Not Your Keys, Not Your Coins
Share
Twelve years ago today, on February 7, 2014, the world's largest Bitcoin exchange went dark. Mt. Gox, which handled over 70% of all Bitcoin transactions worldwide, suddenly suspended withdrawals citing "technical issues." Panic spread through chatrooms and forums. Within weeks, the truth emerged: 850,000 Bitcoin—worth roughly $473 million at the time, over $70 billion at today's prices—had vanished.
The exchange was insolvent. The coins were gone. And hundreds of thousands of people who thought they owned Bitcoin learned a brutal lesson: if you don't control the private keys, you don't actually own the coins.
The Collapse That Changed Everything
Mt. Gox wasn't just big—it was dominant. Founded in 2010 by programmer Jed McCaleb (who later created Ripple) and sold to French developer Mark Karpelès in 2011, the Tokyo-based exchange became synonymous with Bitcoin trading in the early days. If you wanted to buy or sell Bitcoin in 2013 or early 2014, you probably used Mt. Gox.
But beneath the surface, things were catastrophically wrong. Security was lax. Internal accounting was a disaster. Hot wallets (internet-connected wallets designed for quick transactions) held massive amounts of Bitcoin without proper safeguards. Multi-signature security didn't exist. Cold storage protocols were inadequate. The private keys controlling customer funds were vulnerable, and hackers knew it.
The truth, which emerged through investigations, was even worse than the February 2014 revelation suggested. Mt. Gox had been hemorrhaging Bitcoin since at least 2011. Early hacks had stolen tens of thousands of coins. An auditor's computer was compromised, allowing hackers to manipulate prices and drain wallets. And then, systematically, over the course of years, attackers siphoned off Bitcoin bit by bit.
By May 2013, almost a full year before the public collapse, Mt. Gox reportedly no longer held the Bitcoin it claimed to have. The exchange was operating on fractional reserves, crediting users with coins that didn't actually exist. It was insolvent, bankrupt, a shell running on fumes and lies.
But the trading continued. People deposited more Bitcoin. They bought and sold, completely unaware that their balances were fictional. When they tried to withdraw in February 2014, the truth could no longer be hidden.
A Decade of Waiting
The fallout was immediate and devastating. The Bitcoin price fell, dropping nearly 50% in the aftermath. Faith in cryptocurrency exchanges evaporated. Regulatory scrutiny intensified. And thousands of people who had trusted Mt. Gox with their Bitcoin were left holding nothing.
Mark Karpelès, the CEO, was arrested by Japanese authorities. He was later convicted of falsifying financial records but acquitted of embezzlement charges. The company filed for bankruptcy. Legal battles began that would stretch on for years.
In March 2014, investigators found 200,000 Bitcoin in an old wallet that Mt. Gox was used before 2011. A glimmer of hope, but these coins were immediately frozen in bankruptcy proceedings. Creditors filed claims. Lawyers got paid. And the Bitcoin sat untouched, year after year, while its value climbed from hundreds of dollars to thousands to tens of thousands.
The civil rehabilitation process dragged on. Deadlines were announced and missed. Creditors waited. Some died before seeing a single satoshi returned. The Bitcoin they lost in 2014 when it was worth $600 became worth $20,000, then $60,000, then $100,000. The waiting creditors watched one of the greatest bull markets in history from the side lines, unable to participate because their coins were locked in legal limbo.
Finally, in 2024, repayments began. After a decade of bankruptcy proceedings, Mt. Gox started repaying 140,000 BTC worth around $9 billion to its creditors. Some victims received a fraction of what they lost. Others got nothing. Many had sold their claims to hedge funds at pennies on the dollar, unable to wait any longer.
The Lesson That Never Gets Old
The Mt. Gox collapse crystallized a principle that existed before but hadn't been tested at scale: Not Your Keys, Not Your Coins.
When you leave Bitcoin on an exchange, you don't actually control it. The exchange does. You have a balance in a database, a promise that if you ask for your Bitcoin back, they'll give it to you. But that promise is only as good as the exchange's security, solvency, and honesty.
