As institutional capital enters crypto, SOC 2 has become the baseline language of trust—proving that operational controls are documented, tested, and auditable. But while it validates process integrity, it wasn’t built for blockchain-specific risks like validator uptime, key management, or on-chain resilience. The next evolution pairs SOC 2 with ISO 27001 for continuous risk governance and DORA for regulatory resilience, creating a layered assurance model fit for digital assets. Looking ahead, a “SOC 3.0” paradigm will merge continuous monitoring, cryptographic proofs, and real-time transparency—turning trust from a static audit into a living, verifiable standard for institutional crypto infrastructure.
For digital-asset infrastructure, trust isn’t built on slogans, it’s built on standards. Among those, SOC 2 has become the universal language of operational credibility between crypto-native firms and institutional finance. Originally developed by the American Institute of Certified Public Accountants (AICPA), SOC 2 (System and Organization Controls) reports evaluate how well a company protects data across five “Trust Services Criteria”: Security, Availability, Processing Integrity, Confidentiality, and Privacy.
For traditional finance, SOC 2 has long been the standard for assessing whether vendors operate with robust security and governance. In the digital-asset economy, it now plays a similar role: bridging Web2 assurance frameworks and Web3 infrastructure. When an institutional investor, custodian, or exchange asks whether a staking provider or node operator is SOC 2-certified, they aren’t just checking the boxes, they want to understand reliability, transparency, and the ability to prove control in an environment where capital never sleeps.
The reason this conversation matters now is that the assurance landscape for crypto infrastructure is changing fast. In Europe, the Digital Operational Resilience Act (DORA) will begin enforcement in 2025, requiring continuous monitoring, incident classification, and third-party risk management for all critical ICT providers. At the same time, staking and custody firms across the U.S. and Asia are pursuing SOC 2 Type II and ISO 27001 certifications to meet procurement standards set by institutional allocators and banks. Together, these shifts are raising the bar: compliance is the price of admission to serve institutional capital.
But realistically, SOC 2 alone can’t capture every crypto-specific risk; key management, validator uptime, or smart-contract exposure all remain. But SOC 2 establishes a shared vocabulary of trust that both TradFi and DeFi understand. The challenge ahead, and the opportunity, is to extend that framework into the unique realities of blockchain infrastructure, to make assurance as continuous, transparent, and composable as the systems it governs.
SOC 2 is often described as the “gold standard” for operational assurance, and in many ways, it is. The framework, governed by the American Institute of Certified Public Accountants (AICPA), focuses on how an organization designs and operates its internal controls across five Trust Services Criteria:
These pillars reflect the essentials of trust in modern infrastructure, whether in a data center, a SaaS platform, or a staking service. For crypto and digital asset operators, SOC 2 shows that the organization has implemented, documented, and maintained security and operational processes with the same rigor expected in traditional financial institutions.
There are two key forms of SOC 2 reports:
For institutional partners, the distinction matters. A Type II audit provides evidence not just of policy, but of consistent execution, something risk teams view as critical for ongoing relationships.
However, SOC 2 has a well-defined boundary: it tests control integrity, not resilience or industry-specific adequacy. Organizations define their own controls, and auditors assess whether those controls exist and function as described, not whether they meet a universal security baseline. For example:
This is why SOC 2 is best understood as an attestation of operational maturity, not a certification of invulnerability. It provides essential assurance that controls are in place and working, the minimum entry requirement for institutional trust, but it stops short of enforcing resilience, continuity, or sector-specific standards.
For that reason, leading firms layer SOC 2 alongside frameworks such as ISO 27001, which prescribes a full Information Security Management System (ISMS), and DORA, the EU’s new Digital Operational Resilience Act, which mandates continuous incident reporting, stress testing, and third-party risk oversight for financial entities. Together, these frameworks cover what SOC 2 starts: SOC 2 establishes trust in process, ISO 27001 embeds continuous improvement, and DORA enforces regulatory resilience.
In short:
SOC 2 is the starting line for institutional trust. To turn attestation into resilience, firms pair SOC 2 with ISO 27001 and, in the EU, DORA
In traditional finance, governance frameworks tend to overlap, one defines how you manage risk, another defines what you must protect, and another defines how resilient you must be. In crypto infrastructure, that overlap is starting to take the same form. SOC 2, ISO 27001, and the EU’s Digital Operational Resilience Act (DORA) each play distinct but complementary roles in building institutional-grade security and assurance.
