Crypto Wallets, Exchanges, and Custody

Keys, Addresses, and How Ownership Actually Works

Before wallets, exchanges, or custody make sense, you need to understand the underlying mechanic: in crypto, ownership is not an account at a company. It is cryptographic proof. Every Bitcoin address is derived from a private key — a 256-bit number so large that guessing one in use is effectively impossible (there are more possible Bitcoin private keys than atoms in the observable universe). The private key proves you control the address; the address is what others see when they send you crypto.

When you "receive" crypto, nothing physical moves. The blockchain — the globally distributed ledger — simply updates its record to show that a particular balance is now associated with your public address. Your wallet software reads this ledger and displays a number. The coins themselves are ledger entries, not files. This is why the phrase "you are your own bank" carries real weight in crypto: there is no bank vault, no company database, no central authority that tracks who owns what. Ownership is proven solely by possession of the private key that corresponds to the address where the coins sit.

A seed phrase (also called a recovery phrase or mnemonic) is the human-readable representation of your wallet's master private key, standardised under the BIP-39 protocol. From 12 or 24 ordinary English words, your wallet deterministically derives every private key and address it will ever use. This is why seed phrases are so powerful and so dangerous: if you lose your device but have the seed phrase, you can recover everything. If someone else obtains your seed phrase, they own everything in your wallet, permanently and irrecoverably. Unlike a bank account, there is no fraud department to call, no chargeback, no password reset. Transactions on-chain are final.

The practical implication: write your seed phrase on paper (or engrave it on a fireproof metal plate), store copies in multiple secure physical locations, never photograph it, never type it into any digital device except the hardware wallet you are initialising, and treat it with the same security as the combination to a vault containing your entire net worth. In 2021, a Welsh IT worker named James Howells discarded a hard drive containing the private key to 8,000 Bitcoin (worth over $300M at that time's prices). He has spent years trying to get permission to excavate the Newport landfill site where it is buried. Permission has been repeatedly denied. The coins remain permanently inaccessible, not because of a hack, but because of a single decision about where to store a private key.

Public addresses — the strings of letters and numbers you share with others to receive funds — are derived from your private key through a one-way mathematical function. You can share your public address freely; it is like an email address. What you must never share is the private key or seed phrase that controls it. This asymmetry (public key: share freely; private key: never share) is the foundation of public-key cryptography and the reason crypto can be trustless: you can prove you control an address without ever revealing the underlying secret.

Hot Wallets vs Cold Wallets: The Security Trade-Off

Once you understand that ownership equals private key control, the wallet security question becomes: where is that private key stored, and what can reach it? The core distinction in all crypto storage solutions is between hot storage (connected to the internet) and cold storage (air-gapped or never connected). Every wallet sits somewhere on this spectrum, and the right choice depends on how much you hold, how frequently you need access, and how much operational complexity you are willing to manage.

Hot Wallets: Software and Browser Extensions

Hot wallets — MetaMask, Trust Wallet, Phantom, Rainbow — are software applications that store your encrypted private key on your device (phone or computer) and connect to the internet to broadcast transactions. They are convenient: you can sign a transaction in two clicks, interact with DeFi protocols, approve NFT purchases, and switch between networks instantly. They are also the first target of every crypto attack vector. Malware can scan your device for wallet files. Browser extensions can be compromised through malicious updates. Clipboard hijackers can silently replace a destination address you copied with the attacker's address. Phishing sites mimic legitimate DeFi interfaces and request approvals that drain your wallet.

In March 2022, a critical vulnerability in the Ronin Network bridge (used by the Axie Infinity game) was exploited by Lazarus Group (a North Korean state-sponsored hacking operation) for $625M in ETH and USDC. The attack succeeded because private keys controlling the bridge's validator nodes were compromised. In October 2022, a Binance Smart Chain bridge was exploited for $570M. In February 2022, Wormhole (a cross-chain bridge) lost $320M. These are institutional examples, but the same attack vectors — compromised keys, malicious approvals, social engineering — work at the individual level. Hot wallets are appropriate for funds you are actively using; they are not appropriate for long-term holdings.

Hardware Wallets: Cold Storage with Usability

Hardware wallets — Ledger Nano X, Trezor Model T, Coldcard — solve the hot wallet problem through a single architectural principle: the private key is generated inside a dedicated secure element chip and never leaves it. When you want to sign a transaction, your computer sends the unsigned transaction data to the hardware device. The key signs it internally. Only the signed transaction is returned to your computer. Even if your computer has malware, the attacker sees only the signed transaction, which is useless without the private key that created it. The key itself is never exposed to any internet-connected device.

