What is a crypto wallet?

A crypto wallet is software or a small physical device that stores the private keys you need to move coins recorded on a blockchain. It does not hold your Bitcoin or Ethereum the way a bank account holds your dollars. The coins never leave the blockchain. What your wallet holds is the proof that you, and only you, are allowed to spend them.

Picture the blockchain as a public ledger that lists who owns what, open for anyone to read. Your private key is a long, secret string of letters and numbers that matches one of those balances. When you send crypto, the wallet uses that key to sign the transaction, the way your signature signs a check, and the network checks the signature and records the move. The key proves ownership. The wallet is just where you keep it.

That one fact, that a wallet holds keys and not coins, explains everything else worth knowing here, including the part most people learn the hard way: lose the key with no backup, and the balance stays on the blockchain forever, in plain view, reachable by no one.

  • A wallet holds keys, not coins. The coins stay on the blockchain; the key proves they're yours.
  • Hot wallets keep the key online and are handy for small, everyday amounts. Cold wallets keep the key offline and suit larger, long-term holdings.
  • Custodial means a company holds the key for you; self-custody means you hold it, with no help desk behind it.
  • A self-custody wallet is backed by a 12- or 24-word seed phrase, the master key every private key is built from.
  • Lose the seed phrase with no backup, or hand it to a stranger, and the coins are gone for good.
  • Most stolen crypto is taken because someone got the key or tricked the owner, not because the math broke.

How does a crypto wallet work? Keys, addresses, and signing

Underneath the friendly app, every wallet runs on three things: a private key, a public key, and an address. They sound technical, but the idea is plain once you see how they fit together, and understanding it is what keeps you from making the mistakes that cost people money.

Your private key is the secret. It is a very large random number, and whoever holds it can spend the coins tied to it. There is no separate password sitting above it, no account-recovery email, no bank manager who can vouch for you. On a blockchain, control of the private key is ownership. Full stop. That is why every safety rule in this guide circles back to the same point: protect the key, and you protect the coins.

From that private key, the wallet derives a public key using one-way math. One-way means you can go from the private key to the public key in a split second, but you cannot run it backward to recover the private key from the public one, even with enormous computing power. The public key is safe to share. It is the half of the pair the network uses to check your work.

The address is a shortened, tidied-up version of your public key, the string you hand out to receive funds. A Bitcoin address might look like bc1qar0srrr7xfkvy5l643lydnw9re59gtzzwf5mdq, an Ethereum address like 0x71C7656EC7ab88b098defB751B7401B5f6d8976F. Treat it as your account number for receiving money: you can post it publicly, share it with anyone, and the worst they can do is send you crypto. What they cannot do is take anything, because receiving needs only the address, while spending needs the private key it was built from.

Now the part that ties it together: signing. When you send crypto, your wallet takes the transaction details (the amount, the destination address, the network fee) and uses your private key to produce a digital signature unique to that exact transaction, then broadcasts it to the network. Every computer on the network checks that signature against your public key and confirms two things: that it came from the matching private key, and that nothing in the transaction was altered after you signed. If both check out, the network records the move. Your private key never travels across the internet to do this, which is exactly why a hardware wallet can sign a transaction without ever exposing the key to your computer.

One more term you'll meet: most modern wallets are hierarchical deterministic wallets, usually shortened to HD. They generate an unlimited tree of addresses from a single master secret, so the wallet can hand you a fresh receiving address every time without you backing up each one. The single backup for that whole tree is the seed phrase, which gets its own section below.

What are the types of crypto wallets?

"Wallet" covers several different things, and the names overlap in ways that confuse beginners. It helps to sort them by form first, then by the two questions that actually decide your safety: is the key online or offline, and do you hold it or does a company. Those two splits get their own sections next. Here are the forms you'll run into.

A software wallet is an app that stores your keys on a device you already own. Mobile wallets run as an app on your phone and are the most common starting point for self-custody, handy for payments and for scanning QR-code addresses on the go. Desktop wallets run as a program on your computer, with a bigger screen and, often, more features. Browser-extension wallets like MetaMask live in your web browser and exist mainly to connect you to on-chain apps, token swaps, and other web3 sites with a click. All three keep the key on an internet-connected device, which makes them quick to use and the easier target for malware. Convenient, and the form where most casual theft happens.

A hardware wallet is a small physical device, often shaped like a USB stick, such as the Ledger Nano X, that stores your private key inside a sealed chip and never lets it leave. Because the key stays on the device even while it's plugged into an infected computer, malware has nothing to grab. This is the form most security-minded holders use for savings they mean to keep.

