What Is Crypto Custody? A Beginner`s Guide to Securing Digital Assets
Your crypto is only as safe as whoever holds the keys. Hackers stole $6.5 billion from crypto platforms and wallets in 2025. That is 51% more than the year before, per Chainalysis. The Bybit breach alone wiped out $1.5 billion in February 2025. Real money, real crypto assets. Gone.
Most people who lose cryptocurrency did not get outplayed by some genius hacker. They just picked the wrong place to store it, or did not think about storage at all. So what is crypto custody, and why does it matter before you even buy your first bitcoin?
How crypto custody actually works
Here is the thing most newcomers miss: your coins never leave the blockchain. Bitcoin does not sit in your wallet the way cash sits in a safe. The blockchain is a public record, and your crypto lives there forever. What your wallet actually stores is a private key, a long string of letters and numbers. Think of it as the master password to your money. Whoever has that key can spend the coins. Crypto custody is just the question of where that key lives and who controls it.
Every wallet comes with two keys. The public key is like your email address. Share it around so people can send you coins. The private key is the password. Never share it. If someone else gets it, they can drain your wallet in seconds. If you lose it, there is no "forgot password" button. The coins are still on the blockchain, but nobody can ever touch them again.
Compare that to a bank. You put money in, the bank owes it back. FDIC insures up to $250,000 per account in the US. Rules, lawyers, regulators. Cryptocurrency has none of that built in. Crypto custody is where you decide how much of that safety net you want to build for yourself.
The three types of crypto custody
You have three options for keeping your crypto safe. Each one trades off control against ease of use.
Self-custody: you hold your own keys
You hold the keys yourself. Nobody can freeze your account, block your transfer, or tell you what to do. This is what people mean when they say "not your keys, not your coins."
Two flavors of wallets here:
Hot wallets are apps on your phone or laptop. MetaMask, Trust Wallet, Phantom. They connect to the internet, which is great for quick trades and DeFi. Downside: anything online can be hacked. Phishing emails, fake apps, malware on your device. It happens every day.
Cold wallets keep your keys offline. Ledger and Trezor are the big names. They are small USB-like gadgets that sign transactions on the device itself, so your key never touches the internet. You can also write your key down on paper, but that is old-school and easy to damage.
Here is how I think about it: a hot wallet is pocket cash. Carry what you would not cry over losing. Everything else goes into cold storage. Invity's advice is to buy a hardware wallet once your holdings hit about 10x the cost of the device itself. A $70 Ledger makes sense when you hold $700 or more.
The catch with self-custody is that nobody can bail you out. Lose your seed phrase (the 12 or 24 word backup for your wallet) and your funds are gone. Period. There is no support chat, no recovery team, nothing.
| Self-custody wallet type | Connection | Best for | Risk level |
|---|---|---|---|
| Hardware wallet (Ledger, Trezor) | Offline | Long-term holding, large amounts | Low (physical loss/damage) |
| Mobile hot wallet (Trust Wallet, MetaMask) | Online | Daily transactions, DeFi, small amounts | Medium (hacking, phishing) |
| Desktop wallet | Online | Regular use on a single device | Medium |
| Paper wallet | Offline | Archival cold storage | Low (physical destruction) |
Third-party custody: someone else holds the keys
This is closer to normal banking. You hand your crypto to a company, they safeguard the keys. When you buy bitcoin on a crypto exchange like Coinbase, Kraken, or Binance and leave it there, you are using third-party custody. The exchange holds the private keys. You hold a promise.
Some custodians take that promise very seriously. Coinbase Custody sits on $193 billion in digital assets, 12 years running, zero breaches. BitGo guards over $90 billion and picked up a federal banking charter from the OCC in December 2025. Fidelity Digital Assets, whose parent company manages over $4 trillion, scored the lowest default risk (0.39%) of any crypto custodian in Agio Ratings' Q1 2026 report.
These custody service providers layer cold storage, multisig wallets, encryption, and physical security to safeguard client assets. Most carry insurance too. Crypto.com has $120 million in coverage through Aon and Lloyd's. BitGo has a $100 million Lloyd's policy.
If you manage other people's money, the SEC says you need a qualified custodian. Since September 2025, state trust companies count. That opened the door for more firms to offer custody services.
But here is the uncomfortable part. You are trusting a company with your wealth. FTX held $8 billion in customer funds when it imploded in November 2022. Celsius owed $4.7 billion to users when it went bankrupt that same year. Mt. Gox lost 850,000 BTC back in 2014. When a custodian blows up, getting your money back is slow, uncertain, and sometimes impossible.
| Custodian | Assets under custody | Insurance | Federal charter |
|---|---|---|---|
| Coinbase Custody | $193 billion | Largest commercial hot wallet policy | Yes (indirect, via trust) |
| BitGo | $90+ billion | $100 million (Lloyd's) | Yes (OCC, Dec 2025) |
| Fidelity Digital Assets | Not disclosed | Available | Yes (OCC) |
| Anchorage Digital | Not disclosed | Available | Yes (federal bank, 2021) |
| Fireblocks | 1,800+ institutional clients | Available | Infrastructure provider |
Hybrid custody: splitting the difference
This one splits the keys between you and a provider. The most common version is a multisig wallet. Say you set up a 2-of-3 scheme: you hold one key, the custodian holds one, and a third sits in cold backup. Any two of the three can approve a transaction. No single point of failure.
MPC (multi-party computation) takes this further. The key is never whole in any one place. Instead, several parties each hold a fragment and run a joint signing process without ever seeing the full key. Fireblocks made this their thing and now serves over 1,800 clients, from banks to hedge funds.
