Proposal: Adding Kraken, Anchorage Digital and Zodia as Eligible Custodians for the Backing Assets of USDe

General
1

This proposal requests the Ethena Risk Committee’s review of the following three entities as eligible custodians for the backing assets of USDe:

  1. Kraken Custody
  2. Anchorage Digital
  3. Zodia Custody

For all three providers, the Risk Committee have been briefed in advance of this post and have worked on a framework & analysis to be shared below.

With regards to the above custodians, the proposal has been submitted under the assumption that these custodians will just be used to custody assets like USDT, USDC, PYUSD, USDtb and Aave aTokens, rather than as a functioning Off-Exchange Settlement (OES) product that collateralizes perpetual positions on exchanges.

Ceffu and Copper are the sole OES providers used by Ethena today, and any proposed integration of addtional OES providers will first be reviewed by the Risk Committee.

Blockworks, Untangled and Llamarisk will provide analysis on the eligibility of the proposed custodians.

If approved, these custodians will be used for custodying a portion of the backing assets of USDe.

Proposal: Reduction of Risk Committee members from 5 to 3
2

To address this proposal, we have developed a standardized custodian onboarding framework for USDe’s backing assets, ensuring consistent due diligence and transparent risk assessment for partners, stakeholders, and the Ethena community.

Custodian Onboarding Framework for Ethena

Custodians serve as the backbone of security for Ethena. Being a crypto-focused stablecoin that depends on hedging delta-neutral positions on different exchanges, means that it would be exposed to a lot of counterparty risk from exchanges would it not be for an enshrined backing custody solution. Ethena maintains USDe’s peg stability through hedging strategies on centralized exchanges, but rather than holding assets directly on exchanges, it uses “Off-Exchange Settlement” providers like Copper, Ceffu, and Fireblocks to custody its backing assets while enabling delegation to exchanges for trading without ever transferring actual ownership. These providers allow Ethena to settle profit and loss from derivatives positions frequently, significantly reducing exposure to exchange failure risk between settlement cycles, while ensuring that Ethena retains beneficial title over all assets. This means that in the event of an exchange failure, Ethena can quickly redirect funds to alternative exchanges to maintain its hedging positions. This institutional-grade custody model separates asset ownership from trading execution, providing the security benefits of off-exchange storage while maintaining the liquidity access needed for effective delta hedging operations.

As per the attestation, published in October 2025, Copper and Ceffu are the main custodians. As of 23:59 UTC October 26th 2025, USDe supply was 10.371bn, and correspondingly:

  • $2.914bn has been verified to be held within solutions offered by Copper (including unrealized P&L);
  • $2.147bn has been verified to be held within solutions offered by Ceffu;
  • There was $5.245bn within Ethena’s Coinbase Web3 Wallets;
  • There was $72.272m within Ethena’s mint/redeem contract available to satisfy redemptions.

Critical custodian functions:

  • Safely custody protocol backing assets, transfer assets between smart contracts and users, and delegate/undelegate backing assets between Off-Exchange Settlement providers and centralized exchanges.
  • Enable Ethena to mitigate exchange failure risks by keeping assets off exchanges while still available to collateralize derivative positions.
  • Facilitate daily PnL settlement with exchanges to avoid large balances owed to the protocol.

Custodian Evaluation Framework

1. Security

1.1 Security Infrastructure

  • Wallet architecture (hot/warm/cold wallet ratio)
  • MPC (Multi-Party Computation) or multi-sig technology
  • Security certifications (SOC 2, ISO 27001, etc.)
  • Security audit history (frequency and results)
  • Cybersecurity protections and cyber insurance coverage
  • Disaster recovery and business continuity plans

1.2 Operational Track Record

  • Years operating in crypto custody
  • Total AUM (Assets Under Management)
  • History of security incidents or fund losses
  • Track record with other large-scale DeFi protocols
  • Reputation in institutional market

1.3 Legal Structure

  • Asset segregation structure (bankruptcy remote)
  • Jurisdiction and regulatory framework
  • Licenses and regulatory registrations
  • Clarity on asset ownership in insolvency scenarios
  • Insurance and guarantees offered

2. Operational Capability

2.1 Accessibility & Availability

  • Guaranteed SLA (Service Level Agreement) - uptime %
  • Delegation/undelegation speed (target: seconds)
  • 24/7 operational capacity
  • System redundancy and failover capabilities
  • Downtime history and mean time to resolution

2.2 Exchange Integration

  • List of supported exchanges (verify overlap with Ethena’s needs)
  • Established legal agreements with major exchanges
  • Clearloop capability or similar mechanism for daily PnL settlement
  • Process for exchanges to post collateral
  • Experience with margining and derivatives

2.3 Scalability

  • Capacity to support growing volumes (2-3 year projections)
  • Delegation limits per exchange
  • Transaction throughput
  • Operational costs and fee structure
  • Flexibility to add new exchanges/products

3. Ethena-specific Requirements

3.1 Essential Technical Features

  • Ability to prove onchain existence and control of funds
  • Integration with Ethena smart contracts (mint/redeem)
  • Robust API for hedging automation
  • Support for specific assets (ETH, stETH, BTC, USDC, USDT)
  • Independent monthly attestation capability

3.2 Risk Management

  • Real-time PnL monitoring processes
  • Alert systems and risk limits
  • Procedures in case of exchange failure
  • Response speed to transfer positions between exchanges
  • Ability to dispute erroneous settlement requests

3.3 Transparency & Reporting

  • Capacity to provide verifiable monthly attestations
  • Reporting granularity (breakdown by exchange, asset, etc.)
  • Reconciliation frequency
  • Real-time dashboard access
  • Third-party auditability

4. Exclusion Criteria

Immediate disqualifiers:

  • History of client fund losses
  • Jurisdiction conflicting with Ethena requirements
  • Inability to perform daily PnL settlement
  • Lack of bankruptcy-remote asset segregation
  • Inadequate insurance coverage
  • Inability to provide verifiable attestations
  • SLA < 99.9% uptime
  • Cannot integrate with >50% of Ethena’s critical exchanges
  • Undisclosed conflicts of interest
  • Opaque governance structure

5. Decision Process

Weighted Scoring System:

Category Weight Score (0-10) Minimum Acceptable
Security & Custody 40% 8/10
Operational Capability 30% 7/10
Ethena-Specific Requirements 30% 8/10

Approval Threshold:

  • Minimum total score: 7.5/10
  • All minimum criteria per category must be met
  • No critical red flags can be present

Final Recommendation: YES/NO/CONDITIONAL

  • YES: Score ≥ 8.0, no red flags, clear strategic value
  • NO: Score < 7.5 or presence of critical red flags
  • CONDITIONAL: Score 7.5-7.9, requires specific improvements or trial period

Additionally, a legal review should be conducted on the legal structure of any new custodian to be onboarded by specialized counsel.

It is advised to use a phased onboarding, starting with a small allocation first and scaling progressively. Furthermore, contingency planning should be done from the start by Ethena, where an exit strategy is defined if performance doesn’t meet expectations, based on established KPIs and a regular review cadence.

