Back to Blog

Security

How Bitcoin Custody Works: A Complete Explainer

Sable Research Team·July 3, 2026· 16 min read
How Bitcoin Custody Works: A Complete Explainer

Bitcoin custody is the practice of securing the cryptographic keys that control Bitcoin. Unlike a bank balance, which is an entry in a ledger the bank controls, Bitcoin is controlled by whoever holds the private key that can authorize a transaction. That single fact reframes the entire question of security: with Bitcoin, you are not protecting an account, you are protecting a secret. This explainer walks through exactly how that secret is generated, stored, and used, the models institutions and individuals use to protect it, and how to decide who should hold the keys to your coins.

The phrase "not your keys, not your coins" became a slogan after a decade of exchange failures, but it is also a precise technical description of how the Bitcoin network works. Whether you self-custody or use a managed platform like Sable, understanding custody is the difference between owning Bitcoin and owning a promise from someone who owns Bitcoin.

Key Takeaways

  • Bitcoin custody means controlling the private keys that authorize transactions — the coins never leave the blockchain; only the ability to move them changes hands.
  • Storage is a spectrum from hot (internet-connected, convenient, higher risk) to cold (offline, inconvenient, far more secure). Serious custodians keep the large majority of assets in cold storage.
  • The two dominant institutional key-security architectures are multi-signature (multisig), enforced by the Bitcoin protocol, and multi-party computation (MPC), enforced cryptographically off-chain. Each removes the single point of failure of one key.
  • A "qualified custodian" is a specific legal concept under US investment-adviser rules. In September 2025 the SEC issued no-action relief letting advisers treat state-chartered trust companies as qualified custodians for crypto.
  • Institutional-grade custody adds insurance, audited proof of reserves, and rehearsed recovery — the operational layer that individual self-custody usually lacks.
  • The right choice is not self-custody versus institutional custody in the abstract, but which model matches the amount at stake, your technical comfort, and your estate and tax situation.

What You Are Actually Securing: Keys, Not Coins

A common misconception is that Bitcoin is "stored" in a wallet the way cash sits in a physical wallet. It is not. Every bitcoin exists only as an entry on the blockchain, a shared public ledger replicated across tens of thousands of computers worldwide. What a wallet actually stores is a private key: a large, effectively unguessable number that proves you have the right to move the coins associated with a particular address. Sign a transaction with that key and the network accepts it; without it, the coins are permanently frozen.

This is why custody is fundamentally about key management. A thief who copies your private key can drain your coins from anywhere on earth, instantly and irreversibly. Lose the key with no backup and the coins are gone forever, still visible on the ledger but unspendable. There is no password reset, no fraud department, and no chargeback. Estimates of permanently lost Bitcoin run into the millions of coins — a large fraction of them from the early years when keys were treated casually. Custody, done properly, is the discipline that prevents both outcomes at once: theft and loss.

Physical Bitcoin coin resting on a dark reflective surface
Photo by André François McKenzie on Unsplash

Hot Storage vs Cold Storage: The Security Spectrum

The single most important variable in Bitcoin custody is whether the private key ever touches an internet-connected device. This defines the spectrum from hot to cold storage.

Hot Wallets

A hot wallet keeps keys on a device connected to the internet — a phone app, a browser extension, or an exchange server. Hot wallets are convenient: you can send and receive in seconds. That convenience is also the risk. Because the key exists on an online device, malware, phishing, or a server breach can potentially reach it. Hot wallets are appropriate for small, working balances, the digital-asset equivalent of the cash in your pocket, not the money in your vault.

Cold Wallets

A cold wallet keeps keys on a device that is never connected to the internet: a dedicated hardware wallet, an air-gapped computer, or a signing device in a physical vault. Transactions are prepared online, signed offline, and only the finished (already-signed) transaction is broadcast. Because the key never touches a networked machine, remote attackers have nothing to reach. This is why every credible custodian, including Sable, keeps the overwhelming majority of client assets in cold storage. Our security page describes the specific architecture we use.

The custody security spectrum (illustrative risk profile)
Exchange hot walletHighest risk
Personal hot wallet (phone/browser)High
Single hardware wallet (cold)Moderate
Multisig / MPC cold storageLowest risk
Relative exposure to remote theft, illustrative. Lower bars indicate a smaller attack surface, not zero risk.

Eliminating the Single Point of Failure: Multisig and MPC

A single key, however well hidden, is a single point of failure. If it is stolen, the coins are gone; if it is lost, the coins are frozen. Institutional custody solves this by requiring multiple independent keys to authorize any movement, so that no one device, person, or location can act alone. Two architectures dominate in 2026.

Multi-Signature (Multisig)

A multisig arrangement requires a threshold of independent keys to sign a transaction — for example, two of three, or three of five. Each key is a complete, standalone private key, and the requirement is enforced by the Bitcoin protocol itself. A common institutional setup places keys in geographically separated vaults, held by different people or entities, so that compromising one location accomplishes nothing. Multisig is transparent (the rules are visible on-chain) and battle-tested, and providers such as Casa and Unchained have made it available to individuals as well as institutions.

