The U.S. Securities and Exchange Commission (SEC) on December 12 released a new investor-focused guide on cryptocurrency wallets and custody, aiming to help retail investors better understand how cryptocurrencies are stored and the risks involved.

The guidance provides a comprehensive overview of crypto custody practices, emphasizing that custody in the crypto world does not involve holding the asset itself, but rather controlling the private keys that grant access to those assets.

The SEC outlines two primary custody models: self-custody, where investors maintain full control over their private keys, and third-party custody, where a service provider such as an exchange manages assets on the user’s behalf.

A central message of the guide is the critical importance of private keys. The SEC warns that losing a private key can result in permanent loss of access to digital assets, with no recovery mechanism.

Wallet Types and the Risks of Self-Custody

The SEC distinguishes between hot wallets, which are connected to the internet, and cold wallets, which remain offline.

To simplify the concept, the agency compares a public key to an email address used to receive funds, while a private key functions like a password that authorizes transactions.

Hot wallets, including widely used tools such as MetaMask, offer convenience but carry higher exposure to hacking and phishing attacks. Cold wallets reduce online risks but introduce other vulnerabilities, such as device loss, physical damage, or hardware failure.

Under self-custody, the SEC stresses that all security responsibility rests entirely with the investor. The agency strongly advises users to securely store their seed phrases offline and never share them with anyone. Losing a seed phrase or private key can result in irreversible asset loss.

Using Third-Party Custodians: What Investors Should Check

For investors who choose to rely on exchanges or other third-party custodians, the SEC warns of risks including platform insolvency, misuse of customer assets, and cyberattacks.

Even large overseas exchanges used by millions of customers have suffered major security breaches in the past. As a result, the SEC urges investors to verify whether custodians segregate customer assets and avoid practices such as lending or rehypothecating client funds.

When evaluating a custodian, investors are encouraged to review factors such as insurance coverage, security controls, and fee structures. Fees may include asset-based annual charges, transaction costs, and account setup expenses.

Regulatory Context and a Shift Toward Investor Education

The release of the guide comes amid broader regulatory scrutiny of crypto custody practices. In September, the New York State Department of Financial Services (NYDFS) updated its guidance to require strict segregation of customer assets and prohibit their use for proprietary purposes.

SEC Chair Paul Atkins has also noted that traditional financial systems are increasingly moving on-chain, signaling the growing relevance of digital asset infrastructure.

Industry analysts view the new guidance as evidence of a shift in the SEC’s approach from a previously adversarial stance toward crypto to a more practical focus on investor education and risk awareness.