Proposal: Reduction of Risk Committee members from 5 to 3
3

Custody Evaluation of Kraken Custody, Anchorage Digital and Zodia Custody

Table of Contents

1. Executive Summary

Ethena requires custodial partners capable of safeguarding and servicing a complex, multi-asset backing portfolio valued at $6.46B (Jan 5, 2026).

image
image1540×832 155 KB

The portfolio is composed primarily of Liquid Stablecoins (~63%), with additional exposure to BTC (~23%), ETH & ETH LSTs (~12%), and small balances of BNB, XRP, and SOL.

For the purpose of this evaluation, Kraken Custody, Anchorage Digital, and Zodia Custody are assessed solely as custodians of backing assets - specifically USDT, USDC, PYUSD, USDtb, and Aave aTokens - and not as Off-Exchange Settlement (OES) providers used to collateralize perpetual positions on centralized exchanges. Ethena currently relies exclusively on Ceffu and Copper for OES functionality.

Supporting Ethena’s backing assets at this scale requires custody providers with:

  • Hardened MPC/HSM-based key-control frameworks
  • Fully auditable proof-of-ownership and segregation
  • Bankruptcy-remote legal structures
  • Strong controls preventing unauthorized smart-contract interactions
  • DeFi-compatible custody workflows (e.g. allowlisting for protocol interactions)
  • Multi-jurisdictional regulatory coverage
  • High operational resilience and incident response

Kraken Custody, Anchorage Digital, and Zodia Custody all meet baseline institutional custody requirements. They differ, however, in regulatory perimeter, geographic strategy, and operational design, making them complementary rather than substitutable.

Custodian positioning (custody-only):

Kraken Custody
U.S.-centric custody provider operating under a Wyoming SPDI bank framework.
Conservative, cold-first custody model suited for stablecoin-heavy and long-duration reserve assets.
Workflow-based policy controls with strong legal segregation.

Anchorage Digital
Strongest U.S. regulatory posture, holding the first federal crypto trust bank charter.
Advanced hardware-enforced policy engines and biometric multi-party authentication.
Well suited for assets requiring tighter operational controls and programmable custody logic.

Zodia Custody
Strong global footprint with licenses across the UK, EU, Hong Kong, Ireland, and UAE.
Bank-backed governance model (Standard Chartered, Northern Trust, SBI, NAB, Emirates NBD).
Well suited for non-U.S. jurisdictions and institutional LP requirements.

Recommendation

Given the scale, composition, and geographic distribution of Ethena’s reserves, a multi-custodian strategy is appropriate:

  • Kraken Custody – U.S.-anchored, conservative reserve custody under an SPDI framework, suited for stablecoin and long-duration reserve assets.
  • Anchorage Digital – U.S. regulatory coverage with strong hardware-enforced custody controls and programmable policy enforcement.
  • Zodia Custody – European, Asian, and Middle Eastern coverage, providing jurisdictional breadth and diversification of counterparty risk through bank-backed custody.

2. Evaluation Framework

2.1 Ethena’s Custody Requirements

For this proposal, Ethena’s custody requirements are scoped to the safekeeping and controlled movement of backing assets, not to exchange collateralization or OES workflows.

Key requirements include:

  • Secure custody of stablecoins and DeFi receipt tokens (aTokens)
  • Strong controls preventing unauthorized asset movement or smart-contract interaction
  • Clear, auditable proof of ownership and balances
  • Bankruptcy-remote segregation of client assets
  • Regulated entity with transparent legal structure
  • Ability to support DeFi interactions via allowlisted addresses
  • High operational resilience and incident response coverage

The custody provider must therefore deliver:

  • MPC/HSM-backed key isolation
  • Programmable or workflow-based policy layers
  • Regulated custody with clear asset segregation
  • Secure APIs and operational pipelines
  • Multi-jurisdictional licensing (where applicable)
  • 24/7 operational support

2.2 Evaluation Framework

Baseline Requirements

  • Hardware-based key protection (MPC / HSM)
  • Segregated custody with clear legal title
  • SOC 1 / SOC 2 or ISO 27001 audited controls
  • Crime / cyber insurance (to disclosed limits)
  • Bankruptcy-remote legal structure
  • Multi-chain asset support
  • Real-time or near real-time auditability

Strategic Differentiators

  • Jurisdictional alignment with Ethena’s backing assets
  • Ability to embed or enforce Ethena’s custody policies
  • Smart-contract allowlisting and DeFi compatibility
  • Ability to custody staked assets and DeFi receipts
  • Financial strength and institutional backing
  • Geographic coverage and redundancy

Note: Integration with trading venues or OES networks is out of scope for this assessment.

3. Custodian Summary Assessment

Metric Kraken Custody Anchorage Digital Zodia Custody
Regulatory Wyoming SPDI (US state-regulated bank). Full-reserve custody regime. Article 8 UCC treatment. First federally chartered crypto trust bank in the US (OCC). BitLicense (NYDFS). MAS Major Payment Institution (SG). FCA Registered (UK). VASP (Ireland). CSSF (Luxembourg). TCSP (Hong Kong). ADGM FSRA (UAE).
Security Model Cold-first custody with hardware-secured wallets. Workflow-based controls. ISO 27001 + SOC 2 Type II. MPC + HSMs with embedded policy engines. Continuous audits. HSM-centric custody with client-defined entitlement workflows. Continuous audits.
Insurance (est.) Platform-level insurance disclosed; custody-specific coverage to be confirmed. Industry-leading (crime & cyber). Industry-leading (crime & cyber).
Key Strengths Conservative US custody under the SPDI regime. Strong legal segregation. Well-suited for long-duration reserve assets. Strongest US regulatory posture. Hardware-enforced policies. High-throughput institutional operations. Bank-backed ownership structure. Strong multi-jurisdictional coverage. Institutional compliance across 15+ jurisdictions.
Access Efficiency Conservative latency profile; withdrawals may take up to 24 hours. ~90% of transactions processed within 20 minutes. Near real-time settlement.
Security Features Cold-first architecture. Address allowlisting. Designated Security Procedures and role-based access. Biometric multi-party authentication. Behavioural analytics. Smart contract allowlisting. Policy enforcement inside HSMs. Client-defined entitlement policies enforced in HSMs. Secure data centres.
Customisability Moderate – workflow-based policies, less hardware-native. High – hardware-native policy engines. High – flexible role-based workflows.
Auditability SOC 2 reporting; regulator and auditor access under SPDI framework. Cryptographic proof of key existence and control. Wallet-level proof of ownership and management. Wallet-level proof of ownership and management.
Accountability Structured reporting via custody and prime infrastructure. Structured data export via dashboard/API. Structured data export via dashboard/API.
Other Services Integrated prime, trading, and credit services (optional; custody-only for Ethena). Fiat rails. DeFi staking and trading. Settlement services. RWA yield partnerships (e.g. OpenEden). DeFi staking and trading. Settlement services.
Audits ISO 27001 and SOC 2 Type II (custody). SOC 1 and SOC 2 Type II. SOC 1 Type I/II and ISO 27001.
Notable Clients Institutional clients undisclosed; long-standing exchange and institutional user base. Visa, Electric Capital. CoinShares, Invesco.

