A consultancy for people who hold real value on-chain, and intend to keep holding it.
We design, build, and audit self-custody architectures — for individuals, families, treasuries, funds, and OTC desks. One discipline, refined over a decade, applied one client at a time.
Self-custody rewards the people who do it correctly, and punishes — eventually, completely — those who do not.
Our practice exists to put you firmly on the first side of that line. We design the custody, build it with you in the room, and stay until you can operate it alone.
Each engagement is bespoke, but the work falls into a small number of categories we have refined over a decade. We do not take engagements outside this list.
A signing scheme designed around your threat model — what you hold, who can act, what failures the design survives. Documented, signed off, and built to be operated by ordinary humans.
Device selection, initialisation in controlled conditions, key generation we attest to, structured handover. You leave knowing exactly what you hold and how to use it.
Phased withdrawal plans for sizable balances: timing, settlement venues, address hygiene, post-move verification. We make the transition off third parties boring and documented.
A plan that survives you: distributed key shares, written instructions, a known executor path, and a recovery rehearsal that proves the plan works while you are alive to fix it.
A written review of what you currently have: signers, locations, redundancies, single points of failure, recovery paths. A redacted report and a prioritised remediation list follow.
The plan is not real until it has been rehearsed. We run controlled recovery exercises — lost device, lost signer, compromised key — until the team can execute without us in the room.
Closed-room sessions for principals, finance teams, family offices, OTC desks: the model, the operations, the failure modes — done at your pace, with your specific assets in the room.
If you don't know which of the above is the right starting point, write to us anyway. We will tell you what your engagement should be — even if the answer is "you don't need us yet".
Our engagements are concentrated. Across the firm we currently work with six categories of client. If you don't see yourself here, you probably shouldn't be writing to us.
People who have crossed the threshold where third-party custody is no longer acceptable, and want it done properly the first time.
Typical engagementTreasury custody designed for accountability — governance policies, role-based signing, audit trails, books that close.
Typical engagementCustody architectures that satisfy auditors, custodial duties, and operational risk committees — without surrendering control.
Typical engagementPlans drafted alongside lawyers and trustees so that the asset is recoverable, by the right people, at the right time.
Typical engagementOperational setup of custody, settlement, and reconciliation infrastructure for desks moving size.
Typical engagementPeople who want to do this once, do it properly, and avoid spending the next decade learning by failure.
Typical engagementA consistent process is what separates a custody plan you will execute under stress from one that lives on a slide. Every engagement passes through the same four stages.
A confidential conversation, followed by a written brief: what you hold, what you fear, who else is on the file, what regulatory weather you operate in.
Week 1 — 2We propose one or two custody designs with trade-offs spelled out — signers, locations, key shares, recovery paths, governance. You choose; we don't.
Week 2 — 4Hardware initialised, keys generated and distributed, wallet stood up, addresses verified. Every step witnessed and recorded.
Week 4 — 8Controlled drills against the live setup: signing, partial loss, full recovery. We leave only once your team can execute each scenario without us.
Week 8 — 10Our practice is software-agnostic — we set up whatever is right for you. That said, for many engagements the right tool is the one we maintain ourselves: a 2-of-3 multisig wallet designed around the same principles as the consultancy.
The argument for self-custody is not ideological; it is historical. The argument for doing it correctly is operational: a plan that has not been rehearsed is not a plan.
Mt. Gox. QuadrigaCX. FTX. Celsius. BlockFi. Every cycle has its names. The pattern is the same: assets pooled with a counterparty, recovered cents on the dollar — if at all.
Single-key wallets have a single point of failure. Lost seed phrases are unrecoverable. Most well-intentioned setups collapse on the first unrehearsed test.
A correctly designed multisig removes the single point of failure. But "correctly designed" is doing a great deal of work in that sentence. This is the part you pay us for.
You will forget. You may not be reachable. Someone else may have to recover your assets. The setup and the documentation must assume all three.
We accept a small number of new engagements each quarter, by introduction and by application. Write a few lines about what you hold and what concerns you; we reply within two working days.