Self-custody is the right approach for serious Bitcoin holders. Holding your own keys means no counterparty risk, no exchange insolvency risk, and no institutional freeze. But self-custody is also the approach that demands the most from the holder — and the one where errors are permanent. There is no "forgot my password" recovery path for a lost seed phrase. There is no customer service line. There is no institutional backstop.
In working with Bitcoin holders on custody architecture and inheritance planning, I encounter the same failure modes repeatedly. These are not exotic scenarios or edge cases. They are the norm — and they are entirely preventable.
Mistake #1: Treating the Hardware Device as the Backup
This is the most common and most consequential misunderstanding in Bitcoin self-custody. The hardware wallet — the physical device, whether a Ledger, a Trezor, a Coldcard, or any other — is not your Bitcoin. It is a signing device. Your Bitcoin is controlled by a private key. Your private key is encoded in your seed phrase. The hardware device is simply a convenient, secure way to use that key without exposing it to internet-connected computers.
Hardware devices fail. They are lost, stolen, damaged, or simply stop functioning. Any of these events are routine and entirely recoverable — as long as you have your seed phrase. Without the seed phrase, a failed hardware device means lost Bitcoin. Permanently.
What to do instead: Understand clearly that your seed phrase is the actual backup. Generate it, write it down (or stamp it on metal plate), verify it, and store it securely — in a location separate from the device, protected from fire and water, and accessible to whoever should inherit your Bitcoin. Never store the seed phrase digitally: not in a photo on your phone, not in a notes app, not in email, not in a cloud drive. The moment the seed phrase is on an internet-connected device, it is potentially compromised.
Mistake #2: A Single Point of Failure Anywhere in the System
A custody architecture with a single point of failure is not secure custody — it is a single accident, theft, or disaster away from total loss. Single points of failure appear in multiple places:
A single hardware device with no seed phrase backup. A seed phrase stored in one location that could be destroyed in a fire or flood. A passphrase (a 25th word added to the standard seed phrase for additional security) that exists only in the holder's memory. A multisig setup where the holder controls all the keys and stores them together.
Each of these configurations violates the basic principle of resilient custody: no single event should be sufficient to cause permanent loss. A house fire should not mean lost Bitcoin. A stolen laptop bag should not mean lost Bitcoin. A hardware device left behind when moving should not mean lost Bitcoin.
What to do instead: Map out every single point of failure in your current setup. For each one, ask: if this fails, is my Bitcoin gone? If the answer is yes, the setup is not acceptable for significant holdings. Geographically distributed seed phrase backups — stored in at least two locations — are the minimum for serious holdings. For holdings above a meaningful threshold, multisig with keys distributed across multiple devices and locations provides the appropriate architecture.
Mistake #3: No Inheritance Plan
This is the inheritance failure mode that is most entirely preventable and most commonly overlooked. A holder with a good custody setup — hardware device, seed phrase backup, geographically distributed storage — who has not documented an inheritance procedure has built something that will work perfectly during their lifetime and fail completely at death.
Consider what your heirs would face if you died tonight. Do they know your Bitcoin exists? Do they know where the hardware device is? Do they know where the seed phrase backup is? Do they know what a seed phrase is? Do they know what to do with it once they find it? Do they know who to call for help if they don't?
For the majority of Bitcoin holders, including sophisticated ones, the honest answer to at least several of these questions is no. That gap is not a technical problem. It is a planning problem.
What to do instead: Create an inheritance document — separate from your estate legal documents, but designed to work alongside them — that answers every one of those questions. Where the Bitcoin is, where the hardware device is, where the seed phrase is, and step-by-step instructions a non-technical heir can follow to recover and access it. Store this document somewhere your executor or trustee will find it. Ensure your estate attorney knows it exists and where it is. Consider an heir education session so the person who will need to act has at least a foundational understanding before the moment of crisis.
Mistake #4: A Passphrase That Lives Only in Your Head
A passphrase — sometimes called a "25th word" — is an additional layer of security beyond the standard 12 or 24-word seed phrase. It is a powerful security tool: without the passphrase, even a person who finds the seed phrase cannot access the Bitcoin. This makes a passphrase genuinely valuable for sophisticated holders who want protection against seed phrase theft or exposure.
It also introduces a catastrophic failure mode that I encounter regularly: the passphrase exists only in the holder's memory, and the holder dies, becomes incapacitated, or simply forgets it. In each of these cases, the Bitcoin is permanently inaccessible — even to the holder.
The same security property that makes a passphrase protective against unauthorized access makes it lethal if the authorized holder loses access to it. A sufficiently complex passphrase, known only to one person, is a potential one-person death away from permanent loss.
What to do instead: If you use a passphrase, it must be documented and stored separately from the seed phrase, accessible to heirs under appropriate conditions, and included in your inheritance documentation. The threat model you should be optimizing against is not primarily "what if someone finds my seed phrase?" — it is "what if I am gone and my heirs need to access my Bitcoin?" Treat the passphrase with the same documentation discipline as the seed phrase itself.
Mistake #5: Custody Architecture That Doesn't Match the Holding Size
Not every Bitcoin holding requires the same custody architecture. A small amount used for regular transactions has different requirements than a long-term holding representing significant wealth. The problem occurs in both directions: under-engineering for significant holdings, and over-engineering to the point that the system cannot be used or recovered.
The under-engineering problem: a holder with a meaningful amount of Bitcoin who is using a single hardware device with a handwritten seed phrase in a desk drawer. This setup is adequate for small amounts. For significant holdings, it is not. The risk profile — single point of failure, single geographic location, no inheritance plan — is not commensurate with the value at stake.
The over-engineering problem: a holder who implements a complex multisig arrangement without fully understanding how it works, documents it inadequately, and creates an architecture that neither they nor their heirs can navigate in practice. A setup that cannot be used or recovered is not secure — it is a different path to the same outcome.
What to do instead: Match your custody architecture to your holding size, risk tolerance, and the realistic technical capabilities of you and your heirs. This requires an honest assessment of your current situation — not against a theoretical ideal, but against the practical question: if something goes wrong, can this be recovered? For holdings above a meaningful threshold, the answer to that question should be determined by a custody specialist, not improvised based on online forums.
The Common Thread
Each of these mistakes has a common thread: they feel fine until they are not. A seed phrase stored in one location works perfectly until the house burns down. A passphrase held only in memory is secure until the holder is gone. A custody architecture designed for one person fails when that person is not available to navigate it. An inheritance plan that exists only as a vague intention fails when intentions cannot be followed by a grieving heir who does not know where to start.
The window to address these gaps is before any of these events occur. The planning required is not technically complex — it is a matter of documentation, discipline, and occasionally specialist guidance to ensure the architecture is appropriate for the holding size and family situation.
"Self-custody is a commitment that extends beyond your own lifetime. The question is not just whether you can access your Bitcoin — it is whether the people you care about can access it when you cannot."
If you recognize your situation in any of the above, the appropriate next step is a custody review — an honest assessment of what you have, where the gaps are, and what a secure, recoverable, and inheritable architecture looks like for your specific circumstances. That is exactly what a custody consultation provides.
Stan Reeves is Professor Emeritus in the Department of Electrical & Computer Engineering at Auburn University and a Bitcoin custody and inheritance consultant. He works with individuals, estate attorneys, financial advisors, and institutions. Contact: stan@stanreeves.com