Overall Assessment

All three custodians meet Ethena’s baseline custody requirements across security architecture, regulatory oversight, organisational controls, insurance (to varying disclosure levels), and auditability.

They differ primarily in regulatory posture, operational conservatism, and policy-enforcement model, making them complementary components of a diversified custody strategy.

Recommended Custody Allocation

Given the scale, composition, and operational requirements of Ethena’s reserves, a multi-custodian strategy is recommended:

Anchorage Digital for:

  • Assets requiring strong programmable custody controls
  • U.S. federal regulatory perimeter
  • Advanced policy enforcement and hardware-native controls

Zodia Custody for:

  • Cross-jurisdictional diversification
  • Bank-backed governance and segregation
  • Europe, Asia, and Middle East institutional flows
  • Additional disaster-recovery and regulatory redundancy

Kraken Custody for:

  • Conservative, long-duration reserve custody
  • Stablecoin-heavy backing under a U.S. SPDI framework
  • Strong legal segregation and full-reserve treatment
  • Assets not requiring rapid redeployment

4. Kraken Custody

4.1 Security Architecture

Cold-first, hardware-secured custody operated via Kraken Financial (Wyoming SPDI). Kraken’s custody architecture prioritises asset segregation and conservative security controls over high-throughput signing.

Key characteristics:

  • Cold storage as the default for reserve assets
  • Hardware-secured warm/hot wallets for operational needs
  • Private keys generated and stored in secure environments
  • Instruction-based authorisation via Designated Security Procedures
  • Withdrawal address allowlisting and role-based access controls

Security controls are validated through independent assurance rather than proprietary HSM-embedded policy engines.

Risk Strengths

  • Strong segregation of client assets from Kraken balance sheet (SPDI + Article 8)
  • Conservative cold-first model suitable for long-duration reserve assets
  • ISO 27001 and SOC 2 Type 2 certified custody controls
  • No reported loss of client funds from custodial wallets

Residual Risks

  • Policy enforcement is workflow-based rather than hardware-embedded
  • Less suitable for high-frequency or near-real-time settlement use cases
  • Withdrawal latency (up to 24 hours) introduces operational planning constraints

4.2 Regulatory & Legal

Kraken custody is provided through Kraken Financial, a Wyoming Special Purpose Depository Institution.

Regulatory posture:

  • Wyoming SPDI charter (US state-regulated bank)
  • Full-reserve custody model; no rehypothecation
  • Assets treated as client trust property, held off-balance sheet
  • Custodied digital assets designated as Article 8 financial assets, with clients as entitlement holders

Legal structure:
Clients retain beneficial ownership of all custodied assets. Assets are bankruptcy-remote and not treated as deposits. While this framework is strong within the US, it is state-based rather than federal and does not confer FDIC/SIPC protection.

4.3 Operational Performance

Kraken’s custody model is intentionally conservative and optimised for security rather than speed.

  • Withdrawal initiation may take up to 24 hours under the custody agreement
  • Additional delays may arise from blockchain conditions or compliance checks
  • Address-level controls require pre-approved, client-owned destination wallets

This operational profile is appropriate for reserve custody but not for assets requiring rapid redeployment or frequent settlement.

4.4 Fit for Ethena Backing Assets

Asset Class Fit Rationale
BTC Good Strong cold custody and legal segregation for long-duration holdings
ETH / LSTs Acceptable Custody suitable, but limited native policy enforcement for staking / DeFi flows
Liquid Stables Good Well-suited for USDC, USDT, PYUSD reserve custody under SPDI regime
SOL Acceptable Supported, though not a primary focus
DeFi Receipts (aTokens, USDtb) To be confirmed Requires explicit written confirmation of custody support

Summary:
Kraken Custody provides a conservative, U.S.-anchored custody option focused on legal segregation and security rather than speed. It is suited for stablecoin-heavy reserve assets and long-duration holdings, complementing Anchorage’s high-velocity workflows and Zodia’s multi-jurisdictional coverage within a diversified custody strategy.

5. Anchorage Digital

5.1 Security Architecture

HSM-centric custody with embedded policy engines: Anchorage uses FIPS-140-2 certified hardware security modules, operating in an air-gapped environment.

Key advantages:

  • Private keys never leave HSMs
  • Hardware-enforced policy engines (quorum rules, contract allowlists, transfer limits)
  • Biometric multi-party authentication (voice, video)
  • Real-time behavioural anomaly detection

This model is good for high-throughput institutional operations.

Risk Strengths

  • Eliminates single point of failure
  • Low operational friction compared to legacy cold storage
  • Supports near real-time signing
  • Hardware-to-hardware validation meaning infrastructure compromise cannot move assets

Residual Risks

  • High reliance on Anchorage’s proprietary firmware
  • Concentration in one US regulatory regime

5.2 Regulatory & Legal

Anchorage Digital Bank, NA possesses:

  • OCC federal trust bank charter (US)
  • NYDFS BitLicense
  • MAS Major Payment Institution (SG)

Legal structure: Clients have direct, exclusive title to assets, held off-balance sheet within a trust bank framework. This is the strongest legal protection available for digital asset custody in the US.

5.3 Operational Performance

  • 90% of transactions settle within 20 minutes
  • One of the fastest institutional custody pipelines globally
  • Proven connectivity to major CEX venues (Binance, Bybit, OKX, Deribit)

5.4 Fit for Ethena Backing Assets

Asset Class Fit Rationale
BTC Good Strongest security model and fast settlement
ETH/LSTs Good Contract allowlisting and staking governance
Liquid Stables Good Strong US regulatory posture for stable crypto
SOL Acceptable Supported but not primary focus
Other Good Multi-chain support

6. Zodia Custody

6.1 Security Architecture

Zodia uses:

  • Bank-grade HSM infrastructure
  • Offline private key generation & storage
  • Client-defined entitlement workflows
  • Cryptographically enforced policies within secure data centers

Compared to Anchorage:

  • Less focus on biometric multi-party authentication
  • Focuses more on bank-style governance and segregation
  • Similar HSM-based isolation without MPC

6.2 Regulatory & Legal

Zodia is licensed across:

  • UK FCA (MLR)
  • Ireland VASP
  • Luxembourg CSSF
  • Hong Kong TCSP
  • UAE ADGM FSRA

Backed by global banks:

  • Standard Chartered
  • Northern Trust
  • SBI
  • NAB
  • Emirates NBD

Legal structure: Assets held under safeguarding and segregation regimes aligned with MiCA and emerging UK frameworks.

