MetaMask is the world's leading self-custodial crypto wallet and gateway to decentralized finance, built by Consensys.
Read all articlesA practical guide to self-custody, hardware wallets, Secret Recovery Phrase protection, and defending against phishing, with the data behind why it matters.

Bitcoin can be safely stored by holding it in a self-custodial wallet. Only the BTC owner controls and secures both the Private Keys that authorize transactions, and the Secret Recovery Phrase that can regenerate those keys. No exchange, company, or third party can move, freeze, or recover the funds. In bitcoin's design, whoever holds the keys holds the BTC.
Disclaimer: This guide is for educational purposes only. It is not financial advice, not a solicitation, and not for UK audiences. Self-custody of bitcoin and digital assets is risky and not suitable for all users.
Targeted bitcoin theft is rising: in April 2025, a single US holder lost 3,520 BTC, roughly $330 million, when a social engineering scam reached their wallet. Physical coercion is rising alongside it. 2025 was a record year for physical attacks on bitcoin owners, with reported assaults up 169% last year. The threat to stored bitcoin comes from two directions at once: centralized platforms that fail catastrophically, and individual holders picked off by social engineering. A sound storage strategy has to account for both failure modes.
Different bitcoin storage methods trade off security against convenience. The spectrum runs from fully custodial, where an exchange holds the keys, to fully self-custodial and offline, where the keys never touch an internet-connected device. For a breakdown of wallet categories, including hot vs cold and custodial vs self-custodial, see what is a bitcoin wallet. This guide focuses on how to use each method securely.
Storage method | Key control | Internet exposure | Best suited for |
Exchange custody | Exchange holds keys | Always online | Active trading and small balances awaiting withdrawal |
Software wallet (hot) | Owner holds keys | Online when in use | Day-to-day transactions and moderate balances |
Hardware wallet (cold) | Owner holds keys on a secure chip | Offline by default | Long-term holdings and larger balances |
Air-gapped hardware or dedicated device | Owner holds keys, never connects to the internet | Fully offline | High-value cold storage |
Multisig wallet | Multiple keys required to sign | Varies by setup | Institutional holdings, shared custody, and estate planning |
Each step down the table adds security and removes convenience. Combining at least two methods, an approach often called tiered storage, can reduce the risk of any single point of failure.
The most widely used approach, recommended by most security researchers and hardware wallet manufacturers, splits holdings across tiers by how often they are used.
Tier | What it holds | How it is protected |
Active tier (software wallet) | A small share of holdings for daily transactions, swapping, and app interactions | Strong device security, updated software, and transaction verification |
Cold tier (hardware or air-gapped device) | The majority of holdings, accessed infrequently to refill the active tier or make large transfers | Physical security, a PIN, and a secure phrase backup |
Recovery tier (Secret Recovery Phrase backups) | Metal or paper backups in two or more separate locations | Geographic separation; exists solely to reconstruct access if a device is lost, stolen, or destroyed |
The right split depends on how often someone transacts and their risk tolerance. The principle stays constant: keep the minimum necessary amount on internet-connected devices, and keep the rest offline.
A Secret Recovery Phrase is the sequence of 12 or 24 words generated when a wallet is first created. It is the master backup for every Private Key the wallet derives. Anyone who obtains those words in the correct order can rebuild the wallet and move all funds from any device, anywhere. There is no second factor, no confirmation email, and no waiting period.
Physical media is the safest place for it. Paper or stamped metal works; a notes app, screenshot, email, or cloud drive does not. In March 2026, Gen Digital documented a clipboard-hijacking infostealer called Torg Grabber that targeted 728 crypto-wallet browser extensions by silently swapping copied data, a reminder that malware on a connected device can intercept sensitive information the moment it is used.
Two or more physically separate, secure locations protect a backup against fire, flood, or theft at any single site, such as a fireproof safe and a bank safe deposit box. Metal backups add further protection because stamped or engraved steel plates survive fire and water that would destroy paper.
No legitimate wallet provider, exchange, or support representative will ever ask for a Secret Recovery Phrase. Any request for one is a scam, without exception.
A software wallet, sometimes called a hot wallet, is an application on a phone, browser, or desktop that generates and stores Private Keys on the device. The holder controls the keys directly, which removes exchange dependency, but the device stays connected to the internet at least some of the time.
Software wallets are the most practical option for BTC that gets used for sending, receiving, swapping, or interacting with apps. MetaMask, for example, supports native Bitcoin through the Native SegWit derivation path (the modern bitcoin address format that lowers network fees) alongside Ethereum and Solana in a single self-custodial interface.
The security ceiling of a software wallet is the security of the device it runs on. Malware on a compromised phone or computer can expose Private Keys, no matter how well the wallet software is built. Practical defenses include keeping the operating system updated, avoiding sideloaded apps from unofficial sources, using a dedicated device where possible, and keeping the Secret Recovery Phrase off the device that runs the wallet.
A hardware wallet is a purpose-built physical device that generates and stores Private Keys in a secure element, a tamper-resistant chip that never exposes the keys to an internet-connected computer or phone. When a transaction needs signing, the details go to the device, get signed internally, and return. The Private Keys never leave the hardware.
