What Is Custodial Risk in Crypto?

When you buy cryptocurrency through an exchange and leave it on the platform, you do not actually own the cryptocurrency. You own a promise. The exchange holds the real assets, and your account balance is a record in their database. If the exchange fails, gets hacked, freezes withdrawals or turns out to be fraudulent, that promise can become worthless overnight.

This is custodial risk, and it is one of the most significant and underappreciated dangers in crypto. Unlike traditional bank deposits which may be protected by government-backed deposit insurance, cryptocurrency held on an exchange has no equivalent guarantee in Australia. Understanding custodial risk and how to manage it is fundamental to protecting your assets.

What Is Custodial Risk?

Custodial risk refers to the risk that arises when you entrust your cryptocurrency to a third party custodian, most commonly a centralised exchange (CEX). The custodian holds the private keys to the crypto on your behalf, meaning they have actual control of the assets.

When you deposit Bitcoin or any other cryptocurrency to an exchange, you are transferring ownership of those assets to the platform. In return, the platform credits your account. Your account balance represents a liability the platform owes you, not direct ownership of crypto on the blockchain.

The phrase not your keys, not your crypto captures this precisely. Private keys are the cryptographic proof of ownership on the blockchain. If someone else holds those keys, they control the assets. Custodial risk is the risk that the holder of your keys fails to return them or the assets they represent.

Why Custodial Risk Matters

Custodial risk in crypto is more acute than in traditional finance for several reasons.

First, cryptocurrency exchanges are not subject to the same deposit protection schemes as banks. In Australia, the Financial Claims Scheme protects bank deposits up to 250,000 AUD per person per authorised deposit-taking institution. No equivalent protection applies to crypto held on exchanges.

Second, the crypto industry has a documented history of exchange failures, hacks and outright fraud. Major platforms have collapsed, taking billions of dollars of customer funds with them. When this happens, customers become unsecured creditors, often recovering only a fraction of what they held, if anything at all.

Third, cryptocurrency transactions on the blockchain are irreversible. If an exchange is hacked and funds are drained from the hot wallets holding customer crypto, there is no mechanism to reverse those transactions. The blockchain does not distinguish between authorised and unauthorised transactions.

Types of Custodial Risk

Custodial risk takes several distinct forms, each with different causes and outcomes.

Exchange insolvency occurs when a platform operates at a loss, engages in risky lending of customer assets or collapses due to mismanagement. When a centralised exchange becomes insolvent, customers typically become unsecured creditors in a bankruptcy process that can take years to resolve and rarely returns 100 cents in the dollar.

Exchange hacks occur when external attackers compromise the security of a platform and drain customer funds. Even large, well-resourced exchanges have suffered significant hacks. The risk is never zero, and crypto held on any online platform is subject to the platform’s security posture.

Fraud and misappropriation involve platform operators deliberately misusing or stealing customer funds. This has occurred at multiple major platforms, with operators using customer crypto for their own trading, lending or personal enrichment without customers’ knowledge.

Regulatory seizure occurs when government authorities freeze or seize assets held on a platform, for example as part of an investigation into the platform or its operators. Customers can find their funds inaccessible for extended periods or permanently.

Technical failure includes scenarios where a platform experiences system failures, software bugs or operational errors that result in loss or inaccessibility of customer funds. While less common than fraud or hacking, it represents a non-zero risk.

Withdrawal freezes occur when exchanges halt customer withdrawals, often preceding a more serious collapse. This traps customer funds on the platform and can signal imminent insolvency.

Custodial vs Non-Custodial Storage

The fundamental question in crypto storage is whether you want custodial or non-custodial control of your assets.

In a custodial arrangement, the exchange or platform holds your private keys. You access your crypto through an account on their platform. This is convenient but introduces custodial risk: you are dependent on the platform remaining solvent, secure and honest.

In a non-custodial arrangement, you hold your own private keys in your own cryptocurrency wallet. No third party can access or move your funds without your keys. You are solely responsible for the security of your keys, but the custodial risk of a third party failure is eliminated.

The trade-off is one of convenience vs security. Exchanges are convenient for trading, fiat conversion and access to a range of services. Self-custody is more secure but requires personal responsibility for key management. Most experienced crypto investors use both: exchanges for active trading, and self-custody for long-term holdings. Understanding the risks of keeping crypto on an exchange is a critical part of managing your overall risk profile.

