Exhibit 10.30

CERTAIN IDENTIFIED INFORMATION HAS BEEN EXCLUDED FROM THIS EXHIBIT BECAUSE IT IS BOTH (I) NOT MATERIAL AND (II) WOULD BE COMPETITIVELY HARMFUL IF PUBLICLY DISCLOSED. THE REDACTED TERMS HAVE BEEN MARKED WITH THREE ASTERISKS [***].

CUSTODIAL SERVICES AGREEMENT

This Custodial Services Agreement (this “Agreement”) is entered into and effective as of 09 July 2021 (“Effective Date”) by and between: BitGo Trust Company, Inc., a trust company duly organized and chartered in South Dakota, and having an office at 6216 Pinnacle Place, Suite #101, Sioux Falls, South Dakota 57108 (“Custodian”), and Bullish (GI) Limited, duly organized in Gibraltar and having a place of business at Suite 23, Portland House, Glacis Road, Gibraltar (“Client”). All references to “you,” “your,” or the “user” mean Client and/or its Authorized Persons. References to “the parties” means Custodian and Client together.

BACKGROUND

Client wishes to appoint Custodian to provide custodial services, as set forth below, and Custodian is willing to perform such services on the terms and conditions contained in this Agreement.

NOW, THEREFORE, the parties agree as follows:

1. Definitions

(a) “Account” means any account in the books of Custodian which records the Custodial Coins together with any subaccounts associated therewith.

(b) “Account Holder” means the Client.

(c) “Affiliate” means, in relation to any person, a Subsidiary of that person, or a Holding Company of that person or any other Subsidiary of that Holding Company.

(d) “Applicable Law” means applicable federal, state and other laws, rules, regulations, regulatory guidance, regulatory requirements and any form of secondary legislation, resolution, policy guideline, concession or case law from time to time, including any changes to the foregoing.

(e) “Authorized Person” means an employee or officer of the Client (or one of its Affiliates) who has been designated by Client to be an authorized party of Client to access and use the Account, including to send cryptocurrencies, digital currency and/or tokens for deposit into the Account and withdraw cryptocurrencies, digital currency and/or tokens from such Account under this Agreement. Such persons will continue to be Authorized Persons of Client until such time as Custodian receives Instruction (as defined herein) from Client that any such person is no longer an Authorized Person of Client.

(f) “Business Day” means a day from Monday through Friday, except for holidays as observed by the Federal Reserve System.

(g) “Business Hours” means 8:00am to 5:00pm Central Standard Time on a Business Day.

(h) “Client Data” has the meaning set out in the Security Schedule.

- 1 -

(i) “Cold Wallet” means a Key Wallet for which at least two of the Keys are held by Custodian offline (in servers which are not, and never have been, connected to the internet), and which controls Custodial Coins from time to time.

(j) “Critical Function” means (i) the management of Keys, including, but not limited to Key storage, transaction signing and the transport of Keys or Key shard material and (ii) the execution of disaster recovery of Cold Wallets in the event of an SBD.

(k) “Custodial Coins” means those cryptocurrencies, digital currencies and/or tokens held by Custodian on any relevant blockchain from time to time for Client and recorded in an Account.

(l) “Custodial Wallet” means a Cold Wallet [***].

(m) “Custodian’s Services” means those services provided for Client under this Agreement via Web site and offline storage facilities, including, without limitation, the Client’s Accounts.

(n) “Digital Currency Instruction” means a request or instruction to receive or transfer Custodial Coins.

(o) “Exit Assistance” shall have the meaning set out in Section 16(e).

(p) “Fees Agreement” means the agreement of that title between BitGo Trust Company, Inc. and Bullish Global to be entered on or around the date of this Agreement.

(q) “Force Majeure Event” means an unforeseeable and insurmountable act or event affecting the performance by a party of its obligations under this Agreement, arising from events beyond its reasonable control, provided in all cases that the party whose performance is affected has taken all steps which could reasonably be expected to have taken in order to prevent such act or event occurring or minimise the effects thereof, and includes strikes, lock-outs and labour disputes (but excluding strikes, lock-outs and labor disputes involving Custodian’s staff), acts of God, war, acts of military authority, riots, civil commotion, fires, floods, epidemics and pandemics, telecommunications outage, and storms.

(r) “Holding Company” means, in relation to any person, any other person in respect of which it is a Subsidiary.

(s) “Instruction” means an instruction that has been verified in accordance with Custodian’s security policies and procedures, which Custodian reasonably believes to have been given by an Authorized Person, provided that when taking action upon such Instruction, Custodian shall act in a reasonable manner in accordance with its obligations under this Agreement and Applicable Laws and rules. Custodian shall comply with all measures and security steps agreed with Client to authenticate the identity of the Authorized Person before acting on an Instruction that such Authorized Person may issue on behalf of the Client.

- 2 -

(t) “Key Performance Indicators” means the key performance indicators set out in Exhibit D.

(u) “Key Wallet”, for the purposes of this Agreement, [***].

(v) “Non-custodial Wallet” means a Key Wallet for which [***].

(w) “SBD” shall have the meaning set out in Section 22(a).

(x) “Security Schedule” shall mean the terms of the security schedule set out in Exhibit F.

(y) “Service Credit” means an amount calculated in accordance with Exhibit D, if the Custodian failed to meet the Service Levels.

(z) “Service Levels” means the service levels set out in Exhibit D.

(aa) “Subsidiary” means, in relation to any person, any entity of which that person has direct or indirect control, or owns directly or indirectly more than 50 per cent. of the voting capital or similar right or ownership and “control” for this purpose means the power to direct the management and the policies of the entity whether through the ownership or voting rights, by contract or otherwise.

(bb) “Valid Withdrawal Request” means a request for withdrawal of Custodial Coins from a Cold Wallet in respect of which Keys are stored in a Vault made by an Authorised Person.

(cc) “Vault” means the offline storage mechanism for a Cold Wallet [***].

(dd) “Vault Wallet Withdrawal Timeframe” means twenty-four (24) hours after Custodian’s receipt of Client’s Valid Withdrawal Request for withdrawal of Custodial Coins from a Cold Wallet in respect of which Keys are stored in the Vault.

- 3 -

2. Custodial Relationship.

(a) Custodian is authorized to appoint such sub-contractors, nominees, agents or sub custodians to perform any of the duties of the Custodian under this Agreement from time to time, with the exception of the performance of Critical Functions which, for the avoidance of doubt, shall not in any circumstances be sub-contracted to any third party other than to: (i) its wholly-owned Affiliates; or (ii) third parties approved by Client. In relation to each nominee, agent, sub-contractor or sub custodian used by Custodian for the provision of the Custodian’s Services, Custodian shall: (i) exercise due skill, care and diligence in the selection, appointment and use of each such nominee, agent, sub-contractor or sub custodian in accordance with the standard of reasonable care that would be exercised by a reputable, prudent and internationally recognized professional custodian; (ii) ensure that the services provided by each such nominee, agent, sub-contractor or sub custodian are consistent with the terms of this Agreement; (iii) be responsible and liable to the Client for any act or omission of any nominee, agent, sub-contractor or sub custodian as if they were acts or omissions of its own and (iv) remain solely liable to Client for the performance of its obligations under this Agreement, notwithstanding any use of nominees, agents, sub-contractors or sub custodians. Custodian shall ensure that sub-contractors for Critical Functions that are Custodian’s wholly-owned Affiliates comply with the Security Schedule. Custodian shall use reasonable endeavours to ensure that (i) any third party that serves as nominee, agent, sub-contractors for Critical Functions that are third parties approved by Client or sub-custodian appointed by it will be subject to the right of Client to carry out a security audit as set out in the Security Schedule and (ii) sub-contractors for Critical Functions that are third parties approved by Client implement and enforce prudent security standards that are materially similar to the Security Schedule. Any reference in this Agreement to the Custodian shall, where the context so requires, include its nominees, agents, sub-contractors or sub custodians appointed by the Custodian on its behalf.

(b) Client shall use Custodian’s Services to request the establishment of, and Custodian shall thereby establish and maintain, one or more Accounts in the Client’s name as a custodian for the benefit of the Client, in which the Client may hold Custodial Coins for its own account or for the benefit of a third party. Custodian shall ensure that it has the capacity to, and shall in accordance with any request from Client, hold for Client (i) Custodial Coins in multiple different addresses in one or more blockchain systems, and (ii) the related Keys.

(c) [Reserved].

(d) Custodian hereby acknowledges and agrees that it is a custodian of the Custodial Coins recorded and stored in the Account and that Custodian has no right, interest, or title in such Custodial Coins or anything held in any Custodial Wallet or Non-Custodial Wallet. Custodian hereby confirms that the Custodial Coins and anything held in any Custodial Wallet or Non-Custodial Wallet do not constitute an asset on the balance sheet of Custodian and that the Custodial Coins will at all times be held by Custodian on trust for the Client and held separately from, and shall not be co-mingled with, any Custodial Coins belonging to Custodian, any other client of Custodian or any other person. Custodian will not seek to exercise control over or take any actions with respect to any Custodial Wallet and Non-Custodial Wallet

- 4 -

except in accordance with Instructions. Custodial Coins in the Client’s Account shall not be treated as general assets of the Custodian but rather as assets held by the Custodian as a fiduciary that remain the Client’s property at all times. The Custodian shall take action in relation to the Custodial Coins held in the Client’s Account only on a Digital Currency Instruction from Client, or as otherwise permitted by this Agreement, and shall not create or exercise any lien, right of retention or set-off, security interest or similar rights over such Custodial Coins held by Custodian for the Client.

3. Standard of Care.

(a) Custodian shall use reasonable best efforts to perform, and to ensure the performance of, the Custodian’s Services, and all of its other obligations under this Agreement (including the holding of Custodial Coins): (i) promptly and otherwise in accordance with any timetables or service standards set out under this Agreement; (ii) using the skill and care of a diligent, suitably qualified, well managed, trustworthy, experienced and leading professional provider of services similar to the Custodian’s Services and exercising the level of care, skill and diligence that meet industry best practices; (iii) act in accordance with the Security Standards (as defined in the Security Schedule) and best prevailing industry practices and standards applicable to the Custodian’s Services from time to time, and shall comply with all duties and obligations, imposed by South Dakota law on a fiduciary, a custodian and a trustee, as applicable. Among other things, such duty of care shall include acting in accordance with Instructions.

(b) Custodian will have in force all required policies and procedures to ensure that the Custodian’s Services are provided in accordance with the requirements of this Agreement, and shall ensure that all systems, platforms and other resources used by it to support or provide the Custodian’s Services are maintained in good working order, regularly inspected and kept current.

(c) Except as expressly provided in this Agreement, Custodian shall not be responsible for any loss or damage suffered by Client or Account Holder as a result of the Custodian performing such duties unless the same results from an act of fraud, willful default, recklessness, gross negligence or breach of this Agreement on the part of the Custodian, or any act or omission of any of its nominees, agents, sub-contractors or sub-custodians.

(d) Custodian will be entitled to rely on, and may act upon the advice of, legal counsel and accountants with expertise in the relevant area, in relation to matters of law, regulation or market practice, and shall not be liable to Client under this Agreement for any action taken or omitted pursuant to such advice, provided that Custodian has acted in good faith and with reasonable best efforts; provided, that, Custodian will not unilaterally take any action to terminate or modify the terms of this Agreement, or make material changes to the Custodian’s Services under this Agreement in contravention of any other terms of this Agreement.

- 5 -

(e) Custodian shall not, save as stated in Section 3(c) above, be responsible for the title, validity or genuineness of any of the Custodial Coins (or any evidence of title thereto) received by it pursuant to this Agreement.

(f) Custodian is not acting under this Agreement as manager or investment adviser to the Client, and responsibility for the selection, acquisition and disposal of the Custodial Coins remains with the Client at all times. Custodian shall have no obligation to explain or warn of any risks taken or to be taken by the Client.

(g) Each party shall have a duty to take reasonable steps to mitigate damages for which the other party may become responsible.

(h) This Section 3 shall survive termination or expiration of this Agreement.

4. Representations, Warranties and Covenants.

(a) Custodian represents, warrants and covenants that:

(i) it is duly organized, validly existing and in good standing under the laws of the State of South Dakota, has all corporate powers required to carry on its business as now conducted, and is duly qualified to do business and is in good standing in each jurisdiction where such qualification is necessary;

(ii) it has full power to execute and deliver this Agreement and to perform all the duties and obligations to be performed by it under this Agreement;

(iii) it is authorized and regulated as a banking organization under the laws of the State of South Dakota, and is in compliance with all Applicable Law and rules, including, without limitation, all licenses, registrations, authorizations and approval requirements, governing Custodian’s operations and activities;

(iv) it shall obtain all licenses, registrations, authorizations and approvals that it currently does not possess that may be required at a future point by any governmental agency or regulatory authority for it to operate its business and engage in the business relating to its provisions of the Custodian’s Services;

(v) it and its licensors own all intellectual property rights in Custodian Materials and that none of the Custodian Materials infringe any intellectual property rights of any third parties;

(vi) the execution, delivery and performance of this Agreement does not and will not violate any judgment, order, or decree and does not and will not constitute a material breach of Custodian’s existing obligations;

(vii) there is no material suit, cause of action, proceeding, application, claim or investigation, whether current, pending, threatened or in prospect against Custodian which might reasonably adversely affect Custodian’s ability to perform its obligations under this Agreement;

- 6 -

(viii) it shall, within a reasonable time frame, give notice of any change in ownership of Custodian, or any of its sub-custodians or sub-contractors providing the Custodian’s Services under the Agreement where such sub-custodian or sub-contractor is performing a Critical Function or a significant or substantial part of the Custodian’s Services;

(ix) it shall, within a reasonable time frame, give notice of any material change of circumstances affecting the Custodian or any of its sub-contractors or subcustodians which could have a material impact on the provision of services under this Agreement;

(x) it has no ownership interest in the Custodial Coins;

(xi) it will safekeep the Custodial Coins and segregate all such assets from both the (a) property of the Custodian, and (b) assets of other customers of the Custodian;

(xii) Unless directed by the Client in writing, it will not, directly or indirectly, lend, pledge, hypothecate or rehypothecate any assets held for the Client under this Agreement.

