Hardware is a critical component of self custody. But it only solves part of the problem.
We all know the mantra: Not your keys, not your coins.
It’s long been the rallying cry for bitcoiners to move their keys off exchange into self-custody, a posture that means nobody but you can move your coins.
But holding your keys is a challenge far greater than most people realize.
The phrase makes it sound like, as long as you alone hold your keys, you’re good. But it’s not enough to simply possess your keys. Self-custody means protecting them from a wide array of attacks, exploits, and mishaps. And that’s no small task.
You need to be able to keep your keys safe from phishing and malware. Your keys need to survive natural disasters, institutional collapse, and corruption. You need to maintain control of them in the face of confiscation attempts, coercive violence, potentially even betrayal by people close to you.
Eventually—inevitably—they must also find a safe path to the people you want to inherit them.
The true test of self-custody isn’t just whether or not you hold your own keys. It’s whether or not you can protect them from loss, theft, coercion, seizure, and death, and still be able to make transactions when you need to, without a third party intermediary.
And yet, for years, self-custody has largely been conflated with a specific kind of device: the hardware wallet.
But hardware wallets only solve for secure signing; they don’t even attempt to solve all the other problems at the core of self-custody.
The difference between a vault and a pen
Imagine you’re buying a literal vault. The salesperson describes all the features that make it a vault: the thick steel door, the tamper-proof keypad, the mechanism that locks out any user who makes too many incorrect attempts to open it. It’s solid, and it will definitely keep attackers out.
But after you've purchased the vault and your secrets are inside, the vault spits out another copy of those secrets, for you to store outside it. You’d probably be asking, isn’t that what the vault is for? To protect that sensitive material?
This is how most hardware wallets work. While they securely hold your private key, they also export a copy of it in the form of a seed phrase.
At that moment, the device gives up the one thing it is ostensibly purpose-built to protect. It gives you, literally, a copy of the vault’s contents to keep safe in some other way.
That’s not a flaw; it’s a design decision. But it also means the hard part (the true vault part, actually protecting the secret) gets passed on to the user to figure out for themselves.
Once it has given up its secret as a human-readable seed phrase, a wallet is no longer truly a vault; in fact, it’s a lot closer to a pen. Like a pen, the hardware wallet signs your transactions, but it can no longer guarantee that your secret is safe in a way that you and only you can access.
It leaves that problem—the real problem at the core of self custody—for the end user to solve.
Self-custody shouldn’t stop at key generation.
A hardware wallet enables secure key generation and usage–both of which are hugely important. But generating and using keys securely is not the same as owning bitcoin safely. The widespread assumption that hardware wallets are “secure by default” because they’re air-gapped and tamper-resistant is technically true, but dangerously incomplete.
Seeing a hardware wallet as a complete solution has led the industry to overstate what users are actually being given—a hardware signer—and understate what they’re actually being asked to figure out for themselves: the hardest part of the problem, which is solving for key exclusivity, loss, and legacy.
And that gap—the space between signing and self custody—is where countless users have lost bitcoin, lost confidence, and lost trust in their ability to manage ownership at all. And it’s funneled users into the kinds of custodial systems we are all trying to move beyond.
We have to solve the whole problem.
Self-custody—the ability to hold and transact with your own funds without the need for a third party intermediary—is the point of Bitcoin. But self-custody needs to be widespread, and it only becomes widespread if it’s genuinely safe.
Genuine safety requires solving custody comprehensively across use, loss, theft, coercion, inheritance, and the messy unpredictability of real life. It doesn’t (or at least it shouldn’t) stop at key generation and secure signing. That’s why we designed Bitkey the way that it is: to eliminate the single-points-of-failure that most hardware wallets leave for customers to figure out, to give users multiple routes to asset recovery when life happens, to let customers pass on their assets to beneficiaries when the time comes. And to make all of those things easy to do.
Hardware signers are essential tools and are a critical part of any custody solution. (After all, we also build hardware signers and believe in them deeply.) But they’re insufficient on their own. They are one important piece of the picture, but true self custody means solving for the whole picture.
To unlock the next chapter of self-custody adoption, we can’t stop at the tools, which are insufficient on their own. We have to build complete systems—ones that are flexible, survivable, and safe by default.
If we really care about Bitcoin’s safe adoption and proliferation, we can’t keep handing people pens and telling them they have a vault.
Want to learn more about Bitkey? Visit bitkey.world.