Self-Custody: Seed Phrases, Hardware Wallets, and MPC
2026-06-20
Owning crypto means protecting a private key. There is no support line that can reverse a theft and no bank that insures the balance. The entire discipline of custody is about answering one question well: how do you keep a key usable by you and useless to everyone else? The honest answer involves trade-offs between convenience, security, and recoverability, and you cannot maximize all three.
Hot vs Cold
A hot wallet keeps keys on an internet-connected device, a phone or browser extension. It is convenient and fine for spending money, and a constant target for malware and phishing. A cold wallet keeps keys offline, never exposed to a connected machine. The rule of thumb mirrors physical cash: a little in your pocket (hot), the bulk in a safe (cold).
Hardware Wallets
A hardware wallet is a dedicated device that stores the private key in a secure element and signs transactions internally. The key never leaves the device, even when plugged into a compromised computer, the worst a malicious PC can do is show you a transaction to approve. This is why verifying on the device screen matters: the display is your trusted channel. Approve blindly and the protection is wasted.
Multisig: No Single Point of Failure
Multisignature wallets require M-of-N keys to authorize a spend, say 2 of 3. Lose one key and you are still safe; an attacker who steals one key still cannot move funds. Geographically separating the keys (home, office, safe-deposit box) defends against theft, loss, and coercion at once. It is the gold standard for treasuries and serious individual holders, at the cost of more setup and on-chain complexity.
MPC: Splitting a Key That Never Exists Whole
Multi-party computation (MPC) takes a different route. Instead of one key that gets split, the key is generated as separate shares that jointly produce signatures without ever being assembled into a complete key, anywhere, ever. There is no single moment or place where the full key exists to be stolen. MPC underpins most modern institutional custody and many "no seed phrase" consumer wallets, offering multisig-like security with a smoother UX and chain-agnostic flexibility.
Account Abstraction and Social Recovery
Smart-contract wallets (enabled by account abstraction) let custody rules be programmable: spending limits, time locks, allow-listed addresses, and social recovery, where trusted "guardians" can collectively help you regain access if you lose your device, without any of them being able to spend your funds alone. This is the most promising path to making self-custody survivable for ordinary people, who will inevitably lose a phone someday.
The Custody Spectrum
- Exchange (custodial): easiest, recoverable, but not your keys, you trust the exchange.
- Hot wallet: self-custody, convenient, highest attack surface.
- Hardware wallet: strong protection for an individual; single seed phrase is the failure point.
- Multisig / MPC: no single point of failure; more complexity to manage.
- Smart wallet + social recovery: programmable safety and a realistic recovery story.
The Core Principle
Good custody removes single points of failure without creating single points of loss. Whatever setup you choose, the failure modes you must plan for are the same three: theft (someone gets your key), loss (you lose it), and coercion (someone forces you to use it). A backup that is too accessible invites theft; one that is too secure invites loss. Design for all three deliberately, before you need it.