What a Crypto Wallet Is, and Why 'Not Your Keys, Not Your Coins' Matters

This is general information, not investment advice. Crypto carries significant risk.

The word "wallet" is misleading. Get past it and crypto's biggest practical risk becomes clear.

What a wallet actually holds

Your coins — bitcoin, ether, whatever — exist only as entries on a public blockchain ledger. A wallet doesn't store them; it stores the private keys that let you move those entries. Each address has two parts: a public address, like an account number you can share to receive funds, and a private key, which is password and signature in one — whoever has it controls the money. When you set up a self-custody wallet, it generates a seed phrase (usually 12 or 24 words), the master key that can restore everything. Lose the seed phrase and the funds are gone; there is no support line that can recover them, as Ethereum's documentation stresses.

Hot vs. cold

Hot wallets are software, connected to the internet — exchange apps, mobile wallets, browser extensions like MetaMask. Convenient, but that connection is an attack surface for malware and phishing. Cold wallets keep keys offline — hardware devices from the likes of Ledger and Trezor, or even paper. Cold storage is the standard for larger, longer-term holdings; the trade-off is less convenience day to day.

Custodial vs. non-custodial

This is the distinction that matters most. With a custodial wallet, a third party — typically an exchange like Coinbase or Binance — holds the keys for you. You log in with a password; they control the underlying assets. It's like a bank: convenient, with account recovery, but you're trusting the institution. With a non-custodial (self-custody) wallet, you hold the keys yourself. No provider can touch your funds — and none can bail you out either.

Why "not your keys, not your coins"

This crypto adage got brutal confirmation in November 2022, when FTX, then the second-largest exchange, froze withdrawals and collapsed. It suspended customer withdrawals on November 8 and filed for bankruptcy on November 11, locking more than a million users out of funds they thought they owned; prosecutors later called it one of the biggest financial frauds in U.S. history. Customers who had moved assets to self-custody beforehand kept access; those who left coins on the exchange did not. Celsius and Voyager froze withdrawals the same year. The lesson is structural: when someone else holds your keys, you hold an IOU, not the asset.

The risks of holding your own keys

Self-custody removes that counterparty risk but hands you others. Lose your seed phrase and your funds are unrecoverable — analysts estimate millions of bitcoin are already lost forever to forgotten keys (figures are rough estimates, not precise counts). Phishing and scams: attackers impersonate wallet makers or support staff to trick you into typing your seed phrase into a fake site — once is enough to be drained. Malware: clipboard hijackers can swap a copied address for an attacker's.

Best practices

• Write the seed phrase on paper (or metal) and store it offline; never photograph it or put it in the cloud.
• Use a hardware wallet for anything you couldn't afford to lose.
• Double-check addresses before sending.
• Treat any request for your seed phrase as a scam — legitimate providers never ask for it.
• Keep day-to-day amounts in a hot wallet, the bulk in cold storage.

The trade-off

Custodial services offer convenience and recovery, suited to casual users and small sums. Self-custody offers control and freedom from any institution's solvency — but full personal responsibility. There's no option that gives both. The right choice comes down to which risk you're better placed to manage — and, after FTX, more crypto holders decided that risk was their own to keep.