For most of the last decade, institutional custody was a binary choice. Hold the keys yourself, with all the operational burden and recovery risk that involves, or hand them to a third-party custodian and accept the counterparty exposure that comes with it. Fund managers chose the latter because qualified custodian rules required it. Crypto-native organizations chose the former because they did not trust intermediaries with their treasuries. Almost no one was happy.

That binary has dissolved. In 2026, the dominant institutional pattern is hybrid custody, in which key control is split between the institution and a managed infrastructure provider, so that no single party can unilaterally move assets. The most common implementation is 2-of-3 Multi-Party Computation (MPC): one share on client infrastructure, one share with the provider, one share held independently or kept as an offline backup. The full key is never reconstructed in any single location. Both parties must cooperate to sign.

Three forces drove the convergence.

The first is regulatory clarification. The Markets in Crypto-Assets Regulation (MiCA) came into full effect across the European Union in late 2024, establishing a clear licensing framework for Crypto-Asset Service Providers (CASPs) and explicit segregation requirements for client assets. In the United States, Staff Accounting Bulletin 121 (SAB 121) was repealed in early 2025, removing the balance sheet penalty that had made bank custody economically unworkable. Qualified custodian rules under the Investment Advisers Act have stabilized. Institutions now have a clearer picture of what is permitted and what is not, and the answer in most jurisdictions is "hybrid is fine".

The second is technical maturity. MPC implementations from Fireblocks, BitGo, Coinbase, and Turnkey have several years of production track record and have secured tens of billions of dollars. Trusted Execution Environments (TEEs) such as Amazon Web Services Nitro Enclaves and Intel Software Guard Extensions (SGX) have moved from research curiosities to production infrastructure. Open-source enclave code, such as Turnkey's QuorumOS, is independently auditable. The architectural argument for hybrid is no longer theoretical.

The third is the failure record. The catastrophic losses of the last few years, FTX, Celsius, Voyager on the custodian side, and the Bybit, WazirX, and Radiant Capital exploits on the self-custody side, are not arguments for any single model. They are arguments for distributed trust. Hybrid is the architecture that institutionalizes that distribution.

What is missing is what comes next.

The architecture question is mostly settled. The operational question is not. A custody stack without real-time monitoring is flying blind. The Drift Protocol hack in April 2026 drained $285M in just 2.5 hours with no intervention. The multisig held. The keys were not compromised. What failed was the governance and orchestration layer around the keys, the layer that should have detected the unusual pre-signing pattern, flagged the admin key transfer, and triggered an automated pause before the drain completed.

This is the current operational gap. Custody providers secure the keys. Policy engines enforce signing rules at the moment of signing. Neither of them watches what is actually happening across the stack in real time. Neither of them correlates signals across multiple chains, custodians or signers. Neither of them catches the slow-moving governance attack unfolding over hours, the unusual cold-to-hot refill preceding exfiltration, or the new signer added at 3am.

Institutional custody is converging on a hybrid model because it distributes architectural risk. What is still missing is the layer that distributes operational risk: an independent monitoring and automated response layer that spans custodians, chains, and signing infrastructure, treating the whole stack as a single risk surface.

Monitoring that runs through a custodian is monitoring of, not over, the custodian. Monitoring that runs through a single chain misses everything happening on the others. Monitoring without the capability to respond is just a log. The layer has to sit independently above the custody stack, watch every chain the institution touches, and escalate when policy is breached.

That is what Range is. We are the stablecoin treasury and risk management platform for financial institutions. Continuous visibility across wallets, custodians, multisigs and exchange venues, with 500+ configurable rules to escalate events based on your risk exposure and governance policies. Vendor-neutral by design, because the monitoring layer has to be

Our Custody Solutions report is now live. The architecture chapter of institutional digital assets is largely written. The next chapter is operational, and it is being written now.

Read the full report at range.org/reports/custody-solutions, or get in touch to talk through how monitoring fits into your custody stack.