Skip to main content

This site is for educational purposes only. Nothing here constitutes financial advice.

Lesson 1 of 8
~20 minSelf-Custody Masterclass

Lesson 1 — The custody decision: when self-custody is right and when it isn't

'Not your keys, not your coins' is true, but it doesn't mean self-custody is right for everyone in every situation. Today: the four real choices and how to decide.

Intermediate
Evergreen
20 min readUpdated 2026-05-17Block Clarity Hub Editorial Team

The slogan 'not your keys, not your coins' is correct in a narrow technical sense: if a third party can move your funds, they can also be compelled to, frozen out by, or hacked into. But the slogan is often repeated as if self-custody is always and obviously the right answer. It isn't. This lesson exists because we have seen too many people self-custody badly when professional custody would have served them better — and we have seen others stuck on exchanges that fail them because they were never taught what the alternatives actually look like.

There are four real custody choices, not two. The first is fully custodial — a regulated exchange or a custody firm holds the keys, you hold a claim. The second is single-signature hot wallet — a phone or browser-extension wallet where you hold the keys but they sit on an internet-connected device. The third is single-signature hardware wallet — you hold the keys, signing happens on a dedicated device that never exposes them. The fourth is multi-signature, where several keys (held by different devices, sometimes different people or services) must approve a transaction. Each has a different threat profile, a different operational cost, and a different failure mode.

Custodial is the right answer surprisingly often. You want to hold a few hundred dollars to learn on, you want to actively trade, you have no operational infrastructure, you live in a jurisdiction where self-custody creates legal exposure, or you simply value the recovery flow when something goes wrong. Custodial means you trust the custodian's security and solvency. The risk is that the custodian fails, gets hacked, or is compelled by court order. The trade-off is that they handle the parts of security most people are bad at.

Single-signature hot wallet is the right answer for day-to-day spending, for interacting with applications, and for amounts you can afford to lose. The risk is that anything that gets onto your device — a malicious extension, a sandbox-escape exploit, a phishing site that drains via an approval — also has access. The trade-off is convenience: you can sign anything in a second.

Single-signature hardware wallet is the right answer for the bulk of long-term holdings that you don't move often. The risk is concentrated in three places: the seed phrase (whoever has it owns the funds), the supply chain that delivered the device to you, and your own ability to follow the procedure correctly when restoring. The trade-off is friction — every transaction takes a deliberate, physical action.

Multi-signature is the right answer once your holdings cross a threshold where any single point of failure is unacceptable, or where you have a co-signer you need to involve. The risk shifts from 'lose one secret' to 'lose the wallet descriptor that ties all the keys together.' The trade-off is operational complexity: signing is a coordinated round-trip across devices, and recovery is harder if you don't keep good records.

The mistake is treating the custody decision as a one-time ideological choice. The right answer for most users is a portfolio of custody arrangements: a small custodial balance for active use, a hot wallet for interaction, a hardware wallet for medium-term holdings, and (eventually) multisig for the long-term bulk. Each layer's failure is contained.

Example

A reader with about $25,000 in crypto across three exchanges asks where to put it. The honest answer is: probably not all into a single hardware wallet today, and definitely not into a multisig wallet they have never operated. The realistic progression is to move a couple of thousand to a hardware wallet first, learn the restore procedure on a small balance, then migrate the rest over weeks as confidence grows. The custodial portion that remains is not a security failure — it is a hedge against their own operational mistakes during the learning period. Custody, like any other skill, is built incrementally.

Common mistakes

  • Treating 'self-custody' as a yes/no question instead of a portfolio decision across multiple wallets at different security levels.
  • Moving the entire balance into a hardware wallet on day one, then losing access because the restore procedure was never practised on a smaller amount.
  • Going straight to multisig without ever having operated a single-sig hardware wallet — the failure modes you haven't seen yet are exactly the ones that bite.
  • Assuming custodial is always 'less safe' than self-custody. A poorly-run self-custody setup is far riskier than a well-regulated custodian.
  • Choosing a custody model based on what crypto Twitter says is ideologically pure rather than what matches your own risk profile and operational capacity.

Check your understanding

A reader new to crypto with about $1,500 across two exchanges asks where to put their funds. Which is the most defensible recommendation?

Key terms covered

Sources & further reading

We prioritise primary sources. Where a topic moves quickly (regulation, security incidents), we re-check sources on the cadence shown by the page's "Next review" date.

Go deeper