Bitcoin Security
Most Bitcoin security failures happen before the price moves. A misplaced seed phrase, an exchange collapse or an undocumented wallet leaves heirs and executors with nothing to recover. This page explains what custody risk actually is and what you can do about it.
Bitcoin is a bearer asset. Whoever controls the private keys controls the Bitcoin. There is no bank to call, no ombudsman to file a complaint with and no central authority to reverse an error. The security question is not abstract. It determines whether your Bitcoin can be recovered by you, by your heirs or by nobody at all.
| Risk | Why it matters |
|---|---|
| Exchange custody | You hold a claim on Bitcoin, not Bitcoin itself. Exchange failures have cost investors billions globally. |
| Single-signature wallets | One lost or stolen seed phrase means permanent loss. There is no recovery path. |
| Undocumented custody | Heirs and executors cannot recover Bitcoin they do not know about or cannot access lawfully. |
| Multisig vaults | A 2-of-3 multisignature structure requires two keys to authorise a transaction, reducing single-point-of-failure risk. |
Most investors focus on price. The security problem is separate from price. Bitcoin can hold or grow in value and still be lost permanently if the custody structure fails. The three most common failure points are: losing the private keys or seed phrase, holding Bitcoin on an exchange that fails and leaving no documented recovery path for heirs.
South Africans who buy Bitcoin on local exchanges hold a credit position against that exchange, not Bitcoin directly. If the exchange is hacked, insolvent or subject to regulatory action, the investor joins a creditor queue. The exchange controls the private keys and the Bitcoin. The investor holds a promise.
This distinction between holding Bitcoin and holding a claim on Bitcoin is not a technicality. A Bitcoin transaction is settled by private key signature. No private key means no ability to transact, no ability to recover and no ability to bequeath. The Bitcoin whitepaper describes this directly: a coin is a chain of digital signatures. Remove the signing authority and the coin cannot move.
There is no single correct custody model. The right structure depends on the size of the holding, the investor’s technical comfort, whether the Bitcoin belongs to an individual, a company or a trust and whether succession planning is required.
| Method | Who controls the Bitcoin? | Main benefit | Main risk |
|---|---|---|---|
| Exchange account | The exchange. | Easy to start. | Counterparty risk. You do not hold the keys. |
| Single hardware wallet | One private key holder. | Stronger ownership. No exchange exposure. | One seed phrase lost means permanent loss. |
| 2-of-3 multisig vault | Any 2 of 3 keys. | Reduces loss and theft risk. Recovery path available. | Requires correct setup and documentation. |
| Managed multisig | Client plus support provider. | Self-custody with a supported recovery path. | Provider must be chosen carefully. SimplB does not take unilateral control of client Bitcoin. |
For a fuller explanation of how these methods differ in practice, read the guide to self-custody versus exchange custody.
A 2-of-3 multisignature vault uses three private keys. Any two of those three keys are required to authorise a Bitcoin transaction. This structure means that losing or damaging one key does not result in loss of the Bitcoin. An attacker who steals one key cannot move the funds without a second key.
The keys are typically stored in geographically separate locations and held by different parties. In SimplB’s managed multisig structure, the client holds two keys. SimplB holds one as a recovery support layer. SimplB cannot move client Bitcoin unilaterally. This is what “non-custodial support model” means in practice: the client retains final control while gaining a supported recovery path if something goes wrong.
For larger Bitcoin holdings, the structure matters significantly. A retired investor holding R2 million in Bitcoin on a single hardware wallet has one point of failure. A family office holding R15 million in Bitcoin on an exchange has delegated custody entirely to a third party. Neither structure is appropriate for long-term holding.
Read more about how the SimplB Bitcoin Vault implements this structure in practice.
South African investors face considerations that do not appear in most international Bitcoin custody guides. Bitcoin held on a South African exchange sits in a jurisdiction with its own solvency risk, its own regulatory framework under the Financial Sector Conduct Authority (FSCA) and its own exchange-control rules administered by the South African Reserve Bank (SARB).
The FSCA registers crypto asset service providers (CASPs) and requires them to meet conduct standards. Registration does not eliminate exchange counterparty risk. An exchange can meet those standards and still face liquidity problems, operational failures or legal challenges. Custody decisions should not rest solely on whether an exchange holds a CASP licence.
For South Africans holding Bitcoin in a company or trust, the custody structure must also account for company governance, board mandates, estate planning and Financial Intelligence Centre (FIC) compliance requirements. These considerations make single-signature or exchange-based custody inadequate for anything beyond a small initial position. Read the technical overview of SimplB’s multisig vault for a full explanation.
SimplB helps South African investors move from exchange custody to structured self-custody. The process begins with a review of the current Bitcoin position: how it is held, who has access and whether the structure will survive if something happens to the primary key holder.
Where appropriate, SimplB sets up a 2-of-3 multisignature vault using hardware devices. The client holds two keys in geographically separate locations. SimplB holds one. The vault is documented so that an executor or nominated family member can follow the recovery process lawfully if the primary key holder is incapacitated or dies.
SimplB operates as a Juristic Representative of CAEP Asset Managers, FSP 33933. The service is Bitcoin-only and non-custodial in its structure, designed to reduce counterparty risk without removing client control. If you are building a Bitcoin position through the SimplB rand cost averaging service, the custody plan is part of the onboarding process from the outset.
For larger holdings, a 2-of-3 multisignature vault offers the strongest security model available to individual investors. Two of three keys are required to authorise a transaction. Losing one key does not result in loss of the Bitcoin. The vault is backed up, documented and designed to survive the death or incapacity of the primary key holder.
Buying Bitcoin through a FSCA-registered CASP is compliant with South African regulation. The safety question is primarily about what you do with the Bitcoin after purchase. Leaving it on an exchange indefinitely transfers the security and counterparty risk to that exchange. Moving to self-custody addresses that risk directly.
In a single-signature setup, losing the seed phrase means permanent loss. There is no recovery authority and no recourse. In a 2-of-3 multisig setup, losing one seed phrase is recoverable because the remaining two keys can still authorise a transaction and move the Bitcoin to a new vault.
No. SimplB operates a non-custodial support model. The client holds two of the three keys in the managed multisig structure. SimplB holds one key as a recovery support layer but cannot move client Bitcoin without the client’s co-signature. SimplB does not take unilateral control of client Bitcoin.
Without a documented recovery path, heirs and executors may be unable to access the Bitcoin. SimplB structures vaults with written recovery instructions so that a nominated person can follow the process lawfully. Read the guide to Bitcoin inheritance in South Africa for a full explanation.
Counterparty risk is the possibility that a third party holding your Bitcoin fails, is hacked or refuses to return your funds. Exchange custody carries full counterparty risk because the exchange holds the private keys. A self-custody structure designed to reduce counterparty risk places the private keys with the client, not the provider.
Next step
Book a custody call with SimplB. We will review how your Bitcoin is currently held and whether a managed multisig vault is the right structure for your situation.
Book a Custody CallWritten by James Caw, Founder of SimplB. James has helped South Africans understand, buy and secure Bitcoin since 2015. SimplB operates as a Juristic Representative of CAEP Asset Managers, FSP 33933. Last updated: May 2026.
This article is for general educational purposes only and does not constitute financial, legal, tax or exchange control advice. The information reflects the regulatory position as at the date of publication. Your individual circumstances may differ and you should seek qualified professional advice before making any decisions.
