Cryptocurrency custody and exchange risk: how to hold crypto safely

Cryptocurrency custody presents risks that have no close equivalent in traditional finance. When an investor holds equities through a regulated brokerage, the securities are held in a segregated account under regulated custody—if the broker fails, the investor's assets are protected. This protection does not automatically extend to cryptocurrency held on exchanges. Understanding the custody options available for crypto assets—and the risks specific to each—is a prerequisite for any informed allocation decision.

Exchange risk

Holding cryptocurrency on an exchange means the investor does not directly control the underlying assets. The exchange holds the private keys—the cryptographic credentials that control ownership of the coins—and the investor holds a claim on the exchange, not the coins themselves. If the exchange fails, is hacked, or misappropriates customer funds, investors may have no recourse to recover their assets.

The FTX collapse in November 2022 demonstrated this risk at scale. FTX, at the time one of the world's largest cryptocurrency exchanges, filed for bankruptcy after it emerged that approximately USD 8 billion in customer funds had been misused to fund leveraged investments by its affiliated trading firm. Customers who held assets on FTX found their accounts frozen and their assets unavailable. The subsequent bankruptcy process returned a fraction of assets to creditors over an extended period. The Mt. Gox exchange collapse in 2014 produced a similar outcome: approximately 850,000 Bitcoin held by customers were lost following a hack, with customers receiving only partial restitution years later.

Unlike traditional financial institutions, most cryptocurrency exchanges are not covered by deposit insurance schemes such as the US FDIC or the European Deposit Guarantee Scheme. In many jurisdictions, crypto exchange customers are classified as unsecured creditors in the event of insolvency—behind secured creditors—rather than as asset owners with a segregated claim. Regulatory frameworks covering crypto custody have improved materially since 2022, but they remain less comprehensive than those governing traditional securities custody.

Self-custody

Self-custody means the investor directly holds the private keys controlling their cryptocurrency, without delegating control to an exchange or custodian. In self-custody, the investor is the only entity who can authorise transactions. The risks shift entirely to the investor: losing the private key (or the seed phrase—the mnemonic backup that can regenerate the key) means permanently losing access to the assets, with no institution to appeal to for recovery. Hardware wallets—physical devices that store private keys offline—are the standard tool for self-custody, providing security against online attacks at the cost of manual management and custody risk.

Self-custody is appropriate for investors who understand the technical requirements and are willing to accept full personal responsibility for key management. For most mainstream investors, it introduces operational complexity that exceeds the risks it mitigates. The choice between self-custody and exchange custody involves trading one set of risks (exchange failure) for another (key loss, user error, physical theft of hardware).

ETF-based crypto custody

The approval of spot Bitcoin ETFs in the US in January 2024 created a third custody model that resolves the exchange risk problem for mainstream investors. A spot Bitcoin ETF holds actual Bitcoin through a regulated institutional custodian—such as Coinbase Custody, which serves as custodian for multiple large Bitcoin ETFs—under the supervision of the SEC. The ETF structure provides investors with exposure to Bitcoin's price through a brokerage account, subject to the same regulatory protections as any other exchange-traded security. The investor holds ETF shares, not Bitcoin directly, and the Bitcoin is held in regulated segregated custody.

This custody model does not eliminate all risks—it converts exchange risk and key-management risk into custodian concentration risk (many ETFs use the same custodian) and regulatory risk. But for investors who want cryptocurrency exposure within a mainstream investment portfolio, the ETF structure provides a substantially more familiar and protected custody arrangement than holding coins directly on an exchange.

Limitations and trade-offs

All crypto custody methods involve trade-offs. Exchange custody is convenient and liquid but exposes the investor to exchange counterparty risk. Self-custody eliminates exchange counterparty risk but introduces operational complexity and the risk of irrecoverable key loss. ETF custody is the most familiar and regulated structure but involves management fees and, for investors who want to use crypto assets directly in DeFi protocols or peer-to-peer transactions, is not a substitute for direct holding.

Crypto custody in pfolio

pfolio provides cryptocurrency exposure through regulated crypto ETFs—specifically Bitcoin and Ethereum ETFs—rather than through direct exchange-held crypto. This means all cryptocurrency positions in a pfolio portfolio are held through the same regulated brokerage custody as other ETF positions. Investors in pfolio do not need to manage cryptocurrency exchanges or private keys. Cryptocurrency assets available in pfolio are listed in the Assets section. Cryptocurrency exposure and performance are tracked in pfolio Insights.

Related articles

• Cryptocurrency investing explained: how to think about crypto allocation in a portfolio
• ETFs explained: what exchange-traded funds are and how they span every asset class
• Asset classes explained: equities, bonds, commodities, and why diversification across them matters
• Risk tolerance explained: how to assess your capacity and willingness to bear investment risk