How Are Private Keys Controlled in a Custodial Wallet?

Updated July 13, 2026 5 min read

Owning crypto and controlling the keys to it are not always the same thing, and the difference matters most exactly when something goes wrong.

The short answer

In a custodial wallet, the platform hosting the wallet, not the account holder, generates, stores, and controls the private keys needed to move the crypto. The account holder interacts with a balance shown in an app or website and authorizes transactions through their login credentials, but the actual cryptographic authority over the funds sits with the custodian. This arrangement trades direct control for convenience, and it changes what happens in scenarios like a lost password, a platform outage, or an account freeze.

What a private key actually does

A private key is the cryptographic credential that proves ownership of crypto and authorizes any transaction moving it, functioning something like an unforgeable signature. Whoever holds the private key can move the associated funds, and whoever doesn’t hold it cannot, regardless of any other claim to ownership. This is different from a public key, which can be shared openly to receive funds without granting any spending authority.

How custody actually works

What this means in practice

Because the custodian holds the keys, an account holder generally cannot move funds without going through that platform’s systems, and platform downtime, account restrictions, or a security incident at the custodian can all directly affect access to funds. This is meaningfully different from a hot or cold wallet where an individual holds their own keys directly; self-custody removes the intermediary but shifts full responsibility for key security onto the individual instead. Custodial crypto also generally does not carry FDIC or SIPC protection the way traditional bank or brokerage accounts do, regardless of how a platform’s marketing describes account protections, and any coverage a platform offers is worth reading carefully rather than assumed.

Why platforms use custodial models anyway

Custodial wallets remove the burden of managing a seed phrase or private key directly, which is a genuine security risk for anyone unfamiliar with the process, since losing a self-custodied key generally means losing the funds permanently, with no customer service line to call. For many users, trusting a platform’s security infrastructure is a reasonable tradeoff against the very real risk of personal key mismanagement, even though it introduces a different kind of counterparty risk.

What to weigh

Custodial wallets shift key control, and therefore ultimate authority over funds, from the individual to the platform, in exchange for convenience and reduced personal responsibility for key management. Understanding this tradeoff, rather than assuming an account balance automatically means direct ownership of the underlying crypto, is central to understanding what custodial crypto actually protects against and what it doesn’t.