A paper wallet is the plainest offline storage: the private key, or the seed phrase that rebuilds it, written by hand or printed on paper and locked away, with nothing digital to hack. It is also the least forgiving. Paper burns, fades, tears, and gets thrown out by mistake, so paper wallets have largely given way to hardware devices. The idea behind them, keys kept entirely offline, lives on in cold storage.

A custodial wallet is the odd one out, because it isn't a place you store keys at all. It's an account on a company's platform, the balance you see on an exchange, where the company holds the keys for you. The form, a website login or a phone app, matters less than the fact that someone else controls the key. More on that below.

Hot wallet or cold wallet: what's the difference?

Wallets divide along a single line: is the key kept on something connected to the internet, or not?

A hot wallet keeps your key on a device that's online. That covers mobile apps, browser extensions like MetaMask, and the wallet built into an exchange account. The appeal is speed. You can send and receive in seconds, and you don't carry any extra hardware. The cost is exposure. If your phone is compromised, a bad browser extension slips in, or the app itself has a flaw, an attacker may be able to reach the key.

A cold wallet keeps the key on something that never touches the internet. The common form is a hardware wallet that stores the key inside a sealed chip. To send a payment, you connect the device for a moment, check the details on its own screen, approve, and unplug. Because the key never leaves the device or travels across a network, malware on your laptop has nothing to grab. A paper wallet, where the key is printed or written by hand and locked away, is the plainest version of the same idea.

Hot wallet Cold wallet
Where the key lives A device that's online Something that never touches the internet
Common form Mobile apps, browser extensions, the wallet in an exchange account A hardware wallet with the key in a sealed chip; a paper wallet
Strength Speed: send and receive in seconds, no extra hardware The key never leaves the device or crosses a network, so malware on your laptop has nothing to grab
Weakness Exposure: a compromised phone, a bad extension, or an app flaw can reach the key Slower to reach: connect, check the screen, approve, unplug
Best for Day-to-day spending; small amounts Savings you mean to keep; larger, long-term holdings

Here's the homely way to hold it in your head. A hot wallet is the cash in your pocket: handy, quick, and you'd only carry what you can stand to lose. A cold wallet is the cash in a safe at home: slower to reach, harder to take. Plenty of people use both, a hot wallet for day-to-day spending and a hardware wallet for the savings they mean to keep. A common setup pairs the two, using a browser extension as the everyday interface while a connected hardware device holds the key and signs each transaction, so you get the convenience of the app with the key still offline.

Custodial vs self-custody: "not your keys, not your coins"

When you buy crypto on an exchange like Coinbase, the exchange usually holds the private key for you. You see a balance in your account, and the company promises to honor it. That's a custodial wallet: someone else has custody of the key, and you have their word.

The old crypto saying "not your keys, not your coins" is blunt about what that means. You're trusting a company to stay in business, to guard the key well, and to let you withdraw when you ask. When the FTX exchange collapsed in 2022, customers with balances sitting on the platform lost access to their money the moment it froze. The coins still existed on-chain. The trouble was that FTX held the keys, and the customers didn't.

A self-custody wallet, also called a non-custodial wallet, flips that around: you hold the private key yourself. No company can freeze your balance, halt your withdrawals, or fail and drag your funds down with it. The trade is that the whole job of keeping that key safe now sits with you, with no help desk behind it.

  • A regulated exchange can freeze a thief's withdrawal, handle a hacked-account claim, and reset a forgotten login.
  • A comfort beginners shouldn't dismiss for a small first amount, as long as you understand what you're trusting it with.
  • No seed phrase to write down or guard yourself.
  • Someone else holds the key, and you have only their word.
  • You're trusting a company to stay in business, guard the key well, and let you withdraw when you ask.
  • A platform can freeze withdrawals, get hacked, or collapse while holding your keys, as FTX customers found in 2022.

Self-custody hands you total control and, with it, total responsibility. Which one suits you depends on how much you're holding and how ready you are to be your own bank.

Self-custody is a skill, not a setting you flip on. It means knowing how to back up the key, how to spot a phishing page, and how to guard a seed phrase. None of that is beyond a careful beginner, but it does take learning. For someone just starting out, a well-run exchange is a reasonable first home for a small amount, as long as you understand exactly what you're trusting it with. For larger sums or anything you plan to hold a long time, self-custody is worth growing into.

What is a seed phrase, and how do you protect it?

Set up a self-custody wallet and the first thing it gives you is a seed phrase: a list of 12 or 24 ordinary words in a fixed order, something like "harbor velvet ridge open spoon glide cabin remind frost ladder echo crisp." Those words are a readable version of the master key, the single secret that every private key in your wallet is built from. The words aren't random English; they come from a standardized list of 2,048 words (the BIP-39 standard most wallets share), which is why a phrase made on one wallet can usually be restored on another.