(b) Client represents, warrants and covenants that:

(i) it is duly organized, validly existing and in good standing under the laws of its jurisdiction of incorporation, has all corporate powers required to carry on its business as now conducted, and is duly qualified to do business and is in good standing in each jurisdiction where such qualification is necessary;

(ii) it has full power to execute and deliver this Agreement and to perform all the duties and obligations to be performed by it under this Agreement;

(iii) to the best of its knowledge after reasonable inquiry, it is not an entity that is, an entity owned in part or in whole or controlled by any person or entity that is, or conducting any activities on behalf of any person or entity that is (A) the subject of any sanctions administered or enforced by the U.S. Department of the Treasury’s Office of Foreign Assets Control, the U.S. Department of State, or any other Governmental Authority with jurisdiction over Custodian or its Affiliates with respect to U.S. sanctions laws; (B) identified on the Denied Persons, Entity, or Unverified Lists of the U.S. Department of Commerce’s Bureau of Industry and Security; or (C) located, organized or resident in a country or territory that is, or whose government is, the subject of U.S. economic sanctions, including, without limitation, Cuba, Iran, North Korea, Sudan, or Syria; and

- 7 -

(iv) it has all necessary authority to hold the Custodial Coins with the Custodian on the terms set out in, and to direct the Custodian to perform its obligations under, this Agreement.

(c) Each party shall immediately notify the other party if, at any time after the date of this Agreement, any of the representations, warranties and covenants made by it under this Agreement fail to be true and correct as if made at and as of such time. Such notice shall describe in reasonable detail the representation, warranty or covenant affected, the circumstances giving rise to such failure and the steps the notifying party has taken or proposes to take to rectify such failure.

5. Duties and Obligations of Custodian.

The duties and obligations of Custodian shall include the following:

(a) Safekeeping of Custodial Coins; Custodial Wallets; Non-Custodial Wallets. Custodian shall use reasonable best efforts to keep in safe custody on behalf of Client all Custodial Coins received by Custodian for the benefit of Client. Custodian will use reasonable best efforts to keep all Keys to each Custodial Wallet or Non-Custodial Wallet held by Custodian secure and [***]. Custodian will safekeep the Custodial Coins received by Custodian for the account of the Client and segregate all Custodial Coins received and held for the account of the Client from both the (1) property of the Custodian and (2) assets of other clients of Custodian. Custodian will not, directly or indirectly, lend, pledge, hypothecate or re-hypothecate any Custodial Coins held for the Client. With respect to any Key Wallet, Custodian shall take no action except in compliance with a Digital Currency Instruction. The Custodian shall not retire or remove any core technologies or services relating to the Custodian’s Services provided under this Agreement except in accordance with the change management procedure set out in Section 9.

(b) Supported cryptocurrencies, digital currencies and tokens. Where the Custodian offers Custodian’s Services in relation to any cryptocurrency, digital currency and/or token on the Effective Date, the Custodian shall continue to support those cryptocurrencies, digital currencies and/or tokens for the duration of this Agreement unless otherwise agreed in writing between the Custodian and the Client. Where the Custodian does not offer the Custodian’s Services in relation to a specified cryptocurrency, digital currency and/or token the Client may request in writing that the Custodian implement support for that cryptocurrency, digital currency and/or token. On receipt of such a request from the Client the Custodian shall (acting reasonably) work with the Client to determine whether it is possible for Custodian to build support for any such cryptocurrency, digital currency and/or token, provided that any such cryptocurrency, digital currency and/or token shall comply with Custodian’s Asset Vetting Policy and regulatory requirements. Where

- 8 -

Custodian determines that it is possible to build such support, Custodian shall (acting reasonably) confirm the timeline for implementation. Any costs incurred in implementing such a request outside of Custodian’s planned implementation schedule are to be shared equally between the Client and the Custodian (or unless otherwise mutually agreed upon by the parties).

(c) Reporting and Valuation of Custodial Accounts. Custodian shall provide Client with periodic reports, transaction notices and/or statements of Accounts relating to the Custodial Coins, the dates and depth of reporting level of which shall be as expressly agreed in writing. In respect of the Custodial Coins, value shall be calculated according to pricing data obtained from BitcoinAverage.com. The Custodian cannot guarantee the accuracy or timeliness of prices received and the prices are not to be relied upon for any investment decisions for the Client’s Accounts.

The Custodian shall provide such statements of Accounts no less frequently than on a quarterly basis. Statements will be provided to Client via a secure portal on the Custodian’s website and will be mailed if requested by Client. The Custodian shall notify the Client that a new statement is available to be viewed on the Custodian’s website within two (2) Business Days of such statement becoming so available. Please note there may be an additional fee for paper statements.

The Client will have forty-five (45) calendar days to file any written objections or exceptions with the Custodian after either (1) the notification by the Custodian that Account statements have been posted online at the Custodian’s website or (2) the date of mailing of paper Account statements. If the Client does not file any objections or exceptions within the forty-five (45) calendar day period this shall indicate the Client’s approval of the statement and will preclude the Client from making future objections or exceptions regarding the information contained in the statement. Such approval by the Client shall be full acquittal and discharge of Custodian regarding the transactions and information on such statement, except in cases of fraud or manifest error.

(d) Record Keeping and Audit. Custodian will maintain, and shall procure that any nominee, agent, sub-contractor or sub-custodian shall maintain (to the extent applicable), full and accurate books and records and recordkeeping relating to (i) Client’s Accounts, as required by Applicable Law, and (ii) supply of the Custodian’s Services (including but not limited to records relating to compliance or otherwise with the Service Levels and any amounts invoiced to the Client under this Agreement, and excluding system-level logs except to the extent that such logs are API audit logs or Custodian internal logs that relate to Client records or transactions) (with (i) and (ii) comprising the “Records”). The Records, which are in the possession or under the control of Custodian, or in the possession or under the control of any nominee, agent, sub-contractor or sub-custodian, shall be the property of Custodian or nominee, agent, sub-contractor or sub-custodian, as applicable.

- 9 -

The Custodian shall grant the Client, any regulatory or governmental authority with jurisdiction over the Client’s business, and any duly authorised representative of the Client and any such regulatory or governmental authority, access to the Records at all times during the Custodian’s normal Business Hours and shall procure that any nominee, agent, sub-contractor or sub-custodian grant the Client, any regulatory or governmental authority with jurisdiction over the Client’s business, and any duly authorised representative of the Client and any such regulatory or governmental authority, access to the Records at all times during the nominee, agent, sub-contractor or sub-custodian’s normal business hours. Upon the reasonable request of the Client, any regulatory or governmental authority with jurisdiction over the Client’s business, or any duly authorised representative of the Client or any such regulatory and governmental authority, copies of the Records shall be provided by Custodian, and Custodian shall procure that copies of the Records shall be provided by any nominee, agent, sub-contractor or sub-custodian, to the person making such request, at the Client’s expense. Custodian shall promptly provide the Client, any regulatory or governmental authority with jurisdiction over the Client’s business, and any duly authorised representative of the Client or any such regulatory or governmental authority with copies of any information in Custodian’s possession or control, and shall procure that any nominee, agent, sub-contractor or sub custodian shall promptly provide copies of any information in such nominee, agent, sub-contractor or sub custodian’s possession or control, that is required so that Client can (i) respond to requests from its auditors or from any regulatory or governmental authority or fulfill any obligations to its shareholders; (ii) determine the accuracy of any amounts invoiced under Section 15; or (iii) verify the Custodian’s compliance with its obligations under this Agreement.

Without prejudice to the Client’s rights of audit under this Agreement, the Custodian will provide the Client, and shall procure that any nominee, agent, sub-contractor or sub custodian shall provide the Client, with any internal audit reports produced by the Custodian from time to time. Custodian shall, and shall procure that any nominee, agent, sub-contractor or sub custodian shall, ensure that all Records maintained pursuant to this Section 5(d) shall be retained by Custodian or any nominee, agent, sub-contractor or sub custodian for such period as required by Applicable Law, but in no event for less than five (5) years, after which retention of such records shall be at Custodian’s or nominee, agent, sub-contractor or sub custodian’s discretion.

(e) Adequate Capital. Custodian will maintain adequate capital and reserves to the extent required by applicable South Dakota law.

(f) Security. Custodian will: (i) maintain appropriate administrative, technical and physical safeguards to protect the security, confidentiality and integrity of the Custodian’s Services and any Client Data received or processed or transmitted by Custodian. These safeguards shall include [***]; (ii) provide a copy of its security policy to the Client upon Client’s reasonable request and upon request notify the Client upon any material update of its security policy and instances and categories of material non-compliance with its security policy; and (iii) comply with Exhibit F and promptly notify Client upon any instance of known material non-compliance.

- 10 -

(g) Security Attestation and Controls Review. Custodian shall: (A) document the status of its security program and related policies and procedures which are described in the Security Schedule; (B) acquire from a major reputable U.S. accounting firm, reports provided in accordance with the Statement on Standards for Attestation Engagements no. 18 (or any successor standard to the Statement on Standards for Attestation Engagements no. 18) consisting of: (i) an unqualified System and Organization Controls (“SOC”) report in the form of a SOC 1 Type I report and provide a copy of such report to Client as soon as reasonably practicable and (ii) within 12 months from the date of this Agreement and while the Agreement remains in force, an unqualified SOC 1 Type II report prepared as at each date which is twelve (12) months, or a multiple thereof, from the date of the first such report, and provide the results of such report to Client as soon as reasonably practicable. While the Agreement remains in force, Custodian shall procure BitGo Inc. to acquire from a major reputable U.S. accounting firm an unqualified SOC 2 Type II report provided in accordance with the Statement on Standards for Attestation Engagements no. 18 (or any successor standard to the Statement on Standards for Attestation Engagements no. 18) prepared as at each date which is twelve (12) months, or a multiple thereof, from the date of the first such report, an unqualified and maintained SOC 2 Type II report which may be relied on by Custodian, and provide the results of such report to Client as soon as reasonably practicable. Client shall have the right to review the scope of any such reports to ensure that, in Client’s opinion, it will be sufficient to satisfy all of Client’s reporting and audit requirements. If for any reason prior to the termination of this Agreement the content of any SOC 1 Type I or II or SOC 2 Type II report provided pursuant to this Section 5(g) is materially different from the content of any previous SOC 1 Type I or II or SOC 2 Type II report provided pursuant to this Section 5(g), [***].

- 11 -

(h) Custodian Technology.

The Custodian will ensure that any technology and / or systems it relies on in order to provide the Custodian’s Services are kept up to date by amending or replacing such technology and /or systems to reflect the most recent developments that are consistent with best business practice and reasonably available market developments, including applying updates and complying with any instructions provided by third party technology providers.

The Custodian will ensure that its own technology and / or systems is kept up to date by amending or replacing such technology and / or systems to reflect the most recent developments that are consistent with best business practice and reasonably available market development and will (i) apply any relevant updates as soon as practicable and (i) issue updates and / or workarounds to the Client as soon as practicable following the identification of any weaknesses in the Custodian’s technology or systems.

(i) Client Data.

The Custodian will take all reasonable steps to ensure all Client Data collected while providing the Custodian’s Services to the Client (including, for the avoidance of doubt, data of Client’s customers) are kept secure and confidential (and the integrity and availability of such data is otherwise not compromised), including without limitation implementing all measures required: (a) by this Agreement (including Exhibit F); and (b) under Applicable Law, to protect data collected by or on behalf of the Custodian when providing the Custodian’s Services.

6. Service Levels.

(a) Custodian will ensure that the Custodian’s Services meet or exceed all applicable Service Levels, with effect from the Effective Date and thereafter for the duration of the Agreement. The Custodian shall: (i) provide reasonable technical support to Client, through the support system by email or telephone, during Custodian’s normal Business Hours and will use commercially reasonable efforts to provide support twenty four (24) hours a day, seven (7) days a week; and (ii) respond to support requests in a timely manner, and resolve such issues by providing updates and/or workarounds to Client (to the extent reasonably possible and/or practicable as determined by Custodian in Custodian’s reasonable discretion), consistent with the severity level of the issues identified in such requests and their impact on Client’s business operations.

(b) Custodian shall monitor its performance against the Service Levels on a monthly basis and Custodian shall attend a Quarterly Business Review (“QBR”) with Client [***]. At the Client’s reasonable request, Custodian shall also provide an updated Service Level report to the Client prior to the quarterly release of Service Level reports. At the Client’s request, Custodian shall provide Client with access to the underlying data used by Custodian to assess its performance and compliance against the Service Level.

- 12 -

(c) Custodian will maintain the private key management and security operational practices relating to Key Wallet(s) and Custodial Coins as described [***]. Custodian shall promptly notify Client [***] in advance of any proposed material change to such practices (including, but not limited to, changes to multi-sig approaches, changes to the wallet architecture security, changes to the underlying trust company that supports the Custodial Coins or changes to the minimum anti-collusion requirements), and, in the event Custodian materially changes any such practices without the written notification of Client, Client shall have the right to terminate this Agreement pursuant to Section 16(b).

(d) Custodian shall use its best efforts to keep in safe storage on behalf of Client all primary keys, back up keys and key shards. [***].

(e) Custodian is responsible for ensuring that all staff used by it in connection with the Custodian’s Services will (i) have all necessary skills and expertise for the tasks given to them; (ii) have been adequately trained in the provision of the Services; (iii) have and hold all authorisations, licences, permits, visas and/or consents of whatever nature required for proper and lawful performance of their duties; (iv) have been duly informed, to the extent relevant to their roles, of Custodian’s obligations under this Agreement; and (v) have had their identity confirmed in accordance with any applicable laws and have been properly screened.

(f) Service Credits. Where Service Levels are not met, Service Credits may arise, [***].

