Sovereignty
Self-Custody
“Not your keys, not your coins.”
If your Bitcoin sits on an exchange, you don't actually own Bitcoin — you own an IOU from a company that could freeze, lose, or steal your funds tomorrow. Self-custody means holding your own private keys, making you the sole owner and controller of your Bitcoin.
Why this matters
Exchanges are not banks. They are not insured by the FDIC. They are not required to hold your Bitcoin in reserve. History has proven, repeatedly, that trusting a third party with your Bitcoin is a bet you will eventually lose.
Mt. Gox
The world's largest Bitcoin exchange at the time was hacked over several years. Customers waited a decade for partial repayment — at prices far below what Bitcoin later reached.
Celsius
Celsius froze all withdrawals overnight in June 2022 and filed for bankruptcy two months later. Customers had no access to their funds for over a year.
BlockFi
Filed for bankruptcy in November 2022 following the FTX collapse. Customers who held Bitcoin on BlockFi lost access and faced severe haircuts in recovery.
FTX
FTX, once the second-largest exchange in the world, collapsed in days. Sam Bankman-Fried was convicted of fraud. Creditors received repayments at petition-date prices — roughly $18k — long after Bitcoin recovered to six figures.
These are not edge cases. Since Bitcoin was created, hundreds of exchanges and custodians have failed, been hacked, or committed outright fraud.
Hot wallet vs. cold storage
Once you decide to self-custody, the next question is where to store your keys. There are two categories: hot wallets and cold storage.
Hot Wallet
Connected to the internet
- ✓Convenient for frequent transactions
- ✓Free — software only (e.g. Sparrow, BlueWallet)
- ✓Good for spending money you need access to
- ✗Keys exist on an internet-connected device
- ✗Vulnerable to malware, phishing, remote attacks
- ✗Not recommended for significant long-term savings
Best for: small amounts, day-to-day spending, Lightning Network
Cold Storage
Offline hardware wallet
- ✓Private keys never touch the internet
- ✓Immune to remote hacks and malware
- ✓Signing happens on a dedicated secure device
- ✓The standard for long-term Bitcoin storage
- ✗Costs $79–$350 for hardware
- ✗Slightly more friction for sending
Best for: anything you're holding long-term — your savings stack
Recommended hardware wallets
Only buy from the manufacturer's official website. All four wallets below are open-source and have strong track records in the Bitcoin community.
Coldcard
Mk5 / Q
The gold standard for Bitcoin security. Completely air-gapped, Bitcoin-only, with open-source and reproducible firmware. The Mk5 is compact; the Q adds a QWERTY keyboard and QR scanner. Preferred by advanced users and long-term holders.
~$157 – $239
Foundation Passport
Passport Prime
A premium, open-source, Bitcoin-focused hardware wallet built in the USA. The Passport Prime runs KeyOS (a Rust-based microkernel), supports offline operation, and is designed to be fully auditable. Beautiful hardware and outstanding documentation.
~$349
Trezor Safe 3
Safe 3 / Safe 5
The most beginner-friendly hardware wallet with the longest track record. Fully open-source and widely supported. Available in Bitcoin-only firmware. Connects via USB — not air-gapped, but an excellent starting point for most people.
~$79 – $169
Blockstream Jade
Jade Core / Jade Plus
An open-source, Bitcoin-focused wallet at an accessible price point. The Jade Plus is air-gapped with a camera for QR signing. Uses a 'virtual secure element' via blind oracle encryption. A great value for those who want Bitcoin-only security without the premium price.
~$99 – $170
How to set up self-custody
Follow these steps in order. Take your time — especially on the seed phrase backup. There are no password resets in Bitcoin.
Choose a hardware wallet
Pick one of the recommended wallets below based on your experience level and budget. Beginners: start with Trezor Safe 3 or Jade. Intermediate: Passport. Advanced: Coldcard.
Order directly from the manufacturer
Only buy from the official manufacturer website. Never buy a used hardware wallet or from a third-party marketplace like eBay — a tampered device could steal your Bitcoin.
Verify the packaging is intact
When your device arrives, check the tamper-evident seals and holographic stickers before opening. If anything looks tampered with, contact the manufacturer immediately.
Initialize your device
Follow the manufacturer's setup guide. The device will generate a seed phrase — 12 or 24 random words that are the master key to your Bitcoin. Do not rush this step.
Write down your seed phrase — offline only
Write your seed phrase on paper (or metal — see best practices below). Never type it into a computer, take a photo, or store it in any cloud service. Your seed phrase is your Bitcoin.
Verify your backup
Most devices will ask you to confirm your seed phrase on the device during setup. Take this seriously. A wrong word in your backup means lost Bitcoin if you ever need to recover.
Transfer your Bitcoin off the exchange
In your wallet software, generate a receiving address. Send a small test amount first. Verify it arrives. Then move the rest. Once confirmed, you — and only you — control your Bitcoin.
Best practices
Getting the hardware is the easy part. How you protect your seed phrase determines whether your Bitcoin stays yours.
Never store your seed phrase digitally
No photos. No screenshots. No notes apps. No Google Drive. No password manager. The only safe storage is physical — paper or metal.
Use metal backup for long-term storage
Paper burns and floods. Metal doesn't. Products like Cryptosteel, Blockplate, or SeedSigner plate backups protect against fire, water, and physical damage. Worth it for any meaningful amount.
Store copies in separate locations
Keep at least two copies of your seed phrase in different physical locations — your home and a trusted safe deposit box, for example. One fire shouldn't mean total loss.
Consider a passphrase (25th word)
Most hardware wallets support an optional passphrase — sometimes called the '25th word' — that adds a second layer of protection. Even if someone finds your seed phrase, they can't access your funds without the passphrase too.
Practice Bitcoin OPSEC
Don't tell people how much Bitcoin you own, that you use a hardware wallet, or where your seed phrase is stored. The weakest link in security is often what you share.
Test your recovery before loading funds
Before transferring significant funds, do a full recovery test using your seed phrase on a fresh device or via your wallet's recovery flow. Confirm it works before you depend on it.
🔑
Your keys. Your Bitcoin. Your responsibility.
Self-custody is not complicated — but it does require care. Take it seriously once and you never have to worry about an exchange blowing up with your Bitcoin inside it. That peace of mind is worth every step of the setup.
Questions? Bring them to the next Columbia Bitcoin meetup. Our community is happy to walk you through it.