I like hybrid custody because it hedges against your own mistakes. You cannot get wiped out by one hacked exchange, and you cannot lock yourself out by misplacing one key. 61% of institutions already run multi-custodial setups, per EY-Parthenon's 2025 numbers.
Who needs what: retail investors vs institutions
Crypto custody looks very different at $500 than at $500 million.
For retail investors
If you just bought your first $200 of bitcoin, leaving it on Coinbase or Kraken is fine. These exchanges spend real money on security and carry insurance. The SEC published a guide in December 2025 on custody basics for retail investors. Short version: think about how tech-savvy you are and what your risk tolerance looks like.
Once your portfolio crosses a few thousand dollars, finding a way to store your crypto yourself starts making sense. A hardware wallet costs $50 to $200. About 59% of crypto users already self-custody their cryptocurrency assets, per CoinLaw's 2025 data. The other 41% keep coins on exchanges.
For institutional investors
Whole different ball game. An EY-Parthenon and Coinbase survey in 2025 showed that 86% of large investors now hold digital assets. 85% plan to add more. When you run a fund, you need qualified custodians, SOC 2 audits, KYC/AML checks, and insurance. No shortcuts.
One big change: the SEC killed SAB 121 in January 2025 (replaced it with SAB 122). That old rule forced banks to list custodied crypto as debts on their own books. It made custody absurdly expensive for traditional banks. Now that the rule is gone, BNY Mellon, State Street, and others can actually compete with crypto-native firms.
Most large investors spread their crypto across several custody providers. If one goes down, they do not lose everything. Simple logic, hard to argue with.
How to choose the right crypto custody solution
Do not pick a crypto custody solution the way you pick a restaurant. Here is what matters:
Security setup. How does the provider store private keys? Cold storage, MPC, multisig, or a mix? What physical guards protect the servers? Ask for details. "Bank-grade security" is a marketing line, not an answer.
Legal status. Is the custodian a qualified custodian under SEC rules? Do they have a federal bank charter, a state trust charter, or a money sender license? Anchorage Digital is the only crypto firm with a full federal bank charter. Coinbase and BitGo work through OCC-regulated bodies. The legal status determines what your financial asset protections look like if things go south.
Insurance. Only 11% of crypto holders have any coverage on their assets, per Risk & Insurance data. The global insurance gap for crypto custody sits at $3.31 trillion. Ask what is covered (theft, hacking, insider fraud) and what is not (user error, phishing, code bugs, price drops).
Track record. How long has the custodian been around? Have they been hacked? How did they handle it? Coinbase has gone 12 years without a breach. That is rare in this space.
Fees. Third-party custodians tend to charge a yearly fee below 1% of assets, plus setup and withdrawal fees. Gemini, for example, charges a flat $125 per withdrawal. Some drop setup fees for big accounts. Weigh the cost of custody against the cost of losing everything.
Asset support. Does the custodian handle the coins you own? Can you stake, lend, or use DeFi from your account? The EY survey found that 76% of firms plan to buy tokenized assets by 2026, and 63% of custodians already offer them.
The regulatory landscape in 2026
Crypto custody rules have moved faster in the past 18 months than in the prior decade.
The SEC set up a Crypto Task Force in 2025, led by Hester Peirce, to build a clearer rule set. The team is working on who counts as a qualified custodian, what standards apply to digital asset custody, and how advisers should handle client crypto.
New York's NYDFS now requires "For Benefit Of" (F/B/O) labels on custodial accounts and forces SOC 1 and SOC 2 audits. These rules are becoming the baseline for custody providers across the US.
In Europe, MiCA (Markets in Crypto-Assets) took full effect in 2025. It sets custody and asset separation rules for any crypto service provider working in the EU. The UK, Singapore, and Hong Kong are building similar systems.
The upshot: cryptocurrency custody looks more like traditional financial services each year. That is good for safety and risk management across the crypto industry. It also means higher costs, which get passed to you.
The custody market is growing fast
The global digital asset custody market hit about $658 billion in 2025 and should reach $793 billion in 2026, per Research Nester. The custody provider market itself is set to grow from $3 billion in 2025 to over $7 billion by 2030, at a 13% yearly rate.
What is pushing this? Big money coming in. Hardware wallet sales alone hit $560 million in 2025, growing at 30% a year. Active crypto wallets worldwide passed 820 million. As pension funds, endowments, and large firms add crypto to their books, demand for safe, insured custody keeps climbing.
The next frontier is crypto custody for tokenized real-world assets: bonds, real estate, goods, and stocks turned into tokens on a blockchain. This is where custody meets the bigger shift of moving financial rails on-chain.
So what should you actually do?
New to crypto? Buy on a solid exchange, spend a weekend learning about wallets, and move to self-custody when you trust yourself with a seed phrase. Rushing into a hardware wallet before you understand how it works can backfire. A lost seed phrase is a worse outcome than Coinbase holding your keys.
Already holding serious money? Do not keep it all in one spot. Cold storage for the bulk. Hot wallet for what you use. Spread the rest across custodians if the numbers are big enough to justify it.
Running a fund or advising clients? The rules are now clearer than they have been at any point in crypto's history. Qualified custodians with federal charters, insurance, and audit trails exist. The hard part is no longer finding them. It is picking between them.
How should you think about crypto custody going forward? It is not a set-it-and-forget-it deal. Your custody setup should shift as your holdings grow, better tools come out, and the rules keep catching up. The only move that guarantees you lose is ignoring the question entirely.
