Custodial vs. Non-Custodial: Who Really Holds Your Crypto?

When you buy crypto through an app, a question most people never ask is: where do the coins actually live? The answer comes down to who controls the keys. That detail separates crypto's two custody models and determines what can go wrong — and who can help when it does. This guide explains both models in plain terms and offers a practical way to choose.

It all comes down to the keys

Crypto is not stored inside an app or on your phone. Coins exist as records on a blockchain, and what you actually control is a private key — a secret code that authorizes spending from a particular address. Whoever holds that key controls the coins, regardless of whose name is on the account. Every custody arrangement is just an answer to the question: who holds the key — you, or someone else?

Custodial: convenience, with counterparty risk

With a custodial wallet — an arrangement where an exchange or app holds the private keys on your behalf — the experience feels like online banking. You log in with a password, reset it if you forget, and call support if something breaks. For buying, selling, and active trading, this is the easiest path.

The trade-off is counterparty risk — the chance that the company holding your assets fails, freezes withdrawals, or misuses funds. The cautionary tale is FTX. In November 2022, the exchange collapsed with roughly $8 billion in customer money missing; founder Sam Bankman-Fried was convicted of fraud and sentenced to 25 years in prison. Customers waited years for repayment, and claims were valued at the low crypto prices of November 2022, not what the coins were worth later.

Canadians should also know that the safety nets covering traditional accounts do not extend here. CIPF, which protects clients when an investment dealer becomes insolvent, explicitly excludes crypto assets (cash in a trading account may be covered, but not the coins). CDIC insures bank deposits, not crypto.

Non-custodial: control, with full responsibility

A non-custodial wallet is software or a hardware device where you alone hold the private keys, usually backed up by a seed phrase — a list of 12 or 24 words that can regenerate your keys on any compatible wallet. No company can freeze your funds, lose them in a bankruptcy, or block a withdrawal.

The flip side: there is no reset button. Lose the seed phrase and the coins are gone; researchers estimate that millions of bitcoin are likely stranded forever in inaccessible wallets. Type a phrase into a fake "support" site and a thief drains everything in minutes. Send funds to a wrong address and no one can reverse it.

"Not your keys, not your coins" — read fairly

The slogan is accurate: with a custodian, you legally hold a claim against a company, not the coins themselves. But it is not a rule that self-custody is always right. Custody is often the sensible choice when:

• The amount is small enough that an exchange failure would sting, not devastate.
• You trade actively and need funds on an exchange anyway.
• You use a regulated platform or an institutional-grade custodian with audits and insurance.
• You honestly would not protect a seed phrase well — self-custody mistakes are just as final as exchange failures.

Hybrid options

Two middle-ground designs are worth knowing. Multisig — a wallet that requires multiple keys (say, 2 of 3) to approve a transaction — means no single lost key or single thief is fatal. MPC (multi-party computation) wallets split one key into shares held by different parties, so no complete key ever sits in one place. Many newer apps use MPC to blend self-custody with account recovery.

A simple decision framework

• Just starting, small amounts: a regulated custodial platform is reasonable while you learn.
• Meaningful savings you plan to hold: move long-term holdings to a hardware wallet, and practice with a small test transfer first.
• Large holdings: consider multisig, an MPC setup, or a qualified custodian — and never store the seed phrase digitally.

The bottom line

Custodial means trusting a company; non-custodial means trusting yourself. Both models have produced painful failures — exchange collapses on one side, lost seed phrases on the other. Match the model to the amount at stake and your own discipline, and revisit the choice as your holdings grow. This guide is for educational purposes only and is not financial advice.

Sources

• Canadian Investor Protection Fund — About CIPF Coverage
• U.S. Department of Justice — Samuel Bankman-Fried Sentenced to 25 Years
• Bitcoin.org — Securing Your Wallet