The recent ByBit hack on February 21, 2025, in which attackers stole nearly $1.5 billion in crypto assets​, serves as a stark reminder of the importance of robust security in digital asset custody. In a landscape where threats are constantly evolving, relying on secure, regulated, and advanced custodial solutions is essential to safeguarding assets. This is where qualified custody (regulated custody) comes into play.

Why custody technology matters

Many qualified custodians operate under strict security protocols to protect client assets. Solutions like Finoa’s custody platform implement multiple layers of security, reducing risks associated with human error, malicious attacks, and single points of failure. Here’s how Finoa ensures the highest level of protection:

  • Multi-person customer approval – No single individual has control over fund movements. Transactions require multiple approvals, preventing unauthorized access.
  • Biometric Verification – Every approver must verify their identity biometrically, ensuring that only authorized personnel can approve transactions.
  • Hardware Security Modules (HSMs) – Transactions are only executed if they meet strict security policies set by the system. HSMs prevent unauthorized or malformed transactions - there are no “blind signatures”.
  • Rigorous transaction reviews – Any complex or custom transactions undergo a thorough review process, involving both internal and external parties.
  • Multi-layered whitelisting – Restrictions exist at multiple levels, including at the smart contract level, to ensure funds only move to trusted destinations.
  • Cryptographic signatures – Transactions are cryptographically locked to prevent tampering, ensuring destination, customer account and other details remain unchanged.
  • Hardware-Enforced Execution – At the final step, execution is guaranteed by hardware controls, reinforcing all other security measures.

European Union regulatory requirements strengthening custody security coming in: DORA and MiCAR

Finoa’s custody solution is already subject to thorough regulatory oversight by BaFin under the German regime regulating crypto custody with the German Banking Act (KWG) and the Requirements for IT in Financial Institutions (BAIT).

The formerly fragmented system of local regulation of crypto asset services across Europe is now continuously being replaced by a harmonised framework, benefiting customers and ensuring unified standards in digital asset security. The EU has recently introduced comprehensive regulatory frameworks, primarily DORA (Digital Operational Resilience Act) and MiCAR (Markets in Crypto-Assets Regulation), which set rigorous standards for information security, operational security, and cybersecurity that will govern Finoa’s custody in future:

Digital Operational Resilience Act (DORA)

  • Cybersecurity assessments and monitoring: Continuous threat detection, vulnerability assessments, and real-time incident monitoring.
  • Third-party Risk Management: Comprehensive due diligence, monitoring, and control of third-party service providers to prevent operational disruptions.
  • Incident response and reporting: Clearly defined incident management procedures, rapid response protocols, and mandatory reporting obligations.
  • Business continuity planning: Mandatory contingency plans, frequent resilience testing, and disaster recovery exercises to ensure operational continuity during disruptions.

Markets in Crypto-Assets Regulation (MiCAR))

  • Secure Asset Custody: Specific rules for asset segregation, ensuring client assets are securely and separately managed from custodian-owned assets.
  • Security Governance structures: Clear, robust governance frameworks covering roles, responsibilities, and security accountability across all operational layers.
  • Transparency and Disclosures: Detailed reporting and transparent disclosures related to custody services, risk management practices, and security measures.
  • Compliance procedures: Stringent processes for ongoing compliance, audits, and regulatory oversight to consistently ensure custodial integrity and security.

Together, these regulations ensure custodians across the EU provide secure, resilient, and transparent services, safeguarding digital assets and reinforcing trust across the digital financial ecosystem.


The Future of Secure Custody

With cyber threats increasing, institutions and investors must prioritize security over convenience. The ByBit hack highlights why strong custodial practices matter. Choosing a qualified custodian like Finoa ensures digital assets are managed under the highest security and regulatory standards. After all, security isn’t just about storing assets — it’s about protecting trust in the ecosystem.