The going mantra in crypto today is "institutions are coming." That could not be further from the truth. The degree of safety financial services require is far beyond what we in crypto can provide today.
The problem is that what institutions mean by safety is very different and goes far beyond what the cryptocurrency crowd understands the word to mean. It includes conventional digital security, but it also includes a reasonable ability to correct mistakes and retrieve stolen funds, as well as to share access with others and remain confident that such sharing won't lead to problems.
Here's an illustration of what it takes to achieve safety in crypto, at least in terms of digital security. This post lists all measures cryptocurrency users should take to stay secure. (Footnote: Read it and follow it to the letter!) To carry out the author's advice, one must spend many hours, and not just once, but every so often, to ensure that there is no avenue for the attacker to get in or that keys are not lost.
Crypto was started on the premise of financial sovereignty, a worthy goal, to say the least. Yet, when it comes to money, sovereignty is not what the majority of the population needs or wants. It wants safety and measured, predictable and low-risk income. That is what institutions want to provide to their customers, because ultimately the institutions don't benefit when their customers lose money for any reason whatsoever, including a lack of understanding or lack of education.
And then there is the simple fact that full control of funds means added incentives to kidnappings and physical attacks. When the extent of that problem becomes clear to the mainstream finance community (say, after a high-profile kidnapping of a cryptocurrency fund partner or two), whatever interest the institutions had in this asset class will disappear overnight.
Custodians purport to solve the problem, but more often than not, they merely hide it, while lulling their customers into a false sense of security. (For instance, the custody solution FireBlocks did not protect its customer from permanently losing keys to his blockchain wallet.)
Or, alternatively, custodians can remove the customer's prized financial sovereignty through added safeguards to access, and the consequent exposure to regulatory interference, and freeze customer's accounts much like banks do.
It is not necessary, however, for sovereignty to stand in stark opposition with safety. A viable compromise between safety and sovereignty is possible through a deep and nuanced examination of what people need, and through learning from the past and current mistakes. But as long as the cryptocurrency community is unwilling to compromise and blames users for their perceived lack of security savvy, there is no chance of mainstream adoption.
So, yes, institutions are coming, but they are only coming to learn from our mistakes, to adopt our ideas and to build their own blockchain systems that answer the exact set of requirements their customers have. These requirements will include the conventional understanding of customer safety and will reduce risks to all customers, even those unable to understand, let alone follow, a complex set of security procedures, or ensure military-grade physical security. These systems will leave crypto behind and will instead drive value into an entirely different generation of digital assets.
In order to drive mainstream financial organizations to crypto-asset networks, our approach to security has to change. It must necessarily include a safety net to prevent or at least reduce the likelihood of human error. We must stop accusing users of stupidity, and instead provide them with reliable tools that make it easy for them to prevent hacks and keep their keys safe, all without an in-depth understanding of digital security.
We must also build systems that actively remove incentives to physical attacks, for example through shared control of accounts. Either that, or as the novelty of crypto assets wears off, we will become irrelevant in the grand scheme of things.