On October 22, 2025, Nevada’s Financial Institutions Division issued a cease-and-desist order against Fortress Trust — now operating as Elemental Financial Technologies — declaring the crypto custodian insolvent. With only $1.3 million in actual assets against $12.3 million in customer obligations, the Fortress Trust collapse offers a textbook case study in custodian risk that every cryptocurrency user and institution should understand. This advanced tutorial walks through a comprehensive framework for evaluating custodian risk before trusting them with your assets.
The Objective
The goal of this tutorial is to equip experienced cryptocurrency users and institutional allocators with a systematic methodology for assessing the financial health, operational integrity, and regulatory compliance of crypto custodians. The Fortress Trust case provides a real-world reference point: the firm experienced a $15 million theft in 2023, announced an acquisition by Ripple that ultimately fell through, and continued operating despite a growing asset-liability gap that eventually rendered it insolvent. Understanding how these warning signs could have been identified earlier is essential for protecting assets in the future.
Prerequisites
This guide assumes familiarity with cryptocurrency custody concepts, including the distinction between custodial and self-custody solutions, basic financial statement analysis, and regulatory frameworks governing digital asset custodians. You should understand the difference between proof of reserves, attestation reports, and full audits, as well as the regulatory landscape in major jurisdictions including the United States, where state-level trust company charters create varying standards of oversight.
With Bitcoin at $107,688 and Ethereum at $3,808, the stakes of custodian selection have never been higher. A single percentage point of unsecured exposure can represent significant absolute losses.
Step-by-Step Walkthrough
Step 1: Regulatory Status Verification
Begin by confirming the custodian’s regulatory standing. Fortress Trust held a Nevada trust company charter, which placed it under the supervision of Nevada’s Financial Institutions Division. However, state-level oversight varies dramatically. Some states, like New York with its BitLicense framework, impose stringent capital requirements and regular examinations. Others maintain lighter supervisory regimes. Verify which specific regulatory body oversees the custodian and review any public enforcement actions, cease-and-desist orders, or consent decrees.
Step 2: Financial Health Assessment
Evaluate the custodian’s financial statements for signs of distress. In the Fortress Trust case, the asset-liability mismatch was stark: $1.3 million in actual custodial assets versus $12.3 million in customer obligations. This nearly ten-to-one gap indicated that the firm had been operating in a significantly undercollateralized state. Look for independent audits (not just attestations) of both the custodian’s corporate finances and its asset custody operations. The absence of regular, independent audits is a material red flag.
Step 3: Incident History Analysis
Fortress Trust experienced a $15 million theft in 2023. While a security incident alone does not disqualify a custodian, the response matters critically. Did the custodian fully reimburse affected users? Were the root causes identified and remediated? Was an independent security audit conducted afterward? In Fortress Trust’s case, the promised acquisition by Ripple — which would have covered the shortfall — ultimately fell through, leaving the asset gap unrepaired. Track whether remediation promises are actually fulfilled.
Step 4: Corporate Governance Review
Examine the custodian’s leadership and governance structure. Fortress Trust shared a founder — Scott Purcell — with Prime Trust, another trust company that was declared insolvent by Nevada regulators in June 2023 after losing access to a hardware wallet containing customer assets. Recurring leadership connections to failed financial institutions represent a significant governance risk. Research the professional histories of key executives and board members for patterns of regulatory issues or insolvency events.
Step 5: Proof of Reserves and Asset Verification
Demand regular, independent proof of reserves that verifies the custodian holds at least 100 percent of customer assets. Mere attestations — which are limited-scope reviews rather than comprehensive audits — provide weaker assurance. Look for custodians that publish Merkle tree-based proof of reserves allowing individual users to verify their specific balances are included in the total.
Troubleshooting
If you discover that your current custodian exhibits one or more of these risk factors, do not panic but do act decisively. Begin by transferring assets to a temporary self-custody solution — a hardware wallet or multi-signature setup — while you conduct a thorough evaluation of alternative custodians. Document any difficulties encountered during the withdrawal process, as restricted or delayed withdrawals are themselves red flags that should be reported to relevant regulatory authorities.
For institutional users with complex custody needs, consider a multi-custodian approach that distributes assets across several independent providers, limiting exposure to any single point of failure. This approach adds operational complexity but significantly reduces concentration risk.
Mastering the Skill
Custodian risk assessment is not a one-time exercise but an ongoing process. Set calendar reminders to review your custodian’s regulatory standing quarterly, subscribe to regulatory bulletins from relevant oversight bodies, and participate in industry forums where custodian performance and reliability are discussed. The cryptocurrency industry is evolving rapidly, and custodians that appear secure today may develop vulnerabilities tomorrow — as the Fortress Trust case demonstrates. Stay vigilant, demand transparency, and never assume that regulatory oversight alone guarantees the safety of your assets.
Disclaimer: This article is for educational purposes only and does not constitute financial or legal advice. Always conduct your own due diligence before selecting a cryptocurrency custodian.
Mass adoption is happening incrementally — people just don’t notice
Maria Garcia fortress trust had $1.3M in assets against $12.3M in obligations. anyone doing basic math on their proof of reserves would have caught that gap
The fundamental value proposition of crypto keeps getting stronger
Education is still the biggest barrier to mainstream adoption
Bear markets are for building — and builders are delivering
Interesting perspective — I hadn’t considered that angle before
the ripple acquisition falling through was the canary in the coal mine. when a deal collapses and nobody asks why, thats when you pull your funds
self custody is the only real solution. every custodian eventually faces the temptation to rehypothecate. not your keys not your coins exists for a reason