If the exchange gets hacked, you lose your Bitcoin. If the exchange commits fraud, you lose your Bitcoin. If the exchange goes bankrupt, you become an unsecured creditor in a legal process that could take years or decades. If the exchange decides to freeze withdrawals, there's nothing you can do.
This isn't theoretical. It's historical fact, proven over and over:
- Mt. Gox, 2014: 850,000 BTC stolen
- Cryptopia, 2019: $16 million stolen
- QuadrigaCX, 2019: $190 million lost when the CEO allegedly died with the only keys
- Africrypt, 2021: $3.6 billion vanished
- FTX, 2022: $8 billion stolen in what may have been outright fraud
- And dozens of smaller exchanges that disappeared with user funds
Every cycle, a new generation of Bitcoin users learns this lesson the hard way. They trust exchanges because it's convenient. They leave their coins in custodial wallets because managing private keys seems complicated. They assume "it won't happen to me" or "this exchange is different."
And every cycle, exchanges collapse, funds disappear, and people who thought they owned Bitcoin discover they owned nothing more than an entry in a database.
Care about Self-Custody
In 2014, self-custody was difficult. Hardware wallets didn't exist yet. Software wallet options were limited and intimidating for non-technical users. The user experience was terrible. It's understandable that people trusted exchanges.
In 2026, there's no excuse. Hardware wallets like Trezor, Bitbox and Coldcard are affordable and user-friendly. Software wallets offer excellent security with good UX. Multi-signature setups allow you to eliminate single points of failure. The tools exist. The knowledge is freely available. The only barrier is the willingness to take responsibility.
Self-custody means:
You control the private keys. Not an exchange. Not a custodian. Not a company that might get hacked, commit fraud, or go bankrupt. You.
No one can freeze your funds. Exchanges can halt withdrawals at any time for any reason. They can impose waiting periods, verification requirements, or lock you out. Your wallet can't.
No counterparty risk. When Bitcoin is in your wallet, you're not depending on anyone else's security, honesty, or solvency. The Bitcoin is yours, cryptographically, mathematically, absolutely.
True ownership. This is what Bitcoin was designed for. Peer-to-peer electronic cash that requires no trusted third party. When you hold your own keys, you're using Bitcoin as it was meant to be used.
The Uncomfortable Truth About Convenience
The strongest argument against self-custody is convenience. Exchanges are easy. You don't have to worry about seed phrases or hardware wallets or OPSEC (operational security). You can trade quickly. You can set up recurring buys. The interface is familiar.
But convenience has a price. That price is risk; potentially catastrophic risk. The risk that your coins aren't actually there. The risk that the exchange is the next FTX, the next Mt. Gox, the next QuadrigaCX.
And here's what people don't realize until it's too late: the convenience evaporates the moment something goes wrong. When an exchange halts withdrawals, all that ease-of-use becomes worthless. You can't trade. You can't sell. You can't move your Bitcoin to safety. You just wait, helplessly, while lawyers and bankruptcy trustees decide your fate.
Meanwhile, someone holding their own keys has complete control. They can send their Bitcoin anywhere, anytime, for any reason. No permission required. No waiting period. No risk that a third party will block them.
Self-custody is only inconvenient when everything is working fine. It becomes infinitely more convenient the moment something goes wrong—which, in the Bitcoin space, happens with disturbing regularity.
What "Not Your Keys, Not Your Coins" Means
This isn't just a catchy slogan. Even though it is pretty catchy! It's a technical reality embedded in how Bitcoin works.
Bitcoin ownership is determined by control of private keys. If you have the private key to an address, you can spend the Bitcoin at that address. If you don't have the private key, you can't. There's no appeal to customer service. No password reset option. No way to prove you "should" have access. The key is the ownership.
When you use an exchange, the exchange holds the private keys. They have a database that says you're entitled to X amount of Bitcoin, but the Bitcoin itself is in wallets controlled by the exchange. You're trusting them to give you access when you ask for it.