6.3 Operational Performance

  • Near real-time settlement workflow
  • Strong enterprise entitlement system
  • Heavy focus on control and governance rather than raw speed

6.4 Fit for Ethena Backing Assets

Asset Class Fit Rationale
BTC Good Strong governance, slower but secure
ETH/LSTs Acceptable Supports staking flows, but allowlisting not as mature
Liquid Stables Good Ideal for global institutional customers
SOL Good Supported
Other Good Full multi-chain roadmap

Appendix: Overview of Custody Technologies

Feature Cold Storage Multi-Party Computation (MPC) Multi Signature Hardware Security Module (HSM)
Mechanism Keep private keys disconnected from any network. A single key is split into shares. The key is never reassembled. Multiple independent keys are required to sign. A tamper-proof device signs transactions internally. Keys never leave.
Security Very High (against online threats). Vulnerable to physical theft/loss. Very High. Eliminates single point of failure. High. Eliminates single point of failure. Very High. Protects against physical tampering and software attacks.
Flexibility Very Low. Designed to be difficult to access. High. Policies and signers (shares) can be changed quickly off-chain. Low. Changing signers is a slow, on-chain process (requires moving funds). High. It’s a high-performance tool that can be part of any policy.
Operational Speed Very Slow. Access is a manual, high-friction process. Fast. Can be automated for “warm” wallet operations. Slow. Requires coordinating multiple independent signers. Very Fast. Designed for high throughput (thousands of signatures/sec).
On-Chain Footprint N/A (Storage strategy) Stealthy. Looks like a standard, single-signature transaction. Transparent. All signers and the M-of-N rule are visible on-chain. N/A (Hardware component)
Blockchain Support Universal Universal Limited. Not all blockchains natively support multisig smart contracts. Universal
Transaction Cost N/A Low. (Standard transaction fee) High. Requires more data on-chain, leading to higher network fees. N/A
Best For Securing the strategic reserve (90%+ of assets). Flexible, high-security “warm” wallets for institutional operations. Simple, transparent shared ownership (e.g., a board of directors). The secure “vault” for all private keys/shares in any setup.
Proposal: Reduction of Risk Committee members from 5 to 3
4

Executive Summary

This analysis evaluates Anchorage Digital, Zodia Custody and Kraken Custody against Ethena’s custodian requirements for supporting USDe’s delta-neutral strategy and general needs.

Key Findings:

  • Anchorage Digital: US federally chartered bank with exceptional regulatory standing, proven scale ($50B+ AUM), and comprehensive derivatives support.
  • Zodia Custody: Bank-backed custodian with strong European/Asian presence, innovative off-venue settlement (Interchange), cold-wallet architecture optimized for institutional security.
  • Kraken Custody: Wyoming state-chartered bank (SPDI) with perfect security track record and exceptional transparency (biannual Proof of Reserves), suitable for secondary custody role.

Recommendations Preview:

  • Anchorage Digital: YES (Score: 8.6/10)
  • Zodia Custody: YES (Score: 8.7/10)
  • Kraken Custody: CONDITIONAL (Score: 7.7/10). Approved for limited secondary custody role (<30% of backing assets), pending a legal review of insurance adequacy provisions and clarity over 24-hour withdrawals.

This review is based on publicly available information on the custodians sites, which is assumed to be true. This assessment prioritizes Ethena’s immediate needs: custody of USDT, USDC, PYUSD, USDtb, and Aave aTokens. Off-exchange settlement for centralized exchange trading is not currently required.

1. Anchorage Digital

1.1 Security (Score: 9.5/10)

Infrastructure:

  • Hardware security modules (HSMs) construct transactions based on cryptographically signed intents rather than blindly signing, with quorum-based approvals through independent iOS devices requiring biometrically authenticated endorsements from multiple users.
  • 90% of transactions process in under 20 minutes with SOC 1 and SOC 2 Type II certification across security, confidentiality, and availability categories.
  • Offline storage of private keys with low-latency architecture for efficient settlement, using biometric authentication to mitigate human error risks.

Track Record:

  • Founded in October 2017, with no material security breaches or fund losses reported across 8 years of operation.
  • Recently exceeded $50 billion in assets under custody as of April 2024
  • Anchorage Digital maintains comprehensive SOC compliance with annual financial audits and successful completion of SOC 1 Type II and SOC 2 Type II examinations by Ernst & Young.

Legal Structure:

  • Anchorage Digital Bank is the only crypto-native bank holding a charter from the U.S. Office of the Comptroller of the Currency, with federally chartered bank status providing bankruptcy-remote custody.
  • Legally required to segregate client assets from one another and from firm funds.
  • Insurance protection for client assets, subject to applicable limits and coverage, protects assets across their entire custodial life cycle.

Assessment: Exceeds requirements - Federal charter provides unparalleled regulatory protection

1.2 Operational Capability (Score: 8/10)

Accessibility & Availability:

  • 90% of transactions process in under 20 minutes, allowing funds to move on customer’s own schedule.
  • 24/7 coverage with some of the fastest SLAs in the industry.
  • No specific uptime SLA disclosed, but operational since 2017 without major outages.
  • Settlement through Atlas, enabling the choice to settle ad-hoc 24/7, or settle end-of-day across all the settlement obligations with counterparties.

Exchange Integration (Atlas Network):

  • Offers advanced trading capabilities including spot, margin, and derivatives with access to global liquidity.
  • Supports 200+ tokens for derivatives and 500+ tokens for spot trading (with specific token/ asset availability for trading being dependent on jurisdiction and service) as of August 2025.
  • Provides institutional access to crypto derivatives including vanilla and exotic options, forwards, and structured products.
  • Currently there is no off-exchange network, hence no integration with any particular exchanges to trade through Ethena’s current system.

Scalability:

  • Exceeded $50 billion in assets under custody with record high revenue as of April 2024.
  • Selected as custodian for BlackRock’s $50B crypto ETPs as of April 2025
  • Automated settlement to custody via Atlas settlement network with seamless onboarding and integrated connectivity to full-stack platform.

Assessment: Meets requirements - Proven ability to scale, with Atlas settlement network functioning as a Clearloop-style daily PnL settlement mechanism.

1.3 Ethena-specific Requirements (Score: 8/10)

Technical Features:

  • Can easily prove existence of and sole control over fully segregated private keys.
  • Smart contract integration capabilities demonstrated through multiple protocol partnerships.
  • API access with 13 order types including benchmark, TWAP, iceberg, and pegged orders.
  • Supports ETH, stETH, BTC, USDC, USDT per standard custody offerings, as well as PYUSD and USDtb
  • Unclear if all trading is managed within the platform or if Anchorage is able to delegate to centralized exchanges

Risk Management:

  • Reviews transactions using automated outlier detection and human oversight based on detailed behavioral analytics.
  • Low-latency architecture enables efficient settlement of digital assets.
  • Provides full trade lifecycle support from structuring and quoting to post-trade reconciliation and reporting.

Transparency & Reporting:

  • SOC 1 and SOC 2 Type II certified with regular audits.
  • Monthly attestation capability available.
  • Real-time reporting through an integrated dashboard.

Assessment: No explicit off-exchange settlement provider model with specific exchanges; primarily focused on custody + trading rather than delegation/undelegation to exchanges for hedging. Currently the primary goal of Ethena is to use Anchorage for custody of assets like USDT, USDC, PYUSD, USDtb, Aave aTokens, so that this is not an immediate concern. However, the current list of supported tokens does not mention custody support for Aave aTokens.

2. Zodia Custody

2.1 Security (Score: 9.0/10)

Infrastructure:

  • Cold-wallet by design with real-time security without human intervention using HSM signatures and encryption, minimizing attack surface while maintaining operational efficiency.
  • SOC-compliant with regular independent audits by top-tier security firms using the same stringent processes as world’s leading financial institutions.
  • Certified under SOC 1 Type I and II, built for institutions from the ground up.

