Non-custodial wallets explained
"Not your keys, not your coins." A four-word slogan that became a $50 billion lesson after FTX, Mt. Gox, and Celsius. Here's what custody actually means, where the spectrum runs, and how to decide what's right for you.
Where the phrase came from
"Not your keys, not your coins" was a niche cypherpunk slogan in the mid-2010s. It became mainstream after a sequence of catastrophic failures of crypto institutions that held customer funds:
- Mt. Gox (2014) — at the time the largest Bitcoin exchange, lost ~850,000 BTC. Customers got partial recovery a decade later through bankruptcy proceedings.
- QuadrigaCX (2019) — Canadian exchange whose founder died (or "died") with sole access to the cold wallet keys. ~$190M of customer funds disappeared.
- Celsius Network (2022) — yield platform that locked withdrawals and filed bankruptcy. Most customers lost most of their deposits.
- FTX (2022) — at the time the second-largest exchange. Used customer deposits for trading on a related entity. Founder convicted of fraud. Recoveries ongoing.
- Various smaller cases — Voyager, BlockFi, Genesis, and others through 2022-2023.
In each case, customers technically owned crypto — but they didn't hold the keys. The exchange held the keys, and when the exchange failed, those crypto holdings turned into unsecured claims against a bankrupt company. Some are still resolving years later.
How private keys actually work
Every blockchain address is derived from a private key: a giant random number. For Bitcoin and most chains, that's 256 random bits. The math is asymmetric — given the private key, you can compute the public address; but given only the address, you cannot reverse-derive the private key (with current computing technology — quantum is a separate discussion).
To spend crypto from an address, you need to produce a digital signature that only the private key can produce. Whoever has the private key has the unconditional, irreversible power to move the funds. There is no customer service to call, no chargeback, no recovery process. The blockchain doesn't know who you are; it only checks signatures.
This is the foundation. Custody = who has the private key.
A "seed phrase" (or "mnemonic") of 12 or 24 English words is a human-readable encoding of the entropy used to generate one or many private keys. Anyone with the seed phrase can recreate all the keys derived from it, no matter what device they're using. The seed phrase is the master credential.
The custody spectrum
It's not binary. There are at least five distinguishable points on the line:
1. Centralized exchange (fully custodial)
Coinbase, Binance, Kraken, Bitstamp. You have an account with a username and password. You see a balance in their app. You do not have access to any private keys; the exchange holds them in their own cold storage and hot wallets. When you "send" crypto, you're asking the exchange to send from their wallet to whatever address you specified.
Trust required: the exchange is solvent, honest, and not hacked.
2. Yield / lending platform
Examples: BlockFi, Celsius, various DeFi front-ends with deposit features. You deposit your crypto in exchange for promised yield. The platform takes custody and lends or trades with your funds.
Trust required: the platform's investment strategy is sound and its borrowers don't default.
3. MPC / "shared custody" wallets
Examples: Coinbase Wallet's MPC mode, Web3Auth, some institutional services. The private key is split into multiple pieces using cryptography (multi-party computation). The user holds one piece, the service holds another. Neither alone can spend. Useful for recoverability without giving up control entirely.
Trust required: the MPC implementation is honest, the service won't disappear, the user keeps their share secure.
4. Software self-custody wallet
Examples: Phantom, MetaMask, Solflare, Backpack, Trust Wallet, Exodus. The wallet generates a seed phrase that the user writes down. The seed phrase (and the keys derived from it) live on the user's device. The wallet provider has no access.
Trust required: the wallet software is not malicious, the device isn't compromised, the user's seed phrase backup is safe.
5. Hardware wallet (the gold standard)
Examples: Ledger, Trezor, Coldcard, Keystone, Foundation Passport. A dedicated device whose only job is to store private keys in a tamper-resistant chip and sign transactions. The keys never leave the device. The user approves each transaction by pressing physical buttons.
Trust required: the hardware wallet vendor didn't tamper with the firmware (a real concern; multiple major vendors have had supply-chain issues), and the user keeps the seed phrase and device safe.
The honest trade-offs
| Aspect | Custodial exchange | Self-custody software | Hardware wallet |
|---|---|---|---|
| Recovery if you lose access | Yes (KYC) | No | No (without seed) |
| Counterparty risk | High | None | None |
| Hack risk vector | Exchange breach | Device malware, phishing | Physical theft + seed leak |
| Convenience | Easy | Medium | Friction |
| Daily use | Fine | Fine | Painful |
| Long-term storage | Bad | OK | Best |
The thing nobody likes to say: full self-custody is harder, scarier, and not always the right choice for every amount. A user storing $200 of crypto on Coinbase is probably fine. A user storing $50,000 on Coinbase in 2022 was, in retrospect, taking real risk.
Where swap services fit
Crypto swap services (Changelly, ChangeNOW, FixedFloat, SimpleSwap, etc.) sit in an interesting place. Most operate as follows:
- They temporarily hold your crypto during the swap (between receiving your deposit and sending the swapped coins to you).
- They do not have a long-term account or balance.
- If they shut down during a swap, you might lose the swap-in-progress amount, but not your wider holdings.
So swap services are technically custodial during the swap window, but the window is short (typically minutes), the amount is bounded (only the swap value), and there's no incentive for them to misuse funds short-term.
seekerbridge specifically is the front-end on top of this. It never touches your crypto. The deposit goes from your wallet directly to Changelly's deposit address; the payout goes from Changelly directly to your payout address. seekerbridge sees neither.
For users, this means:
- If seekerbridge shuts down tomorrow, your wallets are unaffected.
- The Changelly swap-in-progress risk applies only to swaps that are currently mid-flight (not historical or future).
- Your primary security model remains the security of your own wallets.
When evaluating any crypto app, ask: "if this company disappears tomorrow, what happens to my funds?" For a custodial exchange: lost or stuck. For seekerbridge or a self-custody wallet: nothing — your keys, your coins.
A practical recommendation
Most experienced crypto users have a tiered setup:
Tier 1: Hardware wallet (cold storage)
Most of your holdings. Used rarely. Seed phrase backed up to multiple locations (steel plates, geographically distributed). Never plugged in unless you're doing a transaction.
Tier 2: Software self-custody wallet (warm)
The amount you actively use for DeFi, swaps, daily transactions. Some people sub-divide this further: a "main" software wallet that holds a few hundred to few thousand dollars, and "burner" wallets that connect to risky/new dApps.
Tier 3: Exchange (hot)
Only the amount you're about to trade or about to off-ramp to fiat. Move on and off quickly. Don't park.
The ratios vary by person — some keep 95% cold, 5% warm/hot. Others (active traders) keep most in warm wallets and only their long-term holdings cold.
The hardest part of self-custody is the irreversibility. Lose your seed phrase, lose your funds. Get phished into typing your seed into a fake site, lose your funds. Send to the wrong chain, often lose your funds. There is no customer service. That's the price of having no counterparty risk.
For most people, the right answer in 2026 is probably: hardware wallet for serious holdings, software wallet for everyday use, and minimise time on centralised exchanges. The post-FTX consensus is real, and the tools have gotten much better.