Crypto Research

Self-Custody vs Exchange Custody: What the Difference Actually Determines

When you leave crypto on an exchange, you hold a claim — not the asset. Self-custody holds the keys directly, but moves risk to key management. The FTX collapse illustrated exactly what counterparty risk looks like when it materialises.
Lewis Jackson
CEO and Founder

There's a phrase that gets repeated often in crypto: "not your keys, not your coins." It's blunt and arguably a bit smug, but it's pointing at something structurally important — one that the FTX collapse in late 2022 demonstrated with a clarity that years of educational articles hadn't quite managed.

This isn't really about trust or distrust of any particular exchange. It's about understanding what kind of asset you actually hold depending on where it sits.

The Core Distinction

When you buy crypto on an exchange and leave it there, you don't hold crypto in the cryptographic sense. What you hold is a claim on crypto — an IOU denominated in whatever asset you purchased. The exchange holds the private keys to actual on-chain addresses; your account balance is a database entry representing your share of their custody pool.

That's not inherently scandalous. It's how traditional finance works too. When you deposit money at a bank, you don't literally have cash sitting in a vault with your name on it. You have a claim. The bank takes your deposit and does things with it.

The difference is that in traditional finance, there's a regulatory and insurance layer specifically designed for this arrangement — FDIC insurance up to $250,000 per depositor in the US, strict reserve and capital requirements, regular audits. The exchange-custody model in crypto often has none of those backstops, or has them partially and inconsistently depending on jurisdiction.

Self-custody is the alternative. When you withdraw your crypto to a wallet you control — a hardware wallet, a software wallet, any setup where you hold the private keys — you become the sole custodian of those assets. There's no exchange, no intermediary, and no claim relationship. The assets exist on-chain at addresses only you can authorize transactions from.

How Each Model Works Mechanically

Exchange custody: The exchange operates a set of hot wallets (connected to the internet, for liquidity) and cold storage (air-gapped, for the majority of holdings). When you deposit, your assets are pooled with other users' assets. Your account balance is an internal record. When you trade, only internal database entries change — no on-chain transaction occurs. When you withdraw, the exchange initiates an on-chain transaction from their wallets to your destination address.

This means your exposure is to the exchange's solvency, security practices, and honesty. If the exchange is hacked, mismanages reserves, or — as FTX demonstrated — uses customer funds for other purposes, your claim may be worth less than you think, or nothing at all.

Self-custody: You hold a private key (or more precisely, a seed phrase that generates a hierarchy of private keys). The crypto exists at on-chain addresses derived from that key. No one can move those assets without the private key. This is the clean version. The complications arise in what happens to the key itself.

If you lose your seed phrase and your device fails, the crypto is gone. There's no customer support line. No account recovery. No insurance. The cryptographic finality that protects you from counterparty risk is the same finality that makes key loss permanent.

Where the Risk Actually Sits

These two models don't eliminate risk — they move it to different places.

Exchange custody concentrates counterparty risk. You're exposed to:

  • Exchange insolvency (see: FTX, Celsius, Voyager)
  • Exchange hacks (see: Mt. Gox 2014, Bitfinex 2016, many others)
  • Regulatory action that freezes withdrawals
  • Operational failures or insider fraud

Self-custody concentrates key management risk. You're exposed to:

  • Physical loss of hardware wallet or seed phrase backup
  • Theft of seed phrase (phishing, home invasion, shoulder surfing)
  • Technical mistakes (sending to wrong address, firmware issues)
  • Inheritance problems — assets can be effectively unrecoverable at death without planning

The FTX example is worth being specific about. When FTX collapsed, it emerged that customer funds — funds that should have been in segregated custody — had been used to fund trading activity at Alameda Research. The exchange's balance sheet was fabricated. Customers with $8 billion in claims got pennies on the dollar in bankruptcy proceedings. The "claim on crypto" model failed catastrophically because the entity holding the underlying assets wasn't actually holding them.

That is a counterparty risk materialisation event. Self-custody by definition cannot produce this outcome because there's no counterparty.

What's Changing

The exchange custody model is being regulated more aggressively. Following FTX, regulators in the US, EU, and UK began requiring clearer proof-of-reserve disclosures and separation of customer funds from operational capital. Some exchanges now publish Merkle-tree proof-of-reserves that allow users to verify their own account balance is included in audited totals. These are improvements, though proof-of-reserve doesn't verify liabilities — a nuance that still matters.

On the self-custody side, multi-signature (multisig) wallets and social recovery schemes are reducing some of the key-management brittleness. Protocols like Safe (formerly Gnosis Safe) allow multi-party control so that no single seed phrase loss can wipe out holdings. Smart contract wallets on Ethereum allow setting recovery mechanisms — not quite the same as a customer support line, but meaningfully better than a single-point-of-failure seed phrase.

