage, and configurable governance

Custody Solutions

LX provides institutional custody infrastructure combining the security of cold storage with the operational flexibility required for active trading. Our custody solution eliminates counterparty risk while maintaining regulatory compliance.

Architecture Overview

┌─────────────────────────────────────────────────────────────────┐
│                    CUSTODY ARCHITECTURE                          │
├─────────────────────────────────────────────────────────────────┤
│                                                                   │
│  ┌─────────────────┐  ┌─────────────────┐  ┌─────────────────┐  │
│  │   Hot Wallet    │  │   Warm Wallet   │  │   Cold Vault    │  │
│  │   (Trading)     │  │   (Settlement)  │  │   (Long-term)   │  │
│  │                 │  │                 │  │                 │  │
│  │  MPC (2-of-3)   │  │  MPC (3-of-5)   │  │  MPC (4-of-7)   │  │
│  │  < $1M          │  │  $1M - $100M    │  │  > $100M        │  │
│  │  Auto-sign      │  │  Policy-sign    │  │  Manual-sign    │  │
│  └─────────────────┘  └─────────────────┘  └─────────────────┘  │
│           │                   │                   │              │
│           └───────────────────┼───────────────────┘              │
│                               │                                  │
│                    ┌──────────┴──────────┐                       │
│                    │   Policy Engine     │                       │
│                    │   • Whitelists      │                       │
│                    │   • Limits          │                       │
│                    │   • Time-locks      │                       │
│                    └─────────────────────┘                       │
└─────────────────────────────────────────────────────────────────┘

MPC Wallet Technology

Multi-Party Computation (MPC)

LX uses threshold MPC signatures where no single party ever holds a complete private key. Keys are generated and stored as distributed shares across geographically separated infrastructure.

No Single Point of Failure: Even if multiple key shares are compromised, attackers cannot reconstruct the private key without meeting the threshold.

Key Generation

Key Generation Process (MPC-DKG)
────────────────────────────────────────────────────────────────

1. Distributed Key Generation (DKG)
   ┌─────────┐  ┌─────────┐  ┌─────────┐
   │ Share 1 │  │ Share 2 │  │ Share 3 │
   │ (LX)    │  │ (Client)│  │ (HSM)   │
   └─────────┘  └─────────┘  └─────────┘
        │            │            │
        └────────────┼────────────┘
                     │
              ┌──────┴──────┐
              │ Public Key  │  ← Only this is revealed
              │ (On-chain)  │
              └─────────────┘

2. Threshold Signing (t-of-n)
   - Hot Wallet:  2-of-3 (client + LX + HSM)
   - Warm Wallet: 3-of-5 (client + LX + 2 HSMs + backup)
   - Cold Vault:  4-of-7 (client + LX + 3 HSMs + 2 backups)

Signing Protocols

Protocol	Use Case	Latency	Security
CGGMP21	ECDSA (secp256k1)	50ms	Production
GG20	ECDSA (secp256k1)	100ms	Production
FROST	Schnorr/EdDSA	30ms	Production
Ringtail	Post-Quantum	200ms	Production

Key shares are distributed across multiple security domains:

Share Location	Control	Hardware	Geography
Client HSM	Client	Thales Luna	Client premises
LX Primary	LX	AWS CloudHSM	US-East
LX Secondary	LX	Azure HSM	EU-West
Backup 1	Escrow Agent	Futurex	Singapore
Backup 2	Escrow Agent	Utimaco	Switzerland

Wallet Tiers

Hot Wallet (Trading)

Designed for active trading with automated signing within policy limits.

Configuration:

Threshold: 2-of-3 MPC
Balance Limit: Up to $1M equivalent
Signing: Automatic within whitelist
Latency: < 100ms
Use Case: Intraday trading, market making

Policies:

{
  "wallet_type": "hot",
  "threshold": "2-of-3",
  "max_balance_usd": 1000000,
  "auto_sign_conditions": {
    "destination_whitelist": true,
    "max_transaction_usd": 100000,
    "daily_limit_usd": 500000,
    "velocity_check": true
  }
}

Warm Wallet (Settlement)

For settlement operations requiring additional approval.

