Onyze: The next generation in digital asset management and custody

Over the past few months, Block&Capital has closely examined best practices for self-custody and private key management. We’ve analyzed a range of technologies, from hierarchical deterministic (HD) and single-signature wallets, to more advanced solutions like multi-signature wallets and multiparty computation (MPC). Additionally, we’ve explored secret sharing techniques, such as Shamir Secret Sharing (SSS) and Blakley Secret Sharing (BSS), which split a private key into multiple parts to enhance security and remove single points of failure. We also studied threshold signature schemes (TSS), enabling distributed generation of transaction signatures without any one party having access to the complete private key.

These technologies certainly improve digital asset security, but institutions face additional hurdles due to management, compliance, and control requirements.

In this context, Onyze emerges as a next-generation custodian that goes beyond the simple storage of digital assets. Its infrastructure not only secures funds but also facilitates seamless access, optimization, and integration with banks and DLTs / Blockchain networks, all within a regulated environment. Unlike traditional custodians, Onyze enables tokenization, efficient asset management, and yield generation, acting as a bridge to the decentralized world while unlocking new opportunities within the digital economy.

Why do institutions need a custodian?

Unlike individuals, financial institutions, such as investment funds, asset managers or banks, cannot manage their own assets through self-custody. Beyond security, institutional custody is a regulatory requirement that mandates delegating fund management to an authorized custodian. This model reduces risks, prevents asset misuse, and guarantees transparency and compliance.

When selecting a custodian, institutions should consider the following factors:

• Security in private key management: A custodian must have advanced infrastructure and strict protocols in place to minimize the risk of unauthorized access or loss of keys.
• Provider’s experience and reliability: A custodian with a track record in the market provides assurances of regulatory compliance, operational continuity and security.
• Flexibility to work with different DLTs / Blockchain: A modern custodian must be able to integrate with public and private networks, and adapt to different business models.
• Full regulatory compliance: A custodian must not only comply with the regulations governing its clients, but also be properly licensed and supervised by the relevant authorities. In Europe, this means adherence to MiCA (Markets in Crypto-Assets Regulation) and other applicable frameworks. MiCA requires custodians to obtain a license and comply with strict governance and operational standards, ensuring security, transparency, and the protection of investors.
• Access to DeFi tools and revenue generation: Custody should go beyond secure storage by integrating DeFi solutions that optimize asset management and enable revenue generation. This capability allows institutions to unlock the potential of DeFi protocols, such as yield farming, liquidity provision, and lending, all while maintaining full control and security over their assets.
• Fees: Custody pricing models can vary significantly, depending on factors such as the volume of assets under management, transaction frequency, and any additional services required.

The big flaw of traditional custody models

Managing private keys without a professional solution often results in an improvised and insecure infrastructure. In addition, some institutions believe they can secure digital assets by applying traditional financial logic, such as storing key fragments in safes or distributing copies among employees. This approach not only creates multiple points of failure, but also increases the risk of insider attacks, human error, and unauthorized access.

Digital asset custody cannot rely on physical vaults or conventional surveillance systems. It requires infrastructure that minimizes private key exposure while providing secure, auditable access.

Onyze: Beyond storage, a value-added custodian

Onyze uses advanced technologies such as Hardware Security Modules (HSMs) and MPC to ensure a modern and comprehensive custody infrastructure that meets the needs of financial institutions and the current regulatory framework.

Onyze transforms traditional custody into an active infrastructure, improving asset protection, access, and integration with the financial ecosystem.

• Asset tokenization: Onyze provides the infrastructure of digital wallets for the management, custody, and operation of tokenized assets, both for issuers and investors. Although it does not act as a tokenization platform, Onyze partners with industry leaders such as Token City and Tokeny, who play this role in the issuance and tokenization of regulated digital assets. Additionally, through its joint venture with Ursus-3 Capital, Onyze offers the service of Entity Registration and Information Recording Entity (ERIR), facilitating the oversight and regulation of tokenized securities issuances in Spain.
• Access to DeFi: While traditional custodians are limited to storing funds, Onyze allows institutions to generate revenue through decentralized financial instruments. This includes participation in DeFi protocols that provide investment and asset optimization opportunities.
• Flexible infrastructure: Onyze is adaptable to clients with specific requirements, integrating with both public and private DLTs / Blockchain networks. This flexibility allows financial institutions and corporations to implement customized solutions that meet their operational and regulatory requirements.
• CaaS and SaaS model: Its fully customizable solution is tailored to financial institutions and companies with specific custody needs, allowing these entities to offer integrated crypto services to their clients in a secure and regulated manner.
• Interoperability with traditional entities: Onyze acts as a bridge between traditional businesses and the crypto ecosystem, facilitating the purchase, sale and custody of digital assets without relying on exchanges. This interoperability is key to integrating digital assets into the traditional financial system.
• Fund optimization: A modern custodian not only protects assets but also maximizes their potential, and in this case, Onyze helps to optimize both its own and its clients’ funds, implementing strategies to generate additional returns and improve the efficiency of asset management.

Considering all these factors, institutions relying solely on custodians that provide storage are depriving their clients of opportunities for growth and asset optimization.

Regulatory compliance at Onyze

Any custodian operating in the European territory has to comply with both the regulatory framework (MiCA) and specific state regulations. In the case of Onyze, as a Spanish custodian, it complies with all Spanish regulations, which are not few, including the supervision of the Bank of Spain, the CNMV and other applicable regulations such as the Travel Rule, DORA and SEPBLAC (Servicio Ejecutivo de la Comisión de Prevención del Blanqueo de Capitales e Infracciones Monetarias), guaranteeing maximum security and legal compliance.

