How Yield.xyz Turns Idle AUC into Fee Revenue
Executive Summary
The custody landscape is shifting. Institutions no longer evaluate custodians solely on security and safekeeping; they now expect asset utility. As staking, lending, and onchain yield strategies mature, clients increasingly ask a simple question: “If my assets are safe with you, why aren’t they also earning?”
For custodians, adding yield is no longer a nice-to-have. It is a strategic imperative that drives new net revenue (with 2–3× uplift reported by custodial platforms that added staking), improves client retention, loyalty, and AUC growth, expands margins without materially increasing operational overhead, enhances competitive positioning against exchanges and vertically integrated platforms, and meets regulatory expectations around value creation and best execution.
But offering yield comes with technical, operational, and security challenges, highlighted recently by the Kiln/SwissBorg exploit. The path forward requires a secure, multi-layered yield infrastructure that removes blind trust from integrations and eliminates single points of failure.
Yield.xyz is a non-custodial yield infrastructure platform that aggregates staking, lending, and DeFi yields behind a single API and widget across 75+ networks and 2,600+ strategies, already powering yield for platforms like Ledger, Zerion, Tangem, and Finery Markets.
This research note outlines how regulated custodians can launch scalable, “sticky” Earn features using Yield.xyz’s institutional-grade platform, powered by multi-validator staking, OAVs (Optimized Allocator Vaults), and the Shield security program.
1. The New Reality: Yield as a Strategic Differentiator
The digital asset industry is converging on a simple truth: custodians who don’t offer yield will lose assets to platforms that do.
At Coinbase, the shift from passive custody to active yield infrastructure drove 176% revenue growth (2023–2025)—and custodians without yield offerings face a structural disadvantage. (Source: Coinbase Shareholder Letters 2023–2025)
Major exchanges have already proven the economics. Analysts estimate that staking contributed a low-to-mid-teens share of Coinbase’s 2023 net revenue, helping offset volatile trading fees. At the same time, traditional custody fees are under pressure, while boards expect higher resiliency and disclosure. Yield creates a new revenue line item on existing AUC instead of competing in a race to zero on custody fees. Treasury desks increasingly demand stablecoin lending, staking, and restaking opportunities in the same interface where assets are custodied. Clients—individual and institutional—now expect to earn on idle crypto positions the same way they earn interest on idle cash balances.
For regulated custodians, the question is no longer “Should we offer yield?” but “How do we offer it safely, compliantly, and without a 20-person DeFi engineering team?”
2. What the Kiln Incident Taught the Industry
On August 31st 2025, an attacker compromised Kiln's API, hiding malicious authority transfers inside a routine 975 SOL unstaking transaction. Eight days later, the attacker used stolen withdrawal authority to drain 192,600 SOL ($41.5M) in 3 minutes across 8 transactions.
Due to the exploit, Kiln disabled all services and initiated a 6-week exit of Ethereum validators. SwissBorg reimbursed users from its treasury. The SwissBorg SOL wallet was compromised with a $41.5M withdrawal, and the fallout caused a 6-week exit queue with users earning zero yield.
Why “Secure Enough” Is No Longer Acceptable
In September 2025, SwissBorg confirmed a $41M exploit on its Solana Earn program. The breach stemmed from a vulnerability in Kiln's API, where the attacker exploited transaction-blind signing to hide malicious authority transfers in routine unstaking operations. After an 8-day window between compromise and extraction, Kiln was forced to exit all Ethereum validators, causing a six-week exit queue with zero yield and massive operational disruption for all clients.
The Root Cause: Not a blockchain failure. A failure of integration architecture and single-provider concentration risk.
The core lessons are straightforward. Single-provider dependence is structural risk—one API compromise halted yield for 100% of clients. Blind-signing is incompatible with institutional security; even multi-sig approvals failed without transaction decoding. Custodians need transparency and control—delegating staking operations created accountability gaps. Regulators are raising the bar; post-incident, operational resilience is becoming table-stakes. Yield must be delivered through institutional-grade infrastructure with redundancy, audited code, and real-time transaction-intent validation.
3. Multi-Validator Staking: Safety, Uptime and Direct Revenue Share
Single-validator or single-provider staking creates concentration risk and exposes clients to reward downtime, slashing risk, validator performance issues, queuing delays in mass exits, and operational outages.
Yield.xyz solves this with multi-validator staking and OAVs, allowing custodians to partition user stakes across a curated set of trusted, fully vetted validators.