- 13 -

(g) Exclusivity. Custodian is not granted any exclusivity in relation to the Custodian’s Services and Client may at any time request or contract other persons to provide services to it that are the same as or similar to the Custodian’s Services. Client is not granted any exclusivity in relation to the Custodian’s Services and Custodian may at any time provide services that are the same as or similar to the Custodian’s Services to third parties .

(h) Maintenance and Service Issues. The Custodian shall notify the Client in writing [***] in advance of any planned maintenance (“Planned Maintenance”), including the window during which Planned Maintenance will be carried out and the impact that this will have on the Custodian’s Services. Client acknowledges that Custodian offers a service to global clients and cannot optimize maintenance windows for the exclusivity of any single client. Notwithstanding the above, Custodian shall (i) use commercially reasonable efforts to schedule Planned Maintenance windows at times that will cause the least amount of adverse impact to Client and its business; (ii) keep maintenance windows as short as possible; (iii) inform Client if maintenance will overrun the scheduled maintenance window; and (iv) use commercially reasonable efforts to provide the Custodian’s Services on an uninterrupted basis, despite Planned Maintenance taking place. Where emergency maintenance is required, or maintenance of a third-party system where Custodian has no control over the schedule, or any unplanned issue or situation arises that may impact on the Custodian’s Services or the Custodian’s ability to perform the Custodian’s Services under this Agreement, the Custodian shall inform the Client as soon as possible and shall provide appropriate details of the nature of the maintenance, issue or situation. In the event of a service outage or any other event which interrupts or degrades the Client’s use of the Custodian’s Services not caused by Planned Maintenance (“Service Outage”), the Custodian will use reasonable best efforts to: (a) respond to the Service Outage [***].

(i) Service Failures - general. If the Custodian’s Services are not provided in accordance with this Agreement in any respect (including where the Service Levels are not met) the Custodian shall promptly notify the Client and (without prejudice to the Client’s other rights and remedies):

(i) take all steps reasonably necessary to minimize any material impact of the failure on the Client’s business;

(ii) if it is possible to do so, repeat that part or those parts of the Custodian’s Service or Custodian’s Services that gave rise to the failure;

(iii) investigate the failure (including, as applicable, performing a root cause analysis to identify the cause of such failure);

(iv) provide the Client with a written report identifying the cause of the failure, the consequences of the failure and Custodian’s procedures for correcting the failure and ensuring that it will not be repeated;

- 14 -

(v) as soon as practicable correct any fault or defect in the processes and systems used to provide the Custodian’s Services which gave rise to the failure; and

(vi) ensure that the Custodian’s Services are provided in accordance with this Agreement as soon as practicable.

(j) Service Failures - material. If the Custodian commits a breach of Section 6(a) or a material breach of any provision of this Agreement in relation to the provision of any of the Custodian’s Services, and that breach causes, or is likely to cause, the Client to incur a material loss, liability, cost or business disruption, whether direct or indirect, the Client may, by notice to the Custodian at any time before the breach is remedied in full require the Custodian to engage in enhanced co-operation as described in Section 6(k).

(k) If the Client gives notice requiring enhanced co-operation under Section 6(j), the Custodian shall, in addition to its other obligations under this Agreement:

(i) remedy the breach as soon as possible, including devoting all reasonable resources to the resolution of the breach;

(ii) promptly provide the Client with such information (in addition to any information required to be provided under the other provisions of this Agreement) as the Client may reasonably request to enable the Client fully to understand the nature and causes of the breach and the steps being taken and/or considered by the Custodian to remedy the breach;

(iii) work with the Client and use reasonable best efforts to agree, as soon as practicable, on a plan or set of plans for the resolution of the breach; and

(iv) report to the Client in a timely manner on progress against that plan or those plans and reasonably consult with the Client in relation to, and promptly keep the Client informed of, changes to that plan or those plans from time to time.

(l) Custodian shall promptly inform Client of any events, developments or circumstances (including any litigation, arbitration or disputes) which have or may have a material adverse impact on Custodian’s ability to perform the Custodian’s Services or any of its other obligations under this Agreement, and shall:

(i) as appropriate, keep Client updated of the status of those events, developments or circumstances and any material impact on Custodian’s ability to perform the Custodian’s Services or any of its other obligations under this Agreement; and

(ii) take such steps as Client may reasonably require to guard against any material adverse impact on Custodian’s ability to perform the Custodian’s Services or any of its other obligations under this Agreement.

- 15 -

(m) For the avoidance of doubt, the rights and obligations under Sections 6(h), 6(i), 6(j) and 6(k) are without prejudice to any other rights and obligations that the Client and the Custodian may have in relation to the Custodian’s default.

7. Account Service.

(a) [***].

(b) Custodian shall provide to Client such information as is necessary for Authorized Persons to make deposits to Client’s Accounts.

(c) Client and Authorized Persons shall be able to access each Account at all times, [***].

(d) Client shall not resell the Custodian’s Services. Custodian acknowledges that the Client will use the Custodian’s Services to be able to provide services to the Client’s own clients and customers. Nothing in this Agreement shall operate to prevent the Client from using the Custodian’s Services to be able to provide services to its own clients and customers.

(e) Custodian shall use reasonable best efforts to keep all of its machines, networks, computer equipment, and phones utilized directly or indirectly to provide access to the Account and Custodian’s Services free of malware and malicious code and in secure and protected locations

- 16 -

(f) Custodian shall immediately credit to each Account all cryptocurrency, digital currency and/or tokens properly sent to Custodian in accordance with Custodian’s procedures via Custodian’s Services by Authorized Persons for each Account. Custodian shall notify Client electronically of such receipt of Custodial Coins and of such credit to the relevant Account as soon as possible following the receipt of Custodial Coins, no later than twenty-four (24) hours following such receipt.

(g) Custodian shall not allow withdrawals of any Custodial Coins from the Account except those withdrawals made in accordance with Digital Currency Instructions by Authorized Persons, as identified by Client to Custodian and whose identity has been reasonably confirmed by Custodian using reasonable efforts and consistent with Custodian’s client identification protocols. Custodian shall debit from the relevant Account all Custodial Coins withdrawn by Authorized Persons from such Account. Custodian shall notify Client and the relevant Authorized Person(s) immediately of such withdrawal and of such debit from the relevant Account.

(h) Custodian shall not accept, for the benefit of Client, cryptocurrency, digital currency and/or token deposits from third parties.

(i) [Intentionally Deleted.]

(j) [Intentionally Deleted.]

(k) [Intentionally Deleted.]

(l) [Intentionally Deleted.]

(m) [Intentionally Deleted.]

(n) Notwithstanding the foregoing, Custodian reserves the right, upon order of a governmental authority or in the event Custodian has reasonable evidence of unlawful conduct by the Client, to terminate or restrict Client’s access to or use of the Account to the extent such restriction is necessary to comply with Custodian’s obligations under applicable anti-money laundering laws and rules or to prevent fraud or a criminal violation. To the extent permissible by law, Custodian will notify Client of the existence of such order or evidence and shall restore Client’s access and use of the Account as soon as reasonably possible.

8. Use of Custodian’s Services

Client shall:

(a) [***].

- 17 -

[***].

(b) promptly notify Custodian of any unauthorized access, use or disclosure of Client’s Account credentials, unauthorized access or use of the Account (including any suspected unauthorized access or use) or any other breach of security (including any breach or suspected breach of Client’s system, network or developer application) of which Client becomes aware, which such notification shall describe in reasonable detail the issue at hand including the date, type of problem, and where (in what part of the system) Client experienced that problem. Client agrees that it will provide Custodian with all information Custodian reasonably requests and will reasonably cooperate with and facilitate any investigation by Custodian to identify the issue and assess the security of the assets and Account. Client further agrees that it will provide Custodian with results of any internal or third-party investigation into such breach or suspected breach conducted or ordered by Client, unless disclosure would violate any law, regulation or court order, or any regulatory or contractual obligations of the Client, or is otherwise protected by obligations of confidentiality or subject to legal privilege;

(c) [***];

(d) [***];

(e) [***]; and

(f) [***].

- 18 -

(g) Client to use reasonable efforts to keep all of its machines, networks, computer equipment, and phones utilized directly or indirectly to access the Account and Custodian’s Services free of malware and malicious code and in secure and protected locations.

9. Change Management Procedure.

(a) The Client acknowledges that the Custodian will continuously improve the Services, and that these improvements may result in changes to the Services. All such changes shall be made by the Custodian at its own cost and expense, except as provided for herein or as agreed upon by the parties. The Custodian acknowledges that changes to the Services may cause unintended consequences for the Client or its business.

If the Custodian identifies a requirement for a planned, routine change to the Custodian’s Services (a “Custodian Change”) it shall provide the Client with reasonable advance notice, [***]. Such notice shall include a general description of the proposed change, its purpose and the time or times at which the Custodian expects that the Custodian Change will take effect as well as a roadmap for any future changes and enhancements. There shall be no additional cost or expense to the Client as a result of any Custodian Change, except as provided for herein or as agreed upon by the parties.

(b) Should any planned changes by the Custodian remove any material functionality within the Custodian’s Services to the Client, [***]. Except as agreed upon by the parties or to comply with Applicable Law, Custodian shall ensure that the Custodian’s Services shall continue to support all Custodial Coins supported by the Custodian’s Services as at the Effective Date. Custodian shall not reduce or remove any material functionality within the Custodian’s Services, unless replaced by different and improved functionality or unless Client otherwise agrees. Except to the extent (i) agreed upon by the parties, (ii) necessary for material security purposes, or (iii) necessary to comply with Applicable Law, Custodian shall ensure that the Custodian’s Services shall continue to support all Custodial Coins supported by the Custodian’s Services as at the Effective Date. Except as agreed upon by the parties or to comply with Applicable Law, Custodian shall ensure that the Custodian’s Services shall continue to support all Custodial Coins supported by the Custodian’s Services as at the Effective Date.

- 19 -

(c) At Client’s request, Custodian will provide reasonable assistance to Client to enable Client to understand the impact (if any) that changes to the Custodian’s Services may have on Client.

(d) If Client identifies any material concern with respect to a planned change, the parties shall cooperate to resolve the matter as quickly as practicable in the circumstances, provided that where Custodian, in the reasonable opinion of the Client, has failed to resolve such material concern within a reasonable period of time, [***].

(e) The Custodian acknowledges that the Client may, from time to time, require changes to be made to the Custodian’s Services (a “Client Change”), including where the Client Change is required to enable the Client to comply with Applicable Law or regulation (a “Regulatory Change”). If the Client identifies a requirement for a Client Change, Client may request the Custodian make the appropriate change to the Custodian’s Services through the following process:

(i) Client may submit a written request (a “Change Request”) that will include reasonable detail for Custodian to evaluate such request. The Change Request shall also identify if the Client Change is a Regulatory Change or not.

(ii) Custodian shall, without undue delay, review the Change Request and notify Client if it requires any further information; otherwise Custodian shall notify Client following completion of its review ([***]) of Custodian’s initial assessment of the requested change, to include (a) a proposed implementation date; (b) Custodian’s proposed fees for making that the Client Change (subject to the Fees Agreement and the remainder of this Clause); and (c) any dependencies on Client to implement such Client Change.

(iii) If Client wishes to make any changes to Custodian’s proposal, the parties shall negotiate the same in good faith.

(iv) Custodian shall not refuse to make any Client Change requested by Client that is a Regulatory Change, each acting reasonably and in good faith. Notwithstanding the foregoing, the parties may agree to an alternative to the Regulatory Change if the Custodian reasonably believes the Regulatory Change may compromise the security or integrity of the Services.

(v) If the parties have agreed to the scope and fees of a Client Change, Custodian shall implement that change in accordance with the timetable agreed by the parties.

- 20 -

(vi) Client shall bear the reasonable costs incurred by Custodian in making each Client Change, however in the case of all Regulatory Changes, Custodian may charge Client only a pro rata amount of the cost of making such Regulatory Changes (in proportion to the benefit to Client compared to the benefit that Custodian’s other customers will receive), which the Custodian shall allocate in its reasonable discretion.

10. Custodian Fork, Airdrop Policy and Token Support.

Client agrees that all “airdrops” and “forks” will be handled by Custodian pursuant to its custodial fork policy (the “BitGo Fork Policy”) as attached to this Agreement as Exhibit B. Client acknowledges that Custodian is under no obligation to support any airdrops or forks, or handle them in any manner, except as detailed in the BitGo Fork Policy. Client further acknowledges that Custodian, at its reasonable discretion, may update the BitGo Fork Policy from time to time provided that the Custodian shall notify the Client at least thirty (30) calendar days in advance of any such changes.

Client further acknowledges and agrees that Custodian may, from time to time, offer support for select ERC20 tokens or other tokens, metacoins, colored coins, side chains, or coins which enhance or interoperate with coins supported by Custodian (collectively, “Tokens”). Until Custodian notifies Client and the general public that Custodian supports a particular Token, Client must not use its Account, Key Wallet, or any of the Custodian Services in any manner whatsoever for such Token. This means, in particular and without limitation, Client should not attempt to receive, request, send, store, or engage in any other type of transaction involving any Token unless expressly supported by Custodian. Client acknowledges that Custodian may, in its reasonable discretion amend its list of supported Tokens from time to time provided that the Custodian shall notify the Client at least thirty (30) calendar days in advance of any such changes; provided, that Custodian will not exclude Tokens previously supported by Custodian except for the situations described below in this paragraph and subject always to Section 5(b); (a) Client further acknowledges and agrees that, upon the occurrence of any event outside the control of Custodian resulting in the migration of any ERC20 token from Ethereum to another protocol, including but not limited to a “mainnet launch,” (a “Migration Event”) Custodian may immediately cease any and all support for such ERC20 token, and that Custodian will be under no obligation to provide support for any Token related to or resulting from such a Migration Event; (b) Should government rules and regulations substantially change from the time of the execution of this agreement, to make support of any particular token impossible or inconsistent with this agreement. Where Custodian excludes a Token in accordance with this Section 10, Custodian will take all reasonable steps to allow Client or Account Holder to make alternative custody arrangements for such token(s). CUSTODIAN WILL HAVE NO RESPONSIBILITY OR LIABILITY IF CLIENT LOSES, BURNS, OR OTHERWISE CANNOT ACCESS OR CONTROL ANY TOKEN THAT CUSTODIAN DOES NOT SUPPORT.