SOC 2 is fundamentally about trust through documentation and execution. It validates that an organization’s internal controls exist, are logically designed, and operate effectively over time. This is why it’s often the first certification sought by digital-asset custodians, staking operators, and exchange infrastructure providers entering institutional partnerships. SOC 2 is non-prescriptive, it doesn’t tell firms which encryption method to use or how to design access control, but it ensures that whatever control framework the company adopts is consistently applied and auditable.
Where SOC 2 stops at control attestation, ISO 27001 begins with systemic governance. Developed by the International Organization for Standardization, ISO 27001 defines a comprehensive Information Security Management System (ISMS), a living framework for assessing, mitigating, and improving security risks across people, processes, and technology. Unlike SOC 2’s periodic audits, ISO 27001 requires ongoing risk assessments, internal audits, and management reviews, embedding security into continuous operations. For institutions, this makes it the global benchmark for “security maturity.”
For crypto firms, particularly those offering infrastructure to regulated banks or funds, ISO 27001 complements SOC 2 by providing:
In practice, many institutions view SOC 2 + ISO 27001 as the combined standard for enterprise-grade crypto infrastructure: SOC 2 gives assurance to auditors and clients; ISO 27001 satisfies risk and compliance teams.
The Digital Operational Resilience Act (DORA), which will take effect across the EU in January 2025, represents the regulatory evolution of these voluntary frameworks. DORA explicitly targets financial entities and their critical ICT providers, imposing mandatory standards for:
Unlike SOC 2 or ISO 27001, DORA is law, not guidance, and its scope extends to critical service providers to regulated institutions. This means staking infrastructure companies, custodians, or blockchain node operators that serve EU-regulated banks may be classified as “critical ICT third parties,” bringing them under direct oversight by the European Supervisory Authorities (ESAs).
In other words:
SOC 2 earns trust.
ISO 27001 builds resilience.
DORA enforces both — under regulatory supervision.
For infrastructure providers like Chorus One, these frameworks work as a progression: SOC 2 establishes procedural trust, ISO 27001 embeds operational discipline, and DORA ensures resilience meets regulatory thresholds. Together, they create a compliance and assurance fabric that speaks both institutional and decentralized languages; aligning crypto infrastructure with the governance rigor expected in modern finance.
SOC 2 has become the passport for trust in digital-asset infrastructure, but it’s only the first chapter in what assurance must become for a 24/7, on-chain economy. The next phase will demand something closer to a “SOC 3.0” standard: one that integrates continuous monitoring, cryptographic verification, and regulatory transparency in real time.
Traditional SOC 2 audits are retrospective snapshots: a look back over six or twelve months to confirm that controls operated as designed. But blockchain infrastructure operates in real time, where validator uptime, MEV execution, or slashing incidents can occur in seconds.
Future assurance models will need to move from static attestations to continuous validation, using telemetry feeds, automated incident reporting, and live dashboards that update an organization’s control status dynamically. This shift mirrors the evolution of DORA’s continuous-resilience mandate and will ultimately bridge compliance with operational reality.
The next generation of assurance will combine conventional audits with on-chain verifiability. Concepts such as Proof-of-Control audits, cryptographic demonstrations that an entity controls validator keys or custody wallets without exposing them, and real-time attestations of uptime, governance participation, and key-management events could make trust both provable and programmable. In this “SOC 3.0” paradigm, auditors can verify it on-chain, linking SOC-style attestations to blockchain-based proofs that anyone can independently confirm.
For regulated institutions, this convergence will make frameworks like SOC 2, ISO 27001, and DORA interoperable.
For staking providers and validators, the benefits go beyond compliance. Real-time proof of validator performance, custody control, and incident transparency can enhance reputation, attract institutional delegations, and even feed into insurance underwriting and risk-weighted capital models.
That’s the future of assurance for crypto infrastructure: a living standard that blends the rigor of traditional compliance with the verifiability of blockchain itself. The path from SOC 2 to some new SOC 3.0 will be about designing trust that updates in real time.
For many years, corporate treasury strategies were very predictable: cash, bonds, and money market instruments. But the world shifted in 2020 when MicroStrategy made waves by placing Bitcoin squarely on its balance sheet as an offensive strategy. Now, with Bitcoin now firmly established in many corporate reserves, a new paradigm is emerging: companies are embracing proof-of-stake assets, starting with Ethereum, to earn yield while staking. This marks a critical shift in how companies think about treasury management in the digital age.
MicroStrategy led the charge in August 2020 with an initial $250 million BTC purchase, framing Bitcoin as a strategic hedge against inflation and depreciation. By late 2024, MicroStrategy had amassed over 423,650 BTC, now valued at $42 billion, making it the largest corporate BTC holder. Corporate Bitcoin accumulation has spread rapidly: 61 public firms now hold more than 3.2% of total BTC supply with companies such as Tesla, GameStop, Riot Platforms, and Twenty One Capital all including Bitcoin in their treasuries. By mid 2025, private and public entities reportedly held more than 847,000 BTC.
