A Practical Guide to Understanding Custody Models in 2025

Bitcoin lets you hold wealth without permission. But how you custody it, aka how you store and access your bitcoin private key, matters more than most people realize.

There’s no one-size-fits-all approach. Some models give you complete control but only rudimentary protection. Others make custody easier, but remove your sovereignty. And somewhere in between are various key management systems designed to balance control, resilience, and protection from real-world risk.

In this guide, we’ll break down seven major custody models in use today, from DIY single-sig setups to institutional platforms and insured multisig vaults, so you can understand the tradeoffs and pick what’s right for your situation.

1. Single-Signature Custody

Simple, direct, and fully sovereign but with no margin for error. Often called “Single Sig.”

How it works:

Single-signature custody means one key controls everything. You generate and store a single private key, typically on a hardware wallet, and back it up using a 12- or 24-word seed phrase. Any time you want to move your Bitcoin, you use that key to sign the transaction.

This setup offers full sovereignty and is easy to understand, but it comes with significant risk: if the key or backup is lost or compromised, the Bitcoin is gone forever. There’s no built-in redundancy, no fallback, and no one to call.

It’s a great fit for smaller balances or advanced users with strong key management practices, but not ideal for high-value long-term storage without additional safeguards.

Pros:

• You hold the keys
• Fully sovereign
• Easy to set up

Cons:

• Lose the key, lose your Bitcoin
• No recovery or backup built in
• Vulnerable to physical theft or coercion

Best for:

• Small balances
• Advanced users who understand key management
• People who accept full responsibility (and risk)

‍

2. 2-of-3 Multisignature Self-Custody

Reduces single points of failure if you set it up correctly. Typically called “multisig”

How it works:

In a 2-of-3 multisignature setup, you generate three separate private keys. To move Bitcoin from the wallet, you only need approval from any two of the three keys. This provides redundancy and security—if one key is lost or compromised, the funds are still safe and accessible with the remaining two.

Each private key is stored on its own dedicated signing device, ideally in geographically distinct locations. This separation helps protect against theft, hardware failure, and natural disasters. For example, one key might be stored in your home, another with a trusted third party, and a third in a safety deposit box.

The risk of a single point of failure is reduced because no one key can move funds on its own. Even if an attacker gains access to one device, they would still need a second key to spend the Bitcoin. This makes 2-of-3 multisig one of the most resilient and responsible ways to hold large amounts of Bitcoin.

Pros:

• Tolerant to one key loss or compromise
• Enables geographic distribution
  Stronger against disaster or theft

Cons:

• More complex to set up and maintain
• Still 100% your responsibility
• No insurance, no recovery if two keys fail

Best for:

• High-net-worth individuals and families
• Businesses managing significant Bitcoin
• Long-term holders with tech competence

‍

3. Collaborative Custody (Casa, Unchained)

You hold the majority of keys — a provider holds the minority. Built-in recovery and guidance.

How it works:

Collaborative custody uses a multisig setup—typically 2-of-3—where you control two keys and a trusted provider holds the third. This gives you full control in normal circumstances, while offering a safety net if one of your keys is lost.

Because you hold the majority, you can move your Bitcoin independently. But if you lose a key, the provider can co-sign to help recover access. This setup is especially useful for inheritance planning and basic disaster recovery, though it’s not a silver bullet.

It does not fully protect against coercion, theft, or sophisticated attacks, and still requires that heirs or beneficiaries have access to at least one key. But for many users, it balances security, autonomy, and support.

‍

‍

Pros:

• A model of “supported” self-custody: you control your bitcoin, with some professional help
• Better odds of inheritance recovery in the case of death than a complicated self-custody model
• Guided setup for practical users who want the benefits of self-custody but with reduced risks
  

Cons:

• Partial reliance on third party; no guarantee that they’ll be there for you eventually when you need them
• Can’t fully mitigate threats like coercion or kidnapping
• You’re still exposed if two keys fail
• Inheritance models aren’t foolproof

Best for:

• Users who want more support but still want key control
• Those not ready to manage everything alone

‍

4. Insured Multi-Entity Vaults (AnchorWatch)

Multisig designed for resilience, with insurance for what multisig alone can’t cover.

How it works:

‍This approach uses a 2-of-2 multisignature vault shared between you and AnchorWatch, with insurance coverage for edge-case risks like theft, disaster, coercion, or multiple points of failure. The vault is governed by Miniscript, allowing for highly customized spending conditions and time-based recovery options.

While the policy is active, neither you nor AnchorWatch can move the Bitcoin alone — both parties must co-sign every transaction. This setup provides enhanced protection against loss or abuse. After the policy ends, control transitions entirely to you, without needing AnchorWatch’s involvement going forward.

In the event of your death, preprogrammed time-locked recovery paths ensure your beneficiaries can ultimately gain access. AnchorWatch’s Flagship Policy (2025) offers both shared custody and full insurance protection, combining operational security, sovereign control, and peace of mind.