Track Record:

Legal Structure:

  • Registered with Financial Conduct Authority (UK), Central Bank of Ireland, Luxembourg CSSF, and Hong Kong Companies Registry.
  • Backed by Standard Chartered, Northern Trust, SBI Holdings, National Australia Bank, and Emirates NBD.
  • Embeds comprehensive risk and compliance controls including high-coverage insurance, FATF-aligned frameworks, sanctions screening, and automated transaction monitoring.

Assessment: Exceeds requirements - Bank-backing and multi-jurisdictional registration provide strong institutional foundation.

2.2 Operational Capability (Score: 8.5/10)

Accessibility & Availability:

  • Provides 24/7 instant settlements covering over 80% of crypto asset market cap.
  • Cold-wallet design delivers real-time protection without human intervention while maintaining responsiveness.
  • No specific uptime SLA disclosed publicly.

Exchange Integration (Interchange Network):

  • Partnered with Deribit, the world’s largest crypto options exchange by volume, integrating into Interchange off-venue settlement network.
  • Partnership with Bybit enables institutional clients to trade while assets remain in Zodia Custody with full segregation and no co-mingling.
  • Interchange automates net settlement, gas fee management, and trade or collateral execution through programmable, rules-based workflows.
  • Binance and other exchanges are not yet integrated in the network.
  • Zodia’s OES product’s connection with Bybit and Deribit is currently under review by the Ethena team and will be shared with the Risk Committee.

Scalability:

  • Supports BlackRock’s BUIDL fund which grew to nearly $530M AUM as of October 2024.
  • Completed acquisition of Tungsten Custody Solutions to enhance presence in UAE with FSRA licensing
  • Offices in London, Dublin, Luxembourg, Sydney, Hong Kong, Singapore, Tokyo.

Assessment: Meets requirements - Interchange provides off-venue settlement capabilities required by Ethena’s needs.

2.3 Ethena-specific Requirements (Score: 8.5/10)

Technical Features:

  • Asset mirroring capability creates virtual representation of assets for trading without physically moving them, with settlement completed directly between investor and venue.
  • Interchange removes the need to pre-fund exchange accounts, enhancing capital efficiency and operational integrity.
  • Full SaaS platform access with API capabilities and dedicated support services.
  • Supports major digital assets including ETH, BTC, stablecoins.
  • Zodia’s OES product is already connected with Bybit and Deribit, potentially with more exchanges to come.
  • Current priority for Ethena would be for Zodia to custody assets like USDT, USDC, PYUSD, USDtb, Aave aTokens, of which PYUSD and Aave aTokens are not currently supported, as per the current supported coins list.

Risk Management:

  • Provides independent asset custody via regulatory-grade infrastructure with full segregation and significantly reduced exposure to exchange-side risks.
  • Connects to rigorously vetted network of trading, brokerage, and financing venues with automated net settlement.
  • Embeds comprehensive risk and compliance controls including sanctions screening and automated transaction monitoring.

Transparency & Reporting:

  • SOC 1 Type I and II certification
  • Monthly attestation capability available
  • Assets remain visible and secure in custody throughout the trading process.

Assessment: Strong fit - Interchange architecture closely mirrors Ethena’s off-exchange settlement needs. Existing relationship with USDtb creates concentration risk if both products use same custodian.

3. Kraken Custody

The Kraken Custody analysis took into consideration the internal prime broker agreement for the partnership.

3.1 Security (Score: 8/10)

Infrastructure:

  • Multi-layer protection combining MPC (Multi-Party Computation) and HSM (Hardware Security Module) technology for key storage, SOC 2 Type II certified, with customizable role-based controls and whitelisting built for institutions.
  • Crypto infrastructure resides in secure cages under 24/7 surveillance by armed guards, alarm systems and video monitors with advanced cold storage and hot wallet solutions.
  • SOC 2 Type 2 certification completed in June 2025, validating that assets in Kraken’s Institutional Custody platform are safeguarded by robust, industry-leading security protocols, continuously monitored and enhanced to counter evolving cybersecurity threats.
  • ISO/IEC 27001:2022 certification demonstrating commitment to international best practices in information security management.

Track Record:

  • Kraken was founded in 2011 with 12+ years of experience safeguarding client assets and 10 million individuals, traders and institutions around the world, although Kraken Custody was only launched in 2024.
  • Kraken has never experienced a security breach resulting in the loss of funds (Kraken Blog).
  • Conducts biannual Proof of Reserves audits by independent CPA firms (The Network Firm) using cryptographic Merkle tree verification allowing clients to personally verify their holdings.
  • Latest Proof of Reserves (September 2025) verified 1:1 backing in client assets across BTC, ETH, SOL, USDC, USDT, and XRP.

Legal Structure:

  • Kraken Financial operates as a Wyoming Special Purpose Depository Institution (SPDI), state-chartered bank headquartered in Wyoming under supervision of the Wyoming Division of Banking.
  • Kraken Financial is a segregated entity, where funds and assets are held remote from Kraken and are available for withdrawal at all times, with full-reserve backing as per its charter.
  • Agreement Section 8(a)(vii) explicitly states: “in the event of its insolvency or receivership, all Custodied Digital Assets shall pass to the Client.”
  • Agreement Annex B Section 3(a)(ii) specifies: “All Custodied Digital Assets credited to the Client Account will be held in the Client Account at all times, labeled or otherwise appropriately identified as being held for the benefit of Client, and not be commingled with other Digital Assets held by Prime Broker.”
  • Agreement Annex B Section 1(d) states assets are treated as “financial assets” under Wyoming UCC Article 8, with all Custodied Digital Assets and transactions deemed located in Wyoming.
  • Agreement Annex B Section 4(a) explicitly disclaims: “balances of digital assets in the Client Account are not subject to Federal Deposit Insurance Corporation (“FDIC”) or Securities Investor Protection Corporation (“SIPC”) protections,” and Section 4(m) notes “any bond or trust account maintained by Prime Broker for the benefit of its customers may not be sufficient to cover all losses incurred by customers.”

Assessment: Strong fundamentals - Federal-style state bank charter with exceptional transparency and perfect security track record, and insurance adequacy concerns noted in agreement. Short track record of the Custody product itself.

3.2 Operational Capability (Score: 7/10)

Accessibility & Availability:

  • Critical gap: Agreement Annex B Section 3(a) requires “Prime Broker may require twenty-four (24) hours between any request to withdrawal Custodied Digital Assets from Client Account”, which is fundamentally incompatible with Ethena’s need for sub-second delegation/undelegation. Because Ethena wants to use Kraken Custody exclusively to custody assets (like USDT, USDC, PYUSD, USDtb, Aave aTokens) and not as an OES product, the delegation/undelegation speed is not a concern, but the long duration of a withdrawal could still be concerning in a situation of redemption stress.
  • 24/7/365 professional client support with round-the-clock support from an experienced account management team.
  • No formal SLA uptime guarantee disclosed in agreement or public materials.
  • Agreement Annex B Section 3(a) notes: “Prime Broker stores all Supported Digital assets using proprietary cryptography and hardware storage, which could contribute to a delay in the initiation of a withdrawal.”
  • Agreement Section 6(b) disclaims liability for delays “beyond reasonable control” including system failures, computer viruses, power interruptions, strikes, or market disruptions.

