A Complete Guide to Self-Custody in Crypto: Security, Strategy, and Responsibility

Security, Strategy, and Responsibility

“Not your keys, not your coins.”

This popular phrase isn’t just a meme — it’s a fundamental truth of crypto ownership.

As the industry matures, self-custody is becoming one of the most important practices for any serious crypto person. In this complete guide, we’ll break down what self-custody means, why it matters, how to implement it safely, and how it fits into your broader crypto strategy — including tax reporting and how it works alongside centralized exchanges.

What Is Self-Custody in Crypto?

Just as a fast intro, for those who don’t know, one of the most important parts of Crypto is the way you protect your assets. You can have a wallet that has some “magical” properties, and it has 2 key components. The public key and the private key. As the name suggests, private means only you should own and access it. Public means people around the world could see it without being able to withdraw your assets (but they could use it to monitor all your transactions as the blockchain is public). When people deposit cryptos in your wallet, they are depositing funds in your address (also known as one of your public keys). When you withdraw crypto to somewhere else, you need to sign a transaction with your private key to prove the ownership of it and then broadcast it to the blockchain.

Self-custody refers to personally holding and managing your crypto assets — without relying on an exchange, custodian, or third party. You hold your private keys, and therefore control your funds.

In contrast, when your crypto is on a centralized exchange (CEX), you’re essentially giving someone else custody over your assets.

In self-custody:

• You control your crypto.

• You are accountable for the security and backup of your keys (if you lose it or if someone accesses it, you will probably lose all your crypto with low/zero chance of recovery).

• Your private keys protect your coins

• You can receive and send your crypto to other people or other places as you wish as long as you can find means (Internet, radio waves, smoke signals, etc.) to broadcast your signed transaction to the blockchain.

In centralized exchanges:

• You delegate your crypto for a trusted party

• Your selected exchange, your login and your password protects your coins (might be compromised due to a data leak, malware, exchange hack, exchanges with bad reputation, etc.)

• For everyone’s protection, requires advanced KYC for big operations, might freeze your funds if you seem suspicious

Core Concepts: Wallets, Seeds, and Private Keys

Private Key

A private key is a cryptographic code that proves ownership of crypto. Anyone with your private key can access and spend (withdraw) your funds.

Seed Phrase

Also called a recovery phrase, this is a human-readable version of your private key — typically 12 or 24 random words. It’s used to restore access to your wallets. As an analogy, think about the internet. When you decide to check on the best crypto content in crypto, you don't think twice: bitcoinsensus.com is the way to go. However, on the Internet, all websites have something called IP Address (something like 200.123.22.23). It is the real name of each website. However, it is way easier to memorize bitcoinsensus.com than to memorize its IP address (for example, 200.123.22.23). So to make our lives easier, you can just check bitcoinsensus.com and the Internet will figure out its IP (via a thing called DNS, but that is a subject for another post). In the end, the 12 or 24 words are just an easier to read human version of the binary values (like 0’s and 1’s) that in fact represent your private key.

As a curiosity, this way of representing the private key as words is commonly referred as BIP-39, proposed by the Bitcoin community around 2013. This way to represent private keys definitely helped a lot in the massification of crypto usage as it significantly improved the usability of private keys and proper storage of it.

For example, you can check bip-39 words here: https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt

For the curious Bitcoinsensus readers, let's present a didactic seed phrase (please don't use it or deposit funds as anyone reading this could withdraw funds from it).

able tiger joke skull whisper jelly outer muffin bring device ecology fossil

Let's pick one of the words, for example the first word “able”, which has index 3 in the bip list. This means the word able represents the number 3. In binary, 3 is 00000000011. If you generate the binary equivalent of all those words and concatenate them, you will have your key that will let you derive your private keys and public keys. It would be something like this:

00000000011

11101101000

01111000111

11001110111

11110101001

01110001100

10100101011

10011100101

00011111000

00111010111

01000010011

01010101010

❗️ Never share your seed phrase. If someone has it, they have full access to your funds.

Wallets

A wallet is an app or device that stores your private keys and interacts with the blockchain. It doesn’t hold your coins — it controls your access. Your coins are always on the blockchain, and the wallet you use is just a proxy to access the blockchain and to check/sign movements in your funds via your keys (credentials)

Types of Wallets:

• Hardware Wallets: Devices like Ledger, Trezor, ColdCard MK4, Krux (you can build your own wallet and install Krux firmware/code on it, really geeky :)). Extremely secure, but I would recommend you to do research as some hardware wallets were proved vulnerable to some sophisticated attacks. Also, always buy from official sites or reliable sources as there are some cases in which people purchased tampered wallets that actually allowed attackers to steal your funds by monitoring your keys.

• Software Wallets: Apps like MetaMask, Trust Wallet, Velto, or BlueWallet that you could install on your mobile device. Remembering that if this device gets hacked/virus/compromised your keys would be at risk, so ideally just keep smaller amounts of crypto on those wallets and ideally use it in devices fully dedicated to it to reduce attack surface.
  