The seed phrase can rebuild your whole wallet on any compatible device. Drop your phone in a lake, buy a new one, install the wallet app, type the words back in the right order, and your full balance and history come back. That recovery is the entire point of it. This is also why writing the words down at setup is not optional housekeeping you can skip: the seed phrase is the only copy of that master key, and most wallets show it to you exactly once.

The same power is what makes it dangerous. Anyone who gets your seed phrase gets your coins, all of them, for keeps. There's no support line to call, no chargeback, no undo. Never type your seed phrase into a website, app, pop-up, or form, for any reason at all. A real wallet never asks for it online, and a real recovery never needs it typed into a web page. If anything asks, it's a scam, and that's the clearest red flag there is.

And this is how most self-custody theft actually happens. Thieves rarely break the cryptography; they talk someone into typing or sending the words to them. So I'll be plain about the rest of the rules that hold every time, no exceptions.

Write the words on paper, or stamp them into a metal plate if you want them to survive a fire or flood, and store that somewhere safe and private. Don't photograph it, don't save it in a notes app or cloud document, don't email it to yourself. Anything stored on an internet-connected device can be reached by someone who reaches that device.

Keep more than one copy in more than one place if you can. A single slip of paper that burns up in a house fire takes your access with it. And separate the seed phrase from any hint about how much it controls or which wallet it opens, so that finding the words alone tells a stranger nothing useful.

A quick note on a related term, because beginners mix them up. Many wallets also ask you to set a PIN or password. That code only unlocks the app or device on your own phone; it is not the seed phrase and cannot recover your funds on a new device. Lose the PIN and the seed phrase still restores everything. Lose the seed phrase and no PIN can save you. The seed phrase is the one that matters.

How do you set up a crypto wallet?

Setting up a self-custody wallet takes about ten minutes, and the order below is the order you'll meet it. This is the high-level shape; the irreversible step is flagged where it happens.

  1. Pick a wallet and download it from the official source. Use the wallet's own website or the official app store listing, and double-check the address, because fake wallet apps are a known scam. Match the wallet to what you'll hold; not every wallet supports every coin.
  2. Create a new wallet. The app generates a fresh private key and seed phrase for you on the spot. You are not opening an account with a company here, just creating keys on your own device.
  3. Write down your seed phrase, offline, and verify it. This is the step that cannot be undone. The wallet shows the 12 or 24 words once. Write them on paper in order, never a screenshot or a notes app, and the wallet will ask you to re-enter a few to confirm you saved them. If you lose these words, no one can recover your funds, so do this step slowly and get it right.
  4. Set a PIN or password for the app. This locks the wallet on your device. It is separate from the seed phrase and protects against someone picking up your unlocked phone.
  5. Find your receiving address. The wallet shows an address (and usually a QR code) under "receive." This is the string you give to whoever is sending you crypto, or that you paste into an exchange to withdraw to.
  6. Make a small test transfer first. Before moving a meaningful amount, send a tiny amount in, confirm it arrives, and only then move the rest.

Crypto sends are final and a mistyped address or wrong network can lose funds permanently, so the small test is cheap insurance.

For a custodial exchange wallet the flow is different and shorter: you sign up with an email, pass identity verification, and the platform creates and holds the keys for you. There's no seed phrase to write down, because you don't hold the key. That's the convenience and the catch in one line.

How do you keep a crypto wallet secure?

Most stolen crypto isn't taken by breaking the math. It's taken because someone got the key or tricked the owner into approving something. A handful of habits stop the great majority of that, and they're worth building before you hold anything you'd miss.

Guard the seed phrase as covered above: offline, never typed into a website, backed up in more than one place. That single habit prevents the most common total loss. Beyond it, turn on every lock the wallet offers, a strong PIN or password, and two-factor authentication on any exchange account, using an authenticator app rather than text-message codes where you can, because attackers have ways to hijack a phone number through the carrier. Keep the wallet app and your device's operating system updated, since updates often patch security holes.

Be careful what you connect to and what you approve. Browser wallets ask you to "connect" to web3 sites and to approve transactions and token permissions; a malicious site can slip in a request that drains your wallet if you sign it without reading. Slow down, read what you're approving, and only connect to sites you trust. Reach any wallet or exchange through a saved bookmark, not a search-engine ad or an email link, because look-alike phishing sites are built to catch exactly that click. For anything long-term, move it to cold storage and keep only your spending money hot.

