FTX failed with an ~$8B shortfall and Mt. Gox failed with ~850,000 BTC missing. Both collapsed from outright defaults, with assets misappropriated or unaccounted for rather than lost to market movement.
Digital asset risk monitoring tracks whether a crypto exchange, custodian, lender, or stablecoin issuer can return client assets under stress, and surfaces deterioration early enough to adjust exposure before withdrawals freeze.
Agio Ratings has documented 25+ significant exchange and custodian defaults since 2014 finding consistent patterns. In most collapses, solvency becomes obvious to risk analysts only after withdrawals slow, spreads gap, or operations freeze. Proactive digital asset risk monitoring exists to surface deterioration early enough for institutions to change exposure.
What "Digital Asset Risk" Means in Institutional Terms
In institutional risk language, "digital asset risk" is mostly counterparty risk, and the core question is simple: can the venue meet withdrawals and return assets when conditions turn?
Crypto counterparties often operate without deposit insurance and certainly without central bank backstops. They can fail through insolvency (asset/liability mismatch, balance sheet leverage, hidden losses), fraud and governance breakdown, cyber incidents and key compromise, liquidity runs (solvent on paper, illiquid in practice), and correlated shocks from shared liquidity providers, shared token exposures, or shared funding.
Traditional counterparty frameworks assume quarterly audited financials, slow-moving deterioration, stable liability structures, and enforceable resolution regimes.
Crypto breaks those assumptions because evidence changes daily, some of it on-chain, some off-chain, and much of it easy to game.
The implication for risk teams is straightforward: periodic due diligence is necessary, but it is not sufficient.
How Common Risk Checks Fail
Proof-of-Reserves Is Not Credit Risk Monitoring
Proof-of-reserves is a point-in-time procedure that shows certain addresses held certain assets on a given date.
It does not verify liabilities, encumbrances, rehypothecation, off-chain obligations, or the ability to meet withdrawals under stress. The PCAOB has explicitly warned against relying on proof-of-reserves reports to conclude solvency. A snapshot can be accurate and still be irrelevant to next week's withdrawal capacity.
Brand, Volume, and "Tier-1" Labels Are Not Solvency Proxies
FTX was a top exchange by volume when it collapsed. Marketing, venture backing, and market share did not prevent a staggering loss.
Brand and volume are lagging indicators that measure attention rather than balance sheet resilience. Under stress, they can move in the wrong direction: volume can spike because users are rushing to exit.
The same dynamic plays out in TradFi. Silicon Valley Bank carried investment-grade ratings from legacy agencies as it failed in March 2023. The risks were visible in the balance sheet data. The models just could not keep pace.
Legacy Rating Agencies Don't Cover Crypto Counterparties
Moody's, S&P, and Fitch generally do not rate crypto exchanges or custodians. Their frameworks were built for corporate and sovereign debt issuers. Crypto counterparties rarely issue rated bonds.
Even where legacy ratings exist, the process lags fast deterioration. Update frequency and evidence selection determine whether ratings are useful for crypto counterparty risk, and crypto needs a higher-frequency evidence set and a faster decision loop.
What Institutional Investors Say They Actually Need
According to a December 2025 survey conducted by Crypto Insights Group and distributed by FactSet, fund managers identified CEX insolvency/hacks are the #1 risk, ahead of geopolitical, interest rates, and regulation risk.
These results have echo an December 2023 survey in which 64% of institutional participants were not satisfied with proof-of-reserves quality from most exchanges, and none were fully satisfied with the majority of exchanges' PoR submissions.
These are not abstract preferences. They reflect the distance between what firms need to manage exposure confidently and what the market currently provides.
The Minimum Bar for Institutional Digital Asset Risk Monitoring
A monitor that can be used in limit-setting, pricing, and governance needs three layers. Each answers a different question.
1. Forward-Looking Probability of Default (PD)
The first layer is a calibrated 12-month probability of default that updates as evidence changes.
PD is the bridge into institutional workflows. It feeds directly into expected loss (EL = PD × LGD × EAD), counterparty limits, venue selection and routing, risk-adjusted yield and pricing, and capital allocation and concentration controls.