Multi-Party Computation (MPC)

MPC takes a different approach. Instead of several complete keys, it mathematically splits a single key into shares distributed across independent parties, and the full key is never assembled in one place at any moment. Signing happens collaboratively across the shares without ever reconstructing the whole key. As custody-technology firm Fireblocks explains, MPC operates at the cryptographic layer rather than the blockchain protocol layer, which lets signing policies be updated and key shares refreshed without moving funds to a new address. This operational flexibility has made MPC the default for many large custodians managing assets across dozens of blockchains.

PropertyMulti-signature (Multisig)Multi-party computation (MPC)
Where enforcedOn-chain, by the Bitcoin protocolOff-chain, by cryptography
Keys involvedMultiple complete, independent keysOne key split into shares; never reassembled
Changing the signing policyUsually requires moving funds to a new addressCan be updated without an on-chain transaction
Cross-chain supportBitcoin-native; varies by chainConsistent across many blockchains
TransparencyRules visible on-chainRules kept off-chain / private
Typical usersIndividuals and institutionsInstitutional custodians at scale
Multisig and MPC both remove the single-key point of failure; they differ in where the security is enforced and how they operate day to day.

The Two Big Custody Models: Self vs Institutional

All of the above technology gets packaged into one of two broad models. Everything else is a variation on these two.

Self-Custody

You hold your own keys, typically on one or more hardware wallets, and you alone are responsible for security, backups, and recovery. Self-custody delivers the purest form of ownership: no counterparty can freeze, lend, or lose your coins, because no counterparty is involved. The cost is total personal responsibility. A house fire that destroys your only seed-phrase backup, a forgotten passphrase, or a sophisticated phishing attack falls entirely on you. For technically confident holders willing to build and rehearse a real backup and inheritance plan, self-custody is a legitimate and powerful choice.

Institutional (Third-Party) Custody

A qualified custodian or managed platform holds the keys on your behalf using the multisig or MPC systems described above, wrapped in insurance, audits, and professional operations. You trade some direct control for a team whose full-time job is security, and for protections — insurance, proof of reserves, disaster recovery — that are difficult for an individual to replicate. The critical caveat, learned expensively in 2022, is that not all "custody" is equal: an unregulated exchange holding your coins in a commingled hot wallet is custody in name only. The failures of FTX and Celsius were, at root, custody failures, in which customer coins were treated as the platform’s own. We examine how strong platforms avoid this in our guide to evaluating a digital-asset platform.

ConsiderationSelf-custodyInstitutional custody
Who holds the keysYouA regulated custodian or platform
Counterparty riskNonePresent — must be diligenced
InsuranceRare / self-arrangedStandard at reputable custodians
Recovery if you make a mistakeNone — errors are finalSupport and recovery procedures
Best suited toTechnical holders, long-term storageLarger balances, yield, estate simplicity
Operational burdenHigh (all on you)Low (handled for you)
Self-custody and institutional custody solve different problems; many serious investors use both, keeping a self-custodied core and a managed allocation for yield and convenience.
Abstract three-dimensional render of interconnected secure nodes
Photo by Shubham Dhage on Unsplash

What "Qualified Custodian" Actually Means

In US regulation, "qualified custodian" is not marketing language; it is a defined term under the Investment Advisers Act custody rule. Registered investment advisers are generally required to hold client assets with a qualified custodian — historically a bank, a broker-dealer, or a futures commission merchant. For years, the open question was whether crypto-native custodians could qualify. That question moved forward in September 2025, when the SEC’s Division of Investment Management issued no-action relief allowing advisers and registered funds to treat certain state-chartered trust companies as qualified custodians for crypto assets, subject to conditions.

For an investor, the practical takeaway is to ask a platform a direct question: who is the qualified custodian, and under what regulatory framework do they operate? A credible answer names a specific, regulated entity. A vague answer, or a claim that the platform is its own unregulated custodian of commingled funds, is a red flag. The SEC’s own custody-rule modernization work signals that this area is being actively formalized, which favors platforms already structured around regulated custody.

The Operational Layer: Insurance, Proof of Reserves, and Recovery

Beyond keys, professional custody is defined by three operational safeguards that individuals rarely replicate on their own.

Insurance

Reputable custodians carry insurance policies — often underwritten through specialist markets such as Lloyd’s of London — that cover specific loss scenarios, most commonly theft of assets in cold storage and, sometimes, employee dishonesty. Insurance is not a blanket guarantee; policies have limits and exclusions, and market-price declines are never covered. But the presence of a real, named policy is a meaningful signal that a third party has underwritten the custodian’s security practices. It is reasonable to ask what is covered, for how much, and by whom.

