In November 2022, I watched a friend message our group chat at 2am local time. FTX had just suspended withdrawals. He had life savings there — not speculative money, actual life savings. He’d been meaning to withdraw to his own wallet for months, kept putting it off, trusted that a major exchange with celebrity endorsements and regulatory filings was safe. The withdrawal suspension notice came before he got around to it.
His money was eventually included in the bankruptcy proceedings. Some of it came back years later, cents on the dollar, after lawyers collected their fees. Most of it was gone.
I had moved my own bitcoin off exchanges in early 2018. I watched November 2022 unfold from a position of zero exposure. Not because I’m smarter than my friend — I’m not. Because I’d learned the lesson earlier from smaller losses and had acted on it.
This guide is about that lesson.
”Not your keys, not your coins” — why this phrase is the entire game
When you hold bitcoin on an exchange, you do not hold bitcoin. You hold a claim on bitcoin — an IOU that the exchange promises to honor when you request a withdrawal. The distinction sounds academic until it isn’t.
Bitcoin is defined by its transaction ledger. The ledger records which Bitcoin addresses control which amounts of bitcoin. A Bitcoin address is controlled by whoever holds the corresponding private key. If someone else holds the private key — whether a bank, an exchange, a custodian, or a friend — they control the coins, not you. The exchange’s system crediting “0.05 BTC” to your account is not a Bitcoin transaction. It’s an internal database entry. That database entry is backed only by the exchange’s solvency, operational security, and willingness to honor withdrawals.
FTX had all the appearances of a legitimate institution. It had venture capital backing from respected firms. It had a founder who appeared regularly at financial conferences. It had regulatory filings in multiple jurisdictions. It had a celebrity marketing campaign. None of these were evidence that your coins were safe. The only evidence that would have mattered — audited proof of reserves showing 1:1 backing — was never provided. And even audited proof of reserves can be manipulated, as FTX demonstrated by misrepresenting its balance sheet.
“Not your keys, not your coins” — a phrase so old in Bitcoin culture that its exact origin is debated, but its truth has been proven catastrophically, repeatedly, across exchanges from Mt. Gox in 2014 to FTX in 2022.
The solution is simple in concept: hold your own keys. Keep the private key — or the seed phrase that generates it — in your physical possession, never on any internet-connected device you didn’t configure yourself with software you didn’t vet. When you do this, Bitcoin’s ledger records your address directly, and no exchange failure can touch your coins.
What is a seed phrase?
A seed phrase is a list of 12 or 24 common English words that encodes the master private key for your Bitcoin wallet. It’s the human-readable representation of a 128- or 256-bit random number. From that single number, your wallet software derives every private key, every public key, and every Bitcoin address you will ever use.
The standard that defines this is BIP-39 (Bitcoin Improvement Proposal 39), published in 2013. BIP-39 specifies a wordlist of 2048 common English words, the encoding method, and the checksum scheme. When a hardware wallet or software wallet generates your seed phrase, it’s following this standard.
A 12-word phrase from the BIP-39 wordlist encodes 128 bits of entropy plus a 4-bit checksum. A 24-word phrase encodes 256 bits plus an 8-bit checksum. Both are considered cryptographically secure for Bitcoin. My current hardware wallets use 24-word phrases, which I keep both on paper and on metal backup.
Why words? Because humans are better at transcribing and storing words than hexadecimal strings. The word “abandon” is easier to write legibly and verify than the hex sequence it encodes. The wordlist is designed so that the first four letters of each word uniquely identify it — useful when your handwriting is ambiguous.
The critical point: anyone who has your seed phrase has access to every bitcoin in every address derived from it. Treat your seed phrase with the same physical security you’d apply to equivalent cash. More on backups below.
Hot vs cold wallets
The distinction between “hot” and “cold” wallets is about internet connectivity, but I think of it more accurately as a spectrum of exposure:
Hot wallet — private key is on an internet-connected device (a phone, a laptop). Convenience is high; exposure to online attacks is non-zero. Appropriate for small amounts you’re actively spending, the way you’d carry cash in a physical wallet.
Mobile software wallet — Phoenix, Muun, Blue Wallet. Keys are generated and stored on your phone. Better than an exchange, still connected to the internet. Fine for daily Lightning payments. Not where I keep my savings.
Desktop software wallet — Sparrow, Electrum. More powerful, more control. Still on a general-purpose internet-connected computer. I use Sparrow as a watch-only interface for my cold storage without exposing keys.
