The phrase “not your keys, not your coins” is a popular saying in the cryptocurrency community. It means that if you don’t possess the private keys to your cryptocurrency wallet, you don’t truly own the assets stored in that wallet. Private keys are like the password to your wallet, granting you access and control over your digital assets. If a third party controls your private keys, they can control your funds, which puts you at risk of theft or loss.
The phrase is used to emphasize the importance of security and self-custody in the cryptocurrency world. It encourages users to hold their own private keys, rather than relying on third-party services like centralized exchanges, which can be hacked or become insolvent.
Various scams have occurred in the past where people have lost their coins due to not holding their own keys:
- Exchange hacks: When an exchange is hacked, user funds can be stolen. Examples include the Mt. Gox hack in 2014, where 850,000 bitcoins were stolen, and the Coincheck hack in 2018, where approximately $534 million worth of NEM tokens were stolen.
- Ponzi schemes: Scammers create fake investment platforms, promising high returns with minimal risk. Participants are asked to deposit their cryptocurrency into a wallet controlled by the scammers. Eventually, the scammers disappear with the funds. One example is the BitConnect scheme that collapsed in 2018, causing losses of more than $1 billion.
- Phishing attacks: Scammers create fake websites that resemble legitimate cryptocurrency platforms. Unsuspecting users enter their private keys or login credentials, which the scammers then use to steal funds. For instance, in 2020, a massive phishing campaign targeted Ledger hardware wallet users, with scammers collecting sensitive data and attempting to steal funds.
- Fake wallet apps: Some scammers create fake wallet apps that look like popular and trusted wallets. When users enter their private keys, the scammers gain access to the funds. In 2017, a fake version of the MyEtherWallet app was available on the Apple App Store, leading to the loss of user funds.
To avoid these risks and scams, it’s crucial to hold your own private keys and follow best practices for securing your digital assets. This includes using hardware wallets, enabling two-factor authentication, and being cautious when visiting websites or downloading apps.