• Paper Wallets: Printed or written-down private keys. Not recommended today. For example, if you used a website to generate it, it might be vulnerable as the seed was displayed online or maybe in a malicious/infected computer. In most paper wallets, anyone with access to the paper will be able to spend your money. Also, when using funds, you will have to eventually connect it to an Internet connected wallet to spend. And this format is not compatible with most modern wallet formats.
  

• Multisig Wallets: Require multiple approvals to authorize a transaction. Can be software wallet or hardware wallets as some of them already support multisig, which means multiple keys/devices are required to approve a withdrawal.

• [ADVANCED] Airgapped hardware wallets are devices designed to store your private keys completely isolated from the internet or any network-connected system. Unlike traditional hardware wallets that connect via USB or Bluetooth to access the interfaces, airgapped wallets operate offline at all times, drastically reducing the risk of malware, remote attacks, or data leaks. Transactions are typically signed using Embedded cameras, QR codes, microSD cards, or NFC, allowing secure communication without direct connectivity. This architecture makes airgapped wallets ideal for long-term, high-value storage where security takes priority over convenience. Popular examples include COLDCARD, Keystone, and Krux, all of which enable signing transactions in a fully disconnected environment — making them a favorite among security-conscious users.

Why Self-Custody Matters

1. Protects You from Exchange Risk
   We’ve seen collapses like FTX, Mt. Gox, Celsius, and others. When you self-custody, you’re not exposed to third-party insolvency or withdrawal freezes. It is not the first time an Exchange collapses, and definitely it is not the last time.

2. Censorship Resistance
   With your own wallet, no institution can freeze your funds or block your access to it.

3. Privacy (kind of)
   Most non-custodial wallets don’t require KYC. Your activity is public on-chain, but not necessarily linked to your identity. It means you can have more privacy, but all your wallet movements will stay forever in the blockchain.

4. Long-Term Control You decide when, how, and where your crypto moves. It gives you true financial autonomy.

5. Ownership For some enthusiasts, Crypto is the only true private property in the world. That means that no one can expropriate your coins and you can decide entirely what to do with it. Keep it, pass it to your kids or friends that deserve/honor it, or die and nobody else will ever have access to it.

How to Set Up Self-Custody (Step-by-Step)

Step 1: Choose a Wallet

• For long-term storage, use a hardware wallet (e.g., Ledger, Trezor, Coldcard MK4… pick one that is suitable for your level of knowledge).

• For everyday use and small amounts, consider a reputable software wallet.

Step 2: Write Down and Secure Your Seed Phrase

Your seed phrase is the master key to your crypto — protect it like your life savings depend on it (because they might). Ideally, pick an offline method to generate a seed. Good hardware wallets have good offline mechanisms to generate enough randomness/entropy to make a really secure seed. For example if you use Krux in your own assembled hardware, you can use its camera to capture a random image and generate entropy to your seed.

Start by writing down your 12 or 24 seed words offline.

• Never store it in cloud notes, screenshots, photos, or online devices.

• Use pen and paper only if you understand the risks of fire, moisture, and fading ink over time.

• Ideally, use metal backup methods that can withstand fire, water, and physical damage or offer redundancy like multi sig schemes or Shamir’s Shared Secrets (SSS) that allows setups like having 5 seeds (you can store each in a different place), and joining at least 3 of them, you can recover the private key.

• As additional security, someone who might have access to the 12 or 24 seed could possibly guess that it is a crypto seed. One way to better obfuscate it is by using different methods like perforated cards that map the seedwords into coordinates into a printed template, and for a normal person, it will look just like a random metal piece with some marks on it.

🔩 Recommended metal storage formats:

• Metal plates + engraving pen

Source: Codesteel website

Use a steel or titanium plate and engrave your seed with a diamond-tip engraving pen or metal punch set. This is one of the most durable approaches.

• TinySeed (tinyseed.io)
  
  A laser-cut titanium card designed for ultra-compact backups, compatible with popular wallets. Minimalist, highly durable, and travel-friendly.

Source: blockplate.com

• Perforated recovery cards (e.g., Blockplate, CryptoSteel Capsule)
  These use physical punch marks or tiles to encode each word or index securely and tamper-evidently.
  

• Concrete-embedded backups
  Some high-security users engrave their seed on a metal plate and then embed it into a concrete wall or foundation. This offers fire and theft resistance, especially if distributed across multiple physical locations.
  

Store your seed in multiple secure locations:

• A fireproof safe in your home

• A safety deposit box

• A hidden embedded location, such as behind tiles, in wall cavities, or inside poured concrete

• With a trusted legal advisor, encrypted or passphrase-protected if needed
  

We need to remember that anyone with access to your seed phrase can move your funds — no questions asked. That’s why it’s highly recommended to add an extra secret layer to your seed: something only you know, like a strong password. This extra “word” (on top of your 24 seed words) is called a passphrase.

