How Secure Is the NOWPayments’ Custodial Solution?

NOWPayments’ Custody allows merchants to accumulate funds in their Personal Account and then withdraw them in a single transaction. This solution helps save a lot on network fees, but how secure is it? Many crypto users today are concerned about the security of funds stored in custody. Here, NOWPayments explains how we treat merchants’ crypto and why you can rest assured your funds are safe. 

What Is Crypto Custody? 

Custodial solutions in cryptocurrency are those where a centralized entity stores users’ funds. This means such an organization has the private keys from these coins, and this entity is the only one who has the technical means to send and receive crypto. Meanwhile the users legally own these funds and can operate them through the platform’s interface. 

Custodial solutions store a lion’s share of the total supply of cryptocurrency. Services based on the custody model include such behemoths as Binance and 

Benefits of custodial solutions 

The main perk of custody is that it simplifies the crypto user experience on all levels. This is why it has opened doors to crypto for ordinary users and institutional investors. 

  • In terms of security, individual crypto storage implies responsible key management. The loss of private keys means that the coins are lost forever. Custodial solutions remove this burden for users and allow them to restore access to crypto even if the secret phrase has been forgotten. 
  • In terms of user experience, custodians such as centralized exchanges enable some features that would otherwise be impossible. All trading operations go off-chain, which means users can exchange any assets from all kinds of blockchains in a fraction of a second – and free from network fees because no miners or stakers are involved. For experienced traders, centralized exchanges offer sophisticated tools that are absent on most decentralized platforms. 

Why Is Everyone Worried About Custodial Solutions? 

Centralized storage of funds has always been a concern among crypto enthusiasts. 

One of such concerns is related to hacks: if a custodian is attacked, users may lose their funds for reasons they cannot control. This problem was especially relevant at the dawn of the crypto market when custodial solutions were not protected enough. One of the most notorious cases happened to the Mt.Gox centralized exchange in 2011: the hacker decreased Bitcoin price down to 1 cent and sent 25,000 BTC to their addresses.

Today’s custodians are strongly protected in terms of cryptography, and hacks have become more common for decentralized protocols. However, there is now another major concern about custodial solutions: irresponsible management of funds that leads to their collapse and ultimately, loss of users’ funds. In 2022, a few major custodians failed in their attempts to maximize gains using customers’ money. Celsius Network lending platform and FTX crypto exchange are among those who leveraged high-risk investment protocols and collapsed within just a few days. 

How Does Crypto Custody Work? 

Crypto custody includes hot and cold storage of funds. 

Hot storage solutions are connected to the internet, and the coins can be actively used: to provide liquidity, stake crypto, or use it in third-party protocols to increase capital efficiency. Hot storage is prone to hacks and mismanagement of funds as discussed above. 

Cold solutions are definitely more secure – crypto is stored on devices disconnected from the internet. The money simply resides there and is not used anywhere. The platforms can’t use such funds as liquidity, but they are much better protected instead. 

Some custodians combine both methods for maximum security and efficiency of funds. Some also implement the Proof of Reserve technology – a type of an audit that proves the customer that their funds are fully stored on the platform. Clients have the means to independently verify the validity of the audit. 

Custody in NOWPayments 

Historically, NOWPayments has been a fully non-custodial service – the funds go from users to merchants’ wallets directly through our system. In this framework, we neither store your funds nor own private keys from them. 

The custodial flow significantly expands the range of NOWPayments use cases. Custody allows businesses to flexibly integrate our API and use it for more than just collecting payments. Online gaming platforms, marketplaces, and subscription services can create user accounts of buyers or players and customize the way they interact with the business. For instance, merchants can charge user operations with fees or enable billing (recurring payments made by users). 

On top of that, Custody facilitates making Mass Payouts – sending crypto to multiple recipients at a time. You can use those to pay salaries, affiliate rewards, freelance commissions, and rebates. NOWPayments doesn’t charge any service fees for making Mass Payouts: you only have to pay one network fee for the entire batch of transactions.

Finally, the custodial flow helps you save on network fees. Without Custody, the money is transferred from NOWPayments to your wallet automatically, but each transaction requires you to pay a network fee. In the custodial mode, funds accumulate on your NOWPayments balance, and you can withdraw all the earnings at once instead of paying for multiple transactions.

You can enable Custody right after registration: in your Personal Account, find the Custody section and whitelist your IP address. After you activate the Custody, all the money from your customers will start accumulating there. 

How Secure Is This? 

We strictly follow a set of rules to maximize the security of users’ funds.  

1. Cold storage 

All coins are stored in cold wallets and are not used in any market operations. Your money is never used for investment or as liquidity. This eliminates the FTX scenario: when crypto is not used in any trading strategies, the funds are free from mismanagement risks.  

NOWPayments Custody has been implemented in partnership with ChangeNOW – an instant exchange service that has helped over 1 million customers to swap crypto since 2017. Its fine reputation allows it to partner with major exchanges such as Binance and Huobi who provide liquidity to ChangeNOW.

2. Mandatory 2FA for withdrawals

NOWPayments Custody offers two layers of protection using two-factor authentication. Merchants can enable 2FA for logging in their Account if desired, and 2FA for all withdrawals from Custody are obligatory. Only verified transactions are processed. 

2FA for login can be enabled in Account Settings. You can choose to receive a code in your email or an authentication app (like Google Authenticator) whenever you are trying to log in.

2FA for Custody withdrawals is required no matter whether the login 2FA is enabled or not. When you create a withdrawal request, your Custody section of the Personal Account opens a field where you are asked to enter the 2FA code from your email or authentication app. If you’re making a Mass Payout, one code is enough to verify the whole batch of transactions. You have 10 attempts to enter the code. If the code is typed in incorrectly, the withdrawal is canceled.

If you find entering the 2FA code for each withdrawal too burdensome, you can accept the risk and write an official request to NOWPayments to disable the 2FA for withdrawals.

3. Withdrawals using whitelisted IP addresses and wallets only 

To enable the Custody feature, we will ask you to do the following: 

  • Whitelist your IP address. Your current IP will be displayed automatically, and you can also add others. 
  • Whitelist your wallets. Custody withdrawals can only be sent to specified wallet addresses. 

Even if potential attackers manage to access your profile, they will have to pass the withdrawal two-factor authentication, the IP check, and the wallet check to initiate a transaction.

4. Guaranteed reimbursement 

To enable Custody, merchants have to sign a contract that states: in case an emergency happens to NOWPayments and we lose the merchants’ funds, we are obliged to return all the money to the merchants. You can review the contract in the Custody section of the Personal Account.


NOWPayments Custody is secured in four ways: 

  1. Funds are locked on cold wallets only and are not used in any trading or investing activities. 
  2. All withdrawals are protected by mandatory two-factor authentication. 
  3. Withdrawals can only be initiated from whitelisted IP addresses and directed to whitelisted wallet addresses. 
  4. The funds are legally protected: NOWPaymens returns all the funds in the case of a money loss. 

If you have a question about the security of your funds in NOWPayments Custody, feel free to reach out to us at [email protected]. We are available 24/7.