The Case Against Keeping Bitcoin on Coinbase in 2026

You Do Not Own Bitcoin on Coinbase

When you buy Bitcoin on Coinbase, you do not receive Bitcoin. What you receive is a number in a database that Coinbase controls, representing a claim that Coinbase owes you that amount of Bitcoin. Coinbase holds the private keys. You hold an IOU.

This distinction sounds abstract until the moment it becomes concrete. The private key is what controls Bitcoin on the blockchain. Whoever holds the private key holds the Bitcoin. If Coinbase holds the private key and you hold a database entry, Coinbase holds the Bitcoin. You hold a promise.

This is not a design flaw unique to Coinbase. Every centralized exchange works this way. The convenience of a managed exchange account, where you can buy with a bank transfer and view a clean interface, comes at the cost of actual ownership. Understanding this trade-off is not optional for serious Bitcoin holders. It is the foundation of everything else.

The phrase "not your keys, not your coins" is not a slogan. It is a precise technical statement about how Bitcoin ownership works. If you have not taken custody of your private keys, you do not own Bitcoin. You own exposure to Bitcoin, subject to the continued solvency, goodwill, and operational integrity of an intermediary.

The Risk Is in the Terms of Service

Most people who keep Bitcoin on Coinbase have never read Coinbase's user agreement. This is understandable. Terms of service documents are long, legally dense, and written by lawyers for lawyers. But some of what Coinbase discloses in those documents is directly relevant to whether your Bitcoin is safe.

In 2022, Coinbase's quarterly SEC filing (10-Q) included a risk factor that attracted significant attention. The filing disclosed that in a Coinbase bankruptcy, customer cryptocurrency assets held in custody could be treated as assets of the bankrupt estate under applicable bankruptcy law. That would mean customers become unsecured creditors, lining up behind Coinbase's other creditors to recover whatever remained.

Coinbase subsequently updated its disclosures and clarified that it works to segregate customer assets, but the underlying legal ambiguity around cryptocurrency custody in bankruptcy proceedings has not been resolved by statute. The law on this point varies by jurisdiction and is still developing. What is clear is that your Bitcoin held on Coinbase is legally different from Bitcoin you hold in a wallet where you control the private keys.

FDIC insurance does not cover cryptocurrency. It covers USD deposits held in FDIC-member banks, up to $250,000 per depositor. Your Bitcoin balance on Coinbase, whatever its dollar value, carries no equivalent government-backed protection. If Coinbase fails, you are on your own in the creditor queue.

Exchange Failures Are Not Hypothetical

The argument that a large, reputable exchange will not fail is exactly the argument that FTX users were making in October 2022.

FTX was founded in 2019 by Sam Bankman-Fried and Gary Wang. By November 2022 it was the third-largest cryptocurrency exchange by trading volume, with a valuation of $32 billion and more than one million users. Its app was marketed as a safe, accessible way to hold and trade crypto. In November 2022, FTX filed for Chapter 11 bankruptcy. Users who held funds on FTX became creditors in a bankruptcy proceeding that revealed massive, deliberate fraud at the highest levels of the company. Many of those users lost everything.

FTX is the most dramatic recent example, but it is not the only one.

Celsius Network, a crypto yield platform that held customer Bitcoin and other assets, froze all withdrawals in June 2022 and filed for bankruptcy the following month. Customers who believed their assets were safely earning yield discovered that "earning yield" meant Celsius had been lending, trading, and using their deposits in ways that made those deposits unavailable when the market moved against the company.

Mt. Gox is the original warning. Launched in 2010, by early 2014 Mt. Gox was processing over 70% of all Bitcoin transactions worldwide. In February 2014, the exchange suspended trading, closed its website, and filed for bankruptcy protection. Hundreds of thousands of Bitcoin, then worth hundreds of millions of dollars, had been lost or stolen over years of poor security practices. Creditors waited over a decade for partial distributions.