- 21 -

11. Prohibited Activities

(a) Client agrees that Client will not use any Account or Custodian’s Services to perform any type of illegal activity of any sort or take any action that negatively affects the performance of Custodian’s Services. Client may not engage in any of the following activities with respect to Custodian’s Services, nor may Client help a third party in any such activity:

(i) attempt to gain unauthorized access to Custodian’s Services or another user’s account;

(ii) make any attempt to bypass or circumvent any security features;

(iii) knowingly violate any law, statute, ordinance, or regulation;

(iv) reproduce, duplicate, copy, sell or resell Custodian’s Services for any purpose except as authorized in this Agreement;

(v) knowingly engage in any activity that is abusive or interferes with or disrupts Custodian’s Services; or use Custodian’s Services knowingly in connection with any transaction involving illegal products or services;

(vi) attempt to transfer, utilize, or otherwise resell Custodian’s Services without prior written consent by Custodian.

(b) Use of Custodian’s Services in connection with any transaction involving illegal products or services is prohibited.

(c) In the event of any breach of Section 11(a) of this Agreement, Custodian reserves the right, [***], at is discretion, to terminate access to or use of the Account by any specific Authorized Person, so long as at least one Authorized Person continues to have access.

(d) Client shall remain fully responsible for any acts or omissions of its Authorized Persons and shall take commercially reasonable steps to ensure that Authorized Persons comply with the terms of this Agreement. Absent any negligent act or omission by Custodian, Custodian shall bear no responsibility for any transactions in the Account, or resultant losses or damages to Client, caused solely by any acts or omissions of Authorized Persons.

12. Compliance with Anti-Money Laundering Laws and Government Requests

(a) AML Certification. Client represents to Custodian that Client is in material compliance with: (i) all applicable provisions of the Bank Secrecy Act; (ii) all applicable provisions of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (Public Law 107-57) (USA PATRIOT Act), as amended and all regulations issued pursuant to it; (iii) Executive Order No. 13224 on Terrorist Financing, effective September 24, 2001, and relating to Blocking Property and Prohibited Transactions with Persons Who Commit, Threaten to Commit, or Support Terrorism, to the

- 22 -

extent applicable to Client; (iv) the International Emergency Economic Power Act (50 U.S.C. 1701 et seq.), and any applicable implementing regulations; (v) the Trading with the Enemies Act (50 U.S.C. 50 et seq.), and any applicable implementing regulations; and (vi) all applicable legal requirements relating to anti-money laundering, anti-terrorism and economic sanctions in the jurisdictions in which operates or does business. Neither Client nor any of its directors, officers or Affiliates is identified on the United States Treasury Department Office of Foreign Asset Controls (OFAC) list of Specially Designated Nationals and Blocked Persons (the SDN List) or otherwise the target of an economic sanctions program administered by OFAC, and Client is not Affiliated in any way with, nor providing financial or material support to, any such persons or entities. Client agrees that should it, or any of its directors, officers or Affiliates be named at any time, during the term of this Agreement, on the SDN List, or any other similar list maintained by a governmental authority, it will inform Custodian in writing immediately upon discovery.

(b) Compliance with Government Requests. Notwithstanding any other term herein or in any other agreement between Client and Custodian, each party may, upon inquiry, investigation or request by federal or state government officials (including federal or state law enforcement authorities and regulatory or supervisory bodies) provide information (including Confidential Information, as defined in Section 17(a) hereto) without notice to or consent of the other party, where such provision of information is required by Applicable Law or regulation.

13. Verification; Transfers.

(a) Client and Custodian shall use commercially reasonable efforts to comply with any applicable security procedures mandated by Custodian with respect to the delivery or authentication of Instructions and shall ensure that any codes, passwords or similar devices are safeguarded in keeping with security best practices.

(b) Custodian cannot and does not guarantee the value of cryptocurrency, digital currency or tokens. Except as expressly set out in this Agreement, Custodian shall not be responsible for any third-party services. Furthermore, Custodian cannot cancel or reverse an update transmitted to the relevant blockchain (which reflects a Digital Currency Instruction) that has been transmitted to the applicable blockchain. Once a Digital Currency Instruction has been made, Client will subsequently not be able to cancel or otherwise modify such Digital Currency Instruction. Client acknowledges and agrees that Custodian shall have no liability for losses Client suffers in connection with any update transmitted to the relevant blockchain initiated via Custodian’s Services under this Agreement following receipt by Custodian of a Digital Currency Instruction, unless the update transmitted incorrectly reflects the Digital Currency Instruction, or such losses are the direct result of Custodian’s fraud, willful default, recklessness, gross negligence or breach of this Agreement or any act or omission of any of its nominees, agents, sub-contractors or sub custodians. Custodian does not ensure that any update transmitted to the relevant blockchain following receipt of a Digital Currency

- 23 -

Instruction for Client will be completed by the applicable network. Client acknowledges and agrees that the Digital Currency Instructions in which Client authorizes Custodian to submit an update for completion on a digital currency network may not be completed, or may be substantially delayed, by the digital currency network and Custodian is not responsible for any delay or any failure of completion caused by the digital currency network. When Client completes a Digital Currency Instruction, Client authorizes Custodian to submit Client’s update request to the digital currency network in accordance with the Digital Currency Instruction Client provides.

14. Indemnification.

(a) Custodian shall be indemnified by Client against any liabilities, losses, damages, costs and expenses (including but not limited to reasonable legal fees) incurred by Custodian and arising out of the gross negligence, recklessness, fraud, willful misconduct of Client, breach of this Agreement, violation of any Applicable Law by Client, any act or omission of any of its employees or officers or any action taken by the Custodian pursuant to any Instructions, including but not limited to (i) any taxes or other governmental charges, and any expenses related thereto, which may be imposed or assessed with respect to the Custodial Coins, and/or (ii) the Custodian or any nominee or agent of the Custodian, appearing as holder or holder of record of the Custodial Coins or any part thereof, but excluding those liabilities, losses, damages, costs and expenses which arise (whether through act or omission) as the result of fraud, recklessness, willful default, gross negligence, breach of this Agreement or violation of any Applicable Law on the part of the Custodian in the performance of its duties under this Agreement, or any act or omission of any of its nominees, agents, sub-contractors or sub custodians.

(b) If a party becomes aware of a matter in respect of which indemnity may be sought under Sections 14(a), 14(c) or 18(d), such person (the “Indemnified Party”) shall, if a claim in respect thereof is to be made against the other party for indemnification (i) notify such other party (the “Indemnifying Party”) promptly of the matter in writing (stating in reasonable detail the nature of the matter and, if practicable, the amount claimed) and consult with the Indemnifying Party with respect to the matter; if the matter has become the subject of proceedings, Indemnified Party shall notify the Indemnifying Party within sufficient time to enable Indemnifying Party to contest the proceedings before final judgment; (ii) Indemnified Party shall provide Indemnifying Party and its advisers reasonable access to personnel and to all relevant assets, documents and records that it possesses or controls for the purposes of investigating the matter and Indemnifying Party may take copies of the documents or records; (iii) Indemnified Party shall take any action and institute any proceedings, and give any information and assistance Indemnifying Party may reasonably request to dispute, resist, appeal, compromise, defend, remedy or mitigate the matter or enforce against a person (other than Indemnifying Party) Indemnified Party’s rights in relation to the matter and, in connection with proceedings related to the matter (other than against Indemnifying Party), use advisers chosen by Indemnifying Party and, if Indemnifying Party requests, allow

- 24 -

Indemnifying Party the exclusive conduct of the proceedings, in each case against an indemnity from Indemnifying Party to Indemnified Party for all reasonable costs incurred as a result of a request or choice by Indemnifying Party; and (iv) Indemnified Party may not admit liability in respect of or settle the matter without first obtaining Indemnifying Party’s written consent (not to be unreasonably withheld or delayed). Indemnified Party has no right to an indemnity under Sections 14(a), 14(c) or 18(d) (as applicable) if Indemnified Party fails in any material respect to comply with this Section 14(b). Nothing in this Section 14(b) in any way restricts or limits Indemnified Party’s general obligation at law to mitigate a loss which Indemnified Party may incur as a result of a matter giving rise to a claim under this Section 14(b). Notwithstanding any terms of this Agreement, in no circumstances shall either Party be liable to indemnify the other Party for any tax payable by the other in respect of such Party’s own income.

(a) Client shall be indemnified by Custodian against any liabilities, losses, damages, costs and expenses (including but not limited to reasonable legal fees) incurred by Client and arising out of or related to the gross negligence, recklessness, fraud, willful misconduct of Custodian, breach of this Agreement or violation of any Applicable Law by Custodian or any act or omission of any of its nominees, agents, sub-contractors or sub custodians. Without limitation of the generality of the foregoing, Custodian agrees to indemnify and hold Client harmless from any claim or demand (including but not limited to reasonable legal fees) arising out of or related to: (i) any breach of Custodian’s confidentiality obligations under or in connection with this Agreement, or (ii) any breach of any third party intellectual property rights, and such indemnities shall not be subject to any limitation under any terms of this Agreement. The indemnification obligations of this Section 14(c) exclude those liabilities, losses, damages, costs and expenses which arise (whether through act or omission) as the result of fraud, willful default, gross negligence, breach of this Agreement or violation of any Applicable Law on the part of the Client in the performance of its duties under this Agreement, or any act or omission of any of its employees or officers.

15. Fees and Expenses.

In consideration for providing the Custodian’s Services, the Client shall pay to Custodian the fees as set out under the Fees Agreement (as such may be amended from time to time as agreed upon by the parties). There shall be no additional fees or payments under this Agreement, except as provided for herein, the Fees Agreement, or as otherwise agreed upon by the parties.

16. Termination.

(a) This Agreement will commence on the Effective Date and will continue for one (1) year (the “Initial Term”). After the Initial Term, this Agreement will automatically renew for [***], unless either (i) the Custodian notifies the Client of its intention not to renew [***] prior to the expiration of the then current term or (ii) the Client notifies the

- 25 -

Custodian of its intention not to renew [***] prior to the expiration of the then current term, in which case the agreement shall expire at the end of the then current term, subject to any Exit Assistance to be provided by the Custodian to the Client pursuant to Section 16(e).

(b) The Client may terminate this Agreement at any time by written notice to the Custodian, effective as of the date specified in the notice, [***] following the date the notice is sent by the Client.

(c) The Client may terminate this Agreement at any time by written notice to the Custodian, effective immediately, or on such later date as may be specified in the notice, if:

(i) any representation, warranty or certification made by the Custodian under this Agreement, or pursuant to any certificate or document delivered pursuant to this Agreement, was or becomes incorrect in any material respect when made;

(ii) the Custodian either (i) commits a material breach of this Agreement (including, for the avoidance of doubt, a material breach of the Service Levels) and, if such breach is curable, fails to cure such breach within thirty (30) calendar days of receipt of written notice thereof from the Client or (ii) breaches this Agreement (whether or not such breach is curable) in a manner that is persistent;

(iii) the Custodian requests a postponement of maturity or a moratorium with respect to any indebtedness or is adjudged bankrupt or insolvent, or there is commenced against the Custodian a case under any applicable bankruptcy, insolvency or other similar law now or hereafter in effect, or the Custodian files an application for an arrangement with its creditors, seeks or consents to the appointment of a receiver, administrator or other similar official for all or any substantial part of its property, admits in writing its inability to pay its debts as they mature, or takes any corporate action in furtherance of any of the foregoing, or fails to meet applicable legal minimum capital requirements; or

(iv) any Applicable Law, rule or regulation or any change therein or in the interpretation or administration thereof has or may have a material adverse effect on:

(A) the quality or efficiency of Custodian’s Services under this Agreement; or

(B) Custodian’s ability to provide services to Client as required under this Agreement.

- 26 -

(v) the Custodian has agreed to a transaction that results in a change of control, or a change of control of the Custodian occurs, which for these purposes shall mean that a person directly or indirectly gains control of the Custodian, either through ownership of the majority of the voting rights in the Custodian or through otherwise attaining the ability (whether through voting rights, contractual means or otherwise) to direct the affairs of the Custodian.

(d) The Custodian may terminate this Agreement immediately upon written notice to Client if:

(i) the Client is in material breach of its obligations under Section 15 of this Agreement by failing to pay undisputed sums due to the Custodian, and such breach is not remedied within thirty (30) calendar days of receipt by the Client of written notice from Custodian requesting payment; or

(ii) the Client has engaged in any of the Prohibited Activities enumerated in Sections 11(a), 11(b), 11(d) or the material breaches referenced in Sections 16(c)and Section 20 of this Agreement, and if the breach is capable of cure, fails to cure such breach within ninety (90) calendar days of receipt of written notice thereof from the Custodian.

(e) The parties will have all the rights and obligations given to them in Exhibit F, in relation to any actual or potential termination (in whole or in part) or expiry of this Agreement.

(f) Notwithstanding anything to the contrary in this Agreement, this Agreement will not terminate on notice of termination or expire until the Custodian’s Services and all of the Custodian’s obligations under this Agreement have been transferred fully to a replacement supplier nominated by the Client, after which it shall terminate.

(g) Upon termination of this Agreement:

(i) Custodian shall promptly upon Client’s Instruction deliver or cause to be delivered to such account or other location specified in the Instruction all Custodial Coins held or controlled by Custodian for the Client as of the effective date of termination;

(ii) Client shall pay to Custodian all fees accrued to the date of such termination;

(iii) the license granted to Client to access and use Custodian’s Services under Section 18(c) shall terminate, and Client (and its Authorized Persons) shall immediately discontinue all access and use of the Custodian’s Services;

(iv) the Custodian shall continue to provide reasonable support, information and assistance to the Client in relation to any claims or regulatory investigations involving assets held by the Custodian during the term of the Agreement; and

- 27 -

(v) any such termination shall not affect any right or liability arising out of events occurring, or services delivered, prior to the effectiveness thereof. For the avoidance of doubt, termination of this Agreement shall not affect any other arrangements or agreements between the parties.

