← All insights
Non-custodialSecurity

Non-Custodial Crypto Asset Management, Explained

Non-custodial crypto asset management explained: how restricted sub-accounts let a manager trade while you keep custody — and why it matters after FTX.

Packed Research 9 min read

Non-custodial crypto asset management means a manager runs strategies on your assets while those assets stay in your own exchange account. The manager has restricted, trade-only access and can never withdraw funds. It removes the counterparty risk behind collapses like FTX and Celsius — you keep custody, the manager only trades.

Who holds the keys is the most important question you can ask anyone offering to manage your crypto. In traditional finance, custody is a solved problem: regulated custodians, segregated accounts, decades of case law. In crypto, custody is still where most of the catastrophic losses happen. FTX customers lost at least $8 billion not because a strategy failed, but because the exchange could, and did, move their money.

This article explains what non-custodial crypto asset management is, how restricted sub-accounts and API permissions make it work, how it compares with custodial models, and what risks remain even when custody is off the table. It is written for holders evaluating a managed crypto account. If you are actively comparing managers, pair it with our guide on how to choose a crypto asset manager.

What is non-custodial crypto asset management?

Crypto asset management comes in two shapes.

In the custodial model, you transfer assets to the manager. You wire Bitcoin, Ethereum, or stablecoins like USDT into a pooled fund, a lending platform, or an exchange account the manager controls. From that moment, what you own is an IOU: a claim on the manager. Celsius depositors learned what that claim was worth in bankruptcy court, where they ranked as unsecured creditors.

In the non-custodial model, assets never leave an account you control. The manager receives narrowly restricted access: enough to execute trades, nothing more. They cannot withdraw funds, change your withdrawal address, or move a single coin off the venue. You can see every position in real time, and you can revoke access at any moment.

The distinction sounds technical, but it changes the entire risk profile of the relationship. A custodial manager’s limits rest on trust. A non-custodial manager’s limits are enforced by the exchange’s own systems.

This model goes by several names: non-custodial managed account, trade-only mandate, or “crypto without giving up custody.” It sits at one end of a spectrum of account structures; the middle ground (SMAs and pooled funds) is covered in our comparison of crypto SMA vs fund vs managed account.

How does a managed crypto account work without giving up custody?

The mechanics rest on two features that major derivatives and spot venues such as Deribit and Binance have supported for years: sub-accounts and granular API key permissions.

The setup takes four steps.

Step 1: You create a sub-account. Inside your own master exchange account, you open a segregated sub-account and fund it with the capital you want managed. The sub-account belongs to you. It inherits your identity, your verification, your withdrawal whitelist. The rest of your holdings, including anything in cold storage, never touch it.

Step 2: You issue a restricted API key. An API key is a machine credential that lets software act on an account. Exchanges let you scope what each key is allowed to do. A key can be granted trade rights (place and cancel orders) while being denied withdrawal rights (move funds out). These are separate checkboxes, enforced at the exchange level.

Step 3: The manager trades through that key, and nothing else. With a trade-only key, the manager’s systems can run the strategy: sell a covered call, roll a position, rebalance a grid. If the key tries to withdraw funds, transfer them to another account, or alter your security settings, the exchange rejects the request.

How a restricted sub-account works A managed sub-account sits inside the client's own exchange account. The manager connects through a trade-only API key, while the withdrawal path is blocked by the exchange itself. RESTRICTED SUB-ACCOUNT: HOW ACCESS IS SCOPED Your master account your keys, your 2FA, your whitelist Managed sub-account funded by you, owned by you Manager runs the strategy TRADE-ONLY API KEY WITHDRAWALS LOCKED Revoking the API key takes seconds and needs nobody's consent. Your funds never move.
The manager plugs into a sub-account inside your own exchange account through a trade-only API key. The withdrawal path is blocked at the exchange level, and you can revoke the key at any time.

Step 4: You watch, and you can pull the plug. Because the account is yours, you have full read access at all times: every order, every fill, every P&L line. If you want out, you revoke the API key in your exchange dashboard; it takes seconds and requires nobody’s consent. The manager is disconnected instantly; your funds haven’t moved.

Good operational hygiene adds further locks: withdrawal address whitelisting (funds can only ever exit to your pre-approved wallet), IP whitelisting on the API key (it only works from the manager’s declared servers), and two-factor authentication on the master account. Layered together, these controls mean the worst-case action a manager can take is to trade badly — never to take your money.

