Who actually holds your assets

When you hold crypto on an exchange, you do not hold crypto in the way you hold cash in your pocket. The exchange controls the private keys; what you hold is a claim — an entry in the exchange’s ledger saying it owes you a certain amount of a certain asset. This is exactly how a bank works, and it is neither scandalous nor automatically safe. It is a trade: you give up direct control and in exchange get convenience, instant trading, and recoverability. The point of this lesson is to make that trade visible so you can decide how much of it you want.

Understanding custody also explains some everyday mechanics that otherwise seem like magic — why trades settle instantly with no network fees, why withdrawals are the only operation that touches a blockchain, and why the questions in the next lesson, about proof of reserves, matter at all.

The ledger and the vault

An exchange runs two systems side by side. The internal ledger records who owns what — your balances, everyone else’s balances, every trade. The vault is the set of actual blockchain wallets where the underlying coins sit. When you trade, only the ledger changes: a trade matched against the live order book moves numbers between accounts instantly, with no blockchain involved, which is why it is fast and carries no network fee. Only deposits and withdrawals cross the boundary between the vault and the outside world.

This architecture is what makes a modern exchange possible — you could not run a live order book if every fill had to wait for block confirmations. It also defines the central honesty question of the business: do the coins in the vault actually match the claims on the ledger? Holding the keys is the responsibility; the ledger is the promise.

Hot wallets and cold storage

Not all of the vault is equally exposed. Wallets connected to the internet — hot wallets — are needed to process withdrawals quickly, but anything online is, by definition, reachable by attackers. So well-run platforms keep only a small operational fraction hot and store the bulk in cold storage: private keys generated and kept on devices that have never touched the internet, often split across multiple locations and multiple people, so that no single person or single break-in can move funds.

• Think of it like a bank branch: a modest float in the teller drawer, the rest in the time-locked vault.
• If a hot wallet is compromised, losses are capped at the float — painful but survivable. Cold storage breaches are vastly harder, requiring physical access plus multiple insiders.
• The visible side effect: very large withdrawals sometimes take longer, because they require a deliberate, multi-person transfer out of cold storage. Mild inconvenience here is the sign of the system working.

Segregation: whose assets are whose

The second pillar of honest custody is segregation — keeping customer assets separate from the company’s own operating funds. The dishonorable history of finance, traditional and crypto alike, is full of firms that dipped into the customer pool to fund operations, cover losses, or chase yield, and the story always ends the same way: a gap nobody can explain, discovered exactly when everyone wants their money at once.

Segregation matters most in the worst case. If a platform fails with customer assets properly segregated, those assets stand apart from the company’s debts, and customers have a far stronger claim to getting them back. If everything was commingled, customers may find themselves in line behind banks and landlords as unsecured creditors. The legal details vary by jurisdiction, but the principle is universal: your assets being bookkept separately from the company’s money is the difference between a bad month and a catastrophe.

Self-custody: the other end of the trade

The alternative is holding your own keys in your own wallet, with the keys backed up as a seed phrase — a list of words that can regenerate everything. Self-custody removes the exchange from the equation entirely: no platform failure, no frozen withdrawals, no counterparty. It also removes the safety net. There is no password reset for a seed phrase. Lose it, and the assets are unreachable forever; let someone photograph it, and they own everything it controls. Nobody can freeze a thief’s transaction or reverse your own mistake.

• Exchange custody fails through hacks, mismanagement, or insolvency — rare but headline-grabbing events.
• Self-custody fails through lost phrases, phishing, fire, theft, and simple human error — quiet, individual, and far more common than people assume.
• Self-custody also has an inheritance problem: if nobody you trust can find and use your backup, your assets die with you.

A split that respects both risks

The practical answer for most people is not either-or. Keep what you actively trade on the exchange, where the order book is; consider moving long-term holdings to self-custody if — and only if — you are confident in your backup discipline. A seed phrase you might lose is more dangerous to you than a well-run platform. Whatever the split, judge a custodian by the things this lesson described: cold storage practice, segregation of customer assets, and published proof of reserves, which is exactly where the next lesson picks up.

Key takeaways

• On an exchange you hold a claim on the platform’s ledger; the platform holds the keys. Trades move ledger entries, which is why they are instant and free of network fees.
• Good custodians keep a small hot-wallet float for withdrawals and the bulk in offline, multi-person cold storage.
• Segregation of customer assets from company funds is what protects you in a platform failure.
• Self-custody removes counterparty risk and replaces it with personal responsibility — lost seed phrases have no reset button.
• Most people are best served by a deliberate split: trading balance on-platform, long-term holdings self-custodied only with solid backup discipline.