A Practical Guide to Understanding Custody Models in 2025
Comparing the tradeoffs, risks, and benefits of 2025’s most common Bitcoin custody models
Joe Rodgers
May 6, 2025
Bitcoin lets you hold wealth without permission. But how you custody it, aka how you store and access your bitcoin private key, matters more than most people realize.
There’s no one-size-fits-all approach. Some models give you complete control but only rudimentary protection. Others make custody easier, but remove your sovereignty. And somewhere in between are various key management systems designed to balance control, resilience, and protection from real-world risk.
In this guide, we’ll break down seven major custody models in use today, from DIY single-sig setups to institutional platforms and insured multisig vaults, so you can understand the tradeoffs and pick what’s right for your situation.
1. Single-Signature Custody
Simple, direct, and fully sovereign but with no margin for error. Often called “Single Sig.”
How it works:
Single-signature custody means one key controls everything. You generate and store a single private key, typically on a hardware wallet, and back it up using a 12- or 24-word seed phrase. Any time you want to move your Bitcoin, you use that key to sign the transaction.
This setup offers full sovereignty and is easy to understand, but it comes with significant risk: if the key or backup is lost or compromised, the Bitcoin is gone forever. There’s no built-in redundancy, no fallback, and no one to call.
It’s a great fit for smaller balances or advanced users with strong key management practices, but not ideal for high-value long-term storage without additional safeguards.
Pros:
You hold the keys
Fully sovereign
Easy to set up
Cons:
Lose the key, lose your Bitcoin
No recovery or backup built in
Vulnerable to physical theft or coercion
Best for:
Small balances
Advanced users who understand key management
People who accept full responsibility (and risk)
2. 2-of-3 Multisignature Self-Custody
Reduces single points of failure if you set it up correctly. Typically called “multisig”
How it works:
In a 2-of-3 multisignature setup, you generate three separate private keys. To move Bitcoin from the wallet, you only need approval from any two of the three keys. This provides redundancy and security—if one key is lost or compromised, the funds are still safe and accessible with the remaining two.
Each private key is stored on its own dedicated signing device, ideally in geographically distinct locations. This separation helps protect against theft, hardware failure, and natural disasters. For example, one key might be stored in your home, another with a trusted third party, and a third in a safety deposit box.
The risk of a single point of failure is reduced because no one key can move funds on its own. Even if an attacker gains access to one device, they would still need a second key to spend the Bitcoin. This makes 2-of-3 multisig one of the most resilient and responsible ways to hold large amounts of Bitcoin.
Pros:
Tolerant to one key loss or compromise
Enables geographic distribution Stronger against disaster or theft
Cons:
More complex to set up and maintain
Still 100% your responsibility
No insurance, no recovery if two keys fail
Best for:
High-net-worth individuals and families
Businesses managing significant Bitcoin
Long-term holders with tech competence
3. Collaborative Custody (Casa, Unchained)
You hold the majority of keys — a provider holds the minority. Built-in recovery and guidance.
How it works:
Collaborative custody uses a multisig setup—typically 2-of-3—where you control two keys and a trusted provider holds the third. This gives you full control in normal circumstances, while offering a safety net if one of your keys is lost.
Because you hold the majority, you can move your Bitcoin independently. But if you lose a key, the provider can co-sign to help recover access. This setup is especially useful for inheritance planning and basic disaster recovery, though it’s not a silver bullet.
It does not fully protect against coercion, theft, or sophisticated attacks, and still requires that heirs or beneficiaries have access to at least one key. But for many users, it balances security, autonomy, and support.
Provider
You Hold
They Hold
Notable Features
Casa
2–3
1–2
Mobile app, emergency key recovery
Unchained
2
1
Loans, IRAs, and inheritance services
Pros:
A model of “supported” self-custody: you control your bitcoin, with some professional help
Better odds of inheritance recovery in the case of death than a complicated self-custody model
Guided setup for practical users who want the benefits of self-custody but with reduced risks
Cons:
Partial reliance on third party; no guarantee that they’ll be there for you eventually when you need them
Can’t fully mitigate threats like coercion or kidnapping
You’re still exposed if two keys fail
Inheritance models aren’t foolproof
Best for:
Users who want more support but still want key control
Those not ready to manage everything alone
4. Insured Multi-Entity Vaults (AnchorWatch)
Multisig designed for resilience, with insurance for what multisig alone can’t cover.
How it works:
This approach uses a 2-of-2 multisignature vault shared between you and AnchorWatch, with insurance coverage for edge-case risks like theft, disaster, coercion, or multiple points of failure. The vault is governed by Miniscript, allowing for highly customized spending conditions and time-based recovery options.
While the policy is active, neither you nor AnchorWatch can move the Bitcoin alone — both parties must co-sign every transaction. This setup provides enhanced protection against loss or abuse. After the policy ends, control transitions entirely to you, without needing AnchorWatch’s involvement going forward.
In the event of your death, preprogrammed time-locked recovery paths ensure your beneficiaries can ultimately gain access. AnchorWatch’s Flagship Policy (2025) offers both shared custody and full insurance protection, combining operational security, sovereign control, and peace of mind.
Pros:
You hold your own keys, AnchorWatch doesn’t have a backup of your keys
Becomes self-custody if anything ever happens to AnchorWatch
Designed to survive disaster and fraud
Audited by various tech, code, bitcoin, insurance, and regulatory auditors for readiness to store billions of dollars of wealth.