Exchange Integration (Kraken Prime):

  • Kraken Prime launched June 2025 as full-service prime brokerage providing access to liquidity representing over 90% of the digital asset market across more than 20 global venues with round-the-clock support from an experienced account management team.
  • Smart order routing system integrates on- and off-platform liquidity through an in-house smart order routing system, continuously scans multiple venues, seamlessly routing orders to secure the best possible execution price.
  • Trades can be executed directly from qualified custody managed by Kraken Financial, a U.S. state-charted bank, with real-time data aggregation from 20+ liquidity providers.
  • The platform supports asset-backed lending, T+1 credit facilities and a seamless integration with both on and off-platform liquidity. This is not equivalent to daily derivatives PnL settlement required for off-exchange settlement.
  • Agreement Annex C describes “Deferred Payment Facility” (Trading Cap) allowing trading without prefunding, with continuous 24-hour Trade Window and T+1 settlement obligation - does not address exchange delegation model.
  • No off-exchange settlement capability: No evidence of Copper/Ceffu-style architecture enabling delegation to exchanges while maintaining beneficial ownership. Kraken Prime is a traditional prime brokerage, not an off-exchange settlement provider.

Scalability:

  • Demonstrated capacity to custody $21.5B+ in verified client assets as of September 2024 with recent geographic expansion to UK and Australia in August 2024.
  • Wyoming SPDI capital requirements suggest 1.25-1.75% of assets under management/assets under custody as minimum capital requirement, providing regulatory capital adequacy framework.
  • Agreement Exhibit B specifies a custody fee of “8 basis points on all Custodied Digital Assets calculated at the end of each day (11:59 p.m. UTC) based on the US dollar value” (competitive pricing).
  • Agreement Exhibit B states: “Client’s cost of trading with Prime Broker will be reflected in the spreads applied to all transactions executed under this Agreement. Such spreads may vary depending on factors including, without limitation, the type of Digital Asset, market conditions, liquidity, order size, and relative market capitalization.”

Assessment: Prime brokerage model designed for integrated trading on Kraken’s Prime platform, not off-exchange settlement with delegation to multiple third-party exchanges where Ethena maintains existing hedging relationships. However, since the purpose of this analysis is to qualify Kraken Custody as an appropriate custody partner and not OES, this note is included for completion purposes only. In terms of custody only, 24-hour withdrawal requirement could be problematic in a situation of extreme redemption stress, should a large percentage of USDe’s backing assets be handled by this system.

3.3 Ethena-Specific Requirements (Score: 8/10)

Technical Features:

  • Can prove onchain existence and control of funds with independent 3rd party accountant taking anonymized snapshot of all balances aggregated into a Merkle tree, with accountant collecting digital signatures proving ownership over on-chain addresses with publicly verifiable balances (Proof of Reserves Audits).
  • Clients can directly verify and monitor segregated client vaults on-chain at any time, and review a full audit trail of all organization activity.
  • Agreement Annex A Section 1(b) provides API access available for automated trading, though specific integration capabilities with Ethena smart contracts unclear.
  • Supports 200+ tokens for derivatives and 500+ tokens for spot trading (with specific token/asset availability for trading being dependent on jurisdiction and service) as of August 2025, including major assets: ETH, BTC, USDC, USDT.
  • Critical gap: No evidence of support for specialized custody needs like Aave aTokens or other DeFi protocol tokens that may be in Ethena’s backing portfolio; no confirmation of USDtb support.
  • Agreement Annex B Section 2(f) allows Prime Broker to “rely on a third party service provider in providing the Services consistent with the terms of this Agreement without approval from Client,” though Prime Broker remains responsible for their acts/omissions.

Risk Management:

  • Agreement Annex B Section 2(e) allows Prime Broker to undertake transactions with Custodied Digital Assets under W.S. 34-29-104(e) only with “distinct, written authorization from the Client to undertake such transaction with clear intent regarding the type of transaction and understanding of potential risks.”
  • Agreement Section 14 limits liability: “except in the case of gross negligence, willful misconduct or fraud, in no event shall the total aggregate liability of either Party and its Related Parties arising out of or relating to this Agreement exceed the greater of (A) the fair market value of the amount of Custodied Digital Assets at the time in which the events giving rise to the liability occurred and (B) the fair market value of the amount of Custodied Digital Assets at the time that Prime Broker notifies Client in writing.”
  • Agreement Section 16(a)(ii) gives Prime Broker broad discretion to “suspend, restrict or terminate this Agreement and Client’s access to Services for Cause at any time” with only 7-day cure period for non-urgent issues, or immediate suspension for compliance/regulatory concerns.
  • No real-time PNL monitoring for delegated exchange positions (not applicable to current architecture).
  • Agreement Section 6(d) disclaims Prime Broker liability: “Prime Broker cannot and does not guarantee the value of Supported Digital Assets. Prime Broker does not control the relevant Digital Asset Networks and therefore is not responsible for the services provided by those Digital Asset Networks.”

Transparency & Reporting:

  • Biannual Proof of Reserves audits conducted by independent CPA firms following AICPA standards.
  • Clients can cryptographically verify their balances were included using downloadable Merkle tree paths; can download the full path within the Merkle Tree, from their account to the root, review its construction and personally verify the value and validity of the root hash included in the report.
  • Agreement Annex B Section 2(b) provides: “Prime Broker will provide Client with account statements, tax forms, and other documentation as Prime Broker and Client may separately agree” - monthly attestations at exchange/asset granularity level not explicitly offered.
  • Agreement Section 3(b) requires Prime Broker records retention for minimum 7 years after last service provision.
  • SOC 1 Type II and SOC 2 Type II reports available with attestations published on a twice-annual basis.

Assessment: Partial fit for basic custody. Excellent transparency through Proof of Reserves, even though lacking the off-exchange settlement architecture that is core to Ethena’s delta-neutral strategy. Currently, Ethena’s priority is custody of USDT, USDC, PYUSD, USDtb, and Aave aTokens - support for USDtb, and Aave aTokens seemingly not existent.

5

Zodia Digital Assets Custody Agreement, Kraken Custody Agreement, and Anchorage Digital Bank Standard Terms and Conditions have been confidentially reviewed by LlamaRisk. In compliance with the confidentiality restrictions imposed by both counterparties, the following analysis omits any disclosure of proprietary, confidential, or highly sensitive information pertaining to the specific structure, operational processes, or bilateral undertakings set out within the original documents. Instead, the primary purpose of this brief is to apprise the Risk Committee of the main legal constructs found in each custodial arrangement at a high level and to provide actionable, jurisdiction-focused recommendations to inform further diligence and guide the custodians’ approval process. Following the due dilligence, LlamaRisk supports this proposal.

