
When institutions look to secure digital assets today, Multi-Party Computation (MPC) wallets are often presented as the gold standard. Yet the reality is more nuanced: many custody solutions advertise "MPC" while quietly taking dangerous shortcuts that expose institutions to risks—risks that only become obvious during a failure, a breach, or an audit.
In this article, we’ll break down what real MPC security requires, why it matters under modern regulatory pressures like MiCA and DORA, and how to spot the hidden risks inside so-called "MPC" solutions that don’t live up to the promise.
(For a primer on MPC custody fundamentals, see MPC by Itself Isn’t That Great.)
What True MPC Wallet Security Means
At its core, real MPC wallet security means the private key never exists in full form at any moment. Instead, private key material is generated collaboratively across participants — and never reconstructed, even for a split second.
However, MPC technology alone does not guarantee security, operational control, or regulatory compliance. These outcomes depend on how MPC is deployed — whether the institution itself maintains full custody over all participants, signing infrastructure, and policy enforcement.
For institutions seeking to align with best practices under MiCA, DORA, and other emerging regulations, a strong MPC wallet architecture should provide:
- Distributed key generation and signing — the private key never exists in full at any point, not even during backup or disaster recovery processes.
- Fault tolerance and operational resilience — threshold signing ensures that even if one or more participants are unavailable, transactions can proceed securely.
- Zero-trust principles — each signing participant independently verifies transaction intent and compliance with policy, with no assumptions of trust.
- Institution-controlled policy enforcement — transaction approvals and governance rules run within the institution's environment, not a vendor-controlled black box.
- Auditability and verifiability — institutions must be able to independently verify, test, and audit signing events and policy enforcement.
Without these characteristics, institutions risk relying on an MPC solution that leaves critical operations—and regulatory responsibility—exposed.
The Dangerous Shortcuts Some MPC Wallets Take
Unfortunately, not every product marketing itself as "MPC" lives up to these standards. Some common shortcuts introduce hidden vulnerabilities:
Centralized Key Generation
Some wallets generate the full private key first inside the vendor’s environment, and then split it into multiple parts for "sharing" afterward. This outdated method resembles Shamir’s Secret Sharing, a scheme where a complete secret is created first and then divided among participants—very different from true MPC, where the full key is never created at all.
Why it's dangerous:
- Even a momentary existence of the full key means insider threats, memory scraping, or compromised randomness could leak the key permanently.
- Distribution over networks exposes key shares to interception or tampering during transit.
- Regulators increasingly view key generation as a critical control — and full-key generation violates modern standards.
In contrast, Cordial Treasury uses Distributed Key Generation (DKG), a process where key shares are collaboratively generated across multiple nodes without ever forming a complete private key at any point.
However, DKG is just one building block of a true MPC custody solution. Cordial Treasury extends this foundation by enabling distributed signing, threshold enforcement, independent policy engines, and verifiable transaction governance—all without compromising the principles of zero-trust security.
This approach ensures that institutions maintain both operational control and compliance alignment at every stage of the custody lifecycle.
Vendor-Hosted Signing
Many MPC wallets operate on a SaaS basis, meaning all signing operations happen inside the vendor’s cloud environment. This creates a:
- Black box risk — you can't verify exactly how keys and shares are handled. You also have no real assurances that they do not have a copy of your key.
- Single point of compromise — if the vendor is breached, multiple clients could be impacted simultaneously.
- Compliance failure — especially under frameworks like DORA, where critical ICT services must demonstrate independent control and resiliency.
Self-hosted MPC infrastructure, like Cordial Treasury, avoids this by putting key management fully under the institution’s control — no vendor dependency around hosting or creating key shares which they send to you. Instead, verify the codebase and cryptographic practices then run the software yourself once it's verified.
Compliance Pressures: MiCA, DORA, and the Future of Custody
The regulatory environment is catching up quickly to these technical realities.
- MiCA (Markets in Crypto-Assets Regulation) explicitly requires that custodians demonstrate full control over private keys and recovery mechanisms. Custody service providers must "take appropriate technical and organisational measures to ensure the security, integrity, and confidentiality of the assets they safeguard."
- DORA (Digital Operational Resilience Act) mandates that financial institutions build resilience against ICT (Information and Communication Technology) disruptions. In a custody context, this means provable control over keys, clear recovery plans, and ensuring fault tolerance in the critical systems which their business relies on.