As BTC led the digital treasury charge, Ethereum emerged as a compelling next step, offering staked yield plus utility via smart contracts.
These moves reflect a broader cell-level strategy: shifting from purely speculative assets to productive assets that deliver yield while supporting growing digital ecosystems.
Institutional custodial and infrastructure support has become the bedrock of credible crypto treasury strategies. Major players like Coinbase Custody, Anchorage Digital, Fireblocks, and BitGo now offer enterprise-grade custody and staking services tailored to institutional clients. For example, BitGo provides multisignature cold storage and staking support across numerous networks, managing approximately one‑fifth of on‑chain Bitcoin transactions by value. Anchorage Digital, a federally chartered crypto bank, and Fireblocks, recently approved by New York regulators, are now integrated into services like 21Shares’ spot BTC and ETH ETFs alongside Coinbase, further reinforcing industry-grade security and operational compliance. On top of custody, Validator-as-a-Service (VaaS) providers, including Chorus One, Figment, and Kiln, deliver staking infrastructure with service-level guarantees, compliance tooling, and risk mitigation capabilities to allow corporations to operate node infrastructure or delegate responsibly without needing internal DevOps teams, preserving security while capturing staking yields.
Regulatory clarity is also catching up. The IRS issued Revenue Ruling 2023‑14 on July 31, 2023, confirming that staking rewards are taxed as ordinary income once received by cash-method taxpayers under Section 61(a). Complementing this, the SEC has signaled openness to compliant staking frameworks as custodians partner with spot ETF issuers, reinforcing governance and audit controls. Looking ahead, the proposed Digital Asset Market Clarity Act of 2025 (CLARITY Act) would further strengthen this landscape by formally demarcating regulatory jurisdictions: assigning digital commodities such as ETH and SOL to the Commodity Futures Trading Commission (CFTC) while affirming the SEC’s oversight of securities. It would also clarify that mature, protocol-native tokens and DeFi protocols are not investment contracts and further supports institutional use of on‑chain strategies, but also promises to unlock structured layers like restaking, vaults, and LST integrations while preserving board-level governance, audit trails, and operational transparency.
Producing real returns while signaling innovation, staking ETH and SOL offers public companies an attractive alternative to low-yield corporate cash or stablecoin reserves. Profitable yields of 3–7% APY are now accessible through institutional staking platforms, easily outperforming many fixed-income rates. Holding programmable assets also facilitates strategic optionality, enabling treasurers to engage with DeFi use cases, tokenize balances, or even pilot vendor fee settlements with smart contracts.
Beyond financial results, corporate treasury adoption of productive crypto signals clear differentiation to investors. A leading example is SharpLink Gaming, which converted a significant portion of its capital into Ethereum and staked over 95% of it. The firm credits this strategic shift, and the appointment of Ethereum co-founder Joseph Lubin to its board, for signaling innovation and advancing its market positioning.
Looking Ahead
The evolution of corporate crypto treasuries is unfolding in clearly defined phases, each building upon the last in sophistication and capital efficiency. The first phase, Bitcoin pioneering, emphasized symbolic value and digital gold positioning. This was followed by the productive digital assets phase, where firms began to allocate into Ethereum (ETH) and Solana (SOL), not just for exposure but also for the ability to earn staking rewards, thereby generating yield from idle capital. And now, we are entering the multi-layer yield phase, in which forward-looking treasuries are layering on liquid staking, restaking protocols, and decentralized finance (DeFi) integrations to unlock additional yield and liquidity while retaining principal exposure. As regulatory frameworks solidify and infrastructure scales, expect more corporate treasurers to move from storing value to building yield-generating digital treasury architectures.
Institutional crypto treasuries are entering a new phase. In the first wave, treasurers allocated to Bitcoin and Ethereum, focusing on long-term exposure and basic staking yields. But as on-chain infrastructure matures and liquid staking protocols like Lido and EigenLayer gain traction, a new strategy is emerging: yield stacking. By combining liquid staking tokens (LSTs), restaking mechanisms, and DeFi services, treasuries can now layer multiple sources of yield on top of the same principal, without giving up custody, transparency, or compliance controls. Treasuries that can generate 3–5% from vanilla savings and staking, can now see 6–10% using enterprise-grade tools and increasingly permissioned crypto vaults. This is Treasury 3.0: dynamic, composable, and built for capital efficiency.