Legal Brief: Kraken Custody

Custodial Relationship – Structural Overview

Kraken is engaged as custodian for Supported Digital Assets transferred by the client and is required to hold these assets in trust for the client’s exclusive benefit, in a manner aligned with Wyoming law and the custodial framework set out in Article 8 of the Wyoming Uniform Commercial Code (UCC). In legal terms, the relationship is framed not as a debtor–creditor exposure but as a custody and trust arrangement under which the client remains the beneficial owner and Kraken acts as a regulated safekeeper and “securities intermediary” for the purposes of Wyoming law and the UCC.

From a contractual standpoint, the Agreement is drafted as a genuine custody / trust structure with clear off-balance-sheet treatment and statutory reinforcement. Annex B provides that all Custodied Digital Assets “will be held by Prime Broker in trust for the benefit of Client”. The Services, including those performed under the custodial annex, are delivered by Payward Financial, Inc. (“Payward Financial”), a Wyoming Special Purpose Depository Institution, which is expressly designated as the entity providing the Digital Assets Custody services described in Annex B. Wyoming SPDIs operate under a fully reserved banking model, are subject to prudential oversight by the Wyoming Division of Banking, must maintain 100% reserves for fiat deposits, and are governed by bespoke digital-asset custody rules. Under W.S. 34-29-104, digital assets held in custody are explicitly “not liabilities or assets of the bank”, must remain at all times in the bank’s possession or control, and may not be rehypothecated or otherwise used for the bank’s own account.

Digital assets held under this arrangement are therefore not treated as Kraken’s property, are not recorded on Kraken’s balance sheet, and remain continuously identifiable as client property through account segregation. The Agreement imposes robust contractual guards against commingling, subject only to narrowly defined, short-term operational pooling necessary to process transfers. Segregation is not merely implied but expressly required: the Prime Broker must keep Custodied Digital Assets “in safe Custody for the benefit and on behalf of Client” and “not commingled with other Digital Assets held by Prime Broker”, save for temporary operational windows, and the structure is documented as a Wyoming “covered account” under W.S. 13-1-206 to reinforce that these assets are legally ring-fenced from the bank’s own estate.

Within this framework, Kraken’s function is that of a non-fiduciary custodian and “securities intermediary”, while the client is characterized as the “entitlement holder” under UCC Article 8. The Agreement expressly disclaims any fiduciary obligations arising under U.S. federal securities law or broker-dealer / investment adviser regimes.

Client Instruction, Access, and Security Controls

All movements of Custodied Digital Assets are conditioned on explicit client Instructions transmitted through vetted, authorized representatives and authenticated via designated security procedures. Both parties are held to elevated standards for the protection of credentials and access devices.

On the client side, all effective control over the account is exercised through “Authorized Representatives” formally designated in writing by the Client. An Instruction is defined as “a directive initiated by Client, acting through an Authorized Representative”. Instructions must be transmitted using a Prime Broker “Designated Security Procedure”. The purpose of the Security Procedure is expressly stated as being to “confirm the authenticity of any Instruction”, rather than to validate its commercial appropriateness or detect substantive errors.

The Agreement provides that the Client is “fully responsible for all activities taken on Client Accounts by Authorized Users” and must indemnify Kraken where third parties act on the basis of access or authority granted by the Client. In practice, this means that mis-Instructions, mis-use of credentials, or actions of third-party agents operating under client-granted access fall contractually on the Client, subject only to limited carve-outs for Prime Broker gross negligence, fraud or willful misconduct.

Withdrawals may be restricted to pre-approved, white-listed addresses and are subject to ongoing screening and review under Kraken’s internal compliance programs, including know-your-customer (KYC) and anti-money-laundering (AML) controls.

Principal Duties of Custodian

As custodian, Kraken is obligated to exercise reasonable care in safeguarding digital assets, to label and book them appropriately, to maintain detailed records for at least seven years, and to make such records available for inspection by competent regulatory authorities where required by Applicable Law. At the same time, the custodian expressly disclaims responsibility for the underlying legitimacy, title, or provenance of digital assets it receives, and does not guarantee settlement finality or successful execution of transactions once broadcast to the underlying blockchain networks.

The Agreement includes specific disclosures clarifying that digital asset balances are not eligible for U.S. Federal Deposit Insurance Corporation (FDIC) or Securities Investor Protection Corporation (SIPC) coverage.

No explicit private insurance or third-party coverage is granted or incorporated by reference in the Agreement.

Asset Control and Protections

Absent clear and specific Instructions from the client, Kraken is not permitted to pledge, lend, rehypothecate or otherwise use client assets, and the Agreement reiterates that the Prime Broker has “no right, interest, or title” in Custodied Digital Assets other than as custodian.

In addition, the Prime Broker undertakes a contractual obligation to resist third-party attachment, garnishment or other forms of encumbrance affecting client assets. All Custodied Digital Assets are contractually “deemed” to be located in the State of Wyoming, and all related transactions are deemed to occur in Wyoming. This deemed-situs provision is significant because it anchors the custody relationship firmly within the Wyoming SPDI and digital-asset statutory framework, and is intended to reduce conflict-of-laws uncertainty regarding property rights, perfection, and enforcement in stress scenarios.

In the context of insolvency or resolution, the Agreement contains an express covenant that “in the event of its insolvency or receivership, all Custodied Digital Assets shall pass to the Client, or its successor bank”. This clause codifies the parties’ intention that client assets held in custody remain client property and should not form part of the Prime Broker’s general insolvency estate. Annex B further specifies that Custodied Digital Assets are held “for the benefit of Client” and “do not constitute an asset on the balance sheet of Prime Broker” and that such assets are always identifiable in the Prime Broker’s systems as belonging to the Client Account.

Withdrawals

Withdrawals from custody are expressly subject to operational handling periods, typically allowing Kraken to impose a delay of up to twenty-four hours between client Instruction and the submission of the withdrawal transaction to the relevant blockchain. Additional delays may arise in practice for large, atypical, or potentially suspicious transactions that trigger cybersecurity, KYC/AML, or sanctions-screening escalations.

The Agreement is explicit that there is no guarantee of immediate or even predictable timing. The Prime Broker “makes no representations or warranties with respect to the availability and/or accessibility of (i) Custodied Digital Assets, (ii) a transaction involving Custodied Digital Assets, (iii) Client Account, and (iv) Services” and “makes no representations or warranties regarding the amount of time needed to complete processing”.

Furthermore, Prime Broker reserves a broad contractual right to refuse or cancel withdrawal requests and other transactions. It may “refuse to process or to cancel any pending Client transaction as required by law or in response to a subpoena, court order, or other binding government order or to enforce transaction, threshold, and condition limits or if Prime Broker reasonably believes that the Client transaction may violate or facilitate the violation of an applicable law”.

Zodia Digital Assets Custody Agreement

Regulatory Perimeter

Zodia’s registration with the UK Financial Conduct Authority (FCA) is for anti-money laundering (AML) compliance under the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017. This does not equate to FCA authorisation for regulated custody under the Financial Services and Markets Act (FSMA) and the associated protections in the Client Assets Sourcebook (CASS). Consequently, clients do not benefit from statutory asset protections such as ring-fencing, mandatory audits, systematic reconciliations, or prompt asset return in insolvency available under the CASS regime. The absence of these protections is in line with current UK law, as cryptoasset custody is not (yet) a regulated activity under FSMA, though this might change with future legislation.

