Fortress Trust, a custodian operating in Nevada, was ordered to cease operations by state regulators on October 22nd. The regulatory action stemmed from the company’s insolvency, with approximately $200,000 in available cash unable to cover liabilities of $8 million in fiat currency and $4 million in cryptocurrency.
This shutdown marks the second significant failure of a Nevada-based trust company within a two-year period. Prime Trust entered receivership in June of 2023. Notably, both Fortress Trust and Prime Trust share a common founder.
These events are prompting exchanges, fintech companies, and investors to critically examine the actual location of customer assets and the regulatory structures in place to safeguard user funds from such collapses.
The Nevada Financial Institutions Division characterized Fortress’s financial standing as “unsafe and unsound.” They prohibited the company from accepting new deposits or transferring assets. The regulator noted Fortress’s inability to provide financial statements for the months of July through September, or even basic account reconciliations.
Fortress, after a vendor data breach in 2023 that resulted in losses ranging from $12 million to $15 million, rebranded itself as Elemental Financial Technologies. At the time of its closure, it served a client base exceeding 250,000 individuals and entities.
Ripple withdrew its offer to acquire Fortress shortly after the data breach came to light. The issues occurred under Nevada’s framework for retail trust companies, which mandates the segregation of customer funds. However, the recent enforcement actions highlight weaknesses in corporate governance and infrequent regulatory examinations.
Understanding Custody Charters and Segregation Rules
Digital assets in the U.S. are typically held by institutions operating under one of four regulatory frameworks: Nevada retail trusts, New York limited-purpose trusts and BitLicense custodians, Office of the Comptroller of the Currency (OCC) national trust banks, and Wyoming Special Purpose Depository Institutions (SPDIs).
Nevada Revised Statutes (NRS) Chapter 669 demands the segregation of trust funds and allows for omnibus titling if records adequately identify each beneficial owner. Examination frequency, described as “often as necessary,” has varied widely.
New York’s 2023 Department of Financial Services (DFS) custody guidelines emphasize treating customer assets as customer property. They forbid custodians from using these assets for anything other than secure safekeeping. Crucially, they require audit trails that reconcile omnibus wallets to individual customer accounts.
Sub-custody arrangements in New York require prior approval from the DFS. BitLicense holders are subject to frequent, risk-based examinations, funded by DFS assessments. This results in consistent regulatory oversight and high capital requirements that smaller firms may struggle to meet.
The OCC has asserted its authority over crypto custody through Interpretive Letters 1170 and 1179, applying fiduciary standards that mandate client-asset separation and robust operational controls.
National banks operate under examination cycles ranging from 12 to 18 months. The OCC’s 2022 consent order against Anchorage Digital, which was terminated in August 2025 after corrective actions, demonstrates that enforcement applies even to well-capitalized institutions.
Wyoming’s SPDI framework legally establishes bailment-based custody with strict asset segregation mandated in both statute and Chapter 19 regulations.
SPDIs must maintain either separate accounts or clearly designated omnibus accounts featuring ledger-level segregation. Sub-custody agreements require customer consent and explicit prohibition of commingling funds.
The tradeoff for Wyoming SPDIs lies in narrower operational permissions and more specific regulatory oversight, limiting rapid expansion.
Understanding Asset Locations in Crypto Custody
Customer funds pass through several layers: an exchange’s front-end ledger displaying balances, a legal custodian holding title or acting as a bailee, a sub-custodian or wallet infrastructure provider managing technical operations, and various wallet tiers.
Omnibus pooling, where multiple customers share a single blockchain address, can occur at both the legal-custody and infrastructure layers.
Regulators permit omnibus arrangements only when records meticulously track beneficial ownership. However, failures at any layer – such as lost private keys, inadequate reconciliation processes, or vendor data breaches – can negatively affect customers, even if the custodian’s overall balance sheet appears healthy.
DFS guidance and OCC handbooks require segregation across both accounting records and technical implementations, along with audit trails demonstrating proof of segregation for each claim.
Wyoming’s Chapter 19 mandates sub-custody agreements that explicitly forbid commingling, eliminating loopholes that allow technical issues to escalate into financial losses.
A market event on October 10th, prompted dYdX to temporarily suspend trading amid market volatility. This illustrates protocol-layer risk, as the Cosmos blockchain experienced a liquidation edge case, forcing the temporary halt.
Although trading resumed within 24 hours with funds secured, it underscored the fact that custody risk extends beyond legal ownership to encompass the entire infrastructure stack.
