Exchange accounts: convenient, but whose keys are they?
Leaving coins on a spot account means the keys belong to the platform, not to you. Comfort is obvious—no backups, instant trading—yet you take on three core risks:
- Counter-party risk. If a site freezes withdrawals (think FTX), your “balance” is just a line in someone else’s database.
- Hacks and rogue staff. Even first-tier venues have lost funds to coding slips or insider theft.
- Regulatory pressure. A single government letter can block accounts from an entire region overnight.
For active trading an exchange wallet is fine, but parking more than 10-20 % of net worth there is blind faith, not strategy.
Hardware wallets: total control, total responsibility
A hardware device signs transactions inside a sealed chip; the private key never touches the internet. If the gadget and seed phrase stay safe, the coins are truly yours. Lose that seed, though, and the coins vanish forever; show the seed to anyone, same result.
Tip: engrave the phrase on two steel plates and keep them apart. Paper burns—metal survives fire and flood.
Multisig: a middle path for big balances
A 2-of-3 wallet needs two independent keys to move funds. One key on a hardware stick, another in a bank box, a third with a lawyer or trusted relative. A single compromised key no longer equals total loss. Set-up is fiddly, but funds, family offices, and DAOs swear by it.
Professional custodians: Coincover, Fireblocks, and friends
Institutions can outsource headaches to insured custodians that run distributed keys, 24/7 monitoring, and “social recovery.” It costs a fee, but removes lone-device risk and adds audited procedures.
Sensible allocation
- Trading stash: keep only what you’ll rotate in the next few weeks on the exchange.
- Long-term savings: park in hardware or multisig.
- Ongoing due diligence: follow security news about your chosen venue; unaudited “proof of reserves” is marketing, not protection.
Basic hygiene checklist
- Hardware 2FA, never SMS.
- Withdrawal whitelist turned on.
- Backup e-mail or SIM-free number for account recovery.
- Test seed-phrase restoration on a clean laptop once a year.
Bottom line
Everything on an exchange is safe—until the instant it isn’t. Everything on one hardware wallet is safe—until the seed in your desk drawer goes missing. The real peace of mind comes from mixing pools: a small working float on a deep-liquidity exchange, the rest locked away in cold or multisig, ideally with a backup signature you can reach if life happens. The fewer single points of failure you rely on—whether a platform, a gadget, or even one person—the better you’ll sleep when headlines scream about the next hack.
