The keys that control everything
In 2022, actor Seth Green lost four valuable NFTs—including a Bored Ape he'd licensed for a TV show—to a phishing scam. Someone tricked him into signing a malicious transaction. The assets were gone in seconds.
When authorities investigate crypto theft, they often find recovery phrases stored in iCloud, Google Drive, or screenshot folders. Easy to find. Easy to steal.
Self-custody gives you complete control over your assets. It also gives you complete responsibility for protecting them. There's no bank to call, no fraud department to file a claim with, no reversing transactions.
This is Part 1: how the technical pieces fit together. Part 2 covers security practices and the broader implications.
Every self-custody wallet involves three related pieces of information. Understanding their relationship is essential.
Your public key is like an email address—safe to share, used to receive funds.
It looks like this:
0x47bb4cCA98FC49B971d86c5t26562c86E6284CeD
Long and ugly, but modern wallets offer address books and human-readable names (ENS domains like yourname.eth) to make this manageable.
Critical rule: Double-check addresses before sending. Transactions to wrong addresses are usually irreversible. There's no "undo."
Your private key proves you own the address. It authorizes every transaction.
It looks like this:
E9883D79C6D87DC0FB6A5778633389F4253213303DA61F20BD47FC233AA332623
You rarely interact with private keys directly—wallets handle this in the background. But conceptually, every time you approve a transaction, your private key is signing it.
Critical rule: Never share your private key. Anyone with it controls your wallet.
The mnemonic (also called seed phrase or recovery phrase) is typically 12-24 common English words:
dog house safe board room chair table desk computer space flower rain
This phrase generates all your private keys. It's the master backup that can restore your entire wallet on any device.
This is the most important thing you will ever protect in crypto.
The mnemonic can:
Write it down. Store it securely. Never type it into a website. Never store it digitally.
The relationship flows one direction:
Mnemonic → Private Keys → Public Keys
From one mnemonic, a wallet can generate unlimited private keys. From each private key, one public key is derived. The math is one-way—you can't reverse-engineer a mnemonic from a public key.
This means:
Self-custody eliminates intermediaries. No bank decides whether to process your transaction. No exchange can freeze your account. No institution can fail and take your funds with it.
The practical implications:
Remittances: In 2017, migrant workers paid $34.7 billion in fees to send money home—7.45% average, equivalent to 27 days of annual income. Self-custody enables direct transfers for under 1%.
Access: Anyone with internet can create a wallet. No credit checks, no applications, no geographic restrictions. The blockchain doesn't know or care who you are.
Sovereignty: Your assets are controlled by math, not policy. No committee votes on whether to honor your balance.
But these benefits come with responsibility. There's no customer support. No fraud protection. No recovery if you lose your keys.
The rules are simple. Following them is harder than it sounds.
For your mnemonic phrase:
The Seth Green situation happened because he signed a malicious transaction—not because he gave away his mnemonic. Even careful people make mistakes when the interface is deceptive.
Self-custody security isn't just about protecting your phrase. It's about verifying every transaction, being skeptical of every request, and assuming that anything asking for sensitive information is a scam until proven otherwise.
This probably sounds complicated. It is—at first.
The early internet required understanding IP addresses, dial-up connections, and arcane error messages. Now your grandmother uses FaceTime. Technology gets easier as interfaces improve.
Self-custody is on the same trajectory. Hardware wallets are getting simpler. Social recovery systems are emerging. Account abstraction promises better UX without sacrificing control.
But today, in 2022, self-custody still requires understanding these fundamentals. The technology will get easier. The principles won't change.
Part 2 covers operational security—how to structure your wallets, protect against common attacks, and think about the tradeoff between convenience and safety.
The keys that control everything
In 2022, actor Seth Green lost four valuable NFTs—including a Bored Ape he'd licensed for a TV show—to a phishing scam. Someone tricked him into signing a malicious transaction. The assets were gone in seconds.
When authorities investigate crypto theft, they often find recovery phrases stored in iCloud, Google Drive, or screenshot folders. Easy to find. Easy to steal.
Self-custody gives you complete control over your assets. It also gives you complete responsibility for protecting them. There's no bank to call, no fraud department to file a claim with, no reversing transactions.
This is Part 1: how the technical pieces fit together. Part 2 covers security practices and the broader implications.
Every self-custody wallet involves three related pieces of information. Understanding their relationship is essential.
Your public key is like an email address—safe to share, used to receive funds.
It looks like this:
0x47bb4cCA98FC49B971d86c5t26562c86E6284CeD
Long and ugly, but modern wallets offer address books and human-readable names (ENS domains like yourname.eth) to make this manageable.
Critical rule: Double-check addresses before sending. Transactions to wrong addresses are usually irreversible. There's no "undo."
Your private key proves you own the address. It authorizes every transaction.
It looks like this:
E9883D79C6D87DC0FB6A5778633389F4253213303DA61F20BD47FC233AA332623
You rarely interact with private keys directly—wallets handle this in the background. But conceptually, every time you approve a transaction, your private key is signing it.
Critical rule: Never share your private key. Anyone with it controls your wallet.
The mnemonic (also called seed phrase or recovery phrase) is typically 12-24 common English words:
dog house safe board room chair table desk computer space flower rain
This phrase generates all your private keys. It's the master backup that can restore your entire wallet on any device.
This is the most important thing you will ever protect in crypto.
The mnemonic can:
Write it down. Store it securely. Never type it into a website. Never store it digitally.
The relationship flows one direction:
Mnemonic → Private Keys → Public Keys
From one mnemonic, a wallet can generate unlimited private keys. From each private key, one public key is derived. The math is one-way—you can't reverse-engineer a mnemonic from a public key.
This means:
Self-custody eliminates intermediaries. No bank decides whether to process your transaction. No exchange can freeze your account. No institution can fail and take your funds with it.
The practical implications:
Remittances: In 2017, migrant workers paid $34.7 billion in fees to send money home—7.45% average, equivalent to 27 days of annual income. Self-custody enables direct transfers for under 1%.
Access: Anyone with internet can create a wallet. No credit checks, no applications, no geographic restrictions. The blockchain doesn't know or care who you are.
Sovereignty: Your assets are controlled by math, not policy. No committee votes on whether to honor your balance.
But these benefits come with responsibility. There's no customer support. No fraud protection. No recovery if you lose your keys.
The rules are simple. Following them is harder than it sounds.
For your mnemonic phrase:
The Seth Green situation happened because he signed a malicious transaction—not because he gave away his mnemonic. Even careful people make mistakes when the interface is deceptive.
Self-custody security isn't just about protecting your phrase. It's about verifying every transaction, being skeptical of every request, and assuming that anything asking for sensitive information is a scam until proven otherwise.
This probably sounds complicated. It is—at first.
The early internet required understanding IP addresses, dial-up connections, and arcane error messages. Now your grandmother uses FaceTime. Technology gets easier as interfaces improve.
Self-custody is on the same trajectory. Hardware wallets are getting simpler. Social recovery systems are emerging. Account abstraction promises better UX without sacrificing control.
But today, in 2022, self-custody still requires understanding these fundamentals. The technology will get easier. The principles won't change.
Part 2 covers operational security—how to structure your wallets, protect against common attacks, and think about the tradeoff between convenience and safety.