(h) Sections 17, 20(b) and 26(m) shall survive termination of this Agreement.

17. Confidentiality

(a) “Confidential Information” shall mean: (i) information that is designated by the provider of that information as confidential, or is by its nature understood to be confidential, (ii) the contents of any document or other non-public information (including, without limitation, any information relating to, or transactions involving, Custodial Coins, trade secrets or other confidential commercial information) relating to the services provided under this Agreement, and (iii) any information with respect to any party’s activities, account names, profit margins, product and brand costs and profit and loss information, price lists, unannounced prices, customer and supplier lists and other customer and supplier specific information, customer contracts, purchase orders, statements of work, proposals, new product plans and non-public technology information, strategic alliances, promotional plans and advertising plans.

(b) A party (“Receiving Party”) who receives Confidential Information from the other party (“Disclosing Party”) shall keep that Confidential Information confidential and shall use the Confidential Information only for the purposes for which it has been made available by the Disclosing Party. Other than as provided herein, the Receiving Party shall prohibit distribution of Confidential Information to other persons. The Receiving Party shall not disclose the Disclosing Party’s Confidential Information to any persons employed or engaged in its business other than those having a legitimate and genuine need-to-know for the fulfillment of the purpose for which it had been disclosed, and then only on the condition that such persons are made aware of the provisions of this Agreement, and that such persons are subject to obligations of confidentiality as part of their contracts of employment or engagement which are substantially similar to those specified in this Agreement. The Receiving Party shall not disclose the Disclosing Party’s Confidential Information to any third party (other than its professional advisors who are bound by duty of confidentiality) without the Disclosing Party’s permission or unless required by law or court order (in which case the Receiving Party shall provide the Disclosing Party as much advance notice as may be practicable in the circumstances prior to such required disclosure).

(c) The Custodian is not permitted to use any of the Client’s Confidential Information for any data mining activity unless such activity has been agreed to in writing by the Client or is required to be performed as part of the Custodian’s legal or regulatory obligations.

- 28 -

(d) The parties will preserve the confidential nature of Confidential Information that they receive pursuant to this Agreement. The parties shall not disclose any of the Confidential Information to any third party.

(e) Each of the parties retains all rights to its own Confidential Information except to the extent expressly granted herein.

(f) Confidential Information shall not include information which (i) is in the public domain through no unauthorized act or omission on the part of the Receiving Party; (ii) was lawfully in the Receiving Party’s possession without any obligation of confidentiality; or (iii) is independently developed by the Receiving Party without access to the Confidential Information.

(g) All documents containing Confidential Information furnished by or on behalf of any party to this Agreement that are required to be maintained in confidence as provided in this Agreement shall remain the property of the furnishing party, and all such documents and copies thereof shall be returned to the furnishing party upon request. In the event that this Agreement is terminated, the parties shall promptly return or destroy, at their option, to the extent permitted by law or regulation, all documents containing Confidential Information; provided that (i) each party’s legal department and/or outside counsel may keep one copy of the Confidential Information (in electronic or paper form) in order to comply with Applicable Law, and (ii) the parties and their Permitted Representatives may retain Confidential Information to the extent it is “backed-up” on their electronic information management and communication systems or services, is not available to an end user and cannot be expunged without considerable effort; provided further that the parties and their Permitted Representatives agree to keep any Confidential Information so retained strictly confidential in accordance with the terms of this Agreement.

(h) The obligations of confidentiality and non use related to the Confidential Information received under this Agreement shall be binding and, in the event that this Agreement is terminated, continue in force.

18. Intellectual Property.

(a) As between the parties hereto, Custodian shall retain all right, title, and interest (including all copyright, trademark, patent, trade secrets, and all other intellectual property rights) in connection with delivery of the Custodian’s Services. Further, Client will not have any right in the software, or trademarks, service marks, designs, logos, URLs, and trade names that are displayed in connection with the Custodian Services provided by Custodian or its Affiliates (collectively, the “Custodian Materials”). As between the parties hereto, the Client shall retain all right, title, and interest (including all copyright, trademark, patent, trade secrets, and all other intellectual property rights) in all data submitted by or processed for the Client in connection with the Custodian’s Services, as well as all materials provided by the Client to Custodian in connection with the Custodian’s Services or this Agreement (collectively, the “Client Materials”).

- 29 -

(b) Custodian hereby grants to Client a non-exclusive, non-transferable, worldwide, royalty-free license during the term of this Agreement to use the software and content provided by Custodian or its Affiliates, as well as all Custodian Materials provided to the Client as part of or in connection with the Custodian’s Services, solely as reasonably necessary to access and use services as contemplated by this Agreement. All rights not expressly granted herein are reserved by Custodian or its Affiliates.

(c) Custodian expressly reserves its rights to its trademarks, service marks, use of its logo, name, names and descriptions of its product and service offerings and any Custodian Materials. Except as set forth in Section 18(b) above, nothing in this Agreement shall be construed to confer any licenses, permissions for use or title to Client over any Custodian Materials. Client may not display the Custodian Materials in connection with any marketing or promotional activities without the express written consent of Custodian, except that Client may disclose its relationship with the Custodian, the terms of this Agreement or other Custodian Materials to its shareholders or potential investors (including disclosure in investment presentations) and for the purpose of fulfilling its regulatory obligations, including disclosure to shareholders, regulators or any other governmental of fiscal authority (including in regulatory documents or public filings). Any use by Client of Custodian Materials other than in accordance with terms of this Agreement and without Custodian’s express written consent shall constitute a material breach of this Agreement. Custodian reserves the right to seek all adequate remedies at law, including injunctive relief, to protect its sole and exclusive rights to Custodian Materials.

(d) Custodian shall indemnify the Client against all claims, losses and damages of whatever nature arising from or in respect of any claim that the provision or receipt of the Custodian’s Services infringes the intellectual property of any third party anywhere in the world. The indemnity in this Clause does not apply to the extent that the claim was caused by the Client’s use of the Custodian’s Services in breach of this Agreement. The Client will provide Custodian with prompt notice of an indemnifiable claim (provided that the failure to provide prompt notice shall only relieve Custodian of its obligation to indemnify to the extent it is materially prejudiced by such failure). All content, materials or information relating to Client or its business belongs solely to Client and may be used by Custodian solely for the purpose of performing its obligations under this Agreement in accordance with the confidentiality provisions of this Agreement.

19. Compliance

(a) Each party shall, in performing its obligations under this Agreement, at all times do so in full compliance with all Applicable Laws to which it is subject, and obtain and keep current all necessary licences, approvals, permits, certifications and authorisations in each relevant jurisdiction in which it performs any activities under or in relation to this Agreement.

- 30 -

(b) If Custodian is at any time required by any law enforcement agency or regulator with authority over Custodian to disclose any encryption or decryption keys used in connection with the Custodian’s Services or its other obligations under this Agreement, Custodian shall, before complying with that request and to the extent permitted by Applicable Law, discuss the request and options available with the Client. Custodian shall not comply with such a request unless it is obliged to do so under Applicable Law.

(c) Custodian shall:

(i) make itself readily available for meetings with representatives or appointees of the Client’s regulators as reasonably requested;

(ii) produce to representatives or appointees of those regulators’ documents, files, tapes, computer data or other material in its or their possession or control as reasonably requested;

(iii) permit representatives or appointees of those regulators to copy documents or other material on its or their premises as reasonably requested; and

(iv) respond promptly to any reasonable request by or communication of any of those regulators.

20. Marketing.

(a) Client may not utilize Custodian Materials, except as provided in Section 18(c) of this Agreement. Client may not make reference to Custodian, or any Custodian services or products in connection with any marketing or promotional efforts without the express prior written permission of Custodian. Any distribution or publication of materials or representations referencing Custodian, Custodian’s Services, any Account or any of Affiliates products or services without approval by Custodian, in writing, shall constitute a material breach of this Agreement.

(b) Custodian will not make any public statement, including any press release, media release or blog post which mentions or refers to Client or a relationship between Custodian and Client, without the prior written consent of Client. Any distribution or publication of materials or representations referencing Client or any Account without approval by Client, in writing, shall constitute a material breach of this Agreement.

21. Taxation

It is Client’s responsibility to determine what, if any, taxes apply to the transactions for which Client has submitted transaction details via the Custodian Services, and it is Client’s responsibility to report and remit the correct tax to the appropriate tax authority. Client agrees that Custodian is not responsible for determining whether taxes apply to Client’s Custodial Coin transactions or for collecting, reporting, withholding or remitting any taxes arising from any Custodial Coin transactions.

- 31 -

22. Business Continuity.

(a) Custodian has established, and will maintain for the duration of this Agreement, a business continuity plan and disaster recovery arrangements to avoid or minimise the adverse impact caused by, and / or support its ability to conduct business in the event of, any significant business disruption, including any Data Security Incident or any Force Majeure Event (a “SBD”), in accordance with Applicable Law and best industry practice. The Custodian shall ensure that its business continuity plan and disaster recovery arrangements are reasonably designed to maintain and restore any affected operations with as little impact as practically possible (including in relation to the Custodian’s Services), and that they meet the requirements of Applicable Law and regulatory authorities. The Custodian shall use reasonable efforts to ensure that its sub-contractors, nominees, agents and sub-custodians, comply with its business continuity plan and disaster recovery arrangements.

(b) The Custodian shall test, review and update its business continuity plan and disaster recovery arrangements at least annually, with more frequent updates being made if deemed necessary by the Custodian.[***]. Any deficiencies in the Custodian’s business continuity plan or disaster recovery arrangements will be rectified by the Custodian as soon as reasonably practicable.

(c) The Custodian shall promptly provide the Client with the most recent copy of its business continuity plan and disaster recovery arrangements following any updates, or on the Client’s reasonable request. The Client may review the Custodian’s business continuity plan and disaster recovery arrangements and inform the Custodian of any deficiencies it identifies, the remediation of which the Custodian and the Client shall reasonably agree upon. If requested by a governmental authority or regulatory, the Client may provide the Custodian’s business continuity plan and disaster recovery arrangements and plans to such governmental authority or regulatory.

(d) Should the Custodian be impacted by a SBD, the Custodian shall:

(i) comply with its business continuity plan and disaster recovery arrangements;

(ii) promptly inform the Client of the existence and nature of the SBD and any steps being taken to minimize any business interruption or other adverse effects on the Client including any triggering of the Custodian’s business continuity plan and / or disaster recovery arrangements;

- 32 -

(iii) continue to provide the Custodian’s Services to the extent it is not affected by the SBD in accordance with the provisions of this Agreement;

(iv) in respect of the relevant Custodian’s Service which is affected by the SBD, the Custodian shall continue to provide such Custodian’s Service in accordance with this Agreement to the extent reasonably practicable and otherwise recover such Custodian’s Service in accordance with the applicable business continuity plan and disaster recovery arrangement;

(v) ensure that each relevant Affiliate, nominee, agent, sub-contractor and sub-custodian shall comply with all reasonable obligations given to it in the event the Custodian has provided written notice of any such obligations and those obligations are equally applicable to (and carried out by) the Custodian’s Affiliates also affected by the SBD.

23. Excuse of Performance.

(a) Notwithstanding anything to the contrary in this Agreement, Custodian shall not be responsible or liable to Client for any loss of Custodial Coins to the extent Custodian did not, through its gross negligence, recklessness, fraud, willful default or breach of this Agreement, and no act or omission of a sub-custodian, sub-contractor, nominee or agent of Custodian did, cause or contribute to such loss and such failure, inability or loss is attributable to:

(i) Client’s or any Authorized Person’s failure to protect the confidentiality or security of the Account login credentials associated with Custodial Coins; or)

(ii) an unauthorized party’s access to any computer or device used by Authorized Persons to access the Account

provided that where the Custodian seeks to rely on this Section 23, the Custodian must be and remain in compliance with its obligations under Section 22 above, and must trigger its business continuity plans and disaster recovery arrangements accordingly.

24. Limitations of Liability.

(a) Neither party shall be liable to the other party (whether under contract, tort (including negligence) or otherwise) for any indirect, incidental, special or consequential losses suffered or incurred by the other party (whether or not any such losses were foreseeable or within the contemplation of the parties). For the avoidance of doubt, losses (i) incurred by the Client in connection with any claims by the Client’s customers who are supported by the Services that arise as a result of a breach by BitGo of its obligations under this Agreement; and (ii) fines, penalties or similar amounts imposed on Client by any Regulator, as well as increased compliance costs incurred by Client, as a result of a breach by Custodian of its obligations under this Agreement, shall not be considered indirect, incidental, special or consequential losses for the purposes of this Agreement.

- 33 -

(b) Any liability of Custodian arising out of or relating to this Agreement in respect of (i) any theft or loss of Custodial Coins held for Client by Custodian or (ii) any failure by Custodian to hand back or to otherwise recover Custodial Coins held for Client by Custodian, shall not exceed the value of the Custodial Coins held for Client by Custodian on deposit across all Client’s Accounts at the time immediately before the events giving rise to the liability (the value of any Custodial Coins shall be calculated at the average United States Dollar ask price, at the time of the loss, of the three largest exchanges (by trailing 30-day volume) which offer the relevant digital currency or digital asset/USD trading pair, as relevant). In all other cases, neither party’s total aggregate liability in connection with an incident arising out of or relating to this Agreement will exceed the total fees paid or payable to Custodian under this Agreement during the 36 month period immediately preceding the incident giving rise to such liability, except where the Custodian is grossly negligent, fraudulent, reckless, willfully defaults or commits a material breach of any of the security standards as set out in the Security Schedule or fails to comply with the change management procedure set out in Section 9 in any material respect.

