A private key is a secret number generated at random by cryptography (usually shown as 64 hexadecimal characters or other encodings). On a blockchain, every address has a corresponding private key, and that key is the sole credential letting you sign transactions and move the assets at that address. It works through asymmetric cryptography: a private key derives the public key one-way, which derives the address, but going backward from address or public key to private key is mathematically infeasible. So once a private key is generated, you should be the only one in the world who knows it — it is your ownership of those assets itself.
A blockchain is a public ledger with no central administrator — no bank to verify your identity, no support desk to freeze an account. So how do you prove these assets are mine and only I can move them? The answer is the private key. It replaces traditional finance's identity checks with cryptography: you don't need to prove who you are to anyone; as long as you can produce a valid signature with your private key, every Node on the network accepts the transaction as legitimate. This lets strangers transfer value securely without trust or intermediaries — the very foundation of blockchain's decentralization. The cost: with no central institution, there's also no one who can recover a key you've lost.
Once you understand the private key, you judge who actually holds the assets completely differently. Leave coins on an exchange and the private key is really controlled by the exchange — you merely hold a record that the exchange owes you, and if it collapses, gets hacked, or runs off, your coins can vanish with it. Move coins into a wallet where you control the key and you're the true owner — but the custody responsibility is 100% yours. That's the real meaning of Not your keys, not your coins. Second, this defines your security model: what you most need to guard against isn't a password being guessed but the private key being stolen or lost.
First, figure out who controls your coins' private key right now: an exchange account means the exchange controls it; a self-custody wallet means you do. For large, long-held assets, move them to self-custody. Second, keep the private key (or its seed-phrase form) offline always — never screenshot it, store it in the cloud, or type it into any website or chat window; 99% of thefts start here. Third, use a hardware wallet (like Ledger or Trezor) for large holdings so the key never leaves the device or touches an internet-connected computer. Fourth, plan backups and inheritance: no one can save you if the key is lost, but a leaked backup gets stolen, so balance dont-lose-it against dont-leak-it.
Picture a private key as the only key to your home safe — and a key that can never be duplicated. Scenario one: you hand the key to a custody company (an exchange) — convenient day to day, but if it collapses or absconds, you may never get the safe's contents back. Scenario two: you keep the key yourself (self-custody) — no one can open your safe without permission, but if you lose the key, no locksmith on Earth can open it, and the assets inside are locked away forever. In 2021, an engineer who lost a hard drive lost access, along with the private key to hundreds of millions of dollars in Bitcoin, permanently.
Holding your own private key makes you the true and sole owner of your assets, with no intermediary to trust; but the cost is that custody responsibility falls 100% on you — no support desk, no reset, no undo, where losing it or leaking it is permanent and irreversible.