The blink-and-you- will-miss- it era of single-layer staking, locking ETH or SOL for basic yield, is already giving way to yield stacking strategies that enhance capital efficiency without compromising security. Traditional staking is a great foundation, delivering around 3–5% APY on assets like Ethereum and Solana. Adding liquid staking, using tokens such as stETH or mSOL, which grant liquidity and composability for use across DeFi protocols, add another 3+%. For example, Lido’s stETH, for instance, currently yields 2.7-3.3% APY on secured ETH while enabling seamless DeFi integration across 90+ platforms. Next comes restaking, via platforms like EigenLayer, which allows existing staked (or liquid-staked) ETH to secure additional protocols, adding an extra ~.50% yield while leveraging Ethereum’s security layer. Each layer compounds yield while keeping treasuries in control via custodied wrappers, making this tactical approach highly compelling for sophisticated institutional finance teams.
Imagine a treasury that layers multiple yield strategies on the same ETH base—for example:
Stacking these rewards represents a 2x+ improvement over traditional savings or T-bill yields (~3% APY), without relinquishing principal or legacy custody frameworks. Whether a treasury opts for a conservative single-stack or a progressive full-stack deployment, the efficiency gain is clear, and easily trackable with the right tooling.
What once required bespoke tooling and manual tracking is now becoming enterprise-ready. Institutional-grade infrastructure is rapidly evolving to support yield-stacking strategies through familiar custody, validator, and reporting partners. Custodians like Coinbase Custody, Anchorage Digital, and BitGo now support liquid staking tokens (LSTs) and restaking flows, enabling treasuries to layer yield without compromising asset security. On the validator side, providers such as Chorus One, Kiln, Figment, and Renzo offer restaking and AVS onboarding services with built-in compliance and risk frameworks. And tools like Chorus One’s Rewards Reporting complete the stack by offering audit-ready reporting, wallet-level attribution, and easily exportable formats to satisfy both finance and ops teams. The combination of performance, visibility, and enterprise integration is what transforms this from a crypto-native idea into a finance-grade treasury solution.
While the opportunity is clear, executing a Treasury 3.0 strategy requires thoughtful navigation of regulatory, technical, and organizational complexity. Tax guidance remains underdeveloped, especially around restaking and liquid staking tokens (LSTs). For example, the IRS has clarified that staking rewards are taxed as ordinary income upon receipt (Rev. Rul. 2023‑14), but has yet to issue formal treatment of restaking flows or derivative tokens like stETH and LRTs. Meanwhile, Europe’s DAC8 and proposed U.S. legislation like the CLARITY Act could introduce new disclosure and compliance obligations for multi-layer yield strategies. On the operational front, risks include smart contract vulnerabilities in vaults or restaking modules, as well as composability fragility, where issues in one protocol layer (e.g., an LST depeg) could cascade through a treasury stack. To handle these requirements, institutions must update investment policies, establish clear escalation protocols, and ensure cross-functional coordination between finance, legal, and technical teams. But these are small obligations in comparison to the power of a Treasury 3.0 yield stacking strategy.
The next evolution of treasury management isn’t a future concept, it’s already unfolding across the on-chain economy. Treasury 3.0 strategies harness staking, restaking, and DeFi layers to unlock meaningful, compoundable returns which significantly outperform traditional finance tools while preserving custody, compliance, and control. With infrastructure and reporting tools maturing, these strategies are now auditable and enterprise-ready. For forward-looking finance teams, the question is no longer if to adopt these strategies, but how to operationalize them responsibly. Institutions that act now will not only drive stronger yield, they'll define the governance, compliance, and capital efficiency standards of the new digital economy.
The U.S. crypto ETF landscape is undergoing a transformative shift. The recent approval (or more accurately, no disapproval) of the REX-Osprey™ SOL + Staking ETF (ticker: SSK) marks a significant milestone, offering investors exposure to Solana (SOL) while earning yield through on-chain staking. This development signals a broader trend: the integration of staking rewards into regulated investment vehicles.
This is already a gigantic shift in SEC policy and enforcement. But what comes next? Emerging technologies like Distributed Validator Technology (DVT) and restaking protocols introduce new layers of yield that should be integrated into these traditional ETF structures. This article explores the current state of crypto ETFs, the implications of these innovations, and the regulatory considerations that lie ahead.
As we discussed previously, the launch of the REX-Osprey™ SOL + Staking ETF represents a pioneering approach to integrating staking rewards into an ETF structure. By utilizing a C-corporation that owns a Cayman-based subsidiary, the fund acquires and stakes SOL tokens, providing investors with staking yields within a regulated framework .