Hardware wallet — a dedicated device that stores private keys offline. The device signs transactions internally; the private key never leaves the device to touch an internet-connected computer. This is the practical standard for self-custody of significant amounts.
Air-gapped hardware wallet — a hardware wallet that has never and will never touch an internet-connected device, communicating via QR codes or SD cards. Coldcard is the most well-known implementation. Higher security ceiling, higher operational complexity.
Multisig — not a wallet type but a key configuration where M of N keys must sign a transaction (e.g., 2-of-3 or 3-of-5). I use 2-of-3 multisig for my primary savings. Even if one key is compromised, the funds are safe. Even if one key is lost, the funds are recoverable from the other two.
I moved through these levels gradually: exchange to mobile wallet in 2018, mobile wallet to hardware wallet in 2019, single hardware wallet to multisig in 2021. Don’t wait until you have large amounts to take custody seriously — the habits are the hard part, and better to build them early.
Hardware wallets: what they actually do
A hardware wallet is a small, dedicated computer that stores private keys and signs Bitcoin transactions. It connects to your general-purpose computer (or phone) via USB or Bluetooth to receive transaction data, signs the transaction internally, and sends the signed transaction back to be broadcast to the Bitcoin network.
The important design property: the private key never leaves the hardware wallet device. When you plug a Ledger or Trezor into your computer, the computer sends it unsigned transaction data. The hardware wallet shows you the transaction details on its own screen (which is why you verify on the device, not on your computer), you confirm with the physical button, and the signed transaction comes back. At no point does your computer see the private key.
This design protects against malware on your computer. Even if your computer is fully compromised by a sophisticated attacker, they can’t extract your keys — the keys are physically inside the hardware wallet, which has its own secure element or secure storage. They could potentially substitute a different recipient address (which is why you verify on the device screen), but they cannot steal your keys.
Hardware wallets I’ve used or evaluated:
- Ledger (Nano S Plus, Nano X) — most popular consumer hardware wallet; good software ecosystem; 2023 firmware controversy about backup recovery service is worth understanding before you buy
- Trezor (Model T, Safe 3, Safe 5) — open-source hardware; no secure element in older models; strong community reputation for transparency
- Coldcard — Bitcoin-only, paranoid security model, air-gap capable; best choice if you want maximum security and don’t mind the learning curve; what I use
- BitBox02 (Bitcoin-only edition) — Swiss-made, clean open-source design, excellent for technical users who want simplicity
- Jade (Blockstream) — open-source, air-gap capable, lower price point; newer entrant with a strong reputation in the Bitcoin-only community
I’m not ranking these definitively — your threat model, technical comfort, and budget should drive the decision. The hardware wallet setup guide covers the setup process in detail, including the mistakes I made on my first one.
The three backups you need
Your seed phrase is your Bitcoin. Losing it means losing access to your bitcoin permanently — Bitcoin has no password recovery, no support line, no account restoration process. The private key is the only way in.
I maintain three physical copies of every seed phrase I’m responsible for:
Backup 1: Paper. Write the words in pencil (not ink — ink can fade or smear) on paper immediately when you generate the seed. Use block letters. Double-check every word against the screen before you dismiss the setup. Store this in a secure location at home — a safe, a locked filing cabinet, somewhere protected from casual discovery.
Backup 2: Metal. A paper backup burns, floods, and degrades over time. A metal backup — typically a stainless steel plate with punched or stamped letters, or a dedicated product like CryptoSteel or Cryptotag — survives fire and water. I have a steel plate backup for every wallet I take seriously. This lives in a different physical location from the paper backup.
Backup 3: Geographic separation. At least one backup should be in a different building from the others. I keep one set at home and one with a trusted family member in a sealed envelope they’ve been instructed not to open. For truly significant amounts, consider a safety deposit box as a third location.
The geographic separation serves two purposes: protection against location-specific disasters (fire, flood, burglary) and ensuring you can still access your bitcoin if one location becomes temporarily inaccessible.
For multisig setups, the backup scheme is more involved — you need backups of each individual key, plus backups of the multisig wallet descriptor (the configuration file that tells your wallet software how the keys relate to each other). The hardware wallet setup guide covers the single-sig case in detail; multisig deserves its own deep dive.
Testing your backup
This is the step most people skip, and it’s the one I learned the hard way to never skip.
