Heath SchweitzerHeath Schweitzer
← All posts

Self-Custody: Why 'Not Your Keys, Not Your Coins' Actually Matters

April 22, 2026|Heath Schweitzer|4 min read|17 views|Last Updated June 18, 2026
Share on XTip with ₿itcoin
Technology
Self-custody explained: exchange IOU versus holding private keys, showing control, access, and ownership of Bitcoin.

"Not your keys, not your coins" is one of Bitcoin's most repeated phrases. It sounds like a slogan. It's actually a precise technical statement about how Bitcoin ownership works — and understanding what it means is the difference between holding Bitcoin and holding an IOU for Bitcoin.

What "Keys" Actually Means

When you own Bitcoin, what you actually own is a private key — a 256-bit number that gives you the cryptographic ability to sign transactions spending the Bitcoin associated with the corresponding address. The Bitcoin itself lives on the blockchain, a public ledger maintained by thousands of nodes worldwide. Your private key is the only thing that authorizes movement of your funds.

There is no other ownership mechanism. No account number, no identity verification, no password reset. If you have the private key, you can spend the Bitcoin. If you don't, you can't. It's enforced by mathematics, not by policy.

When you hold Bitcoin on an exchange — Coinbase, Kraken, Binance — you don't hold the private keys. The exchange does. What you hold is a balance in their database, backed by their promise to honor withdrawals. That's an IOU. It's not Bitcoin ownership in the technical sense; it's credit with a company that holds Bitcoin.

Why This Matters: The FTX Example

In November 2022, FTX — at the time the third-largest cryptocurrency exchange — collapsed. Customers discovered that their funds had been used by FTX's sister trading firm without authorization. Billions of dollars of customer Bitcoin and other assets were gone. Withdrawals were frozen. The bankruptcy process dragged on for years, with customers recovering partial amounts at prices that had since moved significantly.

FTX customers who held their Bitcoin on the exchange had no recourse in the short term. FTX customers who had withdrawn to self-custody before the collapse were unaffected. The Bitcoin on the blockchain didn't change. The private key holders still had their Bitcoin. The IOU holders did not.

This isn't an edge case. Mt. Gox (2014), Bitfinex (2016), QuadrigaCX (2019), Celsius (2022), FTX (2022), Voyager Digital (2022) — exchange collapses and custodial failures are a recurring feature of the Bitcoin ecosystem. The pattern is consistent: exchanges that hold customer funds eventually either get hacked, mismanage those funds, or become insolvent.

What Self-Custody Actually Looks Like

Self-custody means holding your own private keys. The practical implementations range from simple to robust:

Software wallets store your private key on your phone or computer, encrypted behind a PIN or password. They're convenient but the security depends entirely on the security of your device. If your phone is compromised or you lose access, recovery depends on your seed phrase.

Hardware wallets — devices like Ledger or Trezor — store your private key on a dedicated device that never exposes it to an internet-connected computer. Signing a transaction happens on the device; your computer only sees the signed transaction, never the key. For any meaningful amount of Bitcoin, a hardware wallet is the standard recommendation.

Seed phrases are the backup mechanism for any wallet. When you set up a Bitcoin wallet, it generates a 12 or 24 word seed phrase — a human-readable encoding of the master private key from which all your wallet's keys are derived. Write this down on paper or preferable metal that can withstand a fire. Store it securely offline in a fire rated safe. Do not store it digitally. If your device is lost, stolen, or destroyed, the seed phrase lets you recover your wallet on any compatible device. The seed phrase IS your Bitcoin.

The Tradeoffs Are Real

Self-custody puts you in full control, which means it also puts you in full responsibility. There's no customer support number. There's no "forgot my private key" option. Loss of your seed phrase with no backup means permanent loss of funds — the Bitcoin still exists on the blockchain, but nobody can ever spend it.

This is not a theoretical risk. A meaningful percentage of all Bitcoin in existence is estimated to be permanently inaccessible because the private keys were lost. Hard drives thrown away, paper seed phrases destroyed in fires, early adopters who died without leaving access instructions.

The right approach is to take custody seriously: use a hardware wallet, create multiple copies of your seed phrase stored in different secure locations, and make sure someone you trust knows how to access your funds if something happens to you.

What This Means for Payment Infrastructure

When I describe BTCpay Server as self-sovereign payment infrastructure, the "self" in self-sovereign means this: your BTCpay server generates payment addresses from your extended public key, but the private keys never touch the server. Payments go directly to addresses only you can spend. Nobody — not me as the BTCpay host, not a payment processor, not a bank — can freeze those funds or prevent you from accessing them.

That's what "not your keys, not your coins" is actually pointing at. Custody is not a detail. It's the whole thing.

Tagged

bitcoincryptocurrencybeginnerself-custody

← Previous

CI/CD for Solo Developers: GitHub Actions Without the Complexity

Next →

Cloudflare, Nginx, and Next.js: How My Stack Handles Traffic

If this post was useful, consider buying me a coffee ☕ with ₿itcoin — no account needed, any amount welcome.

Bitcoin tip QR code
⚡ Open in Wallet
← Back to all posts