The pattern is consistent: large, respected platforms with established user bases fail. The reason varies from fraud to incompetence to hack to regulatory pressure. But the outcome for customers is identical. Withdrawal is suspended, bankruptcy follows, and the user discovers that "your balance" was a number on a screen rather than actual Bitcoin.

Coinbase is different from FTX in important ways. Coinbase is publicly traded on the Nasdaq, subject to SEC oversight and audited financial statements. Founded in June 2012 by Brian Armstrong and Fred Ehrsam, it is the most regulated and transparent major cryptocurrency exchange in the United States. That matters. It reduces the risk of fraud and the kind of outright theft that destroyed FTX.

But it does not eliminate the category of risk. Regulation does not make an exchange failure impossible. Bear Stearns was regulated. Lehman Brothers was regulated. The question is not whether Coinbase is legitimate. The question is whether you should hold your Bitcoin in a system where any number of factors, including factors you cannot predict or control, could result in loss of access to your funds.

Account Freezes and Deplatforming

Bankruptcy is the catastrophic tail risk. There is a more mundane version of the same problem that happens regularly and affects individual users rather than the entire exchange.

Coinbase can restrict, freeze, or close your account. Its user agreement gives it broad latitude to do so for reasons including suspected fraudulent activity, violation of terms of service, regulatory compliance requirements, or activity that Coinbase determines to be high-risk. When your account is restricted, you cannot withdraw your Bitcoin. That restriction could last days, weeks, or longer.

Account freezes happen to real users. Some are triggered by automated systems flagging unusual activity. Some result from government subpoenas or law enforcement requests. Some are the result of errors that take weeks to resolve through customer service. In each case, the Bitcoin you believed was available to you was not, for reasons entirely outside your control.

There is also a longer-term regulatory risk. Exchanges operate under licenses and regulatory frameworks that can change. A future regulatory action could force Coinbase to freeze certain user accounts, require identity verification for withdrawal, or restrict access in ways that are difficult to predict today. Any of those outcomes would affect your ability to access your Bitcoin, regardless of how legitimate your use of the platform is.

When you hold your own private keys, none of this applies. No exchange can freeze a Bitcoin address you control. No government subpoena to Coinbase affects your self-custodied wallet. No company policy change restricts your access to your own funds. The blockchain does not have a customer service department, and it does not need one.

Coinbase Is a Business with Its Own Interests

Coinbase is a publicly traded company with shareholders, quarterly earnings targets, and fiduciary duties to its investors. This creates incentive structures that are not always aligned with your interests as a Bitcoin holder.

Coinbase generates revenue from trading fees, spread on transactions, staking services, and various subscription products. Keeping Bitcoin on Coinbase keeps it available for these products. From Coinbase's perspective, a user who withdraws Bitcoin to a hardware wallet is a user who is no longer paying transaction fees or engaging with premium services.

This does not mean Coinbase is malicious. It means that Coinbase's incentives point toward keeping Bitcoin on the platform rather than encouraging users to take custody. The default experience on Coinbase is not designed to guide you toward self-custody. It is designed to keep you on the platform, because that is the business model.

A bank has the same incentive structure. Your bank does not want you to withdraw cash. Your bank uses your deposits to make loans. Coinbase uses your presence on the platform to earn fees and expand its user base. Understanding whose interests are served by the default behavior is useful when deciding whether the default is right for you.

The Counterargument: Coinbase Is Regulated

The strongest case for keeping Bitcoin on Coinbase is this: Coinbase is the most regulated, most transparent, most audited cryptocurrency exchange in the United States. It went public via direct listing on the Nasdaq in April 2021. It has over 100 million verified users and revenues of $6.56 billion in 2024. It is not a shadowy offshore operation run by a 30-year-old who answers to no one.

That matters. The probability of a Coinbase collapse that leaves users with nothing is meaningfully lower than the probability of the same outcome at a smaller, less-regulated exchange. Regulation does not eliminate risk, but it constrains the worst kinds of fraud and mismanagement. An FTX-style event is harder to execute at a company with audited financials and public board accountability.

