When someone buys a token, the most natural question in the world is: where is it kept? The answer surprises anyone coming from the physical world — and understanding it well is what separates safe use from risky use.
The wallet is the key, not the vault
A token isn't kept "inside" anywhere. As we saw in blockchain without the mystery, the record of who holds what lives in the shared ledger. What each person has is a wallet: a pair of cryptographic keys. The public part works like an address — the "name" that appears in the record. The private part works like a signature: only whoever has the private key can authorize a movement from that address.
The honest analogy isn't the vault; it's the checkbook: the money isn't in the checkbook; the checkbook is the instrument that lets you move what the bank records in your name. Losing the private key is like losing the ability to sign — the record is still there, but you can no longer move it.
What custody is
Custody is the professional safekeeping of those keys (and, by extension, of the assets they move). In traditional capital markets, nobody keeps their own shares at home: authorized institutions — custodians — do the safekeeping, with asset segregation (the client's asset doesn't mix with the institution's own holdings) and supervised controls.
In the token world, the same role exists: qualified custodians keep keys in specialized infrastructure, with recovery processes, access governance and legal accountability. For the institutional investor — and for any serious issuance — this layer answers the most important question of all: "if something goes wrong, who is accountable?".
The alternative, self-custody (keeping your own keys), gives total autonomy and total responsibility: there is no support line to recover a lost key. For regulated assets, the custodian design is the standard for a simple reason: operational risk concentrated in whoever is a professional at carrying it.
Permissioned wallets: control inside the token itself
In the assets this trail covers, there is a third element: a wallet must be approved before it can hold the asset. It's the permissioned design you saw in smart contracts: the investor goes through identity verification (the process known as KYC — know your customer), and their wallet enters the issuance's approved list, the whitelist.
The practical consequence: a transfer to a wallet outside the list does not execute. It isn't a prohibition in a manual — it's an impossibility in the record. For the issuer, this means knowing, at any moment, that every holder of the asset has passed the issuance's screening. For the investor, it means the asset doesn't "leak" into a parallel market with no rules.
The right questions to ask
If you ever evaluate a token operation, three questions separate serious design from improvisation:
- Who keeps the keys? A qualified custodian, with asset segregation, or "the platform", with no detail?
- What happens if the key is lost? Is there a recovery process with governance, or is the loss final?
- Who can receive the token? Any anonymous address, or only wallets approved through identity verification?
The next text in the trail goes down to the technical standard that implements this eligibility control: ERC-3643, the permissioned token standard. For the regulatory basis of the approval process, revisit KYC, AML and permissioned wallets.
Notice
Forward Factory is an infrastructure platform for asset tokenization and does not provide investment advice, recommendations or counseling. The solutions described here do not constitute a public offering of securities. When a token represents a security, it observes the corresponding regulation, and the structuring of issuances adopts know-your-customer and anti-money-laundering (KYC/AML) procedures. Any offerings observe the applicable regulation of the Brazilian Securities and Exchange Commission (CVM), including CVM Resolutions No. 88 and No. 175. Past performance is no guarantee of future results; investments involve risk.