Configuration:

Threshold: 3-of-5 MPC
Balance Limit: $1M - $100M
Signing: Policy-based with approval workflow
Latency: < 5 minutes
Use Case: Daily settlement, large transfers

Policies:

{
  "wallet_type": "warm",
  "threshold": "3-of-5",
  "max_balance_usd": 100000000,
  "approval_workflow": {
    "under_1m": "auto_sign",
    "1m_to_10m": "single_approval",
    "over_10m": "dual_approval"
  },
  "time_delay_minutes": 15
}

Cold Vault (Long-term)

Air-gapped storage for long-term holdings.

Configuration:

Threshold: 4-of-7 MPC
Balance Limit: Unlimited
Signing: Manual ceremony with multiple parties
Latency: 24-48 hours
Use Case: Reserve assets, long-term holdings

Policies:

{
  "wallet_type": "cold",
  "threshold": "4-of-7",
  "max_balance_usd": null,
  "signing_ceremony": {
    "required_parties": 4,
    "quorum_locations": 2,
    "advance_notice_hours": 24,
    "video_verification": true
  }
}

Policy Engine

Whitelist Management

Configure destination addresses that can receive funds without additional approval.

// Whitelist configuration
const whitelist = {
  addresses: [
    {
      address: "0x1234...5678",
      label: "Prime Broker Settlement",
      dailyLimit: "10000000", // $10M
      requiresApproval: false
    },
    {
      address: "0xabcd...ef01",
      label: "OTC Counterparty",
      dailyLimit: "5000000",
      requiresApproval: true
    }
  ],
  additionPolicy: {
    requiredApprovers: 2,
    cooldownPeriod: "24h"
  }
};

Transaction Limits

Limit Type	Hot Wallet	Warm Wallet	Cold Vault
Per Transaction	$100,000	$10,000,000	Unlimited
Daily	$500,000	$50,000,000	$100,000,000
Weekly	$2,000,000	$200,000,000	$500,000,000

Time Locks

Configure mandatory delays for large withdrawals:

const timeLockPolicy = {
  tiers: [
    { minAmount: 0, maxAmount: 1000000, delay: "0h" },
    { minAmount: 1000000, maxAmount: 10000000, delay: "1h" },
    { minAmount: 10000000, maxAmount: 50000000, delay: "4h" },
    { minAmount: 50000000, maxAmount: null, delay: "24h" }
  ],
  emergencyOverride: {
    enabled: true,
    requiredApprovers: 3,
    notificationChannels: ["sms", "email", "slack"]
  }
};

Approval Workflows

Standard Withdrawal Flow
────────────────────────────────────────────────────────────────

  Initiate    →    Policy    →    Approval    →    Execute
  Request         Check          Queue            Transaction
     │               │               │                │
     │               │               │                │
     ▼               ▼               ▼                ▼
┌─────────┐   ┌─────────────┐  ┌──────────┐   ┌───────────┐
│ User    │   │ • Whitelist │  │ • Email  │   │ • Sign    │
│ Request │   │ • Limits    │  │ • SMS    │   │ • Broadcast│
│         │   │ • Velocity  │  │ • MFA    │   │ • Confirm │
└─────────┘   │ • Time-lock │  │ • 2P Auth│   └───────────┘
              └─────────────┘  └──────────┘

Hardware Security Modules (HSM)

Supported HSMs

Vendor	Model	FIPS Level	Integration
Thales	Luna Network HSM 7	FIPS 140-3 Level 3	Native
AWS	CloudHSM	FIPS 140-2 Level 3	Native
Azure	Dedicated HSM	FIPS 140-2 Level 3	Native
Futurex	KMES Series 3	FIPS 140-2 Level 3	Native
Utimaco	CryptoServer	FIPS 140-2 Level 3	Native
YubiHSM	YubiHSM 2	FIPS 140-2 Level 3	Native

HSM Key Ceremony

For cold vault key generation, we conduct formal key ceremonies:

Pre-Ceremony:

Schedule with 2+ week advance notice
Select ceremony location (client premises or neutral site)
Verify participant identities
Prepare hardware and network isolation

Ceremony:

Establish air-gapped environment
Generate entropy from multiple sources
Execute MPC-DKG protocol
Distribute shares to HSMs
Verify public key derivation
Document and notarize process

Post-Ceremony:

Secure transport of HSMs to storage locations
Test signing with subset of shares
Archive ceremony recordings (encrypted)
Provide key certificates to client

Insurance Coverage

LX maintains comprehensive insurance coverage for custodied assets.

