Exchange or Self-Custody? How Beginners Should Split

Introduction: FTX fell — is exchange money safe?

In November 2022, FTX — at the time one of the top two exchanges in the world, hailed by the press as "the J.P. Morgan of crypto" — went from a $32 billion valuation to zero in nine days. The balances millions of users could see in their accounts became impossible to withdraw overnight. The month it fell, the whole industry was asking the same question: is it safe to keep money on an exchange? Three years later people still ask it daily, because it was never actually answered clearly.

Let me put the conclusion up front in case you do not read to the end: this is not a "safe vs unsafe" multiple choice; it is an allocation question — how much, where, and for how long. An exchange and your own wallet each have their own way of failing. Neither side is an absolute safe harbor. What this lesson does is lay both sets of risks on the table, then show you how to split your coins by your own situation.

I. What an exchange really is: you hold an IOU

Many beginners hold a fundamental misconception: that the number in their exchange account means "my coins are stored there." It does not. When you deposit coins to an exchange, those coins move on-chain into the exchange's wallets, and the private keys sit with the exchange. The balance you see is, in essence, a figure on the exchange's ledger — a liability it owes you, an IOU.

This is the worn-out phrase that happens to be true word for word: Not your keys, not your coins. Whoever controls the private keys is who can actually move the coins on-chain. The exchange holding the keys means it can technically freeze your withdrawals, lend out or trade with your coins, and if the platform becomes insolvent or runs off, the IOU in your hand can turn into worthless paper. FTX customers watched the balances in their accounts, but those coins had long since been moved to plug Alameda's hole.

Conversely, only when you withdraw coins to a wallet whose private key (seed phrase) you control yourself do you truly control those coins on-chain — no platform can freeze them, misappropriate them, or drag them down with its own bankruptcy. This is the most fundamental difference between an exchange and self-custody, and the bedrock of this entire lesson.

II. The real risks on each side

Where you keep your coins is, at bottom, a choice about which kind of risk you are willing to bear. Neither side is zero risk. Here they are, laid out honestly together.

The risk of keeping it on an exchange: the risk is in "someone else"

• Insolvency / misappropriation / running off. This is the deadliest category. An exchange trades or lends with customer assets, or uses them to plug holes elsewhere, and one market reversal leaves it insolvent; a small exchange may simply vanish with the funds. The FTX collapse is the textbook specimen of misappropriated customer assets, and PlusToken is a Ponzi run-off dressed up as a platform. When this happens, your IOU is essentially uncollectible.
• Theft. Exchanges are the number-one target for hackers — hot wallets breached, insider jobs, front-end hijacks all have plenty of history. Large exchanges usually have an insurance fund to backstop losses; small ones often die the moment they are hit.
• Freezing. An account can be frozen temporarily or long-term by risk controls, compliance review, or a change in local policy — during which you cannot touch your own money.

The risk of keeping it in your own wallet: the risk is in "you"

• Losing the private key / seed phrase. This is self-custody's biggest pitfall. Lose the seed phrase, write one word down wrong, store it on a drive that later dies, forget where you put it — and the coins are locked on-chain forever, with no support line to recover them. The value of bitcoin lost to forgotten wallets in the early years runs into the billions.
• Getting scammed yourself. Phishing sites, fake wallet apps, fake "support" tricking you into handing over your seed phrase, a malicious contract approval that drains your wallet — self-custody exposes you directly to these attacks, with no platform risk control to intercept them first.
• Operational mistakes. Sending to the wrong address, picking the wrong chain, a clipboard malware swapping out the recipient address while you copy-paste — on-chain transfers are irreversible. A mistake is a mistake.

See the pattern: an exchange hands the risk to "will someone else fail," while self-custody hands it to "will you yourself make a mistake." The thing beginners most underestimate is precisely the latter — many people hear "Not your keys" and rush to pull out their whole net worth, then sink themselves before they have even learned to back up and avoid phishing. Self-custody is not a cure-all; it just trades one kind of risk for another.

III. How beginners should split (the core)

This is the section worth remembering most. Since both sides carry risk, the right move is not to pick one, but to layer by amount and by use, so each batch of coins sits where it best belongs.

Split by use: active funds vs long-term holdings

• Small amounts you trade often and need on hand → keep on a reputable large exchange. The portion you buy and sell daily, grid-trade, or want to move in and out of at will is costly and error-prone to keep withdrawing back and forth; it is most convenient on a reputable large exchange. The key word is "reputable large" — not just any platform.
• Large amounts you plan to hold long-term (HODL) → move to a self-custody wallet. The portion you intend to hold for years and rarely touch has no reason to stay exposed to an exchange's insolvency risk. Move it to a wallet whose keys you control, back it up properly, and then forget about it.