A key nuance: bull markets do not automatically reduce default risk. Rising asset prices can increase reserves while also increasing volatility and operating leverage. Default risk can stay flat or rise during rallies. A monitor that assumes otherwise will misprice exposure precisely when firms are most confident they do not have a problem.
2. Real-Time Anomaly Detection
The second layer detects phase changes: statistical outliers in on-chain and off-chain behavior that often precede freezes, hacks, or runs.
The relevant signal is not large outflows in isolation but deviation from baseline behavior, evaluated in context and scored by severity. A monitor should be able to report what changed, how unusual it is (expressed as Z-scores or similar), whether the pattern resembles prior pre-default regimes, and whether the market is underreacting or overreacting.
The FTX example is worth examining directly. On September 28, 2022, FTX's on-chain balances jumped from approximately $4B to $8B overnight, driven entirely by FTT concentration. Agio Ratings’ anomaly detection flagged this as a 12 standard deviation event. That was 44 days before the bankruptcy filing, and more than five weeks before CZ's November 6 tweet that publicly accelerated the collapse. Firms with access to that signal had a genuine window to act.
3. Portfolio-Level Contagion and Correlation Modeling
The third layer models correlation and contagion. Defaults are not independent when counterparties share liquidity providers, token exposures (especially exchange tokens and concentrated collateral), funding relationships, or common macro shocks.
The 2022 crypto cycle showed this clearly. Voyager defaulted partly because it lent to Three Arrows Capital. Vauld and Celsius both collapsed following Luna's implosion because they shared exposure to the same shock rather than having direct relationships with each other.
Portfolio modeling converts single-name PDs into joint default probabilities, tail loss scenarios, CVaR and stress loss distributions, and concentration and contribution analysis. This layer reveals whether distributing exposure across five venues provides genuine diversification or masks correlated risk.
A simple example: in a five-counterparty portfolio with independent 1% PDs, the probability of two defaults is roughly 0.1%. Apply a 3x correlation multiplier where one default triples the remaining PDs, and that probability jumps to around 5%. The firms that sized exposure based on the independent assumption were underestimating tail risk by a factor of 50.
What Crypto Risk Monitoring Should Produce
Actionable outputs include daily PD per exchange, custodian, lender, and stablecoin issuer on a 12-month horizon; weekly and monthly trend and momentum data showing which counterparties are moving and by how much; alert regime state that distinguishes normal from anomalous with severity tiering; evidence traceability showing what variables moved and what drove the change; and portfolio loss distribution across expected loss, unexpected loss, and tail risk.
Scenario hooks are also necessary: what happens if venue A fails, and what happens to the rest of the portfolio when correlation spikes.
If an output cannot be mapped to a limit, a price, a governance decision, or an incident playbook, it is noise.
How Agio Ratings Implements Leading Risk Monitoring
Agio Ratings focuses on CeFi counterparty default risk across exchanges, custodians, lenders, and stablecoin issuers. Risk ratings spans 70+ entities, including 26 custodians and 45 centralized exchanges with daily probability of default updates.
Statistical Ratings: Daily, Calibrated 12-Month PD
Statistical Ratings provide daily-updated, calibrated 12-month PD forecasts.
Agio’s v3 model uses 17 explanatory variables selected from a dataset of 1,000+ on-chain and off-chain metrics per entity. It was trained on 2x more defaults than v2 and achieves an AuC of 0.77, up from 0.71. For context, the standard TradFi range for a well-performing credit model is 0.65 to 0.85.
The model is also cross-validated against observable market signals: approximately 85% R² with Coinbase equity price and approximately 80% R² with Coinbase bond yield credit spreads. If the PD model and the market are diverging, there is a reason to investigate which one is right. A recent example of this methodology in practice is the Q1 2026 custodian ranking by default risk. More on Statistical Ratings.
Anomaly Alerts: Near Real-Time Phase-Change Detection
Anomaly Alerts provide near real-time detection across 80+ entities, tiered by severity using statistical baselines. The system tracks three risk factors: on-chain balances, on-chain flows, and web traffic.
Alerts are tiered. After an alert fires, the system delivers hourly data updates for 24 hours across balance, total flows, netflows, and in/out flows.
The FTX foreshock remains the clearest demonstration of what the system does. The September 28 on-chain event, a 12 standard deviation anomaly, preceded the publicly recognized crisis by more than five weeks. Firms monitoring that signal had time to reduce exposure before the collapse became news. More on Anomaly Alerts.