Proof of Reserves

Proof of reserves is a cryptographic method for a custodian to demonstrate it actually holds the assets it claims. An independent auditor takes an anonymized snapshot of customer balances, hashes them into a Merkle tree — a data structure that produces a single fingerprint (the Merkle root) representing all balances — and verifies that on-chain holdings match total liabilities. Individual customers can then confirm their own balance was included without revealing anyone’s data. Exchanges such as Kraken publish regular proof-of-reserves attestations verified by outside accountants. The best practice includes proving liabilities, not just assets, since a reserve number is meaningless without knowing what is owed against it.

Rehearsed Recovery and Redundancy

Finally, mature custody assumes that things will go wrong and plans for it: geographically distributed key shares so no single disaster is fatal, documented and tested recovery procedures, and redundancy in both hardware and personnel. This is unglamorous work, and it is precisely what distinguishes an institution from an enthusiast with a hardware wallet in a drawer.

95%+
Share of digital assets serious custodians keep in offline cold storage
2-of-3+
Typical minimum signing threshold in institutional multisig setups
2022
The year exchange failures made "not your keys, not your coins" mainstream

How Sable Approaches Custody

Sable is built around institutional custody rather than asking clients to run their own security stack. In practice that means the large majority of digital assets are held in geographically distributed cold storage with multi-signature approvals, holdings carry institutional insurance, and data is encrypted in transit and at rest. Clients add their own protection at the account layer — starting with two-factor authentication and withdrawal controls — while the custody engineering happens behind the scenes. The full model, including how deposits and withdrawals are handled, is documented on our how it works and security pages, and summarized in the FAQ.

Choosing a Custody Model: A Short Decision Guide

There is no single correct answer, only a correct answer for your situation. A few honest heuristics:

  1. 1Match the model to the amount. Small, active balances can live in a reputable hot wallet. Meaningful long-term holdings belong in cold storage — self-custodied or with a qualified custodian.
  2. 2Be honest about your technical discipline. Self-custody is only as strong as your worst backup habit. If you would not confidently pass a fire, theft, and death test on your own setup, institutional custody is the safer default.
  3. 3Plan for inheritance from day one. Coins that only you can access die with you. Whether you self-custody or use a platform, document how heirs recover the assets. We cover this in our risk-management concepts guide.
  4. 4Diligence any third party in writing. Ask who the qualified custodian is, what insurance covers, and whether proof of reserves is published. A platform unwilling to answer disqualifies itself.
  5. 5Consider using both. Many investors keep a self-custodied core for sovereignty and a managed allocation for yield and convenience — the same logic wealthy investors apply, as covered in our high-net-worth allocation report.

Frequently Asked Questions

What is Bitcoin custody in simple terms?+

Bitcoin custody is the practice of securing the private keys that control your Bitcoin. Because the coins themselves live permanently on the blockchain, "holding" Bitcoin really means holding the secret key that can authorize moving it. Custody is the set of methods — hardware wallets, cold storage, multisig, MPC, qualified custodians — used to keep that key safe from both theft and loss.

Is it safer to hold my own Bitcoin or use a custodian?+

Neither is universally safer; they fail in different ways. Self-custody removes counterparty risk but puts theft, loss, and recovery entirely on you. A reputable institutional custodian adds insurance, audits, and professional security but introduces counterparty risk you must diligence. For large balances, most investors are better served by a regulated custodian or a mix of both, provided the custodian can name its qualified custodian, insurance, and proof-of-reserves practices.

What is the difference between hot and cold storage?+

Hot storage keeps keys on an internet-connected device, which is convenient but exposed to remote attacks; it suits small working balances. Cold storage keeps keys completely offline, so remote attackers have nothing to reach; it is the standard for long-term and large holdings. Serious custodians keep the large majority of assets in cold storage and only a small operational float hot.

What does "not your keys, not your coins" mean?+

It means that if a third party holds the private keys, you own a claim on that party, not the Bitcoin itself. If they are hacked, become insolvent, or freeze withdrawals, your coins can be at risk — as happened in the 2022 exchange failures. The phrase is a reminder to understand exactly who controls the keys behind any balance you hold, and under what protections.

How does Sable custody client Bitcoin?+

Sable uses institutional custody: the large majority of digital assets are held in geographically distributed cold storage secured with multi-signature approvals, holdings carry institutional insurance, and client data is encrypted in transit and at rest. Clients secure their own accounts with two-factor authentication and withdrawal controls. The full approach is described on the security and how it works pages.

References and Further Reading

Disclosure: This article is for informational and educational purposes only and does not constitute investment, legal, or tax advice. Nothing here should be construed as a recommendation to buy or sell any security or asset. Investing involves risk, including possible loss of principal, and past performance is not indicative of future results.
The intelligent investor's platform
Selective Onboarding

Ready to grow your
wealth intelligently?

Join a select group of executives, entrepreneurs, and institutional investors who trust Sable to protect and grow their capital with AI-driven precision.

Accredited investors only. Past performance is not indicative of future results. Minimum investment requirements apply.