Reference
“Not your keys, not your coins” — but with a real cost-benefit.
Self-custody eliminates exchange-failure risk. It introduces key-management risk, which has historically claimed more retail crypto than exchange failures have. A practical custody framework for retail-size holdings.
The two ends of the custody spectrum
- Centralised exchange (CEX): Coinbase, Binance, Kraken, Gemini hold your tokens in custody. You log in with email + password (+ 2FA), and your “account” is essentially a database entry on the exchange's books. Easy. Subject to exchange failure (FTX, Mt. Gox, QuadrigaCX, BlockFi, Celsius — every cycle has had at least one major loss event).
- Self-custody hardware wallet: Ledger, Trezor, Coldcard. You hold the seed phrase. You are the entire security perimeter. No counterparty risk. But: lose the seed phrase, lose the assets. Forever.
The historical retail-loss statistics
| Cause of loss | Estimated lifetime retail crypto lost | Notes |
|---|---|---|
| Lost seed phrase / forgotten wallets | ~3.7M BTC | ~17% of all BTC ever mined; effectively unrecoverable |
| Exchange failures (cumulative) | ~$30B+ USD value | Mt. Gox, FTX, Celsius, BlockFi, QuadrigaCX, etc. |
| Phishing / social engineering | ~$5B+ USD value | Largely irreversible; on-chain transfers cannot be undone |
| Smart-contract exploits / rug pulls | ~$10B+ USD value | DeFi-specific; concentrated in smaller-cap tokens |
| Hardware wallet failure (without backup) | unknown | Statistically rare with modern devices; user-error dominates |
The order of magnitude: lost-seed-phrase losses dwarf exchange failures. The “safety” of self-custody is conditional on the user managing keys correctly across decades.
Practical custody framework for retail holdings
A reasonable allocation by holding size:
- Under $5,000 total: Reputable centralised exchange with 2FA enabled. The exchange-failure tail risk is real but the user-error risk of self-custody at small balances is higher.
- $5,000 – $50,000: Mix. Active-trading portion on a regulated exchange (with clear reserves attestations — Coinbase, Kraken, regulated EU venues). Long-term hold portion on a hardware wallet with a tested-recovery-procedure seed-phrase backup.
- Over $50,000: Hardware wallet (Ledger, Trezor) for the long-term hold. Multi-signature setup (Casa, Unchained, or self-managed multi-sig) for amounts above $250k. Active-trading portion remains on a regulated exchange but capped to a small percentage of total holdings.
The seed phrase
The seed phrase is the asset. Not the hardware device, not the
exchange password — the 12 or 24 words that derive every key. Lose the device,
buy a new one and recover from seed. Lose the seed, lose the assets permanently.
Backup with redundancy: two physical copies in geographically separated locations,
one of which is fireproof and waterproof. Never photograph the seed (cloud backup);
never store it in any digital form.
Exchange selection criteria
If you must use an exchange, look for:
- Proof-of-reserves attestations by reputable auditors (Mazars, Armanino — though both have stepped back from crypto attestations post-FTX).
- Regulated jurisdiction: Coinbase (US public, NASDAQ-listed), Kraken (US bank charter), Gemini (NYDFS BitLicense), Bitstamp (Luxembourg CSSF). Not the strongest possible regulation, but materially better than offshore.
- Insurance coverage: Some exchanges carry crime/cyber insurance on hot-wallet balances. Read the policy — many cover only specific failure modes.
- Withdrawal track record: If you cannot withdraw your assets within a reasonable timeframe even today, the exchange has a problem. Verify withdrawals work for moderate amounts before concentrating large balances.
What this has to do with the calculator
The calculator computes P&L. But the P&L only matters if you can withdraw the proceeds — on-chain or to fiat. The custody decision determines whether your computed P&L is realisable. Holding all proceeds on a small offshore exchange that may close access at any time means the calculator's reported profit is theoretical.