When you buy Bitcoin on an exchange and leave it there, you do not hold Bitcoin. You hold a claim against the exchange. The exchange holds the Bitcoin.
This distinction is not a technicality. It is the foundational principle of Bitcoin ownership and the starting point for thinking clearly about custody. The history of exchange failures makes this concrete: Mt. Gox, once the world’s largest Bitcoin exchange, collapsed in 2014 with approximately 850,000 Bitcoin belonging to customers. FTX, at the time of its collapse in late 2022 one of the world’s largest crypto exchanges, wiped out billions of dollars in client assets. In both cases the mechanism was the same: clients believed they held Bitcoin, but what they actually held was a claim against an entity that failed. When the entity failed, the claims were worth far less than the Bitcoin they represented.
| Custody method | Who controls the keys | Main risk |
|---|---|---|
| Exchange custody | The exchange | Counterparty failure, account freeze, exchange insolvency |
| Self-custody (single-sig) | The holder alone | Lost device, lost seed phrase, no recovery path |
| Collaborative multisig | Holder plus support provider (2-of-3) | Requires correct setup and documented recovery plan |
What Self-Custody Actually Means
Self-custody means you hold your own private keys. Private keys are the cryptographic credentials that control Bitcoin on the blockchain. Whoever holds the keys controls the Bitcoin, entirely and directly, without any third party involved.
In practical terms, self-custody typically means a hardware wallet: a physical device designed to store private keys in an offline environment where they cannot be accessed by internet-connected systems. Hardware wallets sign transactions when you want to send Bitcoin, but the keys themselves never leave the device in a form that could be intercepted. This removes counterparty risk entirely. There is no exchange that can fail. There is no custodian that can freeze your account. The Bitcoin is yours in the most direct sense the technology allows.
The tradeoff for this directness is full personal responsibility. If the device is lost, destroyed, or stolen and you have not properly backed up the recovery seed, the Bitcoin may be unrecoverable. The seed phrase, typically a sequence of 12 or 24 words generated when the device is set up, is both the ultimate backup and the ultimate vulnerability. Anyone who obtains the seed phrase can recover your Bitcoin to a new device and claim full control. Anyone who loses the seed phrase cannot recover it by any means. Done with genuine care, documented procedure, and multiple secure backups in separate locations, self-custody is the most robust form of Bitcoin ownership available. Done carelessly, it introduces risks that exchange custody simply does not create.
What Exchange Custody Looks Like
When Bitcoin sits on an exchange, the exchange is the custodian. You have an account, a balance, and access credentials. You can log in and see your Bitcoin balance. But the private keys are held by the exchange, and your access is contingent on the exchange remaining operational, solvent, honest, and legally accessible.
For smaller amounts or short time horizons, exchange custody is a reasonable starting point. Licensed South African exchanges operate within a regulatory framework that includes client asset segregation requirements, which means your Bitcoin should not be commingled with the exchange’s own assets. That is a meaningful protection compared to unlicensed exchanges. The consideration that grows in importance as a holding grows is counterparty risk: even a well-run, licensed exchange represents a dependency on their continued operation, their security infrastructure, their governance, and the regulatory environment in which they operate. For a position you intend to hold for years, that dependency is worth evaluating against the alternatives.
South African investors have an additional consideration: exchange control. Bitcoin held on a foreign exchange sits in a cross-border context that involves SARB capital flow regulations. Bitcoin held in your own local custody is a cleaner picture for exchange control purposes.
Regulated Third-Party Custody: The Institutional Option
Between self-custody and exchange custody sits a third option that is particularly relevant for larger holdings, companies, trusts, and investors who want institutional-grade security without managing private keys entirely on their own.
Regulated third-party custodians are licensed entities that hold Bitcoin on behalf of clients with professional security infrastructure, legal separation of client assets from the custodian’s own balance sheet, and documented governance around access and transactions. Client assets are segregated. The custodian cannot lend, trade, or commingle your Bitcoin with their own funds. And the arrangement is governed by a legal and regulatory framework that provides recourse if something goes wrong.
Multi-signature custody arrangements go a step further by structuring transactions so that no single party (including the custodian) can move Bitcoin unilaterally. In a 2-of-3 multisig setup, three keys exist and any two must co-sign a transaction for it to be valid. This means the custodian holding one key cannot move your Bitcoin without your participation. You holding one key cannot move Bitcoin without the custodian’s co-signature. The third key provides a recovery path if one of the first two is lost. This structure eliminates the single point of failure that both pure self-custody and exchange custody create.
Which Option Is Right for Your Situation
The right custody arrangement depends on the size of the holding, the time horizon, the legal entity through which Bitcoin is held, and the investor’s technical confidence and operational capacity.
For smaller positions held over shorter time horizons, a licensed exchange provides reasonable security with minimal operational complexity. The licensing matters: a licensed South African exchange with client asset segregation is meaningfully different from an unlicensed one. For growing positions with multi-year time horizons, particularly for investors who have made a deliberate decision to hold Bitcoin as a long-term savings vehicle, the question of custody deserves more careful attention. Self-custody is the most direct form of ownership but requires operational discipline that not every investor is suited to maintain consistently.
For Bitcoin held through companies or trusts, the custody question intersects with governance. A company holding Bitcoin needs custody arrangements consistent with its governance structure: no single director acting unilaterally, documented procedures for transactions, and an arrangement that survives changes in key personnel. A multisig arrangement through a licensed custodian addresses these requirements in a way that pure self-custody or exchange custody generally does not.