Custodial vs non-custodial: what’s the actual difference?

The table below compares the two models on the dimensions that decide outcomes when things go wrong.

Custodial (fund / platform)Non-custodial (managed account)
CustodyManager or platform holds the assets; you hold a claimYou hold the assets in your own exchange account
Withdrawal riskManager can move, lend, or lose funds; withdrawals can be frozenManager has no withdrawal rights; the exchange itself enforces the block
TransparencyPeriodic statements or NAV reports; you see what you’re shownReal-time, position-level visibility inside your own account
Counterparty riskFull exposure to the manager’s solvency and honestyManager insolvency doesn’t touch your assets; exposure shifts to the exchange
If the manager disappearsAssets may be stranded in bankruptcy; you queue as a creditorYou revoke one API key; funds were never in the manager’s hands
Custodial versus non-custodial flow Custodial flow: you wire funds to the manager's pooled account and end up holding an IOU. Non-custodial flow: funds stay in your own sub-account, the manager connects with a trade-only key, and access is revocable at any time. TWO MODELS OF MANAGED CRYPTO CUSTODIAL NON-CUSTODIAL You wire funds out assets leave your control Manager's pooled account commingled on their balance sheet You hold an IOU recovery runs through bankruptcy Funds stay in your sub-account inside your own exchange account Manager connects, trade-only no withdrawal rights, ever Revocable at any time one key, disconnected in seconds your coins become a claim your coins never move
In the custodial model your coins turn into a claim on someone else. In the non-custodial model they never leave your account, and the manager's access is revocable in seconds.

Withdrawal risk is where custodial losses actually happen: commingling, hidden lending, frozen withdrawals. And “if the manager disappears” is the stress test worth running before you sign anything. A vanished non-custodial manager costs you the minutes it takes to revoke a key; a vanished custodial manager can cost you years in bankruptcy court.

Why does custody matter after FTX and Celsius?

Because custody is what failed in the two largest crypto losses of the last cycle.

Celsius, July 2022. Celsius Network, a lending platform holding customer deposits and paying yield on them, froze all withdrawals on June 12, 2022, then filed for Chapter 11 bankruptcy on July 13, 2022 in the Southern District of New York. Court filings disclosed a roughly $1.2 billion hole in its balance sheet: about $5.5 billion in liabilities against $4.3 billion in assets, with roughly $4.7 billion owed to its own users, who ranked as unsecured creditors in the court docket.

FTX, November 2022. FTX, then one of the world’s largest exchanges, collapsed over ten days after questions surfaced about its affiliated trading firm, Alameda Research. It filed for Chapter 11 on November 11, 2022. The U.S. Department of Justice found that founder Sam Bankman-Fried had misappropriated at least $8 billion of customer funds; he was convicted of fraud in November 2023 and sentenced to 25 years in prison in March 2024.

The common thread: in both cases customers had transferred custody. Their assets sat on someone else’s balance sheet, and that someone used them. The strategies those firms ran had nothing to do with it; the counterparty took the deposits while markets kept trading.

The aftermath reshaped the industry’s expectations. Exchanges rushed to publish proof-of-reserves attestations. Regulators moved: the EU’s MiCA framework (Markets in Crypto-Assets, applying from December 2024) now imposes explicit segregation and safeguarding duties on crypto asset service providers. And sophisticated holders started asking the question this article answers: can someone manage my crypto without ever being able to take it?

They can. The infrastructure existed before FTX: sub-accounts, scoped API keys. What changed is that custody moved to the top of every due diligence checklist.

What can a non-custodial manager do — and what can’t they?

With a restricted, trade-only sub-account, a manager:

Can:

  • Place, modify, and cancel orders in the sub-account (spot, options, futures: selling covered calls or cash-secured puts on Deribit, for example)
  • Manage margin and collateral within the sub-account
  • Read balances and positions to run the strategy

Cannot:

  • Withdraw funds or transfer them to any other account
  • Change your withdrawal addresses, whitelist, or security settings
  • Touch your master account, other sub-accounts, or cold storage
  • Prevent you from watching every trade in real time or revoking access instantly

This asymmetry shapes incentives. A custodial manager risks reputation; you risk your entire deposit. In a non-custodial mandate, the manager’s only lever is performance, so the structure itself forces alignment.

Is crypto asset management safe? The risks that still exist

Non-custodial does not mean risk-free. Nothing in investing is, and any manager claiming otherwise is a red flag. Removing manager custody risk still leaves three real categories of risk on the table.

