The U.S. Securities and Exchange Commission (SEC) has issued a new Investor Bulletin aimed at helping retail investors understand the basics of crypto asset custody. The guidance focuses on how digital assets are stored, who controls them, and why custody decisions carry significant risks.
According to the SEC, crypto wallets do not actually hold crypto assets. Instead, they store private keys, which are secret codes that allow investors to access and transfer their holdings. Losing these keys usually means losing access to the assets permanently, with no recovery mechanism.
The bulletin highlights the difference between hot wallets and cold wallets. Hot wallets are connected to the internet and offer convenience, but they are more vulnerable to hacking and cyberattacks. Cold wallets remain offline, providing stronger protection against online threats, but they require careful handling to avoid physical loss or damage.
Self-custody versus third-party custody
The SEC also explains the trade-offs between self-custody and third-party custody. With self-custody, investors retain full control of their private keys and assets, but they also bear full responsibility for security. Mistakes such as losing a seed phrase or falling for a scam can result in irreversible losses.
With third-party custody, a crypto exchange or custodian manages the private keys on the investor’s behalf. While this may be easier for beginners, the SEC warns investors to carefully assess custodians’ security practices, regulatory oversight, fees, and whether assets may be used for lending or other purposes.
The bulletin stresses basic safety practices, including never sharing private keys or recovery phrases, using strong passwords and multi-factor authentication, and remaining alert to phishing scams. The SEC notes that the guidance is educational and does not constitute legal or investment advice.
For retail investors, the message is clear. Understanding crypto custody is essential, as control over private keys ultimately determines who truly owns and controls digital assets.