The U.S. Securities and Exchange Commission’s (SEC) Office of Investor Education and Assistance has published a new investor bulletin titled “Crypto Asset Custody Basics for Retail Investors.” The document explains how investors can store and safeguard their digital assets while highlighting different custody models and key risks for retail participants.
Understanding crypto asset custody
According to the bulletin, crypto asset custody refers to how investors store and access their crypto assets. The SEC explained that crypto assets are generated, issued, or transferred using blockchain or similar distributed ledger technology. Such assets include tokens, digital assets, virtual currencies, and coins.
The bulletin noted that investors gain access to their crypto assets through a crypto wallet, a software or hardware device that stores the private keys associated with those assets. Importantly, the wallet does not hold the assets themselves. Instead, it stores the passcodes that authorize transactions.
“When you create a crypto wallet, the following two keys or passcodes are created,” the SEC explained. These are the private key and the public key.
Private and public keys define access control
A private key is a randomly generated alphanumeric passcode that allows a user to authorize transactions. The SEC stated,
“Once created, a private key cannot be changed or replaced. If you lose your private key, you permanently lose access to the crypto assets in your wallet.”
By contrast, a public key is used to verify transactions and lets others send crypto assets to a wallet address. The public key does not provide access to the private key and cannot be used to authorize spending.
“A public key is like the e-mail address to your crypto wallet,” the bulletin explained.
Many wallets generate a seed phrase as a backup. This phrase is a sequence of words that can restore access if private keys or hardware devices are lost or damaged. The SEC advised investors to “store your seed phrase in a secure place and do not share it with anyone.”
Hot and cold wallets offer different security options
The SEC outlined two main types of crypto wallets: hot wallets and cold wallets. Hot wallets remain connected to the internet and are typically easier to use for transactions. However, they face higher cybersecurity risks. Cold wallets, in contrast, are offline physical devices such as USB drives or hardware units that hold the private keys. They provide enhanced protection against hacking but can be lost, damaged, or stolen.
The agency encouraged investors to weigh convenience against security before selecting a wallet type and to keep both seed phrases and devices in safe, private locations.
Self-custody versus third-party custody
The bulletin distinguishes between self-custody and third-party custody.
Under self-custody, investors control their private keys and are responsible for the protection of their wallets. The SEC asked investors to evaluate whether they are comfortable managing the technical requirements and the risks of losing access to their holdings if devices or credentials are compromised.
With third-party custody, control of private keys is delegated to crypto exchanges or professional custodians. The SEC urged investors to conduct background checks, including regulatory research and online reviews, before choosing a custodian.
“If the third-party custodian is hacked, shuts down, or goes bankrupt, you may lose access to your crypto assets,” the SEC stated.
The agency recommended that investors ask about how custodians store assets, whether through hot or cold wallets, and who has access to them. The bulletin also warned that some custodians engage in rehypothecation, where deposited crypto assets are used as collateral for lending or other purposes. Others may commingle customer assets, holding them in shared accounts instead of separately.
Investors should inquire about insurance coverage for loss or theft, privacy safeguards, and whether custodians sell client data to third parties. Fee transparency was another key focus, with the SEC urging investors to check for potential charges such as annual asset-based fees, transaction costs, transfer fees, and account maintenance expenses.
General security and due diligence practices
The SEC emphasized several protective steps for investors. These include careful research before engaging with any custodian, never sharing private keys or recovery phrases, and maintaining secrecy about crypto holdings. Additional recommendations include the use of strong passwords, multi-factor authentication, and awareness of phishing scams targeting crypto users.
The bulletin arrives amid heightened attention to asset protection, following instances of exchange collapses that left customers unable to access their funds. The SEC’s guidance seeks to ensure that retail investors make informed decisions about where and how to store their digital assets.
Anastasiia G
Disclaimer: All materials on this site are for informational purposes only. None of the material should be interpreted as investment advice. Please note that despite the nature of much of the material created and hosted on this website, HODL FM is not a financial reference resource, and the opinions of authors and other contributors are their own and should not be taken as financial advice. If you require advice. HODL FM strongly recommends contacting a qualified industry professional.