Additionally, it is registered with the Bank of Spain as a crypto asset custody and exchange provider, backed by the regulator. Not only does it comply with the applicable regulations for its institutional clients, but it also operates within a regulated framework that strengthens the legal security of its services.

Security in custody: Onyze’s core principle

Security is the cornerstone of Onyze, which has built a robust infrastructure by integrating cutting-edge technology, banking-grade hardware, and a multi-layered security approach to eliminate single points of failure in digital asset custody. Its key solutions include warm wallets (dynamic wallets with an additional security layer) and cold storage (offline storage).

The segregation of digital assets between clients and the institution, along with procedures and controls such as role distribution, quorums, user permissions, and fraud detection, ensure comprehensive protection. Onyze also has regularly audited and tested cybersecurity and operational risk management policies in place, ensuring that client assets remain protected even in case of insolvency, irrespective of the organization’s future.

Top-tier security infrastructure

Onyze leverages a top-tier security infrastructure, based on IBM LinuxONE and HyperProtect, the same technology employed by major banks to manage critical operations. This technology ensures the highest level of security and isolation for cold storage of private keys. Additionally, to protect access to digital assets, HSMs (Hardware Security Modules) incorporate military-grade encryption devices that secure information, even in the case of unauthorized physical access. Onyze also employs advanced techniques like multi-signature and multiparty computation (MPC), which, along with HSMs, distribute access and eliminate single points of failure, providing an added layer of security.

Multi-layer architecture

Onyze implements a three-layer security model to protect digital assets:

1. Core Layer (access and control): The primary entry point for clients, designed exclusively for interaction with the platform. This layer does not manage assets or have access to private keys, ensuring a clear distinction between operational access and custody.
2. Warm wallets: Enables dynamic fund management without compromising security. Assets are automatically transferred to cold storage after use, and each client is assigned a unique address on the DLT / Blockchain to ensure traceability and transparency.
3. Cold storage: 99% of funds are kept offline to minimize risk. Transactions are signed in an isolated, air-gapped environment using advanced security protocols, guaranteeing the integrity and protection of digital assets at all times.

Advanced unauthorized access protection

Onyze uses a machine learning system to analyze usage patterns and detect anomalous behavior. If a user attempts to perform transactions outside of their usual history, the platform generates preemptive alerts, minimizing the risk of fraud or hacking. Unlike traditional financial systems, digital asset transactions cannot be reversed once confirmed, making security paramount.

Insurance against losses

Onyze is covered by Ledger Enterprise’s insurance policy, protecting stored assets up to $100 million.

With this approach, Onyze not only addresses the security challenges of institutional custody but also sets new standards for asset protection in the digital ecosystem.

Applications

Onyze provides a comprehensive custody infrastructure designed to meet the needs of the financial and institutional sectors, with a focus on security, flexibility, and regulatory compliance. Its key capabilities include:

• Custody of digital assets with institutional security standards: Ensuring high-level protection for client assets.
• Purchase and sale of digital assets: Providing efficient execution in regulated and transparent markets.
• Issuance and custody of tokenized assets: Covering equity, debt, and other financial instruments, enabling secure and agile access to new assets.
• Investment funds with DeFi strategies: Offering access to decentralized yields with a secure and controlled approach.
• Custody and issuance of NFTs: Ensuring the authenticity and security of transactions related to unique digital assets.
• Tokenization of traditional funds: Onyze enhances liquidity, traceability, and access to new investors in the tokenization of traditional funds through advanced technological solutions. Its digital wallet infrastructure enables issuers and investors to securely and efficiently manage, custody, and operate with these assets.

Thanks to its integration with DeFi protocols, Onyze ensures that assets under custody remain dynamic and provides the ability to securely generate returns without exposing private keys. The available strategies include:

• Lending and borrowing: On decentralized platforms like Aave or Compound, using stablecoins such as DAI to ensure greater stability in yields.
• Liquidity provision: On decentralized markets with a risk-managed approach.
• Debt strategy optimization: Through regulated smart contracts, enabling greater efficiency and security in operations.

Onyze Business Model

Onyze operates with a flexible and scalable business model, tailored to the needs of financial institutions, investment funds, and companies with exposure to digital assets. The features of this model include:

• Subscription model based on assets under management (AUM) and transaction volume.
• Integration with fiat bank accounts, facilitating the buying and selling process without relying on exchanges.
• Positioning itself as an alternative to exchanges, eliminating counterparty risk and providing regulated custody.
• Customized enterprise plans, tailored to the specific needs of institutions with advanced security, liquidity and regulated operations requirements.

Onyze offers an adaptable and transparent pricing structure tailored to each institution’s specific needs, ensuring a balance between cost-effectiveness and robust security. This approach allows institutions to optimize their spending without compromising the integrity of their digital asset management.

Conclusion

Onyze is a top-tier company that has developed a robust and accessible custody system for all types of digital assets. The mass adoption of digital assets requires secure and regulated custody solutions, and Onyze leads this new generation of custodians by combining security, regulatory compliance, and access to advanced tools like NFTs, asset tokenization, smart contracts, and both public and private DLTs.

Although it does not operate as a tokenization platform, Onyze collaborates with industry leaders to enable issuers and investors to fully leverage the potential of digital assets. With a focus on operational efficiency and regulatory compliance, Onyze sets the standard for technological solutions in digital asset management

Watch Ángel, co-founder of Onyze, in this insightful video as he discusses the company’s innovative approach to security and the future of digital asset custody.

At Block&Capital, we strive to create an environment where growth and success are accessible to all. If you’re ready to take your career to the next level, we encourage you to join us.