Risk Simulator: Portfolio Loss Distributions with Contagion
Risk Simulator converts entity PDs into portfolio loss distributions using 1M+ Monte Carlo simulations. It models both direct default correlation (one counterparty failing because it was exposed to another) and indirect correlation (multiple counterparties failing because of the same external shock).
Users define their own exposure levels and correlation assumptions. Outputs include expected and unexpected loss, CVaR at 95%, 99%, and 99.9%, probability of losses exceeding a capital base, counterparty loss contributions, and risk-adjusted yields under correlation assumptions. More on Risk Simulator.
Stablecoin Credit Assessments
Agio also provides issuer-level credit ratings for stablecoin issuers. Circle has been rated A-equivalent while Tether has been rated BB+/B-. These ratings are inputs for firms that carry stablecoin exposure and need to price the issuer credit risk embedded in that carry.
How Institutions Use Digital Asset Risk Monitoring
Limit-setting and venue allocation. PD thresholds define maximum exposure bands. Trend triggers reduce limits early enough to precede a freeze. Top movers become a daily risk standup input rather than a post-incident review item.
Pricing and risk-adjusted yield. Expected loss becomes a spread hurdle. Venues with higher PD must compensate via fees, rebates, or yield. Stablecoin issuer risk becomes a measurable carry cost with explicit pricing.
Governance and auditability. The monitor provides documented rationale for custody choices, an evidence trail for risk committee review, and consistent methodology across venues that satisfies internal compliance and, increasingly, external regulators under frameworks like MiCA in Europe and the GENIUS Act in the US.
Incident response. Alert severity tiers map to playbooks: reduce exposure, pause deposits, increase monitoring cadence. Portfolio simulation quantifies second-order effects. If venue A fails, what happens to the rest of the book?
Wintermute, one of the largest crypto market makers, uses Agio for exactly this workflow. Alain Passini, Wintermute's Head of Risk, has noted that Agio "provides a clear, data-driven view of the probability of default for exchanges and other institutions, and their alerts deliver a valuable independent signal alongside our own monitoring by flagging anomalous transaction patterns."
FAQ
What is digital asset risk monitoring?Digital asset risk monitoring combines forward-looking probability of default estimates, anomaly detection, and portfolio-level contagion modeling to help institutions assess whether their crypto counterparties can return assets under stress and adjust exposure before withdrawals freeze.
Is proof-of-reserves enough for institutional monitoring?No. Proof-of-reserves is point-in-time and does not verify liabilities or solvency. The PCAOB has warned that proof-of-reserves reports are inherently limited and should not be treated as solvency assurance. A 2023 institutional study found zero respondents were fully satisfied with most exchanges' PoR submissions.
What should institutions monitor in digital asset markets?Institutions should monitor counterparty failure risk, including default probability, early warning anomalies, and portfolio-level correlation and contagion.
Why don't legacy rating agencies cover crypto counterparties?Their frameworks were built for corporate and sovereign debt issuers and typically require rated debt instruments. Crypto exchanges and custodians rarely issue rated bonds. The relevant evidence set is crypto-native and requires daily updates that legacy agency processes were not designed to support.
How does PD help set counterparty limits?A 12-month PD can be combined with LGD assumptions to estimate expected loss. Expected loss becomes an input for limits, pricing, and capital allocation. It also enables consistent comparison across venues that vary widely in size, geography, and business model.
How does contagion change counterparty risk management?Contagion means defaults are not independent because counterparties that share liquidity providers, token exposures, or funding relationships can fail together. Portfolio modeling estimates the probability of simultaneous failures and quantifies tail loss, which is why simple diversification across high-risk venues does not reduce correlated default exposure.
Does a bull market lower counterparty risk?Not automatically. Rising asset prices increase reserves but also increase volatility and operating leverage. Agio's models capture this tradeoff. Aggregate industry default risk can remain flat or rise during bull markets, a counterintuitive result that firms relying on price-as-proxy-for-safety tend to miss.
Digital asset risk monitoring is only useful if it changes exposure decisions before withdrawals freeze. The data to build that kind of early warning system exists. Get access today at: agioratings.io/demo