This structure offers a workaround to the traditional '33 Act spot ETF route, enabling faster market entry. However, it also introduces tax inefficiencies, as C-corporations are subject to corporate tax, potentially reducing the staking rewards passed on to shareholders.
As the crypto market matures, investors are increasingly looking beyond Bitcoin and Ethereum to altcoins that offer higher staking yields. However, integrating these assets into ETFs presents several challenges:
Emerging technologies like Distributed Validator Technology (DVT) and restaking protocols offer promising ways for enhancing staking yields and network security. However, they also introduce complexities that challenge traditional ETF structures.
Distributed Validator Technology (DVT):
DVT allows multiple nodes to collaboratively operate a single validator, enhancing decentralization and fault tolerance. Projects like Obol Network and SSV Network are at the forefront of this innovation.
Benefits:
Challenges:
Restaking Protocols:
Restaking allows staked assets to be used to secure additional networks or services, effectively layering staking rewards.EigenLayer is a prominent example of this approach .
Benefits:
Challenges:
The integration of advanced staking mechanisms into ETFs necessitates a clear regulatory framework. The CLARITY Act of 2025 aims to provide such a framework by delineating the responsibilities of the SEC and CFTC over digital assets.
Additionally, the IRS's Revenue Ruling 2023-14 clarifies that staking rewards are taxable when the taxpayer gains dominion and control over them. However, the application of this ruling to complex staking arrangements involving DVT and restaking remains uncertain.
ETF issuers must navigate these regulatory complexities to ensure compliance while offering innovative products that meet investor demand.
The evolution of staking ETFs represents a significant advancement in the integration of decentralized finance into traditional investment vehicles. While technologies like DVT and restaking offer enhanced yields and network security, they also introduce complexities that must be carefully managed.
As the regulatory landscape continues to evolve, collaboration among ETF issuers, technology providers, and regulators will be crucial in developing products that balance innovation with compliance.
Last week, SwissBorg lost $41 million worth of SOL, due to a suspected compromise in its integration with their staking provider, Kiln. On-chain, staking on Solana is fundamentally low-risk. It’s non-custodial, and there is no slashing on Solana. When you delegate tokens to a validator, you remain in full control of those tokens. A validator cannot spend, lock, or destroy delegated tokens. At worst, if a validator stops validating, the delegator simply stops earning rewards. So how could a compromise lead to a loss of 193K SOL?
The answer lies in the difference between security-by-assumption and security-by-design. Traditional finance relies on trust and legal enforcement. In crypto, we rely on cryptography. We build systems that are secure by construction, rather than by assumption. We build systems that don’t have the ability to lose funds, rather than a mere legal obligation not to. Transaction crafting APIs go against these principles, and introduce unnecessary risk. Risk that, as the incident shows, is not negligible.
At Chorus One, we offer an SDK to help with transaction crafting, but we have never built a transaction crafting API, because such an API is fundamentally a security hazard. It’s a dangerous primitive that should not exist. We provide the tools to simplify staking, and we help our customers build their integration in ways that are secure by design, and which mitigate attack vectors that can result in a loss of funds, even in case of a breach. In today’s computing landscape, compromises are a matter of when, not if. For a system to be secure, it’s not enough to try and prevent a breach. A secure system takes the possibility of a breach seriously, and takes measures to limit the blast radius when a breach inevitably happens. A secure system employs defense in depth: a layered approach to security, so that a breach of a single layer is not fatal to the entire system. And most of all, a secure system minimizes attack surface. The only API call that can’t be compromised, is one that does not exist.
In this post we’ll clarify the technical details of staking transactions on Solana, and the security implications of the different ways of constructing them.
To stake on Solana, you have to craft a staking transaction, sign it, and broadcast it to the Solana network through an RPC node. As part of this staking transaction, you choose which validator to delegate to, and how much to delegate. The Solana network will process that transaction, and from that point on, you’re staking. If the validator that you delegated to performs its duties, the network automatically distributes staking rewards to your account.
Unstaking is a two-step process. First, you send a stake deactivate transaction to signal your intent to stop staking. After the network processes this transaction, it takes time for the stake to become inactive. As soon as the stake is inactive, you can send a stake withdraw transaction to make the SOL liquid again.
Staking transactions are a core part of Solana, and they work the same regardless of the validator that you want to stake with. Just as the amount to stake is a parameter in the transaction, the validator to delegate to is a parameter. Supporting delegation to one validator is no more difficult than supporting delegation to another, and different staking providers in principle do not need different integrations.
