Custody for the regulated digital asset balance sheet.

Alphaex Digital Vault provides EU-regulated institutional custody — MPC threshold signing, FIPS 140-2 Level 3 hardware-rooted keys, per-client segregated wallets, named-authoriser withdrawal policies, and a full audit trail. Built for banks, hedge funds, family offices, and corporate treasuries operating across the EU, Africa, and the Middle East.

Talk to our team

Custody is not a wallet feature

Hold the balance sheet, not just the keys.

Custody is the regulatory and security backbone of every digital asset operation an institution runs. It determines what your compliance team can defend, what your auditor will sign, and what your regulator will recognise. Alphaex Custody is built licensed-first under MiCA CASP application, with the same architectural standards a Tier-1 bank requires of any counterparty holding its clients' assets.

Custody Architecture

Three foundations under every wallet you fund.

Threshold signing, hardware-rooted keys, and segregated client infrastructure — solved at the architecture layer so policy and audit can run on top.

MPC threshold signing.

Private key material is distributed across independent parties using multi-party computation. Transactions require a 2-of-3 threshold to produce a valid signature. The complete key never exists as a whole — at any point, in any environment.

FIPS 140-2 Level 3 hardware.

Key shards live inside tamper-evident hardware security modules certified to FIPS 140-2 Level 3 — the same standard Tier-1 banks require. Geographically separated across data centres. Physical compromise of one location cannot yield a valid signature.

Per-client segregated wallets.

Every client receives a dedicated wallet structure, a named authoriser list, and a standalone audit log. No omnibus accounts. Each client's assets are identifiable on-chain and off-chain at all times — independently of every other client.

Custody is not where you put assets. Custody is what determines whether the institutional client can hold those assets at all — and whether the regulator, auditor, and board will recognise that they are held.

Alphaex · Custody Principle

MPC Threshold Signing

No single party can sign unilaterally.

Every withdrawal is a multi-party computation. Two of three named authorisers contribute their key share; the threshold protocol produces a valid signature without ever assembling the key. Compromise of any single authoriser, any single device, or any single data centre does not yield a signature. The architecture is mathematical — not procedural.

Request architecture brief

Per-Client Segregated Wallets

Every client, on its own balance sheet.

No omnibus accounts. No commingled pools. Each institutional client is provisioned with a dedicated wallet structure — independent on-chain addresses, a named authoriser list, and a standalone audit log. Client A's assets are identifiable and recoverable as Client A's assets at every layer: on-chain, in our records, in the regulator's view.

Request segregation model

Withdrawal Policies & Governance

Funds move only to where the policy says they can go.

Allow-list addresses. Time-locks on first transfers to new counterparties. Threshold approval among named authorisers. Sanctions screening before signature. The policy is configured during onboarding and version-controlled from that point — every approval, every transaction, every policy change is audit-logged with timestamp and authoriser identity.

Request policy template

Policy · cust_alpha-fund-92f v 3.1 · enforced

Threshold approvalNamed authorisers, 2-of-3 Required
Allow-list destinations14 approved addresses Active
Time-lock new counterpartyFirst transfer · 24h hold 24h Hold
Sanctions pre-screeningOFAC + EU + UK + FINTRAC 5 Lists
Per-tx ceilingAbove threshold · escalation €10,000,000
Daily withdrawal capPer 24h, per wallet €50,000,000

Audit Trail

Every event, every authoriser, every timestamp.

Every withdrawal, every policy change, every authoriser action, every sanctions hit is recorded in a tamper-evident audit log with a timestamp, a named authoriser identity, and an on-chain reference where applicable. The log is exportable in regulator-standard formats for MiCA filings, FINTRAC reporting, internal compliance review, and external audit.

Request audit export sample

Audit Trail · cust_alpha-fund-92f Live

2026-05-07 · 14:02:11 UTC Withdrawal cleared · 50 ETH → 0x4a8f…b291 Authorisers: A. Mendel · J. Soto · tx 0x9c2a…e811
2026-05-07 · 11:48:33 UTC Allow-list addition · 0x4a8f…b291 (24h time-lock active) Authoriser: J. Soto · CFO · v3.1 → v3.2
2026-05-07 · 09:14:02 UTC Sanctions screening pass · OFAC + EU + UK + FINTRAC + UN Counterparty: regulated EU bank · Chainalysis + Elliptic
2026-05-06 · 17:32:55 UTC Policy review checkpoint · quarterly Authoriser: A. Mendel · Treasurer · no changes

Custody & Compliance Stack

Custody inside a framework your compliance team will recognise.

Alphaex Digital Vault UAB operates under a MiCA CASP application filed with the Bank of Lithuania in April 2026. On licence grant, Alphaex holds automatic passporting rights across all 27 EU member states. The compliance stack is integrated, not bolted on — every component below is wired into the custody platform.

MiCA CASP Application	Bank of Lithuania	Filed April 2026
EU Passporting	27 Member States	On Licence Grant
FIPS 140-2 Level 3	Hardware HSMs	Active
AML / KYT Screening	Chainalysis + Elliptic	Active
KYC / KYB Platform	Sumsub + ComplyCube	Integrated
Travel Rule Compliance	GDPR & MiCA Article 68	In Implementation
Annual MiCA Audit	Bank of Lithuania requirement	Scheduled Q4 2026

Ready to move custody onto a regulated framework?

Alphaex is accepting institutional onboarding applications for Custody ahead of MiCA CASP licence grant in September 2026. Wallet structures are provisioned and governance policies configured during onboarding, so operations begin from Day 1 of grant.

Talk to our team

Institutional clients only. Subject to KYB review. Alphaex Digital Vault UAB · MiCA CASP Application Filed · Bank of Lithuania · April 2026.