In early 2020, I set up a new hardware wallet, wrote down what I thought was my seed phrase, and stored it. Six months later I decided to test the backup by wiping the device and restoring from the seed. Three words were transposed — I had written them in the wrong order because I was rushing and doing it in dim light. The device wouldn’t restore. I spent two hours in a cold sweat before I realized I still had access via the original device (which I hadn’t wiped yet). Nothing was lost, but I understood viscerally that an untested backup is not a backup.
After every new wallet setup, I now do the following: write the seed phrase, put the hardware wallet in recovery/restore mode, and enter the seed phrase back in to verify the wallet restores to the same addresses. I check the first receiving address matches what I had before. Then I wipe and set up fresh if the device requires it, or I confirm the backup was correctly stored if the device supports verification without a full wipe.
Some hardware wallets — Coldcard, for instance — have a seed phrase verification feature that lets you confirm words without wiping the device. Use it if your device supports it. If it doesn’t, either test via restore before you fund the wallet, or fund only a tiny test amount until you’ve verified the backup.
Do not fund a wallet whose backup you haven’t tested.
A real FTX-scale lesson
I want to be direct about what happened in November 2022, because I think the industry has already started to forget and the lessons are too important.
FTX was not a minor or obscure exchange. It was one of the three largest cryptocurrency exchanges in the world by volume. It had raised billions in venture capital from well-known investment firms. It had sponsored sports arenas, signed celebrities, and lobbied aggressively in Washington. Its founder appeared on magazine covers and at industry conferences as a credible figure.
Behind this, FTX had used customer deposits to fund speculative investments by its affiliated trading firm, Alameda Research. When a liquidity crisis hit in November 2022, it couldn’t meet withdrawal requests. The exchange suspended withdrawals. Within days it filed for bankruptcy. The estimated customer shortfall was billions of dollars.
I watched friends lose life savings because they “trusted” a centralized exchange. The trust was based on the exchange’s marketing, its scale, its apparent legitimacy, and the assumption that regulated entities are safe. None of these were substitutes for actual proof that customer funds were being held 1:1.
This is not a unique event. Mt. Gox, the world’s largest Bitcoin exchange in 2013–2014, collapsed after losing approximately 850,000 BTC to a combination of hacking and mismanagement. Celsius, BlockFi, Voyager — the list of custodial failures in the 2022 cycle alone is long. The pattern repeats because the underlying problem is unchanged: when you hand custody to someone else, you take on their risk.
Bitcoin’s answer to this problem is technical: the private key is the only control that matters. If you hold the key, the coins are yours. If someone else holds the key, the coins are theirs until they agree to give them back.
Self-custody is not paranoia. It’s the appropriate response to a custodial failure rate that is historically very high.
My current setup
I’ll describe my setup without providing enough detail to be a targeting risk:
I use 2-of-3 multisig for my primary bitcoin savings. The three keys are on separate hardware devices from different manufacturers. The keys and the corresponding metal backups are in three geographically separated locations. Any two keys are sufficient to sign a transaction; any two backups are sufficient to recover fully.
For day-to-day Lightning spending, I use a mobile wallet with a small amount — the equivalent of cash I’d carry in a physical wallet. When that balance gets low, I top it up from my cold storage via an on-chain transaction.
My node at home runs Bitcoin Core (full archive, pruning disabled). I use it to broadcast my own transactions rather than routing through a third-party service. I’ve been running this node continuously since mid-2021, with one interruption when I had a power supply failure.
I didn’t build this setup overnight. I started with a single hardware wallet on a small amount in 2019, added the second key in 2020, and went to 3-of-5 and then settled on 2-of-3 multisig in 2021. The complexity grows with the stakes. Start simple. Get one hardware wallet working correctly. Learn the operational discipline. Scale up.
Related tools
- Address Validator — verify any Bitcoin address is valid before sending to it; catches typos before they become permanent losses
Further reading
- Bitcoin: A Peer-to-Peer Electronic Cash System — understanding the protocol helps clarify why custody works the way it does
- Mastering Bitcoin — Antonopoulos, chapters on keys, wallets, and addresses are directly relevant to self-custody
- BIP-39 Specification — the technical standard behind your seed phrase
- Bitcoin Wiki: Seed Phrase — additional background on seed phrase generation and storage
- Sparrow Wallet Documentation — Sparrow is my recommended desktop wallet for managing cold storage; its documentation covers multisig and hardware wallet integration well