Hardware wallets (Ledger, Trezor, Coldcard) remain the most practical self-custody option for most users. The key is stored on a dedicated secure chip, never exposed to an internet-connected device, and transactions must be physically confirmed on the device itself.

What Would Confirm Each Model's Appropriateness

For exchange custody to be a structurally sound long-term choice, you'd need to see mandatory segregation of customer funds enforced by law and audited, proof-of-reserve standards that include liability verification, and deposit insurance or equivalent backstops at material scale.

For self-custody to reach broader adoption beyond technically sophisticated users, you'd need social recovery and multisig to become default features in consumer wallets, and better inheritance and recovery UX that doesn't require users to deeply understand seed phrase cryptography.

Neither of these is fully in place today.

What Would Invalidate These Conclusions

The case for self-custody weakens if a large-scale smart contract wallet exploit drains multisig holdings at scale, or if user error rates for self-custody prove so catastrophic at population scale that losses exceed exchange counterparty losses.

The case for exchange custody weakens further if additional large exchange failures occur before regulatory backstops are in place, or if proof-of-reserve audits are shown to be insufficient proxies for solvency — as critics already argue.

Timing Perspective

Now: The choice is live and consequential. Exchange custody is more convenient but carries meaningful counterparty risk in the current regulatory environment. Self-custody eliminates counterparty risk at the cost of key management responsibility.

Next: Regulatory frameworks for exchange custody are developing — watch for proof-of-reserve requirements to evolve into more comprehensive solvency attestation (12–24 months). Account abstraction and smart wallet UX on Ethereum may make self-custody meaningfully more accessible.

Later: Whether institutional-grade custodians (Coinbase Custody, Fidelity Digital Assets) bridge the gap — regulated, insured custody that behaves more like traditional finance — is a longer-horizon question tied to regulatory clarity that isn't settled.

A Boundary Note

This post explains the structural difference between custody models. It doesn't recommend either approach for any individual situation — the right answer depends on amount, technical ability, jurisdiction, and tolerance for different kinds of risk.

The mechanism works as described. Whether exchange custody with adequate regulatory backstops is "close enough" to self-custody is a question with honest disagreement on both sides. What's not debatable is what each model actually is, and what its failure modes look like.

"Not your keys, not your coins" is a simplification. The complete version: if you don't hold the keys, you hold a claim — and claims have counterparty risk that keys don't.

Related Posts

See All
Crypto Research
New XRP-Focused Research Defining the “Velocity Threshold” for Global Settlement and Liquidity
A lot of people looking at my recent research have asked the same question: “Surely Ripple already understands all of this. So what does that mean for XRP?” That question is completely valid — and it turns out it’s the right question to ask. This research breaks down why XRP is unlikely to be the internal settlement asset of CBDC shared ledgers or unified bank platforms, and why that doesn’t mean XRP is irrelevant. Instead, it explains where XRP realistically fits in the system banks are actually building: at the seams, where different rulebooks, platforms, and networks still need to connect. Using liquidity math, system design, and real-world settlement mechanics, this piece explains: why most value settles inside venues, not through bridges why XRP’s role is narrower but more precise than most narratives suggest how velocity (refresh interval) determines whether XRP creates scarcity or just throughput and why Ripple’s strategy makes more sense once you stop assuming XRP must be “the core of everything” This isn’t a bullish or bearish take — it’s a structural one. If you want to understand XRP beyond hype and price targets, this is the question you need to grapple with.
Read Now
Crypto Research
The Jackson Liquidity Framework - Announcement
Lewis Jackson Ventures announces the release of the Jackson Liquidity Framework — the first quantitative, regulator-aligned model for liquidity sizing in AMM-based settlement systems, CBDC corridors, and tokenised financial infrastructures. Developed using advanced stochastic simulations and grounded in Basel III and PFMI principles, the framework provides a missing methodology for determining how much liquidity prefunded AMM pools actually require under real-world flow conditions.
Read Now
Crypto Research
Banks, Stablecoins, and Tokenized Assets
In Episode 011 of The Macro, crypto analyst Lewis Jackson unpacks a pivotal week in global finance — one marked by record growth in tokenized assets, expanding stablecoin adoption across emerging markets, and major institutions deepening their blockchain commitments. This research brief summarises Jackson’s key findings, from tokenized deposits to institutional RWA chains and AI-driven compliance, and explains how these developments signal a maturing, multi-rail settlement architecture spanning Ethereum, XRPL, stablecoin networks, and new interoperability layers.Taken together, this episode marks a structural shift toward programmable finance, instant settlement, and tokenized real-world assets at global scale.
Read Now

Related Posts

See All
No items found.
Lewsletter

Weekly notes on what I’m seeing

A personal letter I send straight to your inbox —reflections on crypto, wealth, time and life.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.