Think of the passphrase as word number 25 — a sort of “bonus key” that transforms your seed into a completely different wallet. Even if someone finds your seed, without the passphrase they won’t see or touch your funds.

It’s important not to confuse a passphrase with a PIN code.

• PIN codes (like the 4- or 6-digit one you use on a hardware wallet) are simply there to lock the device, just like Face ID or fingerprint unlocking on a phone.

• If someone finds your hardware wallet and your PIN is something weak like “123456”, they could still easily access it.

But with a passphrase, the attacker would need to know this additional secret to open your real wallet. Without it, your funds remain invisible.

How powerful is a passphrase?

• You can combine any seed with any passphrase, and it will always generate a valid wallet.

• This means there’s no practical way to brute force it — an attacker would have to try every possible combination and check the blockchain for balances (which is virtually impossible).

• Some people even set up a “decoy wallet” (no passphrase, with small funds) and keep their main savings hidden behind a strong passphrase — this is called coercion protection.

One big rule:

If you forget your passphrase, your funds are gone forever. There’s no “forgot password” button in crypto.

Step 3: Withdraw Funds from Exchange

• Start with a small test transfer.

• Double-check the wallet address and if you are on the right network (Bitcoin, Ethereum, BNB, Solana). If you move funds to the wrong network, your funds might be lost forever.

• Once confirmed, transfer larger amounts.

Step 4: Test Recovery

• Reset the wallet on a separate device and use your seed phrase to restore it.

• Make sure the restored wallet reflects the correct balance.

Self-Custody and CEXes: How They Work Together

Self-custody doesn’t mean cutting out centralized exchanges (CEXes) entirely. In fact, many people use both:

Using self-custody in between trades allows you to reduce exposure to third-party risk without giving up liquidity or flexibility. Also, you need to consider the possibility of buying via P2P, but this comes with higher risks such as reputational risks, frauds, scams, etc. Or worse, if you get crypto marked as dirty (originated from a theft or illegal activities for example) from a P2P, there is a risk your money will get locked as soon as it touches a CEX and might generate an investigation on why you have dirty crypto and what is your relationship with the P2P person who was the previous owner of it.

The general recommendation is to ALWAYS purchase your crypto in reliable exchanges like our partners.

Self-Custody and Taxes

Holding crypto in self-custody doesn’t mean avoiding taxes. Tax liability is based on transactions, not wallet type. Please consider talking to a local lawyer or tax specialist before making decisions on how to declare crypto properly.

Taxable Events (in most countries):

• Selling crypto for fiat

• Trading one crypto for another

• Spending crypto on goods/services

• Earning crypto through staking, mining, or airdrops

Not Taxable:

• Buying crypto (in some countries, governments are taxing unrealized gains on crypto, so check if you live in a Country with those kind of rules)

• Transferring crypto between your own wallets. As a general rule, moving should not be taxable, as there is no tax generation factor (like making profits)

How to Track and Declare Self-Custody:

1. Use a Tax Tool
   Tools like Koinly, CoinTracking, or Accointing can track your self-custody wallets by address or API.
   

2. Label Wallets
   Identify which wallets are personal, business, or used for DeFi.
   

3. Keep Records
   Export wallet histories and match transactions with trades, earnings, and transfers.
   

4. Report Holdings (if required)
   Some countries require crypto holdings disclosure even if no trades are made.
   

💡 Reminder: Blockchain data is public. Tax authorities can request exchange data or link addresses to individuals.

Best Practices for Safe Self-Custody

🎁 Bonus: Always use a passphrase (25th word) for extra protection. If someone finds your seed phrase but doesn’t know the passphrase, they can’t access your funds.

Is Self-Custody Right for You?

Self-custody gives you independence — but it also comes with full responsibility.

Ask yourself:

• Am I comfortable managing my own backups and my own assets?

• Do I have a recovery plan?

• Can I teach this to a trusted family member?

If not, a hybrid model may work best:

• Use CEXes for buying/selling.

• Use self-custody for storage.

• Keep detailed records for tax purposes.

Final Thoughts: Take Control, Stay Secure

Self-custody is more than a technical choice — it’s a shift in mindset. It’s about owning your money without compromise.

Whether you’re a crypto veteran or a curious newcomer, learning to properly self-custody your assets is one of the most empowering things you can do. If you look online, lots of people who had to flee their birthplaces due to wars and conflicts, could bring their seeds and start over in a new place. However, all of their other assets like properties, cash, gold, goods, were lost forever. Crypto is one of the assets with the highest transportability capacity.

At Bitcoinsensus, we believe in equipping our readers with tools and knowledge — not just hype.

Take your time, learn the process, and protect what’s yours.

You don’t have to trust a third party — if you’re ready to trust yourself.