Hardware wallets are the gold standard for individual investors with meaningful holdings. They support thousands of cryptocurrencies, can connect to DeFi interfaces (MetaMask can be set to use a Ledger as its signing device), and typically cost between $80 and $250. The trade-offs are real but manageable: you must have the physical device to sign transactions, so day-trading from a hardware wallet is cumbersome. The device itself can be lost or damaged — but as long as you have your seed phrase, you can recover everything onto a new device. The critical risk is supply chain attacks: always buy hardware wallets directly from the manufacturer's official website, never from third-party Amazon sellers or secondhand markets. Tampered devices have been sold with pre-compromised seeds.

At the extreme end of the cold storage spectrum are air-gapped devices — hardware wallets that never connect to a computer via USB. Coldcard (the preferred device of many Bitcoin maximalists and institutional custodians) operates via SD card: you export the unsigned transaction to an SD card, insert it into the Coldcard offline device, sign it internally, export the signed transaction on a new SD card, and broadcast it from an online computer. The device never touches the internet. This is the standard used by institutions and individuals with holdings in the millions. For most individual investors, a hardware wallet like Ledger or Trezor provides excellent security with practical usability.

Centralised Exchanges, Decentralised Exchanges, and the FTX Lesson

The two dominant ways to trade crypto — centralised exchanges (CEX) and decentralised exchanges (DEX) — represent fundamentally different architectural philosophies around custody. Understanding both is essential, because the choice is not simply about trading fees or liquidity: it is about what risks you are accepting and what risks you are eliminating.

Centralised Exchanges: The Familiar Model with Hidden Risk

Coinbase, Kraken, Binance, Gemini, and Robinhood are CEXs: companies that hold your crypto in custody, match your buy and sell orders through an internal order book, and show you a balance in your account. They are the easiest way to get started — they accept bank transfers and credit cards, have mobile apps, offer customer support, and are increasingly regulated. For most newcomers buying their first $500 of Bitcoin, a reputable regulated CEX is the sensible starting point.

The risk is counterparty risk — the exchange must be solvent, honest, and accessible when you want your funds. Most exchanges are. But the history of crypto is also a history of exchange failures: Mt. Gox lost 850,000 Bitcoin in 2014, at the time representing 7% of all Bitcoin in existence. Bitfinex was hacked for 120,000 BTC in 2016. QuadrigaCX collapsed in 2019 when its founder died as the sole holder of cold wallet keys. Celsius Network froze withdrawals and filed for bankruptcy in 2022, leaving 1.7 million customers locked out of approximately $4.7B. And then FTX.

Decentralised Exchanges: Trustless by Design

A DEX like Uniswap, Curve, dYdX, or Raydium is a set of smart contracts deployed on a blockchain. When you trade on Uniswap, you connect your own wallet (MetaMask, Ledger), approve the transaction, and the smart contract executes it directly: tokens move from your wallet to the liquidity pool, and the tokens you are buying move from the pool to your wallet, atomically, in a single transaction. No company holds your funds at any point during the trade. If Uniswap Labs (the company that built the interface) goes bankrupt tomorrow, the smart contracts on Ethereum continue operating as long as Ethereum does, and anyone can access them by building a different frontend.

This architecture eliminates counterparty risk by construction. A DEX cannot be fraudulent in the FTX sense because it never holds user funds. It cannot freeze your account because there is no account — only wallet addresses and smart contracts. It cannot require KYC because it has no user database. For these reasons, DEX usage has grown substantially: Uniswap processes over $1B in weekly trading volume. The trade-offs are equally real: DEXs have no fiat on-ramps (you must already hold crypto to trade), slippage on large orders can be significant, gas fees for on-chain transactions can be expensive during network congestion, and smart contract bugs represent a genuine risk (the 2016 DAO hack drained $60M from a smart contract that functioned exactly as programmed but had a reentrancy vulnerability its designers did not anticipate).

Building a Personal Custody Strategy

Most experienced crypto participants use all three: a reputable CEX for fiat on/off-ramping and liquid trading capital; a hot wallet for DeFi interaction and active positions; a hardware wallet for long-term savings. The allocation of funds across these should mirror the risk tolerance for each: the funds on a CEX are exposed to counterparty risk, the funds in a hot wallet are exposed to malware and phishing, and the funds in a hardware wallet are exposed only to physical security failures and seed phrase management.

The phrase "not your keys, not your coins" was coined long before FTX — Bitcoin maximalists repeated it for a decade before the collapse made it mainstream. The phrase captures a precise technical reality: if you do not control the private key, you do not own the asset in any cryptographic sense. You own a claim against an institution, and that institution's solvency, honesty, and regulatory environment determine whether you can ever access those funds. Self-custody is not paranoia — it is the realisation of the property rights that are crypto's core value proposition. Used correctly, it means no institution can freeze, seize, or misuse your assets. Used carelessly, it means you have no recourse when mistakes happen. The goal is to use it correctly.