If you've bought crypto on Coinbase, Binance, or any major exchange, you don't actually hold your crypto. The exchange does. More precisely: the exchange controls the private keys that prove ownership of those assets on-chain. Your account balance is an entry in the exchange's internal database — a promise that you can withdraw that amount — not a direct position on the blockchain.
This isn't an accident or a design flaw. It's the architecture the system was deliberately built on, and understanding why it works this way explains both its practical advantages and its documented failure modes.
The Core Reason: Trading Requires Speed, and Blockchains Are Slow
When you place a market order on an exchange — buy ETH, sell BTC — the trade settles in milliseconds. If that transaction required an on-chain confirmation, you'd be waiting a minimum of 12 seconds per Ethereum block, significantly longer during congestion. Bitcoin is worse: 10 minutes per block, with most exchanges requiring multiple confirmations before crediting funds.
A futures trade involving leverage, partial fills, and liquidation risk simply cannot function in that environment. Neither can a high-frequency order book. Neither can any trading product that requires instant settlement.
So exchanges solve this by becoming custodians. When you deposit crypto to an exchange, you send it to a wallet the exchange controls. The exchange's internal accounting system credits your account. From that point, all trading activity happens off-chain — in the exchange's database — and only actual withdrawals and deposits touch the blockchain.
This is the custodial model. The exchange holds a pooled set of user funds, maintains a private ledger of who owns what, and processes every trade against that ledger. It's structurally similar to how a brokerage holds your stocks. You have a claim on the assets; the brokerage is the actual holder.
The model works well when the exchange is solvent, well-managed, and honest. The risks emerge when it isn't.
What the History Shows
FTX is the most significant recent case study. In November 2022, it became clear that FTX had commingled approximately $8 billion in customer funds with its affiliated trading firm Alameda Research. Users believed their balances were held safely in custody — the exchange had created that impression. In reality, the funds had been lent out, used as collateral, or spent. When withdrawal demand exceeded available liquidity, the exchange collapsed within days. Customers lost access to assets that didn't exist in the form they believed.
Mt. Gox, which dominated Bitcoin trading from 2010 to 2014, lost approximately 850,000 BTC through a combination of hacking and internal theft that accumulated over years. Again: the funds were supposed to be in custody. They weren't.
Both cases reveal the same structural problem. In the custodial model, you're trusting the exchange's solvency, security practices, and honesty simultaneously. There's no on-chain technical mechanism that ensures your funds are actually where the exchange claims. Your balance is a claim — enforced by contract law and, potentially, insolvency proceedings, not by cryptography.
That's what "not your keys, not your coins" actually means at the system level. Without the private key, you hold a claim on an asset, not the asset itself.
Where the Constraints Live
There's a hard constraint and a soft one.
The hard constraint is physics and architecture: blockchain settlement is slow by design. Bitcoin's 10-minute block time was calibrated so that blocks have time to propagate across the global peer-to-peer network before a competing block is found. Shortening it would increase orphan blocks and weaken security. Ethereum's 12-second slot time reflects how long validator attestations need to propagate globally and reach finality. You can't simply speed this up without accepting real tradeoffs at the protocol level. Layer 2 solutions are addressing this for execution, but base layer settlement finality remains what it is.
The soft constraint is regulatory. Most jurisdictions require custodial services to hold licenses, implement KYC/AML programs, and comply with financial regulations. This structure actually reinforces the custodial model: it's much easier for regulators to supervise a centralized entity holding pooled funds than to oversee a system where millions of users hold their own keys. Some jurisdictions — the EU under MiCA, certain US states — are beginning to require reserves attestations, though enforcement remains uneven.
What's Changing
Two things have shifted meaningfully since the FTX collapse.
Proof-of-reserves became an expected practice at major exchanges. Binance, Coinbase, Kraken, Bitfinex, and others published Merkle tree-based attestations showing that their on-chain holdings cover user liabilities. These aren't perfect — a determined exchange can temporarily borrow funds to inflate the snapshot balance — but they represent a real improvement over the opacity that existed before. The methodology is still maturing.
Non-custodial trading infrastructure has also grown. Decentralized exchanges like Uniswap and others let users trade directly from self-custodied wallets. No deposit. The exchange never touches your keys. The tradeoffs are real: DEX liquidity is thinner for most trading pairs, complex instruments are harder to access, and gas fees on Ethereum mainnet make frequent small trades expensive. But for significant positions where custody risk is the primary concern, the architecture is genuinely different.
DEX volume as a share of total crypto spot trading has grown consistently since 2020, though it remains a minority of overall activity.
What Would Confirm or Break This Picture
Confirmation: Major jurisdictions implement mandatory, third-party-verified reserve attestations. DEX volume continues growing as infrastructure matures. Institutional-grade self-custody solutions become standard for large holders.
Invalidation: The scenario where custodial risk becomes structurally contained — through robust insurance requirements, real-time audited reserve systems, or legal protections equivalent to SIPC coverage for brokerage accounts — would change the calculus. None of those exist in meaningful form today, but the regulatory trajectory is moving in that direction.
Timing Perspective
Now: The custodial model is dominant and will stay that way for active traders, who trade custody risk for trading speed and access. Proof-of-reserves is a live factor worth evaluating when choosing an exchange. Self-custody is the practical alternative for assets not actively traded.
Next (12-24 months): MiCA implementation in the EU will push more standardized reserve requirements. Any US stablecoin or exchange legislation will shape domestic requirements. DEX infrastructure — especially on Layer 2 networks — continues improving in cost and usability.
Later: Whether exchange-held crypto achieves regulatory protection equivalent to brokerage accounts is a multi-year, jurisdiction-specific question with no clear resolution timeline.
Boundary Statement
This post explains the architectural reason why the custodial model exists and what it means for fund security. It's not an assessment of any specific exchange's management quality, and it's not a recommendation about where to hold assets.
The mechanism is what it is. Exchanges hold keys because the alternative — on-chain settlement for every trade — doesn't work at trading speed. Whether that tradeoff is acceptable depends on your circumstances, not on a general rule.
