Custody: hot, cold, and in-between

When people say 'I have 0.1 BTC,' what they really have is a private key — a 256-bit number — that proves they can spend a specific bit of the blockchain. Custody is the practice of managing that key so that you can use it when you want to and nobody else ever can.

There is no ideal answer. Every choice is a trade-off between convenience, security, and what you're willing to lose if it goes wrong.

The custody spectrum

Exchange custody (someone else holds the key)

When you buy on Coinbase, Kraken, or Binance and leave the coins there, you don't actually own them in the technical sense. You own a database entry that says the exchange owes you. This is fine for active trading. It is not fine as long-term storage — see Mt. Gox, FTX, Celsius. The list is long and keeps growing.

Hot wallets (key on an internet-connected device)

A wallet app on your phone or computer holds the key locally. You're now responsible for it, but the key is online — meaning anything that compromises your device can potentially compromise the funds. Good for spending money. Bad for life savings.

Examples: Phoenix, Muun, Sparrow connected to the internet, Electrum, BlueWallet, Wallet of Satoshi (custodial — read carefully).

Hardware wallets (key on an isolated device)

A small dedicated device holds the key and only signs transactions when you physically approve them with a button press. The key never leaves the device. Even malware on your computer can only see the address; it can't move funds.

This is the right default for amounts you can't afford to lose. Trezor and Ledger are the established names; Coldcard, Foundation Passport, and Bitkey are more bitcoin-focused.

Cold storage (key never connected to a network)

Take it further: generate the key on a computer that has never touched the internet, write down the seed phrase, and never put the key online again. To move funds, you sign the transaction on the offline machine and broadcast the signed result from an online one.

Tedious, slow, and bulletproof against remote attack. Appropriate for treasuries and long-term hodlers.

Multisig (need multiple keys to spend)

Configure the wallet so that, say, 2-of-3 keys are required to authorize a transaction. Spread keys across geographies, across hardware vendors, across people. No single point of failure. No single point of theft. The premier setup for serious holdings.

Tools: Sparrow, Specter, Casa (managed), Unchained Capital (managed).

The seed phrase

Most wallets generate a 12 or 24 word phrase the first time you set them up. That phrase is the key in human-readable form. Anyone with it can take everything. You with it can recover everything.

• Write it on paper or stamp it into metal. Not a screenshot. Not a cloud note. Not a text file.
• Keep at least two copies in physically separate, secure locations.
• Never type it into a computer except a wallet you trust, on a device you trust.
• Test recovery before you fund the wallet seriously. Restore from the seed on a fresh install. Confirm the same address appears.

Common ways people lose money

1. Exchange goes insolvent or pauses withdrawals. Funds vanish.
2. Phishing site looks like the real wallet, asks for the seed phrase. Funds vanish in minutes.
3. Loss or destruction of the only seed copy. Funds locked forever.
4. Approving a malicious smart contract that drains the wallet. Especially common on EVM chains.
5. Sending to the wrong address — typo, malware swap, wrong network.

A reasonable starter setup

Buy on a regulated exchange. Withdraw to a hardware wallet you bought directly from the manufacturer. Write the seed on paper, store one copy at home and one in a bank safety deposit box or with a trusted family member. Practice recovering from the seed once. Never reveal the seed to anyone, including someone claiming to be from the wallet vendor or exchange.

Once your holdings cross a threshold you'd notice losing — five figures for most people — graduate to multisig.