Coverage Details

Coverage Type	Provider	Limit	Deductible
Crypto Specie	Lloyd's Syndicate	$500M	$1M
Crime/Theft	AIG	$100M	$500K
E&O	Chubb	$50M	$250K
Cyber	Beazley	$100M	$500K
D&O	AXA XL	$25M	$100K

Coverage Conditions

Coverage applies when assets are:

Held in approved custody infrastructure
Protected by minimum 2-of-3 MPC threshold
Subject to active policy controls
Within declared balance limits

Comparison with Alternatives

vs Centralized Exchange Custody

Feature	LX Custody	CEX Custody
Key Control	Client + LX (MPC)	Exchange only
Counterparty Risk	None	Full exchange risk
Insurance	Per-client	Pooled (if any)
Regulatory	SOC 2, ISO 27001	Varies
Withdrawal Limits	Configurable	Exchange-imposed
On-chain Verification	Yes	No

vs Self-Custody

Feature	LX Custody	Self-Custody
Key Recovery	MPC backup shares	Seed phrase only
Operational Security	Institutional-grade	DIY
Trading Efficiency	Native integration	Manual transfer
Insurance	Included	Must arrange
Compliance Reporting	Built-in	Manual
24/7 Support	Yes	No

vs Third-Party Custodians

Feature	LX Custody	Third-Party
Settlement Speed	T+0 (atomic)	T+1 to T+3
Trading Integration	Native	API bridge
Cost	Included	0.10-0.50% annually
Chain Support	Native (multi-chain)	Limited
Customization	Full	Limited

API Integration

Wallet Management

import { LxCustody } from '@luxfi/custody-sdk';

const custody = new LxCustody({
  apiKey: process.env.LX_API_KEY,
  clientCertificate: fs.readFileSync('./client.pem'),
});

// Create new wallet
const wallet = await custody.wallets.create({
  type: 'warm',
  name: 'Settlement Wallet',
  threshold: '3-of-5',
  policy: {
    dailyLimit: '50000000',
    whitelist: ['0x1234...'],
    timeLock: '1h'
  }
});

// Get wallet balance
const balance = await custody.wallets.getBalance(wallet.id);

// Initiate withdrawal
const withdrawal = await custody.withdrawals.create({
  walletId: wallet.id,
  destination: '0xabcd...',
  asset: 'USDC',
  amount: '1000000',
  memo: 'Settlement #12345'
});

Approval Workflow

// List pending approvals
const pending = await custody.approvals.list({
  status: 'pending',
  walletId: wallet.id
});

// Approve transaction
await custody.approvals.approve({
  approvalId: pending[0].id,
  signature: await signer.sign(pending[0].hash),
  mfaCode: '123456'
});

// Reject transaction
await custody.approvals.reject({
  approvalId: pending[1].id,
  reason: 'Suspicious destination'
});

Supported Assets

Native Support

Asset	Network	Custody Type
LUX	Lux Network	MPC
BTC	Bitcoin	MPC
ETH	Ethereum	MPC
SOL	Solana	MPC
USDC	Multi-chain	MPC
USDT	Multi-chain	MPC

ERC-20 / SPL / BEP-20

All major tokens on supported networks are automatically available for custody.

Adding Custom Assets

// Request custom asset support
await custody.assets.requestSupport({
  symbol: 'CUSTOM',
  network: 'ethereum',
  contractAddress: '0x...',
  decimals: 18,
  justification: 'Portfolio holding'
});

Disaster Recovery

Recovery Scenarios

Scenario	Recovery Method	RTO
Single HSM failure	Automatic failover	< 1 minute
Data center outage	Geographic failover	< 5 minutes
Key share compromise	Re-share protocol	< 1 hour
Complete LX failure	Client-controlled recovery	< 24 hours

Client Recovery Keys

Each institutional client receives sealed recovery packages:

Encrypted backup of their key shares
Recovery instructions
Emergency contact procedures
Stored at two independent escrow agents

Full Control: In a worst-case scenario where LX ceases operations, clients can recover their assets independently using their key shares and backup packages.

Contact

Custody Operations

Email: [email protected]
Phone: +1 (415) 555-0103
Emergency: +1 (415) 555-0199 (24/7)

Onboarding

Email: [email protected]
Schedule: Book custody consultation

Custody Solutions

On this page