Where you store crypto matters because custody changes who can move funds, recover access, or block withdrawals.
An exchange account is convenient, but it usually means the platform holds the keys on your behalf.
The best choice is rarely “all exchange” or “all wallet,” but a setup that matches how you actually use crypto.
Understanding Custody: Who Holds the Keys
Custody is the difference between “I own it” and “I can move it right now.” In crypto, control comes from the private key that can authorize transfers.
If someone else holds your keys, you depend on their systems and rules to access funds.
If you hold your keys, you take responsibility for security and recovery.
Custodial exchange accounts
On most exchanges, your balance is recorded under the platform’s custody, not a key you control.
That model can be fast to use, but it introduces platform risk if operations fail.
Regulators warn that some platforms may lack protections investors assume exist in traditional finance.
Non-custodial wallets
A non-custodial wallet is a tool that lets you manage an account by controlling keys yourself.
Ethereum’s documentation notes that wallet providers don’t hold custody of your funds in this model.
Self-custody gives you direct control, but there is no “password reset” if backups are lost.
When Leaving Funds on an Exchange Makes Sense
Exchanges are built for trading, quick conversions, and frequent deposits or withdrawals.
They can reduce friction when you need liquidity, order types, or fast swaps.
They often offer account features like login controls, support tickets, and recovery processes.
For small “active” balances, convenience can be a rational tradeoff against custody risk.
Trading and fast conversions
If you buy and sell often, keeping funds on an exchange can reduce transfer fees and delays.
Exchange order books and market infrastructure are designed for execution and price discovery.
This is most defensible when the amount on-platform matches what you intend to trade soon.
Recovery tools and account support
Custodial accounts can allow identity-based recovery when you lose a device or forget a login.
That support can be helpful for beginners who are not ready to manage backups correctly.
The tradeoff is that the same controls that help recovery can also limit withdrawals in some cases.
The Risks of Exchange Custody You Have to Price In
Exchanges can be targets for hackers because they concentrate valuable assets.
Security failures, operational outages, or internal controls can all affect customer access.
Some crypto losses have limited recourse compared with traditional financial accounts.
Even if a platform is well known, customer protections can be different from what people expect.
Operational and security failures
Regulators note risks like hacking incidents and theft of private keys in crypto markets.
The CFTC specifically warns there may be no assurance of recourse if virtual currency is stolen.
This means you should treat exchange custody as an exposure you actively limit, not a default home.
Freezes, bankruptcy, and unclear protections
If an exchange becomes insolvent, accounts can be frozen while claims are processed.
SEC staff guidance notes that non-security crypto assets may not be protected by SIPA or any specific insolvency regime.
In plain terms, “I had a balance on a platform” is not the same as “I can get it back quickly.”
When Self-Custody Wallets Make Sense
Self-custody is strongest when you want long-term control without relying on a company’s uptime.
It also fits when you want to move funds anytime without account-based approvals.
A wallet is essentially your interface to an on-chain account, not a bank account in the usual sense.
For many people, self-custody is best for “savings” balances that do not need daily trading.
Long-term holding and control
Cold storage reduces exposure because keys are kept off an internet-connected device.
That approach is commonly recommended for long-term holdings where convenience is less important.
Bitcoin.org’s security guidance emphasizes protecting wallets with strong security practices.
Using on-chain apps
Many on-chain activities require you to sign transactions directly from a wallet you control.
Using a wallet also makes it easier to switch providers because the account lives on the network.
This reduces platform lock-in, but increases the need to understand what you are approving.
The Risks of Self-Custody You Must Manage
Self-custody removes platform risk, but it does not remove risk itself.
Your backup method becomes your “recovery department,” and mistakes can be permanent.
Scams often aim to trick users into revealing seed phrases or signing harmful transactions.
Security is less about one perfect tool and more about careful habits over time.
Losing keys and backups
If you lose your recovery information, there may be no institution that can restore access.
That makes secure backup practices a core requirement, not an optional “extra step.”
Self-custody only works when you treat recovery data like the asset itself.
Malware, scams, and signing mistakes
Hot wallets run on internet-connected devices, which increases exposure to malware and phishing.
Cold storage reduces that exposure, but you still must verify addresses and approvals carefully.
Regulators repeatedly warn that fraud and theft are common in crypto markets.
Insurance, Regulation, and What “Protected” Really Means
Many people assume the safety nets from banks and brokerages apply automatically to crypto.
In reality, coverage depends on the product, the legal status, and how assets are held.
Even when a firm is regulated for some activities, that does not guarantee full coverage for all crypto holdings.
Reading the platform’s custody and insolvency disclosures is part of basic risk management.
FDIC and SIPC misunderstandings
FINRA warns that crypto assets that are not securities under SIPA are not protected by SIPA.
SIPC explains that many digital asset securities do not qualify as “securities” under SIPA and are not protected.
So “insured like a brokerage account” is a claim you should verify, not assume.
Custody definitions: hosted vs unhosted
Regulatory discussions often distinguish between hosted (custodial) and unhosted (self-custodied) wallets.
That distinction matters because controls, surveillance, and recovery options differ by custody model.
Before choosing a “wallet,” confirm whether it gives you keys or just an account interface.
Conclusion
Choose where your crypto should live based on how often you use it and how much risk you are willing to carry.
Keep only an active spending or trading amount on exchanges, and move long-term holdings to a self-custody wallet where you control access.
Treat backups and recovery steps as part of ownership, because self-custody has no simple reset if you lose your keys.