- TFR (Travel Rule) enforcement means institutions must link identities to transactions — creating even greater emphasis on securely managing transaction metadata or supplementary information which must be passed between originator and beneficiary.
Products that rely on overburdening SaaS providers, or vendor-controlled signing, will increasingly struggle to pass regulatory audits. This represents a critical outsourcing arrangement and not some minor service provider. As regulators tighten technical standards around where critical IT is hosted, and the control that a bank or other financial institution in digital asset must have, self custody models and custody technology providers must adapt — or face growing risks of non-compliance.
For a practical guide connecting these dots, read Cordial’s MiCA, DORA, and TFR Practical Guide.
Real-World Scenarios Where MPC Shortcuts Fail
These risks aren't hypothetical. Real-world incidents have demonstrated how "shortcut" custody models can fail institutions:
- Key creation: In environments where the full key exists even briefly, attackers have exploited side-channel attacks or memory dumps to reconstruct private keys, leading to catastrophic asset losses. Don’t underestimate the risk your system admin or other privileged actor poses as they can be a single point of failure.
- Vendor breach of SaaS custody provider: If this happens then you are still on the hook and have an incident report to complete. Better hope the vendor is transparent about what went wrong and not covering anything up. You can delegate tasks but you can’t delegate away your compliance obligations.
- Policy tampering risks: Where policy enforcement is centralized, malicious insiders or sophisticated attackers can escalate privileges or alter signing thresholds undetected. Likewise, you have no means of knowing if the policy you are invoking is the “correct” policy that you intended to invoke.
In every case, lack of true distributed key custody and verification was at the heart of the problem.
For a broader view of failure risks in custody operations, read 7 Signs Your Crypto Custody Isn’t Truly Zero Trust.
What Institutions Should Demand From MPC Custody Solutions
Protecting institutional-grade digital asset operations requires more than just a "MPC" label. Teams should demand specific architectural guarantees, including:
- Distributed Key Generation (DKG): Key shares collaboratively created across multiple nodes, without ever forming a full private key.
- Self-hosted infrastructure: The ability to run your own nodes, minimizing SaaS vendor dependencies.
- Threshold-based signing: Robust fault tolerance and operational resilience even if nodes fail.
- Local policy control: All policy logic and enforcement within your institution’s trusted infrastructure—not a vendor's SaaS environment.
- Comprehensive, verifiable audit trails: Transparent records for every signing operation and policy decision.
- Independent recovery playbooks: Resilient disaster recovery options that don’t rely on the vendor being operational or cooperative.
Without these pillars in place, hidden vulnerabilities can surface during attacks, operational disruptions, or under regulatory scrutiny.
How Cordial Systems Supports Strong MPC Custody Practices
At Cordial Systems, Cordial Treasury is engineered to incorporate these critical custody best practices:
- Self-hosted, institution-controlled deployments: Institutions retain full physical and logical control over critical infrastructure.
- Source-available core software: Institutions can independently audit and validate the system’s operations.
- Zero-trust architecture: No vendor-side policy enforcement or hidden custody control mechanisms.
- Real-time blockchain data infrastructure: Rapid, verifiable transaction monitoring across 50+ L1 blockchains (see how it works).
Cordial Systems helps institutions like Jump Trading build real, audit-grade custody environments—not just marketing-driven "MPC" products (see the Jump Trading case study).
Conclusion: Building Custody Infrastructure You Can Trust — and Prove
In today’s environment, custody infrastructure must do more than promise security — it must deliver verifiable control, operational resilience, and regulatory readiness by design.
Simply adopting "MPC" technology isn’t enough. Institutions must carefully assess how keys are generated, where policy engines reside, how recovery is handled, and whether they can independently validate every critical operation.
At Cordial Systems, our mission is to help institutions build custody environments they fully control and can independently audit. With Cordial Treasury, clients achieve zero-trust custody operations that meet the evolving demands of compliance frameworks like MiCA, DORA, and beyond—without vendor dependencies or opaque systems.
If you're ready to move beyond marketing claims and build custody infrastructure designed for institutional scale and scrutiny, contact Cordial Systems today to schedule a live walkthrough.