(c) The exclusions and limitations of liability (including Clauses 24(a) and (b)) set forth in this Agreement shall not apply to (i) a party’s breach of its confidentiality obligations under this Agreement; (ii) a party’s breach of its indemnification obligations under this Agreement (or any amounts paid or payable in connection with such obligations); (iii) a party’s intentional breach of this Agreement, gross negligence, fraud, fraudulent misrepresentation, recklessness or willful misconduct; (iv) death or bodily injury arising as a result of the negligence of that party; (v) Custodian’s obligation to return all Client assets on Client’s request; (vi) in the case of the Client, the Client’s payment of fees under Section 15 of this Agreement; or (vii) any loss, liability or cost to the extent that it cannot be excluded or limited by Applicable Law.

25. Force majeure

(a) Neither party shall be liable for any failures caused by a Force Majeure Event, provided that it: (i) uses all reasonable endeavours to perform regardless of the advent of the Force Majeure Event; and (ii) informs the other party as soon as may be practicable of the occurrence of a Force Majeure Event, its impact on its ability to perform its obligations under this Agreement and the likely duration of the disruption of the relevant obligations.

(b) Custodian shall not under this Clause be excused from any failure to perform any of its obligations under this Agreement by reason of the occurrence or continuation of a Force Majeure Event, the consequences of which would have been avoided had it complied with its obligations under Clause 22.

- 34 -

26. Miscellaneous.

(a) Headings. The headings in this Agreement are for reference only and shall not affect the construction or interpretation of any of the provisions herein.

(b) Counterparts. This Agreement may be signed in any number of counterparts, each of which shall be an original, with the same effect as if the signatures thereto and hereto were upon the same instrument. This Agreement shall become effective when each party hereto shall have received a counterpart hereof signed by all of the other parties hereto. Until and unless each party has received a counterpart hereof signed by the other party hereto, this Agreement shall have no effect and no party shall have any right or obligation hereunder (whether by virtue of any other oral or written agreement or other communication). No provision of this Agreement is intended to confer any rights, benefits, remedies, obligations or liabilities hereunder upon any person other than the parties hereto and their respective successors and assigns.

(c) Notices. All notices, requests and other communications to any party hereunder shall be in writing (including electronic mail (“e-mail”) transmission, so long as a receipt of such e-mail is requested and received) and shall be given,

if to Client, to:	Steve Ellis / Alex Erasmus
	Chief Financial Officer / Chief Legal Officer
	Suite 23, Portland House, Glacis Road, Gibraltar
	[***]
if to Custodian, to:	Richard Corcoran
	Trust President
	6216 Pinnacle Place, Suite #101
	Sioux Falls, South Dakota 57108, USA
	[***]

or such other address as such party may hereafter specify for the purpose by notice to the other parties hereto. Each of the foregoing addresses shall be effective unless and until notice of a new address is given by the applicable party to the other parties in writing. Notice will not be deemed to be given unless it has been received.

(d) Relationship of the Parties. Nothing in this Agreement shall be deemed or is intended to be deemed, nor shall it cause, Client and Custodian to be treated as partners, joint ventures, or otherwise as joint associates for profit.

(e) Governing Law. This Agreement shall be governed by and construed in accordance with the law of the State of South Dakota without regard to the conflicts of law rules of such State.

- 35 -

(f) Dispute resolution. THE PARTIES HERETO ACKNOWLEDGE AND AGREE THAT:

(i) THEY ARE GIVING UP ANY RIGHT TO COMMENCE ANY SUIT, ACTION OR PROCEEDING AGAINST EACH OTHER IN COURT SEEKING TO ENFORCE ANY PROVISION OF, OR BASED ON ANY MATTER ARISING OUT OF OR IN CONNECTION WITH, THIS AGREEMENT, INCLUDING THE RIGHT TO A TRIAL BY JURY, EXCEPT AS PROVIDED BY THE RULES OF THE ARBITRATION FORUM IN WHICH A CLAIM IS FILED;

(ii) ARBITRATION AWARDS ARE GENERALLY FINAL AND BINDING, AND THAT A PARTY’S ABILITY TO HAVE A COURT REVERSE OR MODIFY AN ARBITRATION AWARD IS VERY LIMITED;

(iii) THE ABILITY OF THE PARTIES TO OBTAIN DOCUMENTS, WITNESS STATEMENTS AND OTHER DISCOVERY IS GENERALLY MORE LIMITED IN ARBITRATION THAN IN COURT PROCEEDINGS;

(iv) THE ARBITRATORS DO NOT HAVE TO EXPLAIN THE REASON(S) FOR THEIR AWARD UNLESS, IN AN ELIGIBLE CASE, A JOINT REQUEST FOR AN EXPLAIN DECISION HAS BEEN SUBMITTED BY ALL PARTIES TO THE PANEL AT LEAST TWENTY (20) DAYS PRIOR TO THE FIRST SCHEDULED HEARING DATE;

(v) THE PANEL OF ARBITRATORS MAY INCLUDE A MINORITY OF ARBITRATORS WHO WERE OR ARE AFFILIATED WITH THE SECURITIES INDUSTRY;

(vi) THE RULES OF SOME ARBITRATION FORUMS MAY IMPOSE TIME LIMITS FOR BRINGING A CLAIM IN ARBITRATION, AND IN SOME CASES A CLAIM THAT IS INELIGIBLE FOR ARBITRATION MAY BE BROUGHT IN COURT; AND

(vii) THE RULES OF THE ARBITRATION FORUM IN WHICH THE CLAIM IS FILED, AND ANY AMENDMENTS THERETO, SHALL BE INCORPORATED INTO THIS AGREEMENT.

THE PARTIES FURTHER ACKNOWLEDGE AND AGREE THAT ALL CONTROVERSIES ARISING OUT OF OR RELATING TO THIS AGREEMENT OR THE USE OF CUSTODIAL SERVICES, WHETHER ARISING PRIOR, OR, OR SUBSEQUENT TO THE DATE HEREOF, SHALL BE ARBITRATED. ANY ARBITRATION UNDER THIS AGREEMENT SHALL BE CONDUCTED PURSUANT TO THE AMERICAN ARBITRATION ASSOCIATION’S RULES FOR ARBITRATION OF COMMERCIAL RELATED DISPUTES (ACCESSIBLE AT HTTPS://WWW.ADR.ORG/SITES/DEFAULT/FILES/COMMERCIAL%20RU LES.PDF), AND THAT SUCH CONTROVERSIES ARE OTHERWISE SUBJECT TO THIS SECTION 25(F) OF THIS AGREEMENT. THE PARTIES AGREE THAT ARBITRATION FORUM SHALL BE LIMITED TO NEW YORK, NY, SAN FRANCISCO, CA, OR SIOUX FALLS, SD. THE PARTIES AGREE THAT THE AWARD OF THE ARBITRATORS, OR THE MAJORITY THEREOF, SHALL BE FINAL, AND JUDGMENT UPON THE AWARD RENDERED MAY BE ENTERED AND ENFORCED IN ANY COURT, STATE OR FEDERAL, HAVING JURISDICTION.

- 36 -

(g) Claims. It is the intention of the parties that no third party shall have or assert any rights, claims or remedies against any party in respect of any action, omission, failure or neglect in the performance of any responsibilities referred to in this Agreement. For the avoidance of doubt, the parties acknowledge and agree that the foregoing sentence does not affect the right of any indemnified party pursuant to Section 14 of this Agreement to recover the losses, claims, damages, liabilities or expenses specified in Section 14.

(h) Amendments and Waivers.

(i) Any provision of this Agreement may be amended or waived if, but only if, such amendment or waiver is in writing and is signed, in the case of an amendment, by each party to this Agreement, or in the case of a waiver, by the party against whom the waiver is to be effective.

(ii) No failure or delay by any party in exercising any right, power or privilege hereunder shall operate as a waiver thereof nor shall any single or partial exercise thereof preclude any other or further exercise thereof or the exercise of any other right, power or privilege. The rights and remedies herein provided shall be cumulative and not exclusive of any rights or remedies provided by law.

(i) Successors and Assigns. The provisions of this Agreement shall be binding upon and inure to the benefit of the parties hereto and their respective successors and assigns but the parties agree that no party can assign its rights and obligations under this Agreement without the prior written consent of the other parties, which consent shall not be unreasonably withheld or delayed.

(j) Entire Agreement; Terms and Policies. This Agreement and the Institutional Account Onboarding Document, which is attached as Exhibit C, embodies the entire agreement and understanding among the parties hereto and supersedes any and all prior agreements and understandings, oral or written, relating to the subject matter of this Agreement. No oral representations or other agreements have been made by the parties. With the exception of the services ordered, the fees, and any fee schedule enumerated in the Fees Agreement, in the event of any conflict or inconsistency between the body of this Agreement and the Fees Agreement, the provisions of this Agreement shall prevail and be given priority. Subject to the foregoing, the several documents and instruments forming part of this Agreement are to be taken as mutually explanatory of one another and in the case of ambiguities or discrepancies within or between such parts the same shall be explained and interpreted, if possible, in a manner which gives effect to each part and which avoids or minimizes conflicts among such parts. No oral representations or other agreements have been made by the parties.

- 37 -

(k) Severability. If any term, provision, covenant or restriction of this Agreement is held by a court of competent jurisdiction or other authority to be invalid, void or unenforceable, the remainder of the terms, provisions, covenants and restrictions of this Agreement shall remain in full force and effect and shall in no way be affected, impaired or invalidated so long as the economic or legal substance of the services contemplated hereby is not affected in any manner materially adverse to any party. Upon such a determination, the parties shall negotiate in good faith to modify this Agreement so as to effect the original intent of the parties as closely as possible in an acceptable manner in order that the services contemplated hereby be consummated as originally contemplated to the fullest extent possible.

(l) No Advice. Client acknowledges that Custodian is not providing any legal, tax, or investment advice in providing the services under this Agreement.

(m) Use of Information by Custodian. Custodian agrees that it shall not without the prior written consent of Client: (i) display or include in any documentation the name of Client; (ii) (except where required by any legal or regulatory requirement) disclose its relationship with Client under this Agreement to any third party; or (iii) make use of, or acquire any right of ownership to, any copyrights, patents, trade secrets, trademarks, trade dresses, service marks, or other intellectual property right, which belong to Client.

(n) Insurance. Custodian will obtain and maintain, at its sole expense, adequate and sufficient insurance coverage from a reputable and substantial insurance company in such types and amounts as are commercially reasonable for the Custodian’s Services provided hereunder. This shall include the minimum levels of insurance, against loss or theft of any assets belonging to the Custodian’s customers to a minimum level of $100 million. Custodian may amend or lower such coverage and will use best efforts to provide at least thirty (30) days advance written notice of such change to Client, or to the extent thirty (30) days advance written notice is not practicable, as much advance written notice as may be practicable in the circumstances. Custodian will, upon Client’s reasonable request, provide certification evidencing such insurance. Client acknowledges that any insurance related to theft of coins will apply to Custodial Services only.

In addition to any other insurance policies maintained by Custodian in connection with the Custodian’s Services, Custodian shall, within ninety (90) calendar days of Client’s written request, attempt in good faith to obtain the option for Client to purchase additional insurance coverage through Custodian (the cost of which shall be fully passed through to Client) on terms approved by Client in writing in an amount that, when combined with the insurance coverage that Custodian maintains, at least equals the USD denominated value of the Custodial Coins held by Custodian for Client under this Agreement, under a policy which names Client as the sole beneficiary (loss payee) of such additional insurance, and provide a copy of such policy to Client.

- 38 -

(o) Capitalization Statement and Holding Notification. Client may request from Custodian, no more than twice in any calendar year, a statement (i) attesting to Custodian’s maintenance of adequate capitalization under applicable South Dakota banking law, (ii) attesting to the adequate capitalization of any parent company of the Custodian under any relevant Applicable Law, and (iii) providing any public documents concerning Custodian’s or any parent company’s capitalization. Upon such a request from the Client, the Custodian shall provide the requested information within 10 Business Days of the request.

[Signature Page to Follow]

- 39 -

IN WITNESS WHEREOF, the parties, by their duly authorized representatives, have executed this Agreement as of the Effective Date.

BitGo Trust Company, Inc.:
By:	/s/ Mike Belshe
Print Name: Mike Belshe
Title:	CEO
Bullish (GI) Limited:
By:	/s/ Russell Eldridge
Print Name: Russell Eldridge
Title:	Director

- 40 -

EXHIBIT A

Statement of Facts

(REDACTED)

[to be provided in an encrypted communication]

- 41 -

EXHIBIT B

BitGo Fork Policy

In the past year, the emergence of “forks” and “airdrops” has created a new vehicle for delivering perceived and real value to holders of existing digital currencies. The rapid deployment of new forks and airdrops has raised questions about how BitGo customers can expect to receive or not receive this value for themselves or for their customers. Each fork or airdrop faces unique technical, safety, liquidity, and timing challenges. This document describes the problem and clarifies BitGo’s policy on how to handle forks for its customers.

Goals

Security

BitGo’s primary goal is always security and safety. BitGo will never introduce support for any fork where BitGo, at its sole discretion, believes it may be unsafe to do so. As forks have emerged in the past year, many have been launched quickly, with rapidly changing technical implementations continuing right up to the launch of the new fork.

Preservation of Value

BitGo also intends to preserve value for customers. When forks occur with significant value, BitGo will work with customers to attempt to deliver that new value to customers. This may or may not mean that BitGo can support the coin as a fully featured wallet with all the security principles that BitGo generally tries to maintain. It may mean that BitGo provides customers with tools such that they can access the coin and convert it to other forms of value.

Airdrops vs Forks

Definitions

• Airdrop An Airdrop is when a digital currency blockchain issues a new asset using known public keys or addresses from another blockchain, such that holders of private keys from the original blockchain may access value on the “airdropped” blockchain.

• Fork A Fork is a new form of digital currency that emerges when a group of people decide to apply a new consensus layer to an existing blockchain. The result is the creation of a new blockchain, which can be very similar or very different than the original blockchain.