Lloyd’s of London backed Insurance covers loss due to coercion, key loss, natural disaster, or operational failure (see policy for exact coverage)
Cons:
Insurance requires KYC and underwriting (answering questions about your risk profile)
Requires onboarding where you set up your private keys and register them to your Vault
Not meant for casual or short-term holders, best for deep cold storage and maximum security
Best for:
Long-term holders
Businesses, funds, and family offices
Anyone serious about eliminating catastrophic risk
5. Sole Custodian Model (e.g., Coinbase Prime, BitGo, Anchorage)
Bitcoin is held entirely by a third party. You don’t hold keys, they do.
How it works:
In the sole custodian model, you deposit your Bitcoin with a company, and they manage storage, security, and transaction signing. You don’t have access to the private keys at any point. When you want to move funds, you submit a request and rely on the custodian to process it.
This setup is common among institutions, funds, and enterprises seeking simplicity, compliance, and outsourced risk management. Some custodians are regulated as Qualified Custodians (QCs), meaning they meet specific legal and operational standards set by regulators. Others are not, and in that case, you’re trusting their brand, technology, and legal terms.
The benefit is ease and built-in infrastructure. The tradeoff is control: if the custodian is hacked, compromised, or fails, you have little recourse unless protections like insurance, segregation of assets, or legal guarantees are in place.
Pros:
Bitcoin custody and security outsourced to key management experts
Institutional-grade security infrastructure designed to withstand sophisticated attacks
Easy integration with other financial services
Cons:
You do not hold keys, no sovereignty. Subject to platform risk, policy changes, or regulatory freeze
Huge honeypots; ever-present risk of an inside bad actor infiltrating security from the inside
No instant access
Best for:
RIAs, funds, and enterprises
Clients requiring compliance-first custody
Treasury managers who want custody off their plate
6. Multi-Institutional Custody Platforms
Distributed key control among institutions, the user holds no keys.
How it works:
In this model, multiple institutions share custody of your Bitcoin, using a coordinated multisig structure. The most common setup is 2-of-3 multisig, where two out of three institutions must co-sign to authorize a transaction. More advanced versions use Miniscript-enabled 2-of-2 setups, with time-locked or conditional recovery options built in to handle institutional failure.
The Bitcoin owner does not hold any keys. Instead, one of the institutions typically acts as the operational hub, managing the wallet interface, coordinating signatures, and facilitating withdrawals. The other institutions serve as co-signers, providing redundancy and risk distribution.
This approach reduces the risk of a single point of failure and is often favored by institutions or asset managers seeking custody without internal key management.
Pros:
Enterprise-grade infrastructure
Multi-entity risk distribution - actuarially safer than a single institution honeypot
Suits estates, advisors, and institutions without key management experience
Good guarantees of recoverability for inheritance
Cons:
No direct Bitcoin access
Trust is placed in companies’ technology and governance, but customer loses sovereignty
Questions about Qualified Custodian applicability
Best for:
Wealth platforms, funds, and allocators
Users who want Bitcoin exposure without operational lift
Professionals who need infrastructure and reporting
You don’t custody Bitcoin, you own a claim to something that tracks its price.
How it works:
With synthetic exposure, you’re investing in a financial product that mirrors Bitcoin’s value, but you never actually custody Bitcoin yourself. This includes Bitcoin ETFs (like IBIT or GBTC), Bitcoin trusts, or wrapped tokens on other blockchains (like WBTC on Ethereum).
In these setups, a custodian or issuer holds the Bitcoin (if any) on your behalf, and you receive a paper claim or derivative. Your ability to redeem the position for real Bitcoin varies; in many cases, redemption is impossible or heavily restricted.
This approach may be convenient for traditional investors, but it comes with tradeoffs: no sovereignty, no on-chain ownership, and exposure to issuer risk. You’re trusting third parties to hold the Bitcoin (if they actually do), and your asset behaves more like a stock or tokenized IOU than Bitcoin itself.
Pros:
No custody risk or technical lift
Held in traditional wealth management accounts
Accessible through IRAs, brokerages, etc.
Cons:
You don’t own Bitcoin
Subject to counterparty and product risk
No option to withdraw real BTC
Best for:
Regulated investors or funds
Passive allocation inside traditional portfolios
Investors prioritizing exposure over ownership
Final Thoughts: Custody Is a Strategy, Not Just a Tool
Most people think custody is just about buying a wallet and keeping it offline. But as you move up the ladder, holding more value, building for the long term, managing risk, custody becomes a real strategy.
You have to ask:
Who controls the keys?
Do the specifics of my life mean that one custody model is more appropriate for me than others?
What happens if a key is lost, stolen, or compromised?
How do you survive disaster, coercion, or mistakes?
Can your plan hold up when the unexpected happens?
Will the custody model support foolproof inheritance?
AnchorWatch exists to solve all these questions.
We combine self-custody, high resilience, and full insurance coverage into one integrated solution — built for long-term holders and institutions that can’t afford to get this wrong.
Contact Us
Always here to help
To request general assistance, you should contact AnchorWatch Inc, at:
To make an initial complaint, you should contact Arch Insurance at: The Complaints Manager Email: Complaints@archinsurance.com Arch Insurance (UK) Limited 4th Floor 10 Fenchurch Avenue London EC3M 5BN United Kingdom
In the alternative, you may wish to contact the Lloyd’s Complaints Department at:
Lloyd’s Complaints Department c/o Email: complaints@lloyds.comLloyd’s Phone: 1-844-849-7828 America Inc. 280 Park Avenue, East Tower, 25th Floor, New York, NY 10017, USA