Key findings
- Exchange custody exposes you to counterparty risk (insolvency, freezes, hacks); self-custody removes it but transfers all operational risk to you.
- Self-custody failures are overwhelmingly human: lost keys, bad backups, and phishing — not broken cryptography.
- The right choice depends on amount, technical comfort, and inheritance planning, not ideology.
Background
“Not your keys, not your coins” is a real trade-off, not a slogan. Custody is a choice between two different risk profiles, and the honest question is which set of risks you are actually equipped to manage.
Data & method
Data: protocol and wallet-security documentation. Method: compare failure modes rather than prescribing a single answer. Limitation: this is a risk framework, not a product recommendation; we name no specific hardware here.
Analysis
Exchange custody is convenient and recoverable — a forgotten password is a support ticket, not a total loss — but it exposes you to the exchange’s solvency, security, and policy. History is clear that this counterparty risk is real. Self-custody removes the counterparty entirely: with keys you control, no third party can freeze or lose your assets. In exchange, every operational risk becomes yours. The dominant failure modes are not cryptographic breaks; they are human — lost seed phrases, single points of failure in backups, and phishing that tricks the owner into signing. A serious self-custody setup is really a backup-and-inheritance plan: redundant, geographically separated backups, tested recovery, and ideally multisig for larger amounts.
Risks & limitations
Both models can lose everything through different doors. Matching the model to your actual operational discipline matters more than the philosophical argument.
What to watch
Test your recovery before you need it. See cold storage and key management.
Sources — primary where possible
The BlackPearlBitcoin Research Desk holds no positions relevant to this report. See our conflict-of-interest policy in the methodology.
Independent institutional crypto research — primary-sourced, dated, method-explicit, and human-written. We disclose positions, correct openly, and license our work for citation. About the desk →