This architecture means that even if the computer used alongside the hardware wallet is compromised, the attacker cannot extract the keys or alter the transaction details without physical access to the device and its PIN.
Feature | Why it matters |
Secure element chip | Prevents key extraction even with physical access |
On-device transaction display | Verifies the exact recipient and amount before confirming, which defeats address-swapping malware |
Open-source firmware | Allows independent security audits |
Bitcoin-native support (SegWit, Taproot) | Ensures full compatibility, not just wrapped or tokenized BTC |
Direct manufacturer purchase | Eliminates tampered-device risk from third-party resellers |
Hardware wallets work alongside software wallets rather than replacing them. The software wallet handles the interface and network connection; the hardware wallet handles signing. MetaMask Extension connects to hardware wallets, including Ledger, Trezor, Keystone, and NGRAVE ZERO, which pairs day-to-day portfolio visibility with offline key isolation.
For high-value holdings, some holders go further than a standard hardware wallet.
Air-gapped devices are hardware wallets or dedicated computers that never connect to the internet in any way, including USB, Bluetooth, or Wi-Fi. Transactions pass to the device by QR code or microSD card, get signed offline, and pass back the same way. This removes the entire category of remote, network-based attacks.
Multisig, or multi-signature, wallets require more than one Private Key to authorize a transaction, for example, two out of three keys held in separate locations or by separate people. This removes the single point of failure in any single-key setup. If one key is lost or compromised, an attacker still cannot move funds, and the holder can recover using the remaining keys. Multisig is common in institutional custody, shared business accounts, and estate planning, where access needs to survive the loss of any single keyholder.
Both approaches add complexity and generally make sense only for holdings where the security benefit justifies the operational overhead.
When bitcoin sits on an exchange, the exchange controls the Private Keys. The holder has a claim on the platform's reserves, not direct ownership of specific BTC on the blockchain. If the exchange is hacked, freezes withdrawals, or becomes insolvent, that claim may be worthless.
The February 2025 Bybit breach resulted in roughly $1.5 billion stolen, the largest single crypto theft on record, according to Chainalysis. The collapses of FTX in 2022 and Mt. Gox in 2014 showed the same structural risk at different scales. Chainalysis attributed 88% of Q1 2025 theft losses to compromises of centralized services, a pattern MetaMask's December 2025 Crypto Security Report saw alongside last year's $3.4 billion in total losses.
For holders who keep some BTC on an exchange to trade actively, enabling every available security feature, including two-factor authentication, withdrawal address whitelisting, and email confirmations for withdrawals, reduces the risk without eliminating it. Exchange custody still means trusting someone else's infrastructure.
The most common way bitcoin holders lose funds is by being tricked into handing over access, not protocol exploits. No storage method protects a holder who gives away the keys.
Address poisoning is the fastest-growing blockchain network attack vector. As of early 2026, Blockaid had flagged more than 65.4 million address-poisoning transactions since January 2025, averaging over 160,000 per day. Attackers send tiny transactions from addresses that match the first and last characters of a victim's real addresses. When the victim copies an address from transaction history instead of verifying the full string, the funds go to the attacker. According to CoinDesk, one victim lost roughly $50 million this way in December 2025. One way to reduce address poisoning risks is to verify the full address before every send and to use a saved address book rather than transaction history. MetaMask's Address Poisoning Detection is built into the wallet by default. It compares each newly pasted address against addresses the user has already interacted with, and shows a warning when it spots a lookalike.
Impersonation was one of the fastest growing scam categories in 2025, according to Chainalysis. The attack shows up in many different forms, including: hackers posing as trusted brands, founders, or officials, and fake support staff who claim to represent a wallet provider or exchange. Both reach victims over channels like Telegram, Discord, and email. Legitimate support never initiates contact by direct message and never requests yourSecret Recovery Phrase. For example, leading self-custodial wallet MetaMask will never ask you for your Secret Recovery Phrase.
Malicious transaction signing tricks holders into approving transactions that grant an attacker permission to move tokens. This often happens through spoofed dapp interfaces. Defense: read every transaction detail before signing. MetaMask's transaction simulation and security alerts scan for known malicious addresses and suspicious contract interactions before execution. Reject anything that can't be fully read and understood.
Scenario | What to do |
Lost Secret Recovery Phrase, wallet still accessible | Create a new wallet, record the new phrase securely, and move all funds to it. Treat the old wallet as compromised, so the funds stay safe even if the lost phrase resurfaces. |
Lost Secret Recovery Phrase, wallet inaccessible | The funds are permanently unrecoverable. No wallet provider can restore them. This is the most consequential risk in self-custody. |
Compromised device | Move funds to a wallet on a clean, trusted device using a different Secret Recovery Phrase. Do not enter existing phrases on the compromised device. |
Wrong address | Bitcoin transactions are irreversible once confirmed, with no chargeback and no central authority to appeal to. |
Because confirmed bitcoin transactions cannot be reversed, pre-send verification is an important habit rather than an optional step. A small test transaction can confirm a new address, but a test alone is not enough: the December 2025 victim who lost $50 million sent a test first, then copied the poisoned address from transaction history. Re-entering or pasting the address from a saved, verified source for every send closes that gap.