This is exactly like the traditional banking system Bitcoin was designed to replace. You deposit money in a bank; the bank promises to give it back. Most of the time they do. Sometimes they don't. Sometimes they can't. And when they can't, you discover that your "money" was just a promise—one that's now worthless.
Bitcoin offers an alternative: true ownership. Not a claim on someone else's Bitcoin. Not a database entry. Actual, cryptographic control of the asset itself. But only if you hold the keys.
How to Take Custody
If the Mt. Gox anniversary is making you nervous about coins you have sitting on exchanges, here's how to fix it:
Get a hardware wallet. Trezor and Bitbox offer the most beginner friendly version for small to medium size holdings and Coldcard is intermediate and expert level friendly, but be sure to pick a reputable device from a reputable vendor. Hardware wallets keep your private keys isolated from internet-connected devices, protecting against remote attacks.
Set it up correctly. Write down your seed phrase on paper or metal. Never photograph it. Never store it digitally. Never share it with anyone. This 12 or 24-word phrase is your Bitcoin. A private key (a digital verifiable signature) is like your user name and password combined, but without a personal identity attached to it. The seed phrase is the digital wallet recovery mechanism. Anyone with access to it controls your funds.
Secure your seed phrase. Store it somewhere safe—a fireproof safe, a safety deposit box, or multiple secure locations if you're holding significant value. Some people use metal backup devices that resist fire and water damage.
Withdraw from exchanges. Once your wallet is set up, withdraw your Bitcoin from exchanges. Yes, there are fees. Yes, it's slightly inconvenient. It's worth it.
Verify everything. When withdrawing, double-check the address. Send a small test transaction first to test the accuracy of the transaction. Hardware wallets show you the receiving address on their screen, allowing you to verify it hasn't been tampered with by malware on your computer.
Consider multi-signature for large amounts. If you're holding significant value, multi-sig setups require multiple keys to spend funds, eliminating single points of failure. Multisig eliminates risk through decentralization by requiring signatures from multiple independent wallets. For example, in a 2-of-3 multi-sig setup, you create three separate wallets—each with its own complete seed phrase. You might keep one wallet yourself, give one to a trusted person, and store one in a separate secure location. To spend the Bitcoin, any two of the three wallets must sign the transaction. The trade off in this scenario is complexity, you need to coordinate multiple signatures in order to spend. For example you can do:
- 3-of-5 (need any 3 out of 5 wallets)
- 5-of-7 (need any 5 out of 7 wallets)
- Or really any M-of-N combination you want
The more wallets you add, the more redundancy and protection against loss, but also more complexity to manage.
Practice operational security. Don't tell people you own Bitcoin. Don't post your holdings on social media. Don't make yourself a target. This is why Silent Stasher exists—to let you signal your values without advertising your wealth.
Standing for Self-Custody
There's a reason our most popular design says "Privacy Is Not a Crime." Because the principles that matter in Bitcoin—privacy, self-custody, sovereignty, independence—are under constant attack. Regulators want to know every transaction. Exchanges want to hold your keys. Governments want to control your access.
Bitcoin offers an alternative. But only if you actually use it the way it was designed. Only if you take custody. Only if you reject the convenience of trusted third parties in favour of the security of cryptographic ownership.
February 7th marks the anniversary of the day hundreds of thousands of people learned that their Bitcoin wasn't really theirs. That their trust had been misplaced. That convenience has a price.
Twelve years later, the technology has improved. The tools are better. The knowledge is widespread. There's no excuse for making the same mistake.
Not your keys, not your coins. It's not just a catchphrase. It's the fundamental truth of Bitcoin ownership. And if the Mt. Gox anniversary teaches us anything, it's that ignoring this truth comes at a devastating cost.
Wear your values quietly. Our subtle, privacy-conscious Bitcoin apparel lets you signal your commitment to self-custody and financial sovereignty without making yourself a target.