The Custody Decision Is Not an Afterthought
Deciding to hold Bitcoin and then figuring out where to keep it as an afterthought leaves open the most practically consequential risk in the whole picture.
Not that Bitcoin will decline in value. The greater risk is that the Bitcoin you hold might become inaccessible or lost through a custody failure you did not anticipate. The custody arrangement should be as deliberate as the investment decision that precedes it, and for larger or more complex holdings, that means addressing it before the position is built rather than retrofitting a solution afterwards.
Frequently Asked Questions
What is the difference between self-custody and exchange custody in Bitcoin?
Exchange custody means the exchange holds the private keys to your Bitcoin. You have a balance in an account, but you depend on the exchange remaining operational and solvent. Self-custody means you hold the private keys directly on a hardware wallet or other secure device, giving you full control without depending on any third party. Bitcoin held on an exchange is a claim against the exchange; Bitcoin in self-custody is a directly held bearer asset.
What is a hardware wallet and how does it protect Bitcoin?
A hardware wallet is a physical device designed to store Bitcoin private keys in an offline environment where they cannot be accessed by internet-connected systems. When you want to send Bitcoin, the device signs the transaction internally without exposing the private keys. This removes the counterparty risk of an exchange and the vulnerability of software wallets that may be exposed to malware or hacking. The main risk with a hardware wallet is losing the device and the backup seed phrase, which is why secure, documented backups in multiple locations are essential.
What is 2-of-3 multisig and why does it matter for South African investors?
A 2-of-3 multisig wallet uses 3 private keys and requires any 2 of them to co-sign a transaction. No single key can move Bitcoin unilaterally. For South African investors, the practical value is that it removes the single point of failure that both pure self-custody (one lost key means total loss) and exchange custody (exchange failure means total loss) create. A collaborative multisig arrangement allows the investor to hold keys while a regulated provider holds one, maintaining self-custody while adding a recovery and governance layer.
Is it safe to leave Bitcoin on a South African exchange?
Licensed South African exchanges that operate within the FSCA regulatory framework and maintain client asset segregation offer more protection than unlicensed ones. For small amounts or while establishing a custody plan, a licensed local exchange is a reasonable starting point. For larger holdings or long-term positions, exchange custody introduces counterparty risk: the exchange’s continued operation, solvency, and regulatory compliance all affect your ability to access your Bitcoin. The accepted principle is that Bitcoin grows more valuable to hold in self-custody as the position size grows.
What should a company or trust consider when choosing a Bitcoin custody arrangement?
A company or trust holding Bitcoin needs custody arrangements that reflect its governance structure. That means no single director or trustee should be able to move Bitcoin unilaterally, transaction procedures should be documented, and the arrangement should survive changes in key personnel. A collaborative multisig structure with a regulated custodian holding one of three keys can meet these requirements. It provides self-custody while adding governance controls, recovery support, and a regulated service layer that boards, trustees, accountants, and auditors can review.
Frequently asked questions
What does it mean to hold Bitcoin on an exchange?
When Bitcoin is held on an exchange, the exchange holds the private keys on your behalf. You have a claim against the exchange for that Bitcoin, not direct ownership of the asset. If the exchange is hacked, becomes insolvent, or freezes withdrawals, you may not be able to access your Bitcoin. This is fundamentally different from holding Bitcoin yourself.
What happened to customers when exchanges like FTX and Mt Gox collapsed?
Mt Gox was the world’s largest Bitcoin exchange when it collapsed in 2014, and customers lost approximately 850,000 Bitcoin. FTX collapsed in 2022 and customers lost billions of dollars. In both cases, customers who held Bitcoin on the exchange had no direct access to it. Recovery through legal proceedings has taken years and in many cases returned only a fraction of the original holdings.
What is a hardware wallet and how does it work?
A hardware wallet is a physical device that stores your Bitcoin private keys offline. To send Bitcoin, you must confirm the transaction on the device itself, which cannot be done remotely by a hacker. Popular options include Ledger and Trezor devices. The private key never leaves the device, making it far more secure than keeping Bitcoin on an exchange or in software on a computer or phone.
Is self-custody difficult for a non-technical investor?
Setting up a hardware wallet requires care and patience but is not technically complex. The main tasks are writing down your 12 or 24 word recovery seed accurately, storing it securely offline, and learning how to receive and send Bitcoin. SimplB assists clients with this process to make sure the setup is done correctly from the start.
What should I do with my recovery seed phrase?
Your recovery seed is the master backup for your Bitcoin. If you lose your hardware wallet, the seed allows you to recover your Bitcoin on a new device. It should never be stored digitally (no photos, no cloud storage, no email). Write it on paper or stamp it into metal, store it in a secure location, and ensure a trusted person knows where it is in case of your death or incapacity.
Sources
- FSCA Crypto Asset Regulatory Framework: FSCA licensing requirements that South African Bitcoin exchanges must meet
- SARB Quarterly Bulletin: South African regulatory context for crypto asset custody and exchange operations
- Bitcoin.org: Secure Your Wallet: official Bitcoin Foundation guidance on wallet security and self-custody best practices
Want to secure your Bitcoin properly?
Written by James Caw, Founder of SimplB. James has helped South Africans understand, buy and secure Bitcoin since 2015. SimplB operates as a Juristic Representative of CAEP Asset Managers, FSP 33933. Last updated: May 2026.
This article is for general educational purposes only and does not constitute financial, legal, tax or exchange control advice. The information reflects the regulatory position as at the date of publication. Your individual circumstances may differ and you should seek qualified professional advice before making any decisions.
