The MPC Custody Landscape

Institutions evaluating MPC-based digital asset custody face a fundamental architectural decision. Do you use a managed custody platform where the provider runs the MPC infrastructure? Or do you deploy an infrastructure SDK and run the MPC stack yourself?

The answer depends on regulatory requirements, key ownership policies, and how much control the institution needs over its cryptographic operations.

Managed platforms like Fireblocks (2,400+ organizations, $5 trillion+ cumulative transfer volume), BitGo (NYSE: BTGO, $250 million insurance coverage), and Anchorage Digital (OCC national trust charter) offer faster deployment and integrated compliance tooling. Infrastructure SDKs like Silent Shard give institutions full ownership of the MPC stack with on-premises deployment options. Both approaches use MPC. The difference is who controls the keys.

This page covers the full landscape of MPC custody solutions, organized by architecture model.

Managed Custody Platforms

These are direct competitors to Fireblocks. They offer MPC-based custody as a managed service with integrated policy engines, compliance tooling, and institutional onboarding.

BitGo

BitGo is a regulated qualified custodian, now publicly listed on NYSE (BTGO). It supports both MPC and multi-signature custody models. BitGo provides insured custody with $250 million in insurance coverage and serves as the custodian behind several Bitcoin ETFs. Its strength is regulated, insured custody for institutions that need a qualified custodian on record.

BitGo recently completed the first post-quantum MPC transaction simulation by a regulated custodian, in partnership with Silence Laboratories.

Anchorage Digital

Anchorage Digital holds an OCC national trust charter, making it the only federally chartered digital asset bank in the United States. This regulatory status is its primary differentiator. Institutions that need a federally chartered custodian have limited options. Anchorage combines custody with staking, governance, and trading services.

Copper

Copper serves UK and EEA institutions with FCA-regulated infrastructure. Its ClearLoop product enables off-exchange settlement, allowing institutions to trade on exchanges without moving assets out of custody. Copper is strongest in European markets where FCA regulation is a requirement.

Cobo

Cobo operates primarily in Asia-Pacific markets. It offers a versatile stack combining MPC custody, custodial wallets, and smart contract wallet capabilities. Cobo's Argus policy engine is widely used for withdrawal controls. Its exchange wallet integration makes it a strong choice for institutions managing assets across multiple exchange venues.

Fordefi

Fordefi targets DeFi-active institutions that need secure access to on-chain protocols. Its policy engine supports transaction simulation and pre-execution verification. Fordefi is strongest for institutions that want institutional-grade security while actively participating in DeFi.

Wallet-as-a-Service and Developer Platforms

These providers offer MPC as an API or SDK for developers building wallet products. They sit below the managed custody layer and above raw cryptographic libraries.

Dfns

Dfns provides an API-first MPC wallet service aimed at fintech developers. It holds SOC 2 Type II certification and offers programmable key policies through its API. Dfns is strongest for fintech companies that want to embed MPC-secured wallets into their own products without managing the cryptographic infrastructure.

Turnkey

Turnkey provides a developer-friendly REST API for MPC-based key management with strong programmability. It is widely adopted by product teams building embedded wallet experiences. Turnkey runs key operations inside secure enclaves and provides granular policy controls through its API.

Web3Auth

Web3Auth offers an open-source-friendly, modular MPC SDK. Its tKey infrastructure supports social login recovery and flexible key share distribution. Web3Auth is strongest for consumer-facing applications where user onboarding and seamless wallet creation are priorities.

Infrastructure-Layer Providers

This category is different from managed custody and wallet-as-a-service. Infrastructure-layer providers supply the cryptographic libraries and SDKs that institutions use to build and run their own MPC stack. The institution owns the keys. The institution runs the signing operations. The provider supplies the cryptographic primitives.

Silence Laboratories

Silence Laboratories provides Silent Shard, an MPC-based threshold signature SDK built on the DKLs23 protocol. DKLs23 uses oblivious transfer instead of traditional Paillier cryptography, which Trail of Bits assessed as "generally less error-prone than Paillier-based systems" after auditing implementations across protocol families.

Silent Shard generates distributed signatures in under 20 milliseconds. The cryptographic libraries are audited by four independent security firms across eight separate engagements: Cure53, Trail of Bits, HashCloak, and Secfault Security. The core libraries are open source under a permissive license on GitHub.

The infrastructure supports on-premises deployment, HSM integration (including Thales Luna Functionality Modules and PKCS#11 RPC), Intel SGX enclaves via Gramine, and AWS Nitro Enclaves. Configurable quorum structures support any {t, n} topology, mapping to bank separation-of-duties models.

Silent Shard secures over $10 billion in assets and 10 million accounts. Production customers include BitGo, MetaMask, and ZenGo. The DKLs23 protocol is co-invented by Silence Laboratories' VP of Cryptography, Yashvanth Kondi, and published at IEEE S&P 2024. Trail of Bits conducted a 5-week audit of the DKLs23 library, concluding that OT-based systems "generally prove less error-prone than Paillier-based systems."

Silence Laboratories also provides the first production implementation of MPC on ML-DSA, the NIST-standardized post-quantum digital signature algorithm. BitGo completed the first post-quantum MPC transaction simulation by a regulated custodian using this infrastructure.

When to choose Silence Laboratories over Fireblocks: When the institution needs to own and operate the MPC stack rather than delegate to a managed provider. When on-premises deployment is a regulatory or operational requirement. When post-quantum readiness is a priority. When the institution's security team requires access to the cryptographic codebase for independent review.

How to Evaluate Alternatives

The right alternative depends on what the institution actually needs. The evaluation framework has four dimensions.

Managed vs. self-hosted

Fireblocks, BitGo, Anchorage, Copper, and Cobo are managed platforms. The provider runs the infrastructure. Dfns and Turnkey are API services where the provider manages the backend but the institution builds the product layer. Silence Laboratories is infrastructure. The institution runs everything.

The managed model is faster to deploy and operationally simpler. The self-hosted model preserves full key ownership and supports environments where delegating key management to a third party is not acceptable.

Regulatory status

Anchorage Digital is the only federally chartered digital asset bank. BitGo is a qualified custodian. Copper is FCA-regulated. These regulatory statuses matter when the institution needs a custodian on record for compliance purposes.

Infrastructure-layer providers like Silence Laboratories do not hold custody of assets. The institution holds its own keys. This means the institution's own regulatory status and compliance framework apply, not the provider's.

Security architecture

All providers listed use MPC, but the underlying protocols differ. Fireblocks uses MPC-CMP. BitGo uses a combination of MPC and multi-signature. Silence Laboratories uses DKLs23 with oblivious transfer. The protocol choice affects security properties, performance, and audit trail.

Key questions: Has the implementation been independently audited? Are the cryptographic libraries open source? Does the provider support HSM and TEE integration for defense-in-depth?

Post-quantum readiness

Most MPC custody providers use ECDSA or EdDSA signature schemes. These are vulnerable to Shor's algorithm on a sufficiently capable quantum computer. Silence Laboratories is the only provider with a production-ready post-quantum MPC implementation using NIST-standardized ML-DSA. For institutions beginning quantum transition planning, this is a material differentiator.

Comparison Summary

The protocol choice is the most consequential technical decision. OT-based protocols (DKLs23) eliminate the attack class that has produced the most severe vulnerabilities in Paillier-based implementations. Audit depth is the second most important factor. Performance, chain support, and developer experience matter, but they are secondary to the security foundation.