Under a single-validator model, the risks and issues cluster around concentration risk, reward downtime, exit queues, and operational outages. Under the Yield.xyz multi-validator model, the intended benefits are no single point of failure, continuous yield during stress events, performance optimization, and instant diversification across 30+ supported validators.
4. Shield Program: Zero-Trust Security for Institutional Yield
Shield is presented as a zero-trust security layer built for institutional yield execution with three components.
First is Human-Readable Decode, where every transaction is translated into plain language, including the action (stake/unstake/redelegate/etc.), the asset and amount, the expected state changes, and the destination validator or protocol.
Second is Technical Verification, described as an in-depth scan before execution begins, with real-time anomaly detection, authority change monitoring, and signature verification.
Third is Intent Validation, described as automatic discrepancy detection with deviance detection, protocol sanity checks, and cross-referenced approved validator lists.
5. Security Posture: SOC 2-Driven Approach with Independent Audits
Yield.xyz is SOC2 Type I certified, with a Type II audit ongoing (certification expected Q1 2026).
Its posture is described across multiple layers. Independent audits and automated testing are positioned as ensuring continuous validation of infrastructure and smart contracts. Shield is positioned as application-level protection, guaranteeing secure, untampered transactions—protecting every actions crafted by the Yield API.
Data and infrastructure security are described as encryption in transit and at rest, with strict access controls and environment isolation. Defense-in-depth architecture is described as built-in security across infrastructure, access, and development—maintained by a DevSecOps team. Cloud & endpoint security is described as powered by tools like AWS Shield, Wiz, and Kandji, with AWS Shield for DDoS protection and a web app firewall for real-time defense, Wiz for continuous cloud security management across AWS, and Kandji for device management and endpoint protection with automated compliance.
6. The Business Results: Revenue, Margins, and Retention
Custodians that launch Earn features typically see a 2.0×–2.8× increase in yield revenue. The note argues that every validator and protocol integration typically requires heavy engineering lift and maintenance, while Yield.xyz consolidates all of this into a single integration that keeps infrastructure costs fixed, allows yield revenue to scale with AUC, and enables a path to profitability on assets that previously generated zero revenue.
It also argues for massive retention benefits (“stickiness”): once clients are earning through your platform, they are significantly less likely to migrate assets, AUC grows organically through compounding, and switching costs become real (lost rewards, friction, trust in performance).
The document further frames Earn as a meaningfully higher margin product, stating that even a 10–20% share of staking rewards becomes material at institutional scale.
Finally, it highlights client acquisition impact: a full Earn suite attracts asset managers, trading platforms, corporate treasuries, and wealth platforms—each increasingly demanding yield integrations as part of their core workflows.
7. Case Study: Institutional Custody Earn Feature Powered by Yield.xyz
Case Study 1 — Multi-Chain Institutional Staking at Scale
Challenge: Offer multi-chain institutional staking without integrating dozens of validators.
Solution: Integrated Yield.xyz to access ETH, BNB, SOL, MATIC, and more via a single interface.
Outcome: Secure flows, a unified client experience, and resilience aligned with regulatory expectations.
Bentzi Rabi, Co-founder & CEO
“We’re excited to partner with Yield.xyz to bring comprehensive on-chain staking capabilities to our institutional clients. This integration enables our clients to access the full spectrum of yield opportunities across multiple blockchain networks while maintaining the security, compliance, and operational efficiency they require.
Yield.xyz’s proven infrastructure and extensive validator network perfectly complement our mission to simplify digital asset operations.”
8. Case Study: Institutional Treasuries Leveraging Yield.xyz for DeFi
Case Study 2 — DeFi Yields for Corporate Treasuries
Challenge: Let institutional clients earn on idle balances without building and maintaining direct integrations to multiple protocols and chains.
Solution: Embedded Yield.xyz’s non-custodial yield layer to unlock 1,000+ yield strategies across 75+ networks, spanning stablecoin lending (Aave, Compound, etc.) plus staking and restaking opportunities.
Outcome: Clients can allocate idle balances to diversified yields through the existing Finery interface, while Finery scales a full Earn suite with minimal additional engineering and operational risk.
Konstantin Shulga, Co-founder & CEO
“From the beginning, we built our offering around the idea of addressing crypto market fragmentation for institutions. With us, they can confidently navigate the complexity through a single technology layer to orchestrate all trading activities.
Yield.xyz’s vision perfectly fits this, unifying access to staking across highly fragmented chains and DeFi protocols.”