When Mt. Gox collapsed in February 2014 and roughly 850,000 bitcoin disappeared, I watched the mainstream coverage with a kind of grim recognition. The headlines said “Bitcoin hacked.” They weren’t entirely wrong, something was hacked. But they were wrong about what. And that distinction, between what was actually compromised and what wasn’t, is one of the most important things to understand about Bitcoin’s security model. It’s also one of the most consistently misrepresented things in public discourse about Bitcoin.
Bitcoin’s security is genuinely formidable. It is also genuinely misunderstood. The protocol itself has a fifteen-year track record that is, objectively, better than most financial institutions. What has a far more mixed track record is the human infrastructure built around Bitcoin, the exchanges, custodians, wallet software, and user practices that mediate most people’s actual relationship with it. Conflating the two leads to confused risk assessments and poor decisions.
What the Bitcoin blockchain actually is
The Bitcoin blockchain is a public ledger of every transaction ever made on the network. It is maintained simultaneously by tens of thousands of nodes, computers running Bitcoin software, spread across more than 100 countries. Each of these nodes holds a complete copy of the transaction history and independently validates every new transaction and block against the protocol’s rules.
There is no central server. There is no headquarters. There is no single point of failure. The network is, by design, extraordinarily difficult to shut down or corrupt because attacking it requires attacking all of its participants simultaneously, everywhere in the world.
To alter a confirmed transaction in the blockchain, an attacker would need to control more than 50% of the total computing power of the Bitcoin network at a given moment, what’s known as a 51% attack. At Bitcoin’s current scale, the network’s hashrate is measured in hundreds of exahashes per second, representing millions of purpose-built mining machines. Acquiring and operating enough hardware to exceed this threshold would require a capital outlay and ongoing energy cost that makes the attack economically irrational even before accounting for the fact that a successful attack would likely destroy the value of the asset the attacker had just spent billions to compromise.
In over fifteen years of continuous operation, no successful attack on the Bitcoin blockchain has ever occurred. The transaction record is intact. Every transaction that has ever been confirmed has remained confirmed.
What has actually been compromised
Mt. Gox didn’t happen because someone broke the Bitcoin protocol. Mt. Gox happened because a Japanese exchange, one that had started as a trading platform for Magic: The Gathering cards before pivoting to Bitcoin, which should have been a warning sign in itself, managed its security catastrophically badly. The exchange held bitcoin on behalf of hundreds of thousands of customers in a centralised pool. Its internal accounting systems were compromised over an extended period. The bitcoin that was stolen was stolen from Mt. Gox’s operational wallet, not from the Bitcoin blockchain. The blockchain kept on running. The blockchain still holds a record of every bitcoin movement involved in that theft, immutably, to this day.
FTX, the exchange that collapsed in November 2022 with somewhere between eight and ten billion dollars in customer funds missing, was not a hack at all in the traditional sense. It was, by the evidence presented in subsequent legal proceedings, fraud, the systematic misuse of customer deposits by the exchange’s management. Again, the Bitcoin protocol was not involved. The Bitcoin that FTX’s customers held was fine, sitting on the blockchain, until FTX’s internal records showed it as something it wasn’t.
This pattern repeats throughout Bitcoin’s history. Bitfinex. Binance. Celsius. BlockFi. Coincheck. Cryptopia. In every significant case where customer funds were lost, the failure was in the human institution, not in the underlying protocol. Exchanges had weak internal controls. Custodians cut costs on security infrastructure. Fraudulent operators took customer money. These are the failure modes of financial intermediaries in every era. They’re not unique to Bitcoin. The fact that they happened in the Bitcoin ecosystem reflects the fact that the ecosystem attracted capital quickly in an under-regulated environment, not that the underlying technology is flawed.
The distinction that matters: protocol versus infrastructure
The distinction between protocol security and infrastructure security is not an excuse or a deflection. It is a real and important analytical distinction that has direct implications for how you manage Bitcoin exposure.
If you hold bitcoin on an exchange, your risk profile includes the exchange’s solvency, its regulatory standing, its internal security practices, and the honesty and competence of its management. Your bitcoin is only as secure as that exchange’s weakest point. This is true regardless of how secure the Bitcoin protocol is.
If you hold bitcoin in self-custody, meaning you hold the private keys yourself, not on any exchange or custodial platform, your exposure to exchange risk is zero. The relevant risks shift entirely to your own operational practices: whether you’ve stored your seed phrase securely, whether your hardware wallet is genuine and properly set up, whether you have adequate backup procedures, whether you’re susceptible to phishing attacks or social engineering. These are manageable risks, but they require knowledge and discipline.