What non-custodial removes and what remains Non-custodial management removes manager counterparty risk. Three risks remain: exchange risk, strategy and market risk, and API key hygiene, each shown with its standard mitigation. NON-CUSTODIAL: REMOVED VS REMAINING Manager counterparty risk no withdrawal rights, enforced by the exchange, revocable by you REMOVED WHAT REMAINS HOW IT IS MANAGED Exchange risk the venue itself is now your counterparty Regulated venues with proof of reserves. Cold storage for everything else. Strategy and market risk drawdowns are always possible Explicit hedges and disclosed downside. A sober 20-25%/yr target, risks stated. API key hygiene a leaked key could still place bad orders IP whitelist, 2FA, no withdrawal rights. Revoke the key in seconds if needed.
Going non-custodial removes the manager counterparty risk that sank FTX and Celsius customers. Exchange, market, and key-hygiene risks remain, and each has a standard mitigation.

1. Exchange risk. Your assets still sit on an exchange, so the venue itself is now your main counterparty. If the exchange fails, is hacked, or freezes withdrawals, a non-custodial mandate doesn’t protect you. Mitigations: use established, regulated venues with published proof-of-reserves; keep long-term holdings that aren’t in the strategy in cold storage; treat the managed sub-account as working capital, not your whole stack.

2. Strategy and market risk. The manager can still lose money the ordinary way — through drawdowns. Options-income strategies earn premium in most conditions but face losses in violent moves; hedging reduces this risk without eliminating it. Judge a manager on realistic targets and disclosed downside. A sober target such as 20–25% annual yield with stated risks is credible; fixed double-digit “guaranteed” APY is how Celsius marketed itself.

3. API key hygiene. A trade-only key can’t steal funds, but a leaked key could place reckless orders. Standard controls close this gap: IP whitelisting so the key only works from known servers, immediate revocation rights, no withdrawal permission ever granted, and 2FA on the master account. Review key permissions periodically; it takes five minutes.

So, is crypto asset management safe? Safer than it was, provided you insist on the non-custodial structure and then diligence the remaining risks like an allocator: venue quality, strategy realism, operational discipline.

How does Packed Capital use this model?

Packed Capital is a non-custodial crypto asset management firm, and the structure described above is how every client relationship works. Assets stay in the client’s own exchange account; we connect through a restricted, trade-only sub-account and can never withdraw funds. Inside that account we run two rules-based, hedged options-income strategies. We have refined them since 2018 and traded them with our own capital before opening them to clients. The target is 20–25% a year, stated as a target with the risks spelled out. Onboarding (sub-account, API key, go-live) is laid out step by step in our how it works section.

You keep the keys. We run the strategy. HODL with benefits.

FAQ

What does non-custodial mean in crypto asset management? It means the manager never holds your assets. Funds stay in your own exchange account; the manager gets restricted, trade-only access through a sub-account and API key. They can execute the strategy but cannot withdraw, transfer, or freeze your funds, and you can revoke access at any time.

Can a non-custodial manager steal my crypto? No. The API key the manager uses has no withdrawal permission, and the exchange blocks any withdrawal request at the system level. Your whitelist means funds can only exit to your own addresses. The worst a manager can do is trade poorly, which is why strategy diligence still matters.

Is a managed crypto account the same as a crypto fund? No. In a fund you wire money into a pooled vehicle and hold units; the fund has custody. In a non-custodial managed account, assets never leave your own exchange account. See our SMA vs fund vs managed account comparison for the full breakdown.

What happens if the manager shuts down? You revoke one API key and your account is untouched; the funds were never in the manager’s hands. Compare that with custodial failures like FTX and Celsius, where customers became unsecured creditors in Chapter 11 and waited years for partial recoveries.

What risks remain with non-custodial management? Three main ones: exchange risk (the venue holding your account can fail or be hacked), strategy and market risk (drawdowns are always possible; hedging reduces but never eliminates them), and API key hygiene (scoped permissions, IP whitelisting, 2FA). Non-custodial removes manager counterparty risk; market risk stays with you.


Sources: U.S. Department of Justice — Bankman-Fried sentencing · CoinDesk — Celsius $1.2B balance-sheet hole · Celsius Chapter 11 court docket (Stretto)

Put your idle crypto to work
Non-custodial. Your keys, our strategy. Target 20–25% / yr.
Request access