At a low level, a staking transaction is a small piece of data. We need to encode the parameters, ( e.g. which validator to stake to and amount of SOL to delegate,) into a binary format. Because stake transactions are fairly simple, writing code that generates the correct bytes is not too difficult for a developer familiar with Solana, and it’s possible to understand and verify the meaning of every byte in the encoded data. Still, it requires a few steps to prepare the data in the correct format, so the developers of the Solana blockchain offer a library that can do this in a single step. Application developers can embed that library into their application, and as a result, they can support Solana staking with less effort.
Adopting a library creates risk: by calling a library, a developer is now leveraging third-party code to craft a staking transaction, but how does that developer know that the third-party code is behaving as expected and not, say, crafting a transfer transaction that sends all their users’ funds to an attacker’s wallet? Fortunately, Solana’s libraries are open source. Developers can read the source code, and observe for themselves that there is nothing fishy going on. When Solana developers include exactly that code into our application, the system is secure.
To support staking on Solana, in principle you don’t need to integrate with a staking provider at all. If you can craft staking transactions, you’re good to go, and crafting staking transactions is easy. Still, there are reasons to integrate more deeply with a staking provider, such as tracking delegations for the purpose of rewards reporting. Such features do not need to interact directly with transaction crafting, and when implemented correctly, do not compromise the security of the system.
A different reason to go with vendor-specific integrations is uniformity. The Solana developers offer a library for transaction crafting on Solana, the Aptos developers offer one for Aptos, etc. Integrating any single chain is not too complex, but supporting 30+ chains, and a multitude of ways to sign (software wallets, hardware wallets, multisigs, custodians, etc.) … it adds up.
At Chorus One we understand this struggle, and that’s why we built the Chorus One SDK that bundles everything in a single place, behind a consistent interface. While some domain knowledge will always be needed to integrate a chain — different blockchains are just that different! — our SDK helps developers kick-start their integrations.
Our SDK is a layer on top of the official libraries offered by the chains we support. As with any decision to adopt a library, introducing an additional layer introduces risk. There is more code, more parties involved, and in general more moving pieces with room for error. To mitigate this risk, our SDK is open source. Anybody can see what it’s doing, and confirm that nothing fishy is going on. Still, every new layer brings at least some minuscule amount of risk, so we allow our customers to make this trade-off for themselves. Our SDK is there to help institutions integrate staking faster, with less effort, but for those unable or unwilling to introduce additional third-party code, it is always possible to use the underlying libraries directly.
There are multiple ways for an application to integrate functionality provided by a third party. Two popular ones are the SDK, where the third party provides a library of code to include into the application, and the REST API, where the application connects over the Internet to somebody else’s computer, to ask it to perform some task.
With our SDK, you embed our code directly into your application. Because the code runs as part of your application, this means that it continues to work regardless of what happens to Chorus One. If we disappeared tomorrow, our validator may stop validating, and we would not release new versions of the SDK, but you would still be able to craft unstake transactions. A library-based integration is also great for uptime: there is nothing that can go down, it’s 100% reliable by construction. It’s also great for security: you know exactly what code will run. You can read it and verify what it does, and you can be sure that it doesn’t change under your feet.
In practice, most developers don’t read the code of the libraries they use in detail. For even a modestly complex application, this would be utterly infeasible for a single person. Even in crypto, software is to some extent built on trust. For transaction crafting however, because it’s such a critical component, and because it’s not that complex, it is feasible to verify the full source code, and we would recommend any integration partner to do that. With our SDK the choice is yours: trust, or trust but verify. Once you’ve verified, you can be confident that your system is secure even going forward, because you control when you update your code.
Contrast this with an API. With an API, you make a request to a third party, who then runs code to compute a response. From a reliability standpoint alone, this introduces a critical dependency on the third party. If their API is offline, your application stops working. From a security perspective, it introduces an even more critical dependency. You get to see the response to your request, but not the code that computed it. If you ask a transaction crafting API “please give me a staking transaction”, how do you know that the response is really a staking transaction, and not a transaction that steals your funds? One way of verifying that would be to decode the transaction, but that’s as complex as crafting one in the first place. Making an API call and then verifying the result at best creates additional work, and in the worst case introduces reliability problems. For something as critical as transaction crafting, not verifying is not an option. It would be reckless to blindly trust a third party. Note that it’s not enough to verify once. You need to write code that verifies every response. This is because the API is not under your control. The third party can change it at any time. Your application can start misbehaving even when you made no changes to it. And as the potential breach of Kiln’s API painfully demonstrated, a third party API can even start returning malicious responses.