How to Reduce Custodial Risk

There are several practical steps you can take to reduce your exposure to custodial risk.

Use self-custody for significant holdings. If you hold cryptocurrency as a long-term investment, move it off exchanges into a self-custody wallet. A hardware wallet (cold wallet) is the most secure option for substantial holdings. Choosing the right hardware wallet for your needs is an important decision.

Back up your seed phrase securely. When you use a self-custody wallet, your seed phrase is the master key to your funds. Store it offline, in a secure location, and never share it with anyone. Our guide on how to back up your crypto wallet covers this in detail.

Diversify across platforms. If you do keep crypto on exchanges for trading purposes, spread it across multiple reputable platforms rather than concentrating on one. This reduces your exposure to any single platform failure.

Use regulated and reputable exchanges. In Australia, ASIC-registered crypto exchanges have met minimum regulatory standards including KYC (know your customer) requirements. While regulation does not eliminate custodial risk, it reduces the likelihood of outright fraud and provides a legal framework for recourse.

Keep only trading capital on exchanges. A practical rule used by many experienced crypto investors is to keep only the amount you need for active trading on exchanges, and hold the remainder in self-custody. This way, even if an exchange fails, your losses are limited to your trading allocation.

Monitor exchange health. Pay attention to news about the exchanges you use, including any reports of withdrawal issues, financial difficulties or regulatory action. Withdrawal problems are often an early warning sign of deeper issues.

When Custodial Storage Is Acceptable

Self-custody is not always practical or appropriate for every investor or every situation. There are contexts where custodial storage is a reasonable choice.

For active traders, keeping trading capital on an exchange is a practical necessity. If you are actively trading cryptocurrency pairs, you need funds on the platform to execute trades. The key is to limit this to your active trading capital, not your total holdings.

For small amounts, the complexity of self-custody may not be worth the effort for very small holdings. A few hundred dollars of crypto on a reputable Australian exchange carries custodial risk, but that risk may be proportionate to the convenience and the amount at stake.

For new investors still learning about cryptocurrency wallets), self-custody introduces the risk of losing access to funds through user error. Building knowledge of how private keys and seed phrases work before moving to self-custody is a reasonable approach.

Australian Regulatory Protections

In Australia, cryptocurrency exchange regulation has been evolving. ASIC (the Australian Securities and Investments Commission) has taken an increasingly active role in overseeing crypto asset providers, and AUSTRAC requires exchanges to register and comply with anti-money laundering obligations.

However, the key point for investors is that no government-backed guarantee protects crypto held on exchanges in Australia. Unlike bank deposits up to 250,000 AUD which are protected by the Financial Claims Scheme, there is no equivalent safety net for cryptocurrency custodied on an exchange.

This regulatory gap means that due diligence on the exchanges you use is entirely your responsibility. Checking whether a platform is registered with AUSTRAC, holds any ASIC licence, publishes regular proof-of-reserves audits and has a strong security track record are all important steps before depositing cryptocurrency on any platform.

Building a Risk-Aware Crypto Storage Strategy

Effective risk management in cryptocurrency requires thinking about both price risk (the market value of your assets going up or down) and custodial risk (the risk of losing access to your assets entirely). Many investors focus entirely on price risk and ignore custodial risk, only to discover the hard way that exchange failures are real.

A sensible approach separates your holdings by purpose. Long-term holdings should be in self-custody on a hardware wallet. Medium-term holdings that you may want to trade in the next few months can be split between self-custody and a reputable exchange. Active trading capital lives on the exchange. This tiered approach is central to building a balanced crypto portfolio that accounts for all dimensions of risk.

Custodial risk is not a reason to avoid crypto entirely. It is a reason to be thoughtful about where and how you store it. Knowing how cryptocurrency wallets work, understanding the difference between hot and cold wallets), and maintaining proper key backups are core skills for any serious crypto investor.

Members of the Shepley Capital community receive detailed guidance on custody strategy, exchange selection for Australian investors and risk management frameworks tailored to different portfolio sizes and experience levels. Explore our membership tiers to access structured education and curated market intelligence.