Case Study: Building cryptographic control from day one: Blockrise and Securosys

Regulated custody is a commitment that begins long before a client opens an account. For Blockrise Capital B.V., a Bitcoin asset manager founded in Rotterdam in 2017 and regulated under the Markets in Crypto Assets Regulation (MiCAR), that commitment has always been expressed in its infrastructure choices. This case study, produced in partnership with Securosys, traces the development of Blockrise's cryptographic foundation from its first cloud-based deployment to a fully on-premises institutional environment.

The challenge: cryptographic control from the start

In 2018, Blockrise conducted a formal evaluation of Hardware Security Module (HSM) providers. An HSM is a dedicated physical device that generates and protects cryptographic keys, the private keys that control access to bitcoin on the blockchain. For a regulated custody operation, the security and integrity of those keys is not a technical preference. It is the foundation on which client trust is built.

Blockrise required a solution that offered granular access controls, quorum-based transaction approvals (meaning multiple authorised parties must agree before a transaction is executed), and time-based constraints. There was no legacy system to replace. The requirement was simply to build correctly from the outset.

The approach: cloud agility to institutional control

Blockrise selected Securosys CloudHSM ECO, enhanced with Smart Key Attributes, as its initial infrastructure. Smart Key Attributes allow complex authorisation rules to be enforced at the hardware level, not in software, where controls are more easily circumvented. The solution also supported mobile-based signing using the secure element chip in smartphones, providing operational flexibility without reducing security.

As Blockrise's client base and regulatory obligations grew, its infrastructure requirements matured accordingly. The decision was made to migrate from cloud-based HSM-as-a-service to a redundant on-premises CyberVault Pro cluster with Decanus Terminals, hosted across multiple secure data centres.

Securosys conducted a full dry-run of the migration prior to go-live and provided on-site training and consultancy at its Zurich headquarters, supporting Blockrise's team in hands-on management of the new environment.

The outcome

The live migration was completed with zero downtime and zero data loss. Cryptographic operations continued without interruption throughout. Blockrise retained full operational control at every stage of the transition.

Jasper Hu, CTO of Blockrise, noted: "Securosys gave us the flexibility and cryptographic control we needed from day one, without making any compromises on security. The transition from cloud to on-premises went seamlessly without any downtime, and the support of Securosys throughout this process has been exceptional."

A closing reflection

Infrastructure decisions are invisible to most clients. That does not make them less consequential. The choices a custody provider makes about key generation, access controls, and operational continuity are the choices that determine whether a custody commitment can actually be honoured.

Blockrise's approach has been consistent: build for compliance, operational control, and verifiability and revisit those decisions as scale demands. The migration from cloud to on-premises is not a story about a problem that needed fixing. It is a story about a standard being maintained.

This case study is a marketing communication. Blockrise Capital B.V. holds a MiCAR licence with number 41000029, issued by the Dutch Authority for the Financial Markets (AFM). Investing in bitcoin involves risk. Past performance is not indicative of future results. Copyright ©2026 Securosys SA. All rights reserved. Version CS-E01.

‍