Here is the honesty beat. None of this protects you from a mistake you make yourself with full permission. Approve a malicious transaction, send to the wrong address, or hand your seed phrase to a convincing stranger, and the wallet's security did its job while the loss still happens, because the network can't tell a scammed signature from an honest one. Self-custody removes the middleman and the safety net both. The protection that matters most isn't a feature you switch on. It's the pause you take before you sign, send, or share.

Common ways people lose crypto from a wallet

The failures repeat, and they're worth naming plainly, because knowing the shape of each one is how you sidestep it. Almost none involve broken cryptography.

The most common is the lost or never-saved seed phrase. Someone sets up a self-custody wallet, skips writing the words down or stores them somewhere they later lose, then changes phones or the app gets wiped, and the funds are stranded on-chain with no way back. The fix is the backup step, done properly, at setup.

Next is the phishing or social-engineering scam, where a fake support agent, a cloned wallet site, a "wallet validation" pop-up, or a too-good airdrop talks the owner into typing or sending the seed phrase, or into signing a draining transaction. This is where most theft of self-custodied funds happens. The defense is the rule that never bends: no legitimate party ever needs your seed phrase, and you read every transaction before you sign.

Third is sending to the wrong address or the wrong network, a mistyped destination, a coin sent on a chain the receiving wallet doesn't support, or an address copied by malware that swaps it on your clipboard. Crypto sends are final, with no reversal. The small test transfer and a careful check of the first and last characters of the address catch most of these.

Fourth is exchange or custodian failure, the custodial side of the coin, where a platform freezes withdrawals, gets hacked, or collapses while holding your keys. Self-custody removes this risk and replaces it with the responsibility of holding the key yourself. Both paths have a failure mode; the choice is which one you'd rather own.

How do you choose a wallet?

The honest answer is that it depends on what you're doing with crypto, so let me say what it depends on.

If you're putting in a small amount through an exchange just to see how this works, the custodial wallet that comes with the account is a fine place to start. Keep the amount small enough that a problem at the platform wouldn't sting.

If you're holding a meaningful sum for the long haul, a hardware wallet is the setup most security-minded holders reach for. You pay once for the device, and in return your keys live offline, out of reach of malware on your everyday machine.

If you want to use on-chain apps, swap tokens, or do anything that connects to a smart contract, you'll need a hot wallet that can plug into those apps. The steady habit is to keep only what you're actively using in the hot wallet and move the rest into cold storage.

A few practical things narrow the field. Check that the wallet supports the specific coins and networks you'll hold, because not every wallet handles every chain. Look at whether the code is open-source, so anyone can inspect it; how long the wallet has been around; and whether the company behind it has had serious security trouble. Weigh how the wallet handles recovery, and whether the interface is one you'll actually read before approving a transaction rather than clicking through. No single product is right for everyone, and I won't pretend otherwise.

Here's the part I most want you to remember, because I've watched it trip up careful people. The costly mistake is almost never picking the wrong wallet. It's picking a perfectly good one and then keeping the seed phrase somewhere a thief, a fire, or a forgetful afternoon can reach it.

Frequently asked questions

Is a crypto wallet free?

Software wallets are almost always free to download and use; you only pay the network fee when you send a transaction, which goes to the blockchain, not the wallet maker. Hardware wallets cost money because you're buying a physical device, typically somewhere in the range of fifty to two hundred dollars depending on the model. Custodial exchange wallets are free to open, with the cost showing up in trading fees and spreads instead.

Can I have more than one wallet?

Yes, and many people do. A common setup keeps a hot wallet for small, everyday amounts and a hardware wallet for long-term savings, so a problem with the online one can't reach the bulk of your holdings. Each wallet has its own seed phrase, and each one needs its own careful backup.

What happens to my crypto if I lose my wallet device?

If you have your seed phrase, nothing is lost. The coins live on the blockchain, not on the device, so you install the wallet on a new phone or device, enter the seed phrase, and your balance and history come back. If you lose the device and have no seed phrase backup, the funds are unreachable. That's why the backup is the step that matters most.

Is a crypto wallet the same as an exchange account?

Not quite. An exchange account is a custodial wallet: the exchange holds the keys and you hold an account balance, much like a bank. A self-custody wallet means you hold the keys directly, with no company in between. Many people use both, an exchange to buy and a self-custody wallet to hold, which is part of the wider buying crypto picture.

Which wallet is safest?

The safest setup for funds you're holding long-term is a hardware wallet kept offline, because the key never touches an internet-connected device. But "safest" depends less on the brand than on how you handle the seed phrase. A top-tier hardware wallet with a backed-up phrase stored carelessly is less safe than a basic wallet with a phrase guarded well. The crypto safety basics cover the habits that protect you whichever wallet you pick.