For users who are actively trading, using Coinbase's services, or holding amounts that make hardware wallet setup feel disproportionate, keeping some Bitcoin on Coinbase is a reasonable short-term position. Using an exchange to buy Bitcoin is what exchanges are for.

The question is whether Coinbase should be your permanent storage solution for meaningful amounts of Bitcoin. On that question, the answer is no, and Coinbase's own SEC filings agree with this position.

What Self-Custody Actually Requires

Self-custody sounds intimidating. In practice, for most Bitcoin holders, it requires three things: a hardware wallet, a written seed phrase, and a willingness to spend an afternoon getting the setup right.

A hardware wallet is a physical device that stores your private keys offline. Your keys are generated on the device and never leave it. Transactions are signed inside the device. Even if your computer is completely compromised by malware, your Bitcoin is not accessible to the attacker. The two most established hardware wallets are Ledger and Trezor. Both are appropriate for most users. See our best hardware wallets guide for a full comparison.

Your seed phrase is the 12 or 24 words your hardware wallet generates during setup. This is the backup for your private keys. If your device is lost, stolen, or destroyed, the seed phrase lets you recover your Bitcoin on any compatible wallet. Write it down on paper. Store it somewhere dry and secure. Do not photograph it, do not type it into any device, and do not store it in a password manager. For a full guide to seed phrase security, see our article: What Is a Seed Phrase and How Do You Keep It Safe?

The process of withdrawing Bitcoin from Coinbase to a hardware wallet takes about 15 minutes once your wallet is set up. You send a small test transaction first to confirm the address is correct, then transfer the rest. After that transfer, Coinbase has no claim over your Bitcoin. It is on the blockchain, controlled by a key that lives in your hardware device and nowhere else.

For a detailed explanation of the difference between hot and cold storage, and how to decide what setup is right for your situation, read our guide: Cold Storage vs Hot Wallet: What Every Bitcoin Holder Needs to Know.

The most common objection to self-custody is fear of loss. "What if I lose my hardware wallet? What if I lose my seed phrase?" These are legitimate concerns, and they have straightforward answers. Hardware wallet loss is recoverable from your seed phrase. Seed phrase loss is the real risk, and it is managed through careful physical storage, not by leaving your Bitcoin on an exchange. The risk of losing access to a properly stored seed phrase is real but manageable. The risk of losing access to Bitcoin held on an exchange that fails is not something you can manage at all once it happens.

The Verdict

Use Coinbase to buy Bitcoin. Use it for small amounts you plan to transact in the near term. Use it if you are actively trading. Coinbase is, for these purposes, a legitimate and well-regulated tool.

Do not use Coinbase to store Bitcoin for the long term. Not because Coinbase is dishonest, but because exchange custody is structurally the wrong tool for long-term storage of a monetary asset you plan to hold for years. Every dollar of Bitcoin you hold on an exchange is Bitcoin you are trusting a third party to safeguard indefinitely, under terms they can change, in a regulatory and legal environment that is still evolving.

The people who held Bitcoin on Mt. Gox did not think they were taking a reckless risk. The people who held funds on FTX did not think they were trusting a fraud. They were using the largest, most reputable exchange available to them at the time. Reputation and size do not change the fundamental architecture of custodial exchange accounts. They reduce the risk. They do not eliminate it.

Self-custody is not complicated. It requires a one-time setup of an hour or less and a responsible approach to seed phrase storage. The alternative is accepting indefinite, ongoing counterparty risk on an asset you presumably acquired because you do not want that kind of counterparty risk.

The hardware wallet is the tool that matches the Bitcoin philosophy. Not your keys, not your coins is not a warning about Coinbase specifically. It is a description of how Bitcoin ownership works at the protocol level, and no exchange, however large or well-regulated, changes that.