If you have not yet read it, start with the Architecture overview. This guide builds on the concepts introduced there.
What Is Custody?
A custodian of a wallet is any entity for which either of the following is true:- The entity can unilaterally execute transactions on the wallet (for example, transferring funds out).
- The entity can unilaterally block transactions on the wallet (for example, preventing a transfer from going through).
A wallet can have multiple custodians. Custody is not exclusive — it applies independently to every entity that meets either of the two criteria above.
Why Custody Matters
Regulation and compliance
In many jurisdictions, if you are a custodian of wallets holding user funds, you must comply with additional regulatory obligations (for example, AML programs, money transmitter registration, and relevant licensing). Some companies choose to take on these obligations. Others prefer to avoid custodial responsibilities. Either path can be valid, but it is important to understand the operational overhead and compliance costs that come with custody. A third option is to use a licensed third-party custodian to hold custody on your behalf. This can be a good middle ground when you need custodial features without obtaining licenses yourself.Business control
There are scenarios where you want the ability to move funds from a backend (for example, for company treasury wallets, automated flows, or delegated workflows). In these cases, a custodial architecture may be the right choice. Hybrid approaches are also common. For example, you can keep a user as the primary custodian while adding a scoped company signer with revocable permissions. See Common Signer Configurations for a concrete example.User perception
In many applications — especially fintech products and savings platforms — users may prefer to be the ultimate custodians of their funds. A non-custodial architecture can be a competitive differentiator because it guarantees that no company can unilaterally access or freeze funds.Security
Custodial and non-custodial architectures have different threat models:- In a custodial architecture where your company holds keys, a compromise of your infrastructure can impact many wallets at once. The benefit is that security investment can be centralized.
- In a non-custodial architecture where users control their own keys, large-scale compromise is harder because each user is an independent endpoint. The tradeoff is that individual users may be targeted through phishing, social engineering, or device compromise.
User experience
Custody is not a reliable proxy for user experience. Modern smart contract wallets and signing mechanisms (passkeys, device keys, user-friendly recovery, and gas sponsorship) make non-custodial architectures capable of a fully seamless UX.Cost
Non-custodial architectures are often cheaper to operate. Using user-controlled signers reduces the need for key management infrastructure, custodial insurance, and custody licensing.Custody in Crossmint
Crossmint wallets implement custody through signers. The custody modality of a wallet is determined by the signer configuration, not by the wallet itself.Crossmint never takes custody of your or your users’ funds. Custody is held by your users, your company, or a third-party custodian you choose.
- Deploy non-custodial wallets using user-controlled operational signers (for example, device keys or passkeys).
- Deploy custodial wallets using server-side operational signers (for example, server keys or Cloud KMS).
- Integrate a licensed third-party custodian to operate signers on your behalf.
- Deploy hybrid configurations (for example, user custody plus a scoped operational company signer).
- Mix custody modalities across geographies while keeping one implementation.
- Migrate between modalities over time by rotating signers without changing wallet addresses.
A wallet is only non-custodial (from your company’s perspective) if your company cannot unilaterally execute or block transactions.