For the purposes of this document, BitGo treats Airdrops and Forks similarly. BitGo customers generally desire to have access to all value which they may be able to access, and whether the new value is delivered via an Airdrop or a Fork, the evaluation and support of that new value by BitGo will be determined by the policy described in this document

- 42 -

Policy Considerations

There are 5 considerations that factor into BitGo’s decision to handle a fork: technical stability, market capitalization, liquidity, cost, and timing.

Technical Stability

Because security is our most important goal, the technical evaluation of any new fork or airdrop is critical. In order for BitGo to support a fork, BitGo must believe that the new fork is technically stable, and safe. This determination will be made based on many factors, not limited to:

• The technical team creating the fork

• Whether the fork provides replay protection from the original fork

• Whether the fork provides wipeout-protection from the original fork

• The strength new fork’s validator / mining capacity

Market Capitalization

In order for BitGo to consider support for a new fork or airdrop, the value within the fork or airdrop must be significant. If it is not measurable on the 10 largest exchanges (by trailing 30-day volume), as mutually agreed upon by the parties, to be more than $100M of value globally, BitGo will likely not support the fork. Note that in many cases, a new fork or airdrop may appear to have sufficient market capitalization to be supported, but it may not have sufficient liquidity (see below).

Liquidity

In addition to having sufficient market value, the forked coin must have sufficient liquidity. A fork of Bitcoin, for example, with even a $10/coin valuation would have over a $160,000,000 market capitalization. However, if it is thinly traded, access to the value of the coin would be a mirage to BitGo customers. In order for BitGo to support the coin, there must be sufficient liquidity in the market on reputable exchanges for a sustained period of time.

In general, BitGo would expect to find at least $25M of daily liquidity available on the 10 largest exchanges (by trailing 30-day volume), as mutually agreed upon by the parties, for a period of 14 days for BitGo to consider the forked coin having real value.

Cost

There is considerable overhead in supporting new coins. Once BitGo issues wallets for Keys relating to a coin, BitGo supports that coin and blockchain essentially forever. Some forks are seemingly simple for BitGo to support. For example, if a forked coin is technologically the same as the original, it may be relatively low cost to support the new coin.

- 43 -

At the same time, some forks or airdrops may be technologically very different from existing supported coins. For example, new airdrops or coins may be built upon different cryptographic algorithms (RSA instead of Elliptic Curve), may have new transaction formats, block formats, multi-signature features, or other changes. The larger the changes, the higher the cost to support and maintain.

In general, if a new fork is costly, but has sufficient value to BitGo customers, BitGo will use its best efforts to enable BitGo customers access to the new coin. However, it may affect the timing under which BitGo can do so.

Timing

New airdrops and forks usually are introduced with some notification before the airdrop or fork occurs. However, sometimes these notification periods can be very short - less than 8 weeks. Additionally, airdrops can be done in such a way that the airdrop later will “expire”, giving implementers only short windows of time to claim the airdrop before the value is lost.

Unfortunately, BitGo cannot guarantee to support new forks or airdrops within any short timeframe. Business obligations, developer availability, and cost are all material factors, and safety, testing, quality, and service are our primary objectives. While BitGo will do its best to make value available to its customers, we cannot guarantee a specific timeframe when the exact considerations of future forks can be so varied.

Finally, should BitGo elect not to support a fork at one point in time, it does not mean that BitGo will never support that Fork. For example, upon launch, a Fork may not meet the stability market capitalization, or liquidity thresholds for BitGo to support. In the future, should the Fork become viable, BitGo may, at its sole discretion, elect to support the Fork or Airdrop.

Policy

In the event of an upcoming modification to the Bitcoin Network or other applicable Network that could potentially result in a Digital Asset Network Fork or Airdrop, BitGo will use best commercial efforts to provide the value of the forked Digital Asset to Client. However, BitGo’s first concern is always security of Your existing Digital Assets. BitGo, at its sole discretion, may or may not decide to make new Digital Assets available to Client. Additionally, it may take significant time for BitGo to implement or provide access to any new Digital Asset created as a result of a Fork. Client indemnifies BitGo as Custodian against any direct losses incurred by BitGo due to the inability of BitGo to access any Digital Asset for the benefit of Client created as a result of a Fork or Airdrop, in relation to the Digital Assets held by BitGo for Client, subject to the liability provisions in Section 24(b) of the Agreement.

In the event that BitGo does consider a Fork to be technically safe with sufficient market value and liquidity, but Client desires access to the Fork in advance of the timing that BitGo can provide due to cost or timing considerations, BitGo will, in good faith with Client, determine a product plan to enable Client to access the value of the Fork or airdrop such that the Client, at its sole expense, could access the coin.

BitGo reserves the right to agree with Client updates to this policy and the criteria for measuring the viability of a Fork or Airdrop from time to time based on new technological, legal, or environmental factors that may emerge.

- 44 -

EXHIBIT C

Institutional Account Onboarding Document

A KYC/AML Documentation

(Note: All documents must be legible and cannot be expired). For any documentation that you do not have, please be prepared to provide an explanation within the Account Opening Form/Application.

For all entities:

1. Corporate Ownership Structure Chart - This document evidences the beneficial ownership of the company and should include the name, address, and percentage of ownership of all intermediary companies. Note: Individual owners only need to be disclosed if ownership is 25% or greater.

2. Authorization Resolution - This document evidences the individuals that are authorized to execute any agreements, certifications, contracts or other legal instruments to act for and on behalf of the Company.

3. Certificate of Incorporation or Articles of Association/Incorporation - (e.g. AOA/AOI) - This document evidences the powers that regulate/bind the company and used to verify the existence of a legal entity.

4. Evidence of legal status - (e.g. Certificate of Good Standing) - This document evidences that the company is authorized to do business in its primary state or country of registration

5. By Laws, Operating Agreement, Partnership Agreement or similar document - This document outlines the company’s nature of business, business plan, and key decision makers.

6. Proof of business address - Acceptable documentation includes a utility bill or bank statement dated within the past 3-6 months. This is used to evidence and verify the location in which a company is doing business.

7. Anti Money Laundering (AML) Policy - This document provides the details of the company’s AML Policy that are designed to identify its customers or investors and illustrate compliance with applicable KYC/AML laws and regulations.

8. Most recent Independent Audit and/or Regulatory Exam Documentation - Independent Audit document should provide an analysis of the company’s effectiveness of management, policies, procedures, information systems, controls, and other relevant factors. Regulatory Exam documentation should provide an assessment of the company’s ability to comply with relevant regulations.

- 45 -

Entities with Foreign Tax Status

IRS Form W-8 (Required for entities with foreign tax status) - This is an IRS document used by foreign businesses and non-resident aliens earning an income from U.S. sources.

- 46 -

1. KYC/AML Documentation for each beneficial owner(s) of 25% of Client and Authorized Person: Identification- this includes a valid unexpired ID

The following are acceptable forms of ID:

• U.S. State issued Driver’s License

• U.S. State issued ID Card

• U.S Military Service ID

• U.S INS Alien Resident/Immigration ID Card

• Passport

• Foreign Government Issued ID Card

• Foreign issued VISA

2. Required for all beneficial owners and all control persons -

• Proof of address - Acceptable documentation includes a utility bill or bank statement dated within the past 3-6 months. This is used to evidence and verify the location in which a person resides.

- 47 -

EXHIBIT D

SERVICE LEVELS AND SERVICE CREDITS

1. Definitions

(a) “Monthly Uptime Percentage” is calculated by subtracting from 100% the percentage of minutes during every month in which the Custodian’s Services were Unavailable.

(b) “Unavailable” means unavailable, disrupted, down, failing, malfunctioning, suspended or otherwise degraded and includes any instance in which the Client’s systems make a request within the agreed per-second, per-minute and per-hour request limits, and the Custodian’s systems do not respond to such requests.

(c) Monthly Uptime Percentage measurements exclude any Exclusion as defined below.

In the event that Custodian does not achieve the Monthly Uptime Percentage in any monthly billing period, Custodian shall credit the Client with the applicable Service Credit (as determined by the table set out below).

2. Service Levels

The Service Credit shall be: (i) paid in dollar credits; (ii) credited by Custodian to the relevant eligible account; and (iii) calculated by dividing the total fees for the applicable month by the number of calendar days in the applicable month (and then multiplying the relevant figure by the relevant number of days, given the applicable Level).

[***]

Custodian will issue the Service Credit to the Client within one billing cycle following the month in which the Monthly Uptime Percentage failure occurred.

- 48 -

Custodian will apply any Service Credits only against future payments for Services otherwise due from the Client. At its discretion, Custodian may issue the Service Credit to the bank account the Client used to pay for the billing cycle in which the unavailability occurred. Service Credits will not entitle the Client to any refund or other payment from Custodian. A Service Credit will be applicable and issued only if the credit amount for the applicable monthly billing cycle is greater than one dollar ($1 USD). Service Credits may not be transferred or applied to any other account.

Exclusions

To the extent any unavailability is caused by any of the following events (each, an “Excluded Event” and together, the “Excluded Events”), such unavailability shall be excluded by the Parties when calculating the Monthly Uptime Percentage:

(a) unavailability caused by the Client’s equipment, software or other technology, or any modification to the Custodian’s Services by the Client, in each case to the extent not approved by Custodian;

(b) unavailability caused by penetration testing or performance testing performed by or on behalf of the Client (except where such penetration testing or performance testing is carried out by or under the direction of Custodian);

(c) unavailability caused by a failure by the Client to respond to, within a reasonable period of time, any reasonable source identification or resolution instructions from Custodian;

(d) unavailability due to a Force Majeure Event; and

(e) unavailability caused by a breach of this Agreement by the Client.

- 49 -

EXHIBIT E

EXIT MANAGEMENT

1. Transitional Co-Operation And Assistance

(a) The Custodian shall, from the moment of notice of termination or notice of non-renewal pursuant to Clause 16 (“Start of the Exit Phase”) and then for such period as the Client reasonably requests, up to 24 months (“Exit Period”), provide all reasonable cooperation and assistance that the Client may require to transfer responsibility for the Services to a replacement supplier appointed by the Client (“Replacement Supplier”).

(b) The co-operation and assistance referred to above shall include the following:

i. delivery to the Client or a Replacement Supplier, by such means, at such time(s) and place(s), and in such format, as the Client reasonably requests in writing and as related to the Custodian’s Services, of all assets, Client Data and other documents, data and other information related to the Client or its operations held by the Custodian; and

ii. reasonable information relating to the terminated Services as the Client or a Replacement Supplier reasonably requests to facilitate an orderly migration from the provision of the Services to the provision of services by the Replacement Suppliers, provided that the Custodian is not required to share any proprietary information with any Replacement Supplier that is a competitor.

2. Knowledge Transfer

(a) The Custodian will support the transfer of knowledge related to the terminated Services, the way in which they are provided and related topics to facilitate the transfer of responsibility to the Replacement Supplier, and to support the Replacement Supplier’s ability to assume responsibility for the terminated Custodian’s Services. This will include:

i. participating in workshops, meetings, and “hands-on” activities where requested by the Client;

ii. providing the Client and the Replacement Supplier with information about the terminated Custodian’s Services that are necessary to implement exit management provided that the Custodian is not required to share any proprietary information with any Replacement Supplier that is a competitor; and

iii. explaining any relevant standards and procedures to personnel of the Client and the Replacement Supplier.

(b) The Client will ensure any Replacement Supplier will cooperate with the Custodian in Custodian’s performance of the above responsibilities.

- 50 -

3. Execution

(a) The Custodian shall, during the Exit Period, ensure that the terminated Services continue to be performed in accordance with the requirements of this Agreement, and that the Custodian’s Services are not affected as a result of exit-related activities.

(b) At the Client’s request, the Custodian shall document the responsibilities that it may have in relation to exit in an Exit Plan.

- 51 -

EXHIBIT F

Security Requirements Schedule

1. DEFINITIONS AND INTERPRETIVE PROVISIONS

1.1 For the purposes of this Security Schedule and unless the context provides otherwise, capitalized terms used shall have the ascribed meanings below:

“Access” means with respect to Custodian Personnel, actual access to any Client premises, systems, Client Data or other information, property or assets of Client or its Affiliates, whether by physical presence or by any electronic means;

“Applicable Laws” means all applicable laws, regulations, statutes, codes of practice, governmental orders or guidance or orders of any other competent regulatory authority including the GDPR, the UK Data Protection Act 2018, the Gibraltar Data Protection Act 2004, the Applicable US Laws and other relevant data protection regulations;

“Applicable US Laws” means all applicable laws, regulations, statutes, codes of practice, governmental orders or guidance or orders of any competent regulatory authority of the United States or any state, territory or subdivision thereof, including (i) the GLBA; and (ii) state laws regarding protection of data, data breach notification or maintenance of cybersecurity programs and policies, including the New York Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R. part 500;

“Client Confidential Information” means the Confidential Information belonging to Client or its Affiliates;

“Client Data” means all Client Confidential Information and all other data, records, files, content or information, in any form or format accessed, collected, received, stored or maintained by Custodian or any of its Affiliates from or on behalf of Client or any of its Affiliates, or otherwise in connection with the Agreement and the provision of the Custodian’s Services, or the parties’ performance of or exercise of rights under or in connection with the Agreement and derived from the foregoing, even if anonymized;

“Data Protection Laws” means all applicable data protection or privacy laws, rules and regulations in force in any jurisdiction under or in connection with this Agreement, including, without limitation (i) the General Data Protection Regulation 2016/679 (“GDPR”), (ii) the GLBA; and (iii) the Gibraltar Data Protection Act 2004. “Data Protection Authority” shall mean any regulatory or supervisory authority having enforcement powers pursuant to the Data Protection Laws;

“GLBA” means the US Gramm-Leach-Bliley Act, Pub. L. No. 106-102, 113 Stat. 1338 (Nov. 12, 1999), as amended, and its implementing regulations, including Regulation P, 12 C.F.R. part 1016, and 16 C.F.R. part 314;

- 52 -

“Multi-Factor Authentication” means authentication through verification of at least two of the following types of authentication factors: (i) knowledge factors, such as a password; (ii) possession factors, such as a token or text message on a mobile phone; and (iii) inherence factors, such as a biometric characteristic;

“Permitted Sub-Contractor” means any subcontractor, agent, nominee or subcustodian (including an Affiliate of Custodian) to whom Custodian is permitted to subcontract any part of the Custodian’s Services in accordance with clause 2 of the Agreement;

“Security Incident” shall mean any actual, suspected or threatened incident of accidental, unauthorized or unlawful access to, acquisition, processing, use or disclosure of or any theft, loss of or damage to or alteration or destruction of Client Data or other information belonging to any other person in connection with the Agreement;

“Custodian Group” means Custodian together with its Affiliates;

“Custodian Personnel” means all officers, employees, staff, other workers, agents, contractors and consultants of Custodian or any Permitted Sub-Contractor who are engaged in the provision of the Custodian’s Services from time to time.