Key Enforcement Timeline
The OCC’s April 2022 consent order against Anchorage Digital focused on Bank Secrecy Act/Anti-Money Laundering (BSA/AML) deficiencies, demonstrating federal enforcement against even compliant institutions.
Termination of the order in August 2025, after remediation, represented a relatively rare instance of cooperative resolution. New York’s February 2023 action, ordering Paxos Trust to cease minting BUSD, showed that DFS policies impact product lines at state-chartered trusts, even those with sound custody practices.
Prime Trust’s July 2023 receivership marked the first major state-level failure. The Nevada FID issued a cease-and-desist order on June 21st, petitioned for receivership on June 26th, and the court appointed a receiver on July 18th after filings detailed wallet losses and unsafe operational conditions. Recovery efforts are ongoing through Prime Core’s 2025 bankruptcy proceedings.
Fortress’s 2023 data breach, which Ripple covered, foreshadowed the October 22nd shutdown. The Nevada FID found the company unable to meet its financial obligations or produce required financial documentation.
Maine’s 2024 consent order had previously restricted Fortress’s transmitter license and mandated audits, illustrating fragmented multi-state regulatory coordination.
Identifying Winners and Losers
Entities regulated by New York and the OCC stand to benefit because their regulatory frameworks prioritize operational discipline, preventing failures similar to the Nevada situation.
DFS custodians and OCC banks operate under strict regimes that include frequent examinations, mandatory asset segregation with audit trails, sub-custodian approvals, and supervision funded through assessments.
These rigorous requirements increase operational costs but also create significant barriers to entry, preventing competitors from participating without substantial investment. Wyoming’s SPDI framework offers robust segregation and sub-custody safeguards, but bespoke supervision limits the number that can scale quickly.
Nevada trust companies face reputational challenges. The occurrence of two failures in two years makes exchanges hesitant, especially in the absence of significant governance reforms and compliance attestations.
Platforms that relied on Prime Trust or Fortress are now facing lengthy asset-recovery timelines of months or even years, increased support costs, and potential litigation. At the same time, establishing new custody relationships requires intensive due diligence, which many Nevada firms cannot currently provide.
The result is a shift toward stronger regulatory oversight. Firms that can afford DFS or OCC regulation are moving in that direction. Others are exiting the custody business altogether, consolidating under larger parent companies, or accepting reduced access and higher service premiums.
A 90-Day Action Plan
Custody agreements typically forbid custodians from using client funds for anything other than safekeeping. This prohibits lending, rehypothecation, or pledging assets unless customers explicitly opt-in – something that retail platforms are unlikely to offer.
Automatic segregation clauses ensure that funds are separated on the books and throughout the infrastructure layer, with monthly reconciliations and attestations mapping addresses to owners.
Omnibus accounts remain permissible where legally allowed, but platforms are adopting DFS audit trails to demonstrate segregation, even when customers share addresses, albeit reducing operational efficiency.
Custody diversification is accelerating, as exchanges are contracting with at least two custodians and separating infrastructure providers from legal custodians, limiting the impact of a single failure.
This fragmentation increases coordination costs but also contains risk. Proof-of-Reserves (PoR) is evolving into comprehensive solvency disclosures that pair reserves with liabilities, although the Public Company Accounting Oversight Board (PCAOB) warns that PoR alone is “inherently limited” and does not constitute a full audit.
Platforms claiming solvency now require third-party attestations covering both sides of the balance sheet, with clearly disclosed scope and methodology.
Regulatory arbitrage is narrowing. Firms selecting lightly supervised charters to minimize costs are facing market pressure to upgrade to stricter regimes.
The result will be a landscape dominated by large platforms operating under New York or OCC supervision, and smaller platforms either exiting custody, partnering as sub-clients, or accepting reduced access.
Economic forces favor consolidation. The next 12 months are likely to witness mergers and acquisitions (M&A) or wind-downs among second-tier custodians unable to meet the rising baseline for regulatory rigor and capital requirements.
Nevada’s Fortress Trust shutdown has highlighted the vulnerabilities of lightly supervised custody models and is accelerating a shift toward fewer, larger, and more closely examined custodians operating under New York, OCC, or Wyoming regulatory frameworks.
Exchanges are facing critical decisions regarding diversification, segregation, and disclosure. Customers are confronting narrower choices, higher standards, but ultimately greater security.
The US crypto trust model is consolidating around firms that are better capitalized, more transparent, and subject to more intensive supervision. This increased oversight is commensurate with the systemic risk involved in holding billions of dollars in customer assets.