APIs do have their place. We need APIs, for example to submit transactions to the blockchain. An API does mean introducing a third party, and we have to carefully consider how that affects the security of the system. For something as critical as transaction crafting, blindly trusting an API is not only reckless, it is also completely unnecessary. That’s why we offer the Chorus One SDK as a library, rather than an API.
To learn more about Chorus One’s SDK, access our docs or reach out for a demo.
As corporate treasury strategies evolve beyond Bitcoin, a new era is emerging, where crypto assets are not only held but put to work. In our previous piece, Treasury 3.0: How Digital Asset Treasuries Are Turning Crypto into Yield, we explored how companies began expanding from BTC reserves into yield-generating assets like Ethereum and Solana through staking. Now, as more treasuries adopt active on-chain strategies, including restaking, liquid staking, and DeFi integrations, the pressure is mounting to match these innovations with enterprise-grade reporting. Tracking rewards across dozens of chains, validators, and wallets is a strategic imperative. Without robust, auditable reward data, even the most promising digital treasury strategy can become a liability.
As treasuries shift from passive holding to active reward generation, accurate reporting becomes a key requirement. Every staking reward, restaking payout, or MEV gain constitutes taxable income, potentially with varying fair market values, and protocol-specific nuances. Without a robust system to capture, timestamp, and reconcile these events, finance teams risk producing inaccurate financial statements or triggering red flags with auditors and regulators. The challenge compounds with multichain exposure: fragmented wallets, inconsistent reward structures, and untracked validator commissions all introduce operational noise. High-quality reporting is how treasury teams ensure they’re maximizing yield opportunities, maintaining audit readiness, and preserving institutional trust with stakeholders.
So what defines treasury-grade crypto reporting? It starts with multi-chain coverage and accurate, granular data: daily attribution of rewards, including staking yields, restaking payouts, and MEV income, mapped to the specific wallet, validator, and protocol that generated them. Institutions also need visibility into validator commissions, service fees, and any slashing events that affect net returns. As many treasuries segment assets by fund, business unit, or jurisdiction, reporting must support wallet-level granularity and entity-specific tagging. Just as important is the format: data must enable seamless integration into back office systems, and ultimately align with GAAP or IFRS standards as digital assets are formally recognized in financial reporting frameworks. Fair market value (FMV) at the time of reward is a critical enhancement that enables compliance with IRS Revenue Ruling 2023-14 and emerging EU tax rules under DAC8. Without these capabilities, crypto reporting falls short of the institutional bar.
Consider the journey of a typical corporate treasury evolving its digital asset strategy. In the early phase, the fund holds BTC, tracked through simple ledger tools or custodial statements. But as it adds ETH and begins staking ETH, complexity creeps in. Rewards accrue on-chain, commissions may vary, and new wallets emerge for each protocol. By the time the finance team embraces restaking strategies through EigenLayer or allocates to DeFi vaults, its treasury operations involve dozens of addresses, multiple chains, and a constant stream of taxable events. Without a unified reporting system, the result is fragmented data, error-prone manual reconciliation, and an unreliable audit trail. In contrast, Chorus One’s Rewards Reporting tool provides a single source of truth: dashboards tracking staking and reward activity across multiple chains, daily performance summaries, and downloadable reports ready for fund administrators, auditors, and tax professionals. It enables crypto treasuries to scale with confidence, knowing their yield strategies are matched with enterprise-grade transparency.
Chorus One’s Rewards Reporting is designed to meet the operational and compliance demands of modern crypto treasuries. Its validator monitoring tools allow finance and ops teams to track uptime, reward rate consistency, and restaking activity across 20+ supported protocols, without needing to rely on explorers or raw chain data. Every staking reward is calculated with precision, accounting for validator commissions, service fees, and available rebates to ensure accurate net attribution. And reports can be exported in Excel or CSV formats for seamless integration into existing back off systems ready for accounting systems, fund administrators or auditors.
As crypto treasuries evolve to embrace staking, restaking, and DeFi strategies, the infrastructure that supports them must evolve as well. Sophisticated digital asset strategies demand equally sophisticated reporting tools that deliver precision, transparency, and compliance at scale. With its reporting tool, Chorus One equips institutional teams with the visibility and structure needed to turn raw on-chain activity into actionable financial intelligence. Whether you're optimizing validator performance, preparing for an audit, or reconciling yield across a global treasury, Chorus One ensures that your reporting is as productive and reliable as the assets it supports.
Digital Asset Treasury Companies (DATs) are redefining corporate treasury management for the blockchain era. By combining traditional finance principles with decentralized technologies, these companies are turning static crypto holdings into productive assets that generate yield, enhance capital efficiency, and contribute to the security of proof-of-stake (PoS) networks.