Layer by amount: a thinking model you can copy

Do not chase a precise ratio. Here is a three-tier model to map onto your own total position:

• Small, pocket-money level (practice phase): all on a large exchange is fine. At this stage your first job is to learn self-custody backup and transfers with a small amount, not to rush big money in. Put a tiny bit into a self-custody wallet first, get fluent, and go from there.
• Medium amount: keep part of your active trading on the exchange, move the rest into self-custody. By now you should already know how to back up a seed phrase and verify an address.
• Large amount, long-term holding: move the core position into self-custody (use a hardware wallet once the amount is big enough), and keep only what you genuinely need soon on the exchange.

To turn this model into a list you can tick off line by line, use it alongside the archive's fund safety checklist.

IV. How to pick a relatively trustworthy exchange

Since active funds will sit on an exchange, "which one" is what matters. Here are only the most important general signals; the systematic version, where I break it into 8 red flags and a 5-step check, is in How to judge whether a crypto exchange is trustworthy. The condensed version:

• Whether the Proof of Reserves (PoR) is self-verifiable. After FTX, top exchanges publish PoR monthly by default and use a Merkle tree so you can verify whether your own balance is included in the total reserves. The point is not "does the page exist" but can you verify it yourself. An exchange that offers only "the funds are all in cold storage, very safe" with no self-verifiable proof has zero credibility — FTX said exactly that too.
• Regulation and licensing. Whether it is licensed with a verifiable regulator, and whether it has appeared on a regulator's warning list. The license number has to check out; a logo alone does not count.
• History and scale. An exchange that has operated long enough, with a large user base, and survived several bull-bear cycles, is far more credible than one with a months-old domain and a name riding on a major exchange's.
• Whether withdrawals are smooth. A legitimate exchange charges only the on-chain network fee for withdrawals. Anything that makes you "pay tax / margin / an unfreezing fee before you can withdraw" is an instant disqualification — that is the signature move of a withdrawal scam.

To quickly run an exchange through these signals, use the archive's exchange safety self-check tool to score it item by item.

V. The minimum bar for self-custody

If you decide to move long-term holdings into your own wallet, clear these minimum bars first — otherwise self-custody can be riskier than an exchange.

• Back up the seed phrase offline, and in more than one place. Those 12 or 24 words are the only key to your wallet. Write them down on paper (a metal plate for fire and water resistance if the amount is large), store two copies in separate locations, and never photograph them, never save them to your phone's photo gallery, never send them through any chat app or cloud drive. Screenshots and cloud backups are the number-one channel for stolen seed phrases.
• Once the amount grows, use a hardware wallet. A hardware wallet keeps the private key offline, so even a compromised computer or phone cannot sign your transactions — it is the highest-value layer of protection for long-term, larger self-custody. Be sure to buy a brand-new device from an official channel, never second-hand — a tampered device will steal your seed phrase.
• Anti-phishing is a daily discipline. The most common way to die in self-custody is not a broken cipher but a fooled human: fake official sites, fake apps, fake support asking for your seed phrase, a malicious approval that drains your wallet. Remember three things — anyone who asks for your seed phrase is a scammer; verify the address character by character before sending (guards against clipboard malware); do not approve contracts you do not know. This class of scam recurs throughout the full history of crypto black swans, worth reading as cautionary material.

VI. Honest limits: nothing is 100% safe

I will not sell you the illusion that some method is "absolutely safe," because none exists. Exchanges carry insolvency and theft risk; self-custody carries lost-key and scam risk. Neither side is zero. Anyone who tells you "keep it here and it is 100% safe" either does not understand or is lying to you.

What actually lowers risk is never finding "the absolutely safe place," but two things: first, diversify — never stake your whole net worth on any single place, whatever exchange or wallet that is; second, hold the portion that matches its size firmly in a wallet whose keys you control, and have the ability to manage it. "Ability" matters here: self-custody safety is not done the moment you buy a hardware wallet — it is done when you genuinely know how to back up, how to verify, and how not to be scammed.

In the end, the goal of storing crypto is not "zero risk," but not handing off the risk you should not be handing off. This article is educational; it is not investment advice. How to split, and how much, is ultimately your own decision.