Is "Not Your Keys" Always True?

"Not your keys, not your coins" is one of the most repeated phrases in crypto. It emerged from a specific and important observation: if a third party controls your private keys, they control your assets. Mt. Gox confirmed this in 2014. FTX confirmed it again in 2022. The underlying logic is sound.

But the maxim is sometimes applied as if it's a universal rule covering every custody arrangement — and in some cases, that application is imprecise. The principle behind the phrase is real. The phrase itself has limits.

Where the Maxim Came From

Private keys are the cryptographic mechanism that authorizes transactions on blockchain networks. Whoever controls the private key controls the ability to sign outgoing transfers. If you don't control the private key — if an exchange or custodian holds it on your behalf — then you don't directly control your funds. You hold a claim on those funds, mediated by the custodian's solvency, honesty, and operational security.

This is what "not your keys, not your coins" describes: custodial custody creates counterparty risk that pure self-custody doesn't. If the custodian fails, gets hacked, or acts fraudulently, your claim becomes a creditor claim — worth considerably less than direct asset ownership.

This analysis is correct. The FTX collapse demonstrated precisely this: customers believed they held crypto, but they held claims on a company that had allegedly misappropriated those assets. The private keys were never theirs.

Where the Maxim Gets More Complicated

Three custody arrangements don't fit cleanly into the binary.

Multi-signature wallets. A standard multisig setup — say, 2-of-3 keys required to authorize a transaction — means no single key controls the asset. A Gnosis Safe with signers distributed across a DAO's core team doesn't fit "your keys" neatly. You hold one key, but the asset requires collaborative signing. You haven't handed control to a custodian, but you also can't unilaterally move your funds.

The maxim still carries useful guidance here — you should hold at least one key in any multisig arrangement you depend on. But "not your keys" as a binary doesn't capture the distributed structure accurately.

Smart contract custody in DeFi. When you supply assets to Aave or deposit into a Uniswap liquidity pool, your assets are locked in a smart contract. No single custodian holds a private key to those funds. The smart contract code governs withdrawals, and you can retrieve your assets by interacting with the contract — but only while the contract functions as intended. A critical vulnerability could drain the contract regardless of your key ownership.

Is this "your coins"? No custodian holds the keys. But it's also not pure self-custody. It's smart contract custody, with a distinct risk profile: code failure rather than counterparty failure. The maxim doesn't help you distinguish between these two different failure modes.

MPC wallets and distributed signing. Multi-party computation (MPC) wallets distribute signing authority across multiple parties or devices without ever assembling a complete private key in one place. Services like Fireblocks use MPC for institutional custody. Some consumer products use it to enable account recovery without seed phrases.

In an MPC system, there's technically no single "key" to hold. The security properties are real — no single party can unilaterally move funds — but the traditional framing breaks down. Saying "not your keys, not your coins" about an MPC arrangement misses the actual security model being used.

What the Maxim Is Actually Tracking

The underlying concern isn't really about private keys in the cryptographic sense. It's about who has unilateral control over your assets and whether they can fail, steal, or freeze access.

A traditional exchange holds private keys and therefore has unilateral control. This is what the maxim warns against, and correctly.

A well-constructed multi-signature structure distributes control such that no single party has unilateral access. The exchange-failure risk the maxim describes doesn't apply in the same way.

A smart contract holding assets doesn't have "a counterparty" in the traditional sense, but introduces code-failure risk instead. These are genuinely different things.

The useful version of the principle is: understand who (or what) has unilateral control over your assets, and evaluate whether you trust that entity or mechanism for the amount you're holding. That's a more complex question than "do I hold the keys" — but it's the right question.

What's Changing

MPC custody is maturing rapidly at the institutional level. Well-implemented MPC removes the single-point-of-failure problem without requiring users to manage seed phrases. This is a direct challenge to the binary framing of the maxim — you can have strong security guarantees without "holding the keys" in the traditional sense.

Account abstraction (Ethereum's EIP-4337) is enabling a new category of smart contract wallets that can implement custom recovery logic, spending limits, time-locks, and social recovery — all without traditional private key management. These aren't custodial in the exchange sense, but they're not traditional self-custody either.

These developments don't eliminate the core risk the maxim describes. Custodial exchanges with opaque balance sheets remain the highest-risk arrangement, and the maxim still applies to them directly. But they do create legitimate custody models that fall outside the phrase's binary framing.

What Would Confirm or Break This

Confirmation: MPC custody implementations surviving sustained adversarial environments without material loss. Smart contract wallets with social recovery gaining adoption without novel failure modes. Institutional DeFi custody frameworks developing clean multi-year security records.

Invalidation: A major MPC compromise demonstrating that distributed key schemes introduce novel attack surfaces that single-key models avoid. A systematic exploit of account abstraction wallets proving that traditional private key custody remains superior in practice.

Timing Perspective

Now: For custodial exchange arrangements, the maxim applies directly and correctly — the counterparty failure risk is real and well-documented. Next: MPC and smart contract custody models deserve evaluation on their actual security properties rather than binary key-holding logic. Later: As account abstraction matures, "holding keys" may become a less meaningful security heuristic altogether — replaced by a more nuanced conversation about signing authority and unilateral control.

Boundary Statement

"Not your keys, not your coins" remains the right warning for exchange and custodial platform risk. Where it becomes imprecise is when applied as an absolute rule to multi-signature, MPC, or smart contract arrangements that operate on different security models with different failure modes.

This post maps the mechanism — it doesn't constitute custody advice. The right custody model depends on amount held, technical competence, recovery requirements, and institutional constraints that are outside this scope.

The phrase is a good warning about a real and consequential risk. It's not a complete theory of custody security.