1.2 The terms “controller”, “processor”, “personal data”, “process”, and “processing” have the meanings given to them in the Data Protection Laws (with references to “personal data” in the context of the GLBA being to “non-public personal information”, as defined in the GLBA);

2. PERMITTED PURPOSE & GENERAL SECURITY OBLIGATIONS

2.1 Custodian has implemented and shall maintain a written information security program that includes policies and procedures that contain administrative, technical, and physical safeguards that are appropriate to its size and complexity, the nature and scope of its activities, and the sensitivity of Client Data and shall otherwise comply in all respects with the Client’s information security requirements set forth in this Schedule (the “Security Schedule”). Such safeguards shall be reasonably designed to (i) ensure the security and confidentiality of Client Data; (ii) protect against any anticipated threats or hazards to the security or integrity of Client Data; and (iii) protect against unauthorized access to or use of Client Data that could result in substantial harm to any person. Except as expressly authorized under the Agreement, Custodian shall only Access, collect, use, store, and transmit Client Data as permitted under Applicable Law for the purpose of providing the Custodian’s Services (“Permitted Purpose”).

2.2 At all times, Custodian shall, and shall cause Custodian Personnel to, perform the Custodian’s Services and operate and maintain the Custodian’s service delivery facilities and systems with the highest level of care, skill and diligence in each case in accordance with the highest of the following: (i) industry best practices; (ii) all Applicable Laws; (iii) the terms of the Agreement including the security requirements set out or referred to in this Schedule and (iv) (a) the controls set forth in a SOC 1 Type I report; and (b) within 12 months from the date of this Agreement and while the Agreement remains in force thereafter, the controls in a SOC 1 Type II report. At all times, Custodian shall cause BitGo

- 53 -

Inc. to, perform the Custodian’s Services (to the extent performed by BitGo Inc.) and operate and maintain (to the extent operated and maintained by BitGo Inc.) the Custodian’s service delivery facilities and systems with the highest level of care, skill and diligence in each case in accordance with the highest of the following: (i) industry best practices; (ii) all Applicable Laws; (iii) the terms of the Agreement including the security requirements set out or referred to in this Schedule and (iv) (a) applicable security standards such as the Federal Financial Institutions Examination Council) (“FFIEC”) security standards or any other applicable security standards (b) the controls set forth in the applicable Statement on Standards for Attestation Engagements (SSAE) No. 18 audit reports for Reporting on Controls at a Service Organization, (c) the controls set forth in a SOC 2 Type I report, and (d) the controls set forth in a SOC 2 Type II audit report (together the “Security Standards”).

3. SECURITY REVIEW PROCESS

Upon the Client’s request, to confirm Custodian’s compliance with the Agreement and Security Standards, Custodian shall timely and accurately complete a written information security questionnaire provided by the Client, or a third party on the Client’s behalf, regarding Custodian’s business practices and information technology environment in relation to the Custodian’s Services being provided by Custodian pursuant to the Agreement and Custodian shall fully cooperate with such inquiries. To the extent that such inquiries require Custodian to devote a substantial amount of human resources that would materially impact Custodian’s operations, Client shall pay Custodian the reasonably incurred expenses required for fully cooperating with such inquiries. The Custodian shall cause BitGo Inc. to provide evidence of an industry standard review process satisfactory to the Client (such as the SFG Shared Assessment SIG, Cloud Security Alliance CAIQ, SSAE 18 SOC).

4. SYSTEM, INFRASTRUCTURE & PHYSICAL SECURITY

4.1 Custodian shall provide and shall procure that any Permitted Sub-Contractors shall provide a secure environment implementing security measures meeting or exceeding the Security Standards.

4.2 Custodian and any Permitted Sub-Contractor must ensure and demonstrate that, where required by the Client (acting reasonably), the Client Data can be separated and extracted from data belonging to other customers of Custodian (or the Permitted Subcontractor, as the case may be). Custodian shall encrypt all stored and transmitted material Client Data.

5. ACCESS CONTROLS; AUTHENTICATION & ENCRYPTION

5.1 Custodian shall restrict Access to only Custodian Personnel with a “need-to-know” for a Permitted Purpose and shall not, and shall ensure that the Custodian Personnel do not, Access, use, modify, copy, delete, distribute, publish, communicate, restore or store Client Data in Custodian’s possession or control (or in possession of any Custodian Group member or any Custodian Personnel), or attempt to do or allow any entity or individual to do any of the foregoing, except as authorized. Custodian will regularly review (at least once every quarter) the list of Custodian Personnel with Access and remove accounts for which Access is no longer necessary.

- 54 -

5.2 Custodian shall prohibit and reasonably prevent any person who does not have the specific authorization by Client from carrying out any of the acts specified in paragraph 5.1.

5.3 [***].

5.4 Custodian shall implement such controls, [***], as the Client may suggest from time to time in order to protect Client Data held or transmitted by Custodian both in transit over external networks and at rest, provided that Custodian shall have no obligation to implement such controls where it can demonstrate the controls suggested by the Client are disproportionate or otherwise not reasonable in the circumstances .

6. CUSTODIAN PERSONNEL; SECURITY AWARENESS TRAINING

6.1 Custodian Personnel shall be qualified to perform their duties and to oversee Custodian’s compliance with the Security Standards and other obligations set forth in this Security Schedule.

6.2 Custodian shall have designated a qualified individual responsible for overseeing and implementing its information security program and enforcing its policies and procedures thereunder.

6.3 Custodian shall ensure that all Custodian Personnel receive up to date security awareness training appropriate to their job function and that annual security awareness training is performed requiring Custodian Personnel to acknowledge that they have read and understood Custodian’s security standards and procedures.

7. REQUIRED BACKGROUND CHECKS

7.1 Custodian shall ensure that all Custodian Personnel, who are employed or otherwise engaged as at the date of this Agreement or following the date of this Agreement, have passed appropriate background verification checks, [***].

7.2 [***].

- 55 -

7.3 Custodian shall ensure that, in respect of any Permitted Sub-Contractor personnel, it has obtained certification from the Permitted Sub-Contractor that, for each such personnel who will have Access, either:

(a) where the Permitted Sub-Contractor is engaged at the date of this Agreement or following the date of this Agreement, the Background Verification Checks have been satisfactorily completed; or

(b) [***];

in each case by a reputable search firm and as permissible under local laws and regulations. Where such Background Verification Checks or Enhanced Verification Checks (as the case may be) have not been completed, Custodian will require the Permitted Sub-Contractor to conduct the relevant checks prior to such individual being granted Access.

8. EXCHANGE OF INFORMATION

8.1 Custodian shall have policies, procedures and controls in place to protect Client Data and information exchanged through any communication channel controlled or used by Custodian to ensure compliance with the Security Standards.

8.2 Custodian shall exchange Client Data and information securely [***], or enable Client to comply, with the Security Standards.

8.3 [***].

8.4 For the avoidance of doubt, any communication channel proposed or utilized by the Client for the exchange of information with the Custodian will be deemed to meet the requirements under this Section in particular and this Agreement in general, actual policies, procedures or control in place notwithstanding.

9. RISK ASSESSMENT; TESTING

9.1 [***].

- 56 -

9.2 Custodian shall regularly test its security systems and processes to ensure they meet the requirements of the Security Standards and will, upon request, provide summary evidence of such testing to Client upon request.

9.3 In addition, scanning of Custodian’s service delivery facilities and systems will be performed to verify that no security weaknesses are introduced by any changes to systems or system configurations and any identified vulnerabilities managed.

9.4 Custodian shall design and implement information safeguards that meet industry best practices to control the risks identified through the risk assessment and shall evaluate and adjust its information security program and the Security Standards in light of the results of testing.

9.5 [***].

9.6 Custodian shall have systems and procedures in place to ensure that the Client, or a third party on behalf of the Client, can conduct continuous external monitoring (to the extent reasonable) of Custodian’s performance of its obligations under this Security Schedule. For the avoidance of doubt, Client shall not be given access to internal systems or logs for the purpose of carrying out the monitoring set forth in this Section 9.6. To the extent that the Client identifies any breach by Custodian of its obligations under this Security Schedule, Custodian shall (without prejudice to the other rights of the Client under this Security Schedule and the Agreement) immediately address such breach to the reasonable satisfaction of the Client.

- 57 -

10. MEDIA STORAGE & INFORMATION BACK-UP

10.1 Client Data may not be stored on portable devices including laptops, Personal Digital Assistants, smartphones, MP3 devices, and USB devices unless the portable device is encrypted and secured from unauthorized access. Client Data, if stored in non-electronic formats, must be stored in locked cabinets with appropriate physical security access controls.

10.2 Custodian shall regularly and securely back-up Client Data in accordance with a defined back-up policy and shall store all back-ups of Client Data and information in a secure offsite location with suitable environmental controls including fire and flood protection.

11. MONITORING

11.1 Custodian shall have procedures in place for monitoring the processing of Client Data and information at Custodian’s service delivery facilities and systems and shall report all suspicious activity affecting the Client’s Data to the Client promptly including through the use of automated reporting processes, as set forth in the Security Standards.

11.2 Without prejudice to the generality of paragraph 11.1, Custodian shall implement detection, prevention, and recovery controls to protect against malicious software, which is no less than current industry best practice and perform appropriate Custodian Personnel training on the prevention and detection of malicious software.

12. SECURITY INCIDENTS

12.1 Custodian shall have documented procedures in place for the management of a Security Incident. In the event of a Security Incident Custodian shall (without prejudice to the Client’s and the Custodian’s other rights and remedies): (A) notify the Client [***] of all Security Incidents where such Security Incident relates to Client Data [***] for all other Security Incidents in accordance with paragraph 12.2, and in each case such notice shall include details of the circumstances of the Security Incident, including: (i) the timing and nature of the Security Incident; (ii) the information, the subject of the Security Incident and the extent to which is was compromised; (iii) when the Security Incident was discovered; (B) take all steps necessary to investigate and remedy the circumstances that led to the Security Incident as well as to cure the Security Incident itself, if the Security Incident affected Client Data such steps to include consultation with Client’s internal security team; and (C) where such Security Incident affected Client Data fully cooperate with the Client with respect to the Client’s (or Client’s representative’s) investigation of the Security Incident and the Client’s actions in response to the consequences thereof, including, as applicable, providing notices of such Security Incident to affected persons.

12.2 Custodian’s notice in accordance with clause 12.1 shall be given to the Client by email at [***].

12.3 Custodian shall remain solely liable to the Client for any and all losses, damages, costs, fines, or other monetary sanctions or expenses and other liabilities (including reasonable legal fees) incurred by, or awarded against, or agreed to be paid by the Client arising out of, or in relation to, a Security Incident.

- 58 -

13. AUDIT

13.1 On at least an annual basis, Custodian shall procure Custodian’s Affiliate, BitGo Inc., to conduct reviews of the information technology and information security controls for all facilities and systems used in complying with its obligations under the Agreement, including obtaining a network-level vulnerability assessment performed by a recognized third-party audit firm based on recognized industry standards. Upon Client’s written request, Custodian shall make available to Client for review its Service Organization Controls (SOC) 1 Type I or II audit reports and shall direct BitGo Inc. to make available to Client for review all of the following, as applicable: Service Organization Controls (SOC) 2 Type I or II audit reports, and any other reports relating to either (as applicable) (i) its compliance with FFIEC standards or (ii) its certification which is equal to FFIEC or compliance with standards which is equal to FFIEC. Custodian will timely address any exceptions noted on the SOC reports, or other audit reports, with the development and implementation of a corrective action plan by Custodian’s management.

13.2 [Not Used]

14. RETENTION & DISPOSAL

14.1 Custodian shall retain Client Data only for the purpose of, and only as long as is necessary for, the Permitted Purpose. Custodian shall promptly (but within no more than five (5) business days after the Client’s request) return to the Client and permanently and securely delete all Client Data upon and in accordance with the Client’s notice requiring return and/or deletion of Client Data .

14.2 Client Data contained in the Custodian’s archival back-up storage [***].

15. SUBCONTRACTING

Custodian is only permitted to subcontract to Permitted Sub-Contractors. Custodian shall use reasonable endeavours to ensure that any Permitted Sub-Contractors and their personnel comply with this Security Schedule and the Security Standards, and Custodian agrees that: (a) it is responsible and liable for the acts and omissions of any Permitted Sub-Contractors as if they were acts or omissions of Custodian; and (b) it shall remain solely liable to Client for the performance of Custodian’s obligations under this Agreement, notwithstanding any use of Permitted Sub-Contractors.

16. PERSONAL DATA

16.1 Custodian shall at all times process any personal data in accordance with the applicable Data Protection Laws.

- 59 -

16.2 In the event that either Custodian or the Client becomes aware that Custodian is processing any personal data on behalf of the Client that is subject to the European Data Protection Laws, such as the General Data Protection Regulation, such Party will immediately notify the other Party in accordance with the provisions of the Agreement. The parties agree that Custodian is a data processor and Client is a data controller in relation to the processing of such personal data and the parties will enter into any agreements as may be required in order to comply with such laws including, but not limited a data processing agreement (a “Data Processing Agreement” or “DPA”) and shall implement safeguards that are required under the Data Protection Laws).

- 60 -