Bitcoin · Security

Is it safe to keep Bitcoin on an exchange?
The self-custody case, without fearmongering.

READ5 min · UPDATED
Reviewed against primary sources cited at the bottom of this page.

"Not your keys, not your coins" is the most-repeated phrase in Bitcoin and the most under-explained. This page covers what self-custody actually means, what a seed phrase is, the difference between hot and cold storage, and how to think about hardware wallets without getting lost in product comparisons.

Exchanges get hacked; self-custody doesn't (when done right). Mt. Gox lost 850,000 BTC in 2014. A hardware wallet + seed phrase backup means your keys never touch the internet. The tradeoff: you are responsible. Lose the seed, lose the Bitcoin, no customer service line.

  • Exchange hacks have lost billions in aggregate: Mt. Gox (850K BTC), Bitfinex (120K BTC), FTX (commingled customer funds).
  • A hardware wallet (Ledger, Trezor, Coldcard) stores keys offline. Transactions are signed on the device, never exposed.
  • Your seed phrase (12 or 24 words) is the master backup. Metal plate > paper. Never digital, never photographed.
  • Multisig (2-of-3 keys) eliminates the single point of failure without trusting a third party.
  • Start with a single-sig hardware wallet. Graduate to multisig when holdings justify the complexity.
References to FDIC, SIPC, and US bankruptcy treatment are US-specific. Self-custody itself is jurisdiction-neutral.
THE SHORT VERSION

Owning Bitcoin means owning the private keys that control specific addresses. If a third party (an exchange, a custodian, an ETF) holds the keys, you own a claim on that party, not Bitcoin. The 2022 collapses of Celsius, BlockFi, and FTX wiped out billions of dollars of customer Bitcoin claims. The base-layer coins still existed; the claims did not. Self-custody removes this risk by holding the keys yourself, typically using a hardware wallet that signs transactions without ever exposing the keys to an internet-connected device.

What self-custody actually means

When you "own" Bitcoin on Coinbase or in a Bitcoin ETF, you do not own Bitcoin. You own a claim on the custodian. The Bitcoin sits in addresses controlled by their keys, not yours. If they are solvent and operational, your claim is fungible with Bitcoin: you can withdraw and they will send. If they are not solvent (Celsius, BlockFi) or not operational (FTX), your claim becomes an unsecured creditor position in bankruptcy court, behind secured creditors and tax authorities ×DON'T TRUST, VERIFYClaim: The 2022 collapses of Celsius, BlockFi, and FTX resulted in billions of dollars of customer crypto assets becoming bankruptcy-estate claims.Verify at: SEC FTX charges ↗ · DOJ Celsius case ↗Court documents in each case treat customer claims as unsecured-creditor positions, recovered at cents on the dollar over years..

Self-custody means you hold the private keys. Your wallet software (or hardware wallet) generates and stores the keys; only you can sign transactions. There is no custodian to fail. There is also no customer-service line to call if you lose access. The trade-off is straightforward and irreducible.

Seed phrases: the actual key

Modern Bitcoin wallets generate a "seed phrase" of 12 or 24 words from a standardized list of 2,048 English words (BIP-39). This phrase is the master key from which all your private keys (and all your addresses) are derived deterministically. Anyone with the seed phrase has complete control of all the coins. Anyone without it has no way in, even if they have your wallet device.

Practical implications:

  • Write the seed on paper or stamp it on metal. Two copies in two physically separate locations (home safe + bank deposit box, for instance).
  • Never type the seed into a phone, computer, or website. Phishing sites that ask you to "verify" your wallet by entering your seed are the most common loss vector.
  • Never store the seed in a password manager, email, photo, or cloud note. Any device connected to the internet is a target.
  • Test the recovery before transferring serious money. Wipe your wallet device and restore from the seed once. If it works, you're set. If it doesn't, you found out before it mattered.

Hot wallet vs cold wallet

  • Hot wallet: the keys live on an internet-connected device (a phone or computer). Convenient. Vulnerable to malware, OS exploits, and supply-chain attacks. Acceptable for small amounts you spend regularly, the way you'd carry cash in a wallet.
  • Cold wallet: the keys live on a device that has never touched the internet, typically a hardware wallet that signs transactions internally and only outputs the signed transaction. Resistant to remote attacks. Right for amounts you wouldn't be willing to lose to a phone hack.

A common pattern: small spending balance on a phone wallet (Phoenix, Muun, Wallet of Satoshi for Lightning), savings on a hardware wallet (Coldcard, Trezor, Ledger), seed phrase backed up to metal in two locations. Detail at Hardware Wallets and Cold Storage Guide.

Hardware wallets, briefly

A hardware wallet is a small device (often USB-stick sized) whose only job is to generate and store private keys, and to sign transactions when you press a physical button. The keys never leave the device. Even if your computer is compromised by malware, the malware cannot extract the keys; it can only see the signed transactions you explicitly approve on the device.

The popular options are Coldcard (Bitcoin-only, security-focused), Trezor, Ledger, and Foundation Passport. The choice matters less than the practice: get one, generate the seed on the device itself (not from a website), back up the seed to paper and metal, test recovery, then move funds. Detail at Sparrow Wallet Guide for the desktop software that pairs with most hardware wallets.

Bitcoin Custody Spectrum

More custodial More sovereign Exchange Custodian holds keys RISK High Most convenient Software wallet Keys on phone/PC RISK Med Daily-spend amounts Hardware wallet Cold storage RISK Low Most users land here Multisig 2-of-3 keys required RISK V. low Larger holdings Air-gapped multisig No network ever RISK Min Generational holdings Match the custody to the amount. Convenience and sovereignty are inversely related.

Methodology: convenience falls and key-holder count rises as you move right. The right answer depends on amount; daily-spend coins can sit in a software wallet, multi-year holdings should sit in cold storage at minimum.

What this changes for tomorrow

  • If you have meaningful Bitcoin on an exchange, the structural risk is the same as having uninsured cash at a bank during a panic. The fix: open a self-custody wallet and withdraw.
  • The first hardware wallet purchase is the highest-friction step. Once you've done it once, the workflow becomes routine. Order from the manufacturer directly, never from a third-party seller.
  • The seed-phrase-on-paper backup is the single most important step. Hardware breaks. Apps get deprecated. The 12 or 24 words are the immortal part.
  • For amounts under a few hundred dollars, a phone wallet is fine. Above that, the hardware-wallet workflow is worth the friction.
  • Pledging your coins as loan collateral hands the keys back to a third party, the same custody surrender (and rehypothecation risk) self-custody exists to avoid. See Borrowing Against Bitcoin.

Continue the sequence

Hardware Wallets, the deep dive on options and tradeoffs Cold Storage Guide, end-to-end self-custody walkthrough Sparrow Wallet Guide, the desktop app that pairs with most hardware Bitcoin Scams, the loss vectors that have nothing to do with the protocol Bitcoin for Beginners, the full intro

Last updated 2026-05-01. Not financial advice. Self-custody carries operational risk; practice with small amounts first.

Related reading

RELATED
Is the 4% Rule Still Safe?
RELATED
The Bitcoin Sovereignty Stack
RELATED
How to Buy Bitcoin Safely

Subscribe via RSS for new articles.