You have three choices. All of them are valid starting points. The honest answer depends entirely on how much BTC you have and how comfortable you are being your own bank.

The three categories

Every Bitcoin wallet falls into one of three categories. Custodial wallets are accounts at an exchange where a third party holds your keys. Non-custodial software wallets run on your phone or laptop and you hold the keys but they live on an internet-connected device. Hardware wallets are dedicated devices that keep your keys offline, air-gapped from the internet.

The phrase "not your keys, not your coins" exists because the first category is functionally different from the other two. With custodial Bitcoin, you have a claim against a company. With the other two, you have the asset itself.

Custodial (exchange-held)

Examples: River, Coinbase, Strike, Cash App. You sign in with a username and password. The exchange holds the underlying Bitcoin.

Pros. Easy. Password recovery exists. Many exchanges carry insurance on USD balances and some portion of digital assets. KYC paperwork is done for tax season. Low-friction purchasing.

Cons. Not your keys. Withdrawal freezes are possible during volatility or legal action. Exchange insolvency is real (FTX, Celsius, Mt. Gox). KYC history is permanent and linked to every coin you buy on-platform.

Best for. Your first $0 to $500, and your ongoing on-ramp. Buy on an exchange. Hold larger balances somewhere else.

Non-custodial software

Examples: BlueWallet, Phoenix, Muun, Sparrow (desktop), Zeus. You install the app, it generates a 12- or 24-word seed phrase, you write it down, and that seed is the sole access to your funds.

Pros. Free. Your keys. Phoenix and BlueWallet support Lightning natively. Sparrow is the desktop gold standard for on-chain transactions and coin control.

Cons. Seed phrase is stored in the phone's memory or disk. Phone lost or bricked without a backed-up seed means funds are gone. Mobile attack surfaces (malware, SIM swaps, screenshot malware) are real.

Best for. Spending sats over Lightning. A small on-the-go stack under roughly $1,000.

Hardware wallets

Examples: Ledger, Trezor, Coldcard, Jade. A dedicated device that stores your private keys and signs transactions offline. You plug it into a computer or connect via Bluetooth only long enough to broadcast a signed transaction.

Pros. Keys never touch an internet-connected device. Physical PIN entry prevents remote theft. Inheritance-friendly (you can pass the device plus a written seed). Works with desktop software like Sparrow for coin control and multisig.

Cons. $80 to $200 upfront cost. Learning curve to set up properly. You must maintain a physical backup of the seed phrase somewhere fireproof and secret.

Best for. Any stack over roughly $500. Once you cross that threshold, a hardware wallet is the cheapest insurance policy you can buy.

Comparison

Some links above are affiliate links. You pay the same price. We receive a small commission that funds this site.

The ladder

Start custodial on River or Cash App. Buy your first $200, $500, $1,000. Get comfortable with the interface. Then order a hardware wallet direct from the manufacturer. Send a small test transaction first. Once that works, withdraw the larger balance from the exchange. Keep buying on the exchange and withdrawing to cold storage on a schedule.

Do not skip to multisig until your stack is north of $10,000 or you have a specific inheritance or team-treasury use case. Multisig adds real operational complexity. Single-sig hardware is the right answer for 95% of holders.

Setting up a hardware wallet: the 10-minute version

• Unbox the device. Inspect the packaging for tampering. Do not use a device whose seal looks broken.
• Plug in the device and follow the manufacturer's initialization flow. Choose "Create new wallet," never "Restore."
• The device will display a 12- or 24-word seed phrase. Write these words down on paper in order. Never photograph them. Never type them into a phone or computer.
• The device will ask you to confirm the seed by re-entering a subset of words. Do this on the device itself.
• Set a PIN. Write it down in a separate location from the seed.
• Send a $20 test transaction from your exchange to the new wallet address. Confirm arrival.
• Once confirmed, send the rest.

Store the seed phrase in at least two geographic locations. Fireproof and waterproof if possible. Metal seed storage (Steelwallet, Coldcard's SeedPlate) is a $40 upgrade that dramatically improves survivability.

Red flags to avoid

• Never buy a used hardware wallet. A preloaded seed phrase from a previous owner means your funds vanish on the first deposit.
• Never buy from Amazon or eBay. Order direct from the manufacturer. Supply chain tampering is documented.
• Never enter your seed phrase on a website. No legitimate wallet, exchange, or service will ever ask for your seed.
• Never share your seed phrase with anyone. Not customer support. Not your financial advisor. Not the nice person in the Telegram group offering to help.

When to graduate to multisig

A multisig wallet requires multiple keys (typically 2 of 3) to sign a transaction. The keys can be held on different devices in different locations, by different people, or some combination. Compromising any single key does not spend your funds.

Multisig is appropriate for stacks over roughly $10,000, for coordinated family inheritance, or for treasury setups where multiple signers approve transactions. Casa and Unchained both offer guided 2-of-3 multisig with collaborative custody. For the inheritance angle, see our Bitcoin inheritance guide.

Further reading: the self-custody strategy section, how to buy your first Bitcoin, and the beginner's overview. The ladder is: custodial, to single-sig hardware, to multisig. Do not skip rungs.