Exclusion from Statutory Compensation

Zodia’s clients are not covered by the UK Financial Services Compensation Scheme (FSCS), meaning they have no recourse for compensation from this fund if Zodia fails. Additionally, clients have no access to the UK Financial Ombudsman Service (FOS) for dispute resolution. This exclusion is contractually disclosed by Zodia and is consistent with the legal status of cryptoasset custody in the UK.

Absence of Statutory Custody Framework

There is currently no UK statutory regime for cryptoasset custody (akin to CASS for traditional finance) that mandates asset segregation, independent reconciliation, or insurance. Until a formal regime is enacted, client protection relies on the custody provider’s internal controls and the legal terms set by contract law, rather than regulatory compulsion.

Trust Law

A key protective feature of the Zodia agreement is the express establishment of a trust under English law—meaning Zodia holds clients’ cryptoassets on trust. This structure ring-fences client assets from Zodia’s own estate, providing proprietary claims for clients if Zodia enters insolvency: clients rank ahead of general creditors and can assert direct legal ownership rights defined by the trust structure. Trust law remedies apply (subject to proper asset identification and record keeping), offering robust legal recourse for asset recovery.

Operational Risks

Clients have no access to private keys and depend entirely on Zodia to action withdrawals or transfers. Instructions are limited to pre-approved (“whitelisted”) addresses, with all transfers subject to AML screening, compliance processes, and Zodia’s operational discretion. This introduces risks if Zodia fails to comply with proper client instructions, or if operational failures delay or prohibit withdrawal or movement of assets.

Liability and Insurance

Zodia’s financial liability is contractually confined to cases of gross negligence, wilful default, or fraud. The agreement anticipates the maintenance of professional insurance, but this can take the form of self-insurance and does not guarantee compensation for every adverse event, particularly for losses arising from business failure, cyber events, or misfeasance not amounting to gross negligence or fraud.

Withdrawal Rights

Clients’ withdrawal rights are not absolute: withdrawals are subject to compliance checks and Zodia’s processes. In insolvency situations, clients’ claims are proprietary under trust law rather than statutory entitlements to immediate asset return, which could create procedural or timing risk.

Anchorage Digital Bank Standard Terms and Conditions

Statutory and Regulatory Perimeter

Anchorage structures its custody relationship under U.S. law—principally by invoking Article 8 of the Uniform Commercial Code (UCC) and referencing the Hague Securities Convention. Under this legal framework:

  • Client digital assets and fiat currency are expressly separated from Anchorage’s own assets and off its balance sheet.
  • Clients are classified as “entitlement holders,” Anchorage as a “securities intermediary,” and South Dakota law is chosen as the governing law for the securities intermediary relationship.
  • As a result, in the event of Anchorage’s insolvency, these assets should not be available for the satisfaction of Anchorage’s general creditors, strengthening customer protection against commingling or misapplication of client assets.

Anchorage also positions itself as a “qualified custodian” under the U.S. Advisers Act, which is notable for SEC-regulated activities.

Asset Segregation and Bankruptcy Protection

Digital assets and fiat are intended to be bankruptcy-remote—off Anchorage’s estate and unavailable to general creditors. This protection depends on correct asset segregation and recordkeeping practices, consistent with “entitlement” principles under Article 8 UCC.

The agreement includes a no-lien/no-hypothecation clause, which (outside specified exceptions) prevents Anchorage from encumbering or disposing of client assets. However, this is subject to a critical exception:

  • Anchorage retains a first-priority lien and right of setoff over client assets to secure the client’s obligations to Anchorage (unpaid fees, obligations, etc.).
  • In Anchorage’s insolvency scenario, while third-party creditors are blocked from making claims, Anchorage itself can apply the client’s own digital assets or fiat to settle unpaid obligations before returning any surplus to the client.

Limited Client Recourse

Anchorage contractually characterizes itself as an “excluded fiduciary” under South Dakota law, slashing implied fiduciary duties and binding its responsibilities strictly to those services expressly stated in the agreement. In addition, broad indemnity language means that Anchorage is insulated from many forms of liability, even including some conduct that could be considered gross negligence—if done while following the client’s direct written directions.

Client withdrawals are not unconditional and may be delayed or restricted under multiple scenarios, such as:

  • Required quorum of “Authorized Persons” (multi-signal approval regime)
  • Legal, AML/KYC, and sanctions screening
  • Network/gas fee requirements, asset lock-ups, unsupported asset types
  • Anchorage’s right of setoff for any client obligations

There is no hard service-level agreement (SLA) for timeliness of withdrawals, and Anchorage maintains operational discretion over exit flows, which is typical but creates practical risk if there is a sudden need to access client assets.

Insurance Coverage

Anchorage is explicit that neither digital assets nor fiat balances are covered by FDIC insurance, SIPC (Securities Investor Protection Corporation), or any other statutory investor protection. For fiat, deposits are held in omnibus FBO accounts at FDIC banks and may be eligible for pass-through insurance, but without any guarantee. There is no contractual reference to private insurance (crime, fidelity, specie) dedicated to client protection; thus, safeguarding is primarily structural via legal segregation, not insurance-backed.

Use Restrictions

Anchorage retains very broad discretion to refuse any client or transaction on compliance grounds. All clients and incoming assets are screened for AML, KYC, and sanctions compliance, and nested account structures (onboarding sub-custodians or other institutions) are strictly prohibited.

Multi-Signer Account Controls

Anchorage’s custody model centralizes transaction control through an “Authorized Persons” and quorum system, typically requiring at least three nominated persons with a minimum of two for valid withdrawal/authentication.

Recommendations

  • Continued Regulatory Monitoring (Zodia): Ethena/Risk Committee should require periodic confirmation of any changes to Zodia’s regulatory status and be alert for new legislative or regulatory developments in the UK that may affect the legal treatment of cryptoasset custodians—particularly regarding the extension of statutory protections, trust law, or changes to client asset regimes.
  • Ongoing Check-Ups (Anchorage): For Anchorage Digital, it is recommended that regular reviews be performed to track its regulatory status, particularly its standing as a “qualified custodian” under relevant US frameworks.
  • Insurance-Related Expectations: It is advised that Ethena pose targeted inquiries to both Zodia and Anchorage regarding their current and prospective arrangements for insurance coverage. Private insurance, if sufficiently comprehensive in scope and limits, may meaningfully reduce client loss risk and should be prioritized in due diligence.
  • For Kraken Custody, from a practical perspective, Ethena may wish to request a “soft SLA” or indicative performance standard for “ordinary course” withdrawals that are, first, directed to pre-approved addresses owned or controlled by Ethena and, second, not flagged by Kraken’s AML or sanctions tooling. Even if such a standard remains expressly “subject to network conditions” and legal constraints, a written commitment would materially clarify expectations and strengthen Ethena’s operational position.
  • In addition, Ethena should seek disclosure of any insurance policies, bonds, trust accounts, or comparable financial safeguards that may indirectly benefit institutional customers, even if they do not create direct contractual rights under the Agreement.
Proposal: Reduction of Risk Committee members from 5 to 3