“Not your keys, not your coins” is the phrase that circulates in Bitcoin communities to capture this distinction. It’s blunt but accurate. If you don’t hold the private keys that control your bitcoin, you don’t actually hold bitcoin. You hold a claim on bitcoin, mediated by whoever holds the keys on your behalf. The security of that claim is as good as the security of that intermediary, no better and potentially much worse.
Self-custody: what it requires and what it eliminates
Self-custody eliminates custodial risk entirely. If you hold your own private keys in proper cold storage, a hardware wallet kept offline, with a seed phrase stored securely in a separate physical location, you are the only person who can authorise transactions from your bitcoin. No exchange hack can touch you. No fraudulent custodian can abscond with your funds. No regulatory freeze of a third-party platform can affect your access.
What self-custody introduces is personal operational risk. Losing your private keys, or losing access to your seed phrase backup, means losing your bitcoin permanently and irreversibly. There is no customer service line to call. There is no recovery mechanism. The Bitcoin protocol doesn’t know who you are and doesn’t care. If the private key is gone, the bitcoin is gone.
This is not a fatal flaw. It is a design choice with explicit tradeoffs. The same property that makes Bitcoin resistant to seizure and censorship, that no one can authorise a transaction without the private key, is the property that makes lost keys unrecoverable. A system with a recovery mechanism is a system with a backdoor, and a backdoor is a security vulnerability. Bitcoin chose not to have that backdoor. If you’re going to hold significant value in self-custody, you need to treat the security of your keys with the same seriousness that you’d treat the security of cash or physical gold.
For South African investors in particular, this is worth taking seriously. We operate in an environment where financial institutions have historically had meaningful failure rates, where political and regulatory risk is real, and where the ability to hold assets outside the traditional financial system has genuine value. Self-custody done properly is not paranoia, it is a rational response to a specific risk environment.
What institutional investors should think about
Most institutional investors, pension funds, family offices, corporations, listed companies, cannot self-custody in the way a private individual can. Governance requirements typically mandate third-party custody, segregation of duties, and audit trails. The individual holding the keys can’t just be the CFO keeping a hardware wallet in a safe.
For institutional investors, the appropriate approach is a regulated custodian using multi-signature security and cold storage. Multi-signature means that any transaction requires cryptographic approval from multiple keys held by multiple parties, often a combination of the client, the custodian, and a third independent key holder. This eliminates single points of failure. No single employee at the custodian, no single piece of hardware, can unilaterally move funds.
The custody landscape for institutional Bitcoin has improved significantly since the early exchange era. Regulated custodians operating under financial services licences with insurance, audit requirements, and segregated client assets exist in multiple jurisdictions. The due diligence required to evaluate them is meaningful but not categorically different from the due diligence that would apply to any financial custodian. I covered this in some detail in The Strategic Reserve: Bitcoin as the Ultimate Treasury Reserve Asset (SimplB, 2025), because custody is one of the primary implementation questions that comes up when institutions start seriously considering Bitcoin as a treasury asset.
Reading the risk correctly
The risk profile of Bitcoin is routinely mischaracterised in mainstream commentary, almost always in ways that overstate protocol risk and understate infrastructure risk. People who lost money in Mt. Gox were not victims of a Bitcoin flaw, they were victims of a badly run business that had voluntarily taken custody of their assets. People who lost money in FTX were not victims of a cryptocurrency problem, they were victims of fraud by a specific set of individuals who made specific choices to misappropriate customer funds.
Bitcoin’s protocol security is exceptional by any objective standard. No other financial asset or settlement system of comparable scale has operated for fifteen years without a successful protocol-level compromise. The appropriate response to that track record is not to dismiss it but to understand it accurately and to manage the risks that are real, custody risk, operational risk, the risk of trusting the wrong intermediaries, while not inflating risks that have not materialised.
I think the confusion between protocol security and infrastructure security persists partly because it’s more comforting to believe there’s a fundamental flaw than to accept that Mt. Gox was a user problem, which implies that users have a responsibility to understand what they’re holding and how they’re holding it. That’s a harder message than “Bitcoin got hacked.” But it’s the accurate one, and acting on the accurate one leads to much better outcomes.
Bitcoin’s underlying security is formidable. Whether your Bitcoin is secure depends on where you hold it and how. That’s not a caveat. That’s the whole point.