The opportunity has never been stronger. In the U.S., recent legislative wins, such as the GENIUS Act and the Digital Asset Market Clarity (CLARITY) Act, have provided much-needed regulatory certainty. These laws not only define the oversight roles of the SEC and CFTC, but also clarify that staking activities do not automatically create securities liabilities. This removes a major roadblock for enterprises seeking to generate yield through staking.
From Bitcoin-heavy strategies like Strategy (formerly MicroStrategy), to Ethereum staking specialists like Bit Digital and SharpLink Gaming, to Solana-focused treasuries like DeFi Development Corp, DATs are embracing diverse approaches. Yet the common thread is clear: yield is no longer optional – it’s the core driver of Treasury 3.0.
At Chorus One, we view DATs as pioneers bridging two financial worlds. This article explores how these companies evolved, why yield generation is now imperative, and how secure, compliant staking infrastructure is enabling the next phase of treasury innovation.
The modern DAT movement began in 2020 when MicroStrategy invested $250 million in Bitcoin, positioning it as a hedge against inflation and currency depreciation. By July 2025, the company had grown its holdings to 601,550 BTC, worth over $70 billion at then-current prices.
Other corporations followed: Tesla, GameStop, and Japan’s Metaplanet among them, primarily focusing on accumulation and long-term appreciation. While effective in bull markets, these strategies left treasuries exposed to volatility.
Ethereum’s September 2022 transition to PoS marked a turning point. Now, holders could earn 3–5% APY simply by staking. Public companies quickly pivoted:
By mid-2025, public companies held 2.33 million ETH worth $8.83 billion.
Today, leading DATs go beyond vanilla staking. They layer liquid staking, restaking, and DeFi integrations to compound returns:
Combined, these strategies can yield 6–10% or more, turning treasuries into dynamic revenue engines.
Want more? To read the full whitepaper by Chorus One's Head of Sales for the Americas and regular Forbes Contributor, Leeor Shimron, and Head of Legal, Adam Sand, follow this link.
Coindesk and others reported on today's launch of the REX-Osprey SOL + Staking ETF, highlighting its pioneering approach as the first U.S. exchange-traded fund to combine crypto exposure with on-chain staking rewards. Trading on the CBOE and structured under the Investment Company Act of 1940 (‘40 Act), the fund offers investors access to Solana (SOL) while earning yield from staking. This is a watershed moment in digital asset finance because staking yield is no longer limited to wallets and validators.
To sidestep the long regulatory bottlenecks of the ‘33 Act spot ETF route, Osprey and REX opted for the more nimble ‘40 Act structure. They created a C-corporation that owns a Cayman-based subsidiary, which in turn acquires and stakes SOL tokens. This clever structuring enabled the ETF to launch faster and earn SEC clearance with a “no further comment” letter.
The result? Institutional-grade exposure to SOL, with staking yield, wrapped inside a regulated, listed fund. It’s a huge step forward in making staking mainstream and accessible via trusted financial rails.
While fast, this C-corp route has its drawbacks. As The Block outlines, C-corporations are subject to corporate tax, meaning some of the staking rewards could be liable for taxation before being realised by shareholders. And while the SEC had no further comment about the fund’s launch, this sparks an intriguing dialogue about the opportunities for innovation in fund compliance with ‘40 Act requirements, especially around asset composition and disclosure.
Ultimately, it's a practical solution that allows for the introduction of staking to the market right now, with exciting opportunities for future enhancements.
Encouragingly, the Osprey ETF may only be the beginning. Bloomberg’s James Seyffart recently noted that grantor trusts, the structure used in today’s spot Bitcoin and Ethereum ETFs, may soon be permitted to include staking. If approved by the IRS, this would allow ETF sponsors to pass staking income directly to shareholders without triggering corporate tax obligations.
This would remove the biggest efficiency drag from staking ETFs and enable more streamlined product designs with broader market appeal.
This shift toward efficiency is being propelled by a wave of pending legislation. Chief among them is the CLARITY Act, introduced in May 2025, which aims to:
Alongside this, other crypto-relevant bills are gaining momentum:
Of course, not all of these bills will become law, but it is clear that the legislative and regulatory environment is increasingly pro-clarity, pro-infrastructure, and pro-innovation. Osprey is the vanguard, but the next generation of staking ETFs will likely be faster, simpler, and more tax-efficient.
Bottom Line: The Osprey SOL + Staking ETF is an exciting breakthrough. It unlocks staking yield for ETF investors using creative structuring and regulatory navigation. Even better, a suite of legislative and tax changes is lining up to make these kinds of products simpler, leaner, and more mainstream. This is how crypto goes institutional.
