Misuse of funds: Regulating crypto custody after the FTX fallout

A person holding their phone looking at their cryptocurrency exchange app.

On 11 November 2022, cryptocurrency platform FTX filed for bankruptcy. FTX was the second largest cryptocurrency platform in the world.

FTX had transferred billions of dollars in customer deposits to a related company, Alameda Research. When customers tried to recall their deposits, the money was not available, resulting in an unsustainable "run" on the exchange.

Similar allegations have been made against Australian exchange ACX, which became insolvent in 2021.1

These events have led to increasingly urgent calls for regulation of the crypto industry. On 16 November 2022, the Australian Treasurer Jim Chalmers announced the government's intention to introduce legislation regulating custody and exchange of digital assets.2 This follows a similar recommendation made by the Senate Select Committee on Australia as a Technology and Financial Centre in its final report published in October 2021, led by Liberal Senator Andrew Bragg.

This article explains what digital asset custody is, why it went wrong for FTX and ACX, and what the anticipated regulation of custodial services might look like.

What is custody?

A custodian in the context of financial services is a third party entrusted to safely hold an investor’s financial assets separately from other assets to minimise the risk of theft or loss.

Traditionally, custodians tend to be large and reputable firms, such as banks, which operate under a specific financial services licence authorisation. They might hold assets in physical form (eg. gold in a vault) or electronic form (eg. stocks or bonds). Custodians may also provide a range of related services such as account administration, transaction settlements, the collection and distribution of dividends and interest payments, tax support, and foreign exchange management.

As noted by the Bragg Committee in its report, custody arrangements for digital assets present some unique risks that are not analogous to traditional assets. For example, there are particular vulnerabilities around the exposure of private keys (a cryptographic password that secures the asset) to theft or loss.

Currently some crypto-asset businesses, such as digital currency exchanges, perform custodial and depository functions on behalf of their customers. Unlike for traditional financial assets, there are limited consumer protections in place for custody services provided for consumers holding crypto assets.

Digital asset custody is a growing industry, and in January 2022 there was an estimated US$223 billion in digital assets under custody.

Where it goes wrong

In traditional financial services, custodians hold assets on trust for the client or their nominee. Assets must be kept separate from the custodian's own assets and may only be used or applied for the benefit of the client, and strictly in accordance with the client's directions. Assets must also be kept secure and protected from theft or misuse.

Although the details are still unfolding, reportedly a key cause of the FTX and ACX bankruptcies was that the exchange/custodian was using client assets to conduct unauthorised transactions.

FTX is alleged to have used at least US$4 billion of customer funds to prop up an associated hedge fund, Alameda Research.3 FTX also used corporate funds to purchase homes and personal items for employees.4

On 19 October 2022, the Supreme Court of Victoria heard evidence that ACX had pooled its customers' cryptocurrency holdings into one intermingled fund, which included profits made from a company trading account and the proceeds of a loan. Poorly kept records meant it was impossible to distinguish customer funds from other funds.5 There was evidence that bitcoin had been transferred out of the pool of funds to other parts of the business, including to employees.

At the time of ACX's bankruptcy, its parent company Blockchain Global had more than A$50 million owing to creditors, including customers who had their withdrawals blocked.6

The need for regulation

Although there are established limits on traditional exchanges holding customer deposits, Australia does not have specific legislative rules for digital asset exchanges and custodians.

The Bragg Report recommended the establishment of a custody regime for digital assets. Following the change of government in May 2022, Senator Bragg introduced a private member's bill into Parliament on 19 September 2022. The Bill, which has not progressed, proposes that custodians be required to obtain a licence, designate key responsible personnel, maintain minimum capital, and establish proper auditing, assurance and disclosure arrangements. The Bill also proposes that digital asset exchanges be required to segregate customer funds and not mix them with other customers' funds, and to adhere to minimum standards in relation to cybersecurity.


It is likely that new legislation regulating the operation of digital exchanges and custody arrangements in relation to digital assets will be introduced by the Australian Government in 2023. The form of the legislation is not yet known; however, we expect it will contain many of the protections contemplated by Senator Bragg's 2022 Bill.

For more information on the legal aspects of cryptocurrency and blockchain, please contact one of Lander & Rogers' blockchain and digital assets experts.







Photo by Kanchanara on Unsplash

All information on this site is of a general nature only and is not intended to be relied upon as, nor to be a substitute for, specific legal professional advice. No responsibility for the loss occasioned to any person acting on or refraining from action as a result of any material published can be accepted.