In November 2022, people with $100,000 in their FTX accounts woke up one morning and couldn’t withdraw a single dollar.
FTX wasn’t some shady offshore operation. It was the third-largest crypto exchange in the world. Tom Brady was a brand ambassador. Sam Bankman-Fried testified before Congress. The company had a naming deal on the Miami Heat arena.
None of that mattered. The exchange filed for bankruptcy, and $8 billion in customer funds vanished. As of 2026, customers are still trying to recover what they lost.
This wasn’t an isolated incident. The same story played out with Celsius Network in 2022, with BlockFi shortly after, and with MT.Gox a decade earlier. Different platforms, same outcome: people who thought they owned crypto found out they didn’t.
There’s a phrase in crypto that predicts this outcome every time. Once you understand it, you’ll never look at an exchange account the same way.
Not your keys, not your crypto.
What “Not Your Keys” Actually Means
When most people buy crypto on an exchange like Coinbase or Kraken, they see a balance in their account. It looks like ownership. It feels like ownership. But what they actually hold is an IOU.
The exchange controls the private keys — the cryptographic passwords that actually authorize transactions on the blockchain. You log in with a username and password, but the exchange’s systems are doing the real signing.
Here’s the critical distinction:
When an exchange holds your keys:
- You log in with a username and password
- The exchange signs transactions on your behalf
- You’re trusting them to keep the keys secure
- You’re trusting them to honor withdrawal requests
- If they fail, freeze, or get hacked, your access disappears with them
When you control your own keys (self-custody):
- You control the private key directly
- You sign transactions yourself
- No one can freeze your access
- No counterparty can fail and take your funds with them
- If you lose your seed phrase, there’s no “forgot password” button
Think of it this way. Keeping crypto on an exchange is like keeping cash in a bank vault — convenient, and someone else handles the security, but they control access and you’re in line with other creditors if something goes wrong. Self-custody is like keeping cash in a safe at home. You’re responsible for the security, but no one can lock you out.
When Exchange Risk Goes From Theory to Reality
This isn’t theoretical risk. Three examples from the last decade prove it.
FTX (November 2022)
FTX was legitimate. It was regulated. It had institutional backing and celebrity endorsements. If you’d asked most people in October 2022 whether FTX was safe, they would have said yes.
November 2022: $8 billion in customer funds gone. People with $100,000 in their accounts couldn’t withdraw $1. The exchange filed for bankruptcy. Customers are still fighting in court years later.
The lesson: It doesn’t matter how reputable an exchange looks. You don’t control the keys, you don’t control the money.
Celsius Network (July 2022)
Celsius had 1.7 million users and over $11.7 billion in assets. Their marketing pitch was “unbank yourself.” They offered 8–18% APY on deposits.
June 2022: Celsius froze all withdrawals. July 2022: They filed for bankruptcy.
People who deposited crypto expecting to earn yield instead watched helplessly as the company collapsed. Some recovered a portion through bankruptcy proceedings. Many never will.
The lesson: If you can’t withdraw it, you don’t own it.
MT.Gox (February 2014)
MT.Gox was the largest Bitcoin exchange in the world at the time, handling 70% of all global Bitcoin transactions. In February 2014, they announced that 850,000 Bitcoin had been stolen — worth $450 million at the time.
Most users never got their Bitcoin back. As of 2026, some MT.Gox creditors are still waiting for distributions after 12 years. If you had owned those Bitcoin in self-custody instead of on MT.Gox, you’d currently have assets worth over $40 billion at today’s prices.
The lesson: The “safest” exchange can collapse overnight.
What About FDIC Insurance?
This is the most common question, and the answer matters.
Traditional bank deposits are FDIC insured up to $250,000. If your bank fails, you get your money back up to that limit. That’s a real protection backed by the U.S. government.
Crypto exchanges are not FDIC insured. Some have their own insurance policies, but the coverage is limited, usually applies only to certain types of losses (typically hacks, not bankruptcy), and rarely covers everyone when things actually go wrong. When FTX collapsed, they had insurance. It didn’t matter. $8 billion was gone.
Don’t rely on insurance or regulation to protect your crypto. The simpler solution is to not keep large amounts on exchanges in the first place.
When It Makes Sense to Use an Exchange
I’m not saying never use exchanges. I’m saying understand what they’re for.
Use exchanges for:
- Buying crypto with USD
- Selling crypto back to USD
- Short-term holdings while you’re still learning the basics
Don’t use exchanges for:
- Long-term storage of any meaningful amount
- “Earning yield” through lending programs
- Holding the bulk of your portfolio
My personal rule after watching enough exchanges fail: I keep less than $1,000 on exchanges at any time. I deposit fiat, buy, and withdraw to my hardware wallet — usually within 30 minutes. Is it more work? Yes. Do I sleep better knowing that if Coinbase fails tomorrow I lose at most $800? Also yes.
What You’re Actually Controlling
When you move to self-custody, here’s what you’re managing:
Your public key is like your email address — safe to share, it’s the address people send crypto to.
Your private key is like your email password — never share it, anyone who has it can move your crypto, and losing it means losing access forever. In practice, your private key is represented as a 12–24 word seed phrase. Protecting it properly is the single most important thing you can do once you move to self-custody.
Once you understand the principle, the next step is deciding where to store your crypto. For most people holding more than $1,000–$2,000, the answer is a hardware wallet — a physical device that keeps your private keys offline and out of reach of hackers.
The Bottom Line
Most people who “own” crypto don’t actually own it. They own an IOU from an exchange, and they’ll find that out the hard way when the exchange has a problem.
Not your keys, not your crypto isn’t a slogan. It’s a description of how blockchain ownership actually works. Your crypto belongs to whoever controls the private keys. Right now, that might not be you.
The good news: fixing this isn’t complicated. It takes a few hours of setup and a small investment in a hardware wallet. The result is crypto that no exchange failure, no bankruptcy, and no freeze can take from you.
That’s the whole point.
David Aiello is a Staff Technical Program Manager with 12 years in blockchain. He is the founder of Crypto Clarity Collective and the author of Wallet Security: Your Complete Setup Guide and The $6 Billion Mistake. This is not financial advice.