Pros:

• You hold your own keys, AnchorWatch doesn’t have a backup of your keys
• Becomes self-custody if anything ever happens to AnchorWatch
• Designed to survive disaster and fraud
• Audited by various tech, code, bitcoin, insurance, and regulatory auditors for readiness to store billions of dollars of wealth. 
• Lloyd’s of London backed Insurance covers  loss due to coercion, key loss, natural disaster, or operational failure (see policy for exact coverage)

Cons:

• Insurance requires KYC and underwriting (answering questions about your risk profile)
• Requires onboarding where you set up your private keys and register them to your Vault
• Not meant for casual or short-term holders, best for deep cold storage and maximum security

Best for:

• Long-term holders
• Businesses, funds, and family offices
• Anyone serious about eliminating catastrophic risk

‍

5. Sole Custodian Model (e.g., Coinbase Prime, BitGo, Anchorage)

Bitcoin is held entirely by a third party. You don’t hold keys, they do.

How it works:

In the sole custodian model, you deposit your Bitcoin with a company, and they manage storage, security, and transaction signing. You don’t have access to the private keys at any point. When you want to move funds, you submit a request and rely on the custodian to process it.

This setup is common among institutions, funds, and enterprises seeking simplicity, compliance, and outsourced risk management. Some custodians are regulated as Qualified Custodians (QCs), meaning they meet specific legal and operational standards set by regulators. Others are not, and in that case, you’re trusting their brand, technology, and legal terms.

The benefit is ease and built-in infrastructure. The tradeoff is control: if the custodian is hacked, compromised, or fails, you have little recourse unless protections like insurance, segregation of assets, or legal guarantees are in place.

Pros:

• Bitcoin custody and security outsourced to key management experts
• Institutional-grade security infrastructure designed to withstand sophisticated attacks
• Easy integration with other financial services

Cons:

• You do not hold keys, no sovereignty. Subject to platform risk, policy changes, or regulatory freeze
• Huge honeypots; ever-present risk of an inside bad actor infiltrating security from the inside
• No instant access

Best for:

• RIAs, funds, and enterprises
• Clients requiring compliance-first custody
• Treasury managers who want custody off their plate

‍

6. Multi-Institutional Custody Platforms

Distributed key control among institutions, the user holds no keys.

How it works:

In this model, multiple institutions share custody of your Bitcoin, using a coordinated multisig structure. The most common setup is 2-of-3 multisig, where two out of three institutions must co-sign to authorize a transaction. More advanced versions use Miniscript-enabled 2-of-2 setups, with time-locked or conditional recovery options built in to handle institutional failure.

The Bitcoin owner does not hold any keys. Instead, one of the institutions typically acts as the operational hub, managing the wallet interface, coordinating signatures, and facilitating withdrawals. The other institutions serve as co-signers, providing redundancy and risk distribution.

This approach reduces the risk of a single point of failure and is often favored by institutions or asset managers seeking custody without internal key management.

Pros:

• Enterprise-grade infrastructure
• Multi-entity risk distribution - actuarially safer than a single institution honeypot
• Suits estates, advisors, and institutions without key management experience
• Good guarantees of recoverability for inheritance

Cons:

• No direct Bitcoin access
• Trust is placed in companies’ technology and governance, but customer loses sovereignty 
• Questions about Qualified Custodian applicability
  
  

Best for:

• Wealth platforms, funds, and allocators
• Users who want Bitcoin exposure without operational lift
• Professionals who need infrastructure and reporting

‍

7. Synthetic Exposure (ETFs, Trusts, Wrapped Bitcoin)

You don’t custody Bitcoin, you own a claim to something that tracks its price.

How it works:

With synthetic exposure, you’re investing in a financial product that mirrors Bitcoin’s value, but you never actually custody Bitcoin yourself. This includes Bitcoin ETFs (like IBIT or GBTC), Bitcoin trusts, or wrapped tokens on other blockchains (like WBTC on Ethereum).

In these setups, a custodian or issuer holds the Bitcoin (if any) on your behalf, and you receive a paper claim or derivative. Your ability to redeem the position for real Bitcoin varies; in many cases, redemption is impossible or heavily restricted.

This approach may be convenient for traditional investors, but it comes with tradeoffs: no sovereignty, no on-chain ownership, and exposure to issuer risk. You’re trusting third parties to hold the Bitcoin (if they actually do), and your asset behaves more like a stock or tokenized IOU than Bitcoin itself.

Pros:

• No custody risk or technical lift
• Held in traditional wealth management accounts
• Accessible through IRAs, brokerages, etc.

Cons:

• You don’t own Bitcoin
• Subject to counterparty and product risk
• No option to withdraw real BTC

Best for:

• Regulated investors or funds
• Passive allocation inside traditional portfolios
• Investors prioritizing exposure over ownership

‍

Final Thoughts: Custody Is a Strategy, Not Just a Tool

Most people think custody is just about buying a wallet and keeping it offline. But as you move up the ladder, holding more value, building for the long term, managing risk, custody becomes a real strategy.

You have to ask:

• Who controls the keys?
• Do the specifics of my life mean that one custody model is more appropriate for me than others?
• What happens if a key is lost, stolen, or compromised?
• How do you survive disaster, coercion, or mistakes?
• Can your plan hold up when the unexpected happens?
• Will the custody model support foolproof inheritance?

AnchorWatch exists to solve all these questions.

We combine self-custody, high resilience, and full insurance coverage into one integrated solution — built for long-term holders and institutions that can’t afford to get this wrong.

‍