Private Key: A 256-bit random number that proves ownership. Anyone with your private key controls your assets. Never share it.

Public Key: Derived from your private key using cryptography. Can be shared freely.

Address: A shortened, human-readable version of your public key (e.g., 0x1234...abcd). This is what you share to receive funds.

The relationship:

• Private key → Public key → Address
• You can always derive the public key from the private key
• You cannot derive the private key from the public key (that's the security)

A seed phrase (also called recovery phrase or mnemonic) is a human-readable representation of your private key.

How it works:

• 12 or 24 words from a standardized list (BIP-39)
• Can regenerate all your wallet's private keys
• Write it down on paper—never store digitally

Critical rules:

• Never enter your seed phrase on any website
• Never share it with anyone, including "support"
• Store it in a fireproof, waterproof location
• Consider using metal backup plates

If someone asks for your seed phrase, it's always a scam.

Non-custodial (Self-custody):

• You control your private keys
• No third party can freeze or seize your funds
• You're responsible for security and backup
• Examples: MetaMask, Ledger, Rabby

Custodial:

• A third party holds your keys
• Easier to recover if you lose access
• You trust the custodian with your assets
• Examples: Coinbase account, Binance account

The saying: "Not your keys, not your coins."

For significant holdings, self-custody is strongly recommended. Exchange hacks and bankruptcies have lost billions of user funds.

Hot wallets are connected to the internet, making them convenient but more vulnerable.

Browser Extensions:

• MetaMask: The most popular, works with almost everything
• Rabby: Security-focused with transaction previews and risk alerts
• Frame: Desktop app with strong hardware wallet integration

Mobile Wallets:

• Rainbow: Beautiful UX, great for NFTs
• Coinbase Wallet: Easy onboarding, connects to Coinbase
• Trust Wallet: Multi-chain support

Best for: Daily transactions, small amounts, DeFi interactions

Not recommended for: Large holdings you're not actively using

Cold wallets keep your private keys offline, providing the highest security for significant holdings.

How they work:

1. Private keys are generated and stored on the device
2. Keys never leave the device, even when signing transactions
3. You approve transactions by physically pressing buttons

Popular options:

• Ledger: Nano X, Nano S Plus - Most popular, Bluetooth support
• Trezor: Model T, Safe 3 - Open source firmware
• Keystone: Air-gapped (uses QR codes, no USB/Bluetooth)

Best practices:

• Buy only from official sources (never used or from Amazon)
• Set up in a private location
• Use with a separate "hot wallet" computer account
• Consider a passphrase for additional security

Smart wallets are deployed as smart contracts, enabling features impossible with regular wallets.

Key features:

• Multisig: Require multiple signatures (e.g., 2-of-3)
• Social recovery: Trusted contacts can help recover access
• Spending limits: Daily transaction caps
• Session keys: Limited permissions for specific apps

Popular options:

• Safe (Gnosis Safe): The gold standard for multisig, used by most DAOs
• Argent: Social recovery wallet with guardians
• Ambire: Email login with gasless transactions

Trade-offs:

• Higher gas costs for transactions
• More complex setup
• Exceptional security when configured properly

Different blockchains use different address formats and signing schemes. Multi-chain wallets handle this complexity.

EVM-compatible chains: One wallet works across Ethereum, Polygon, Arbitrum, etc.

Non-EVM chains need specific wallets:

• Phantom: Solana, Ethereum, Polygon, Bitcoin
• Keplr: Cosmos ecosystem (Osmosis, Celestia, dYdX)
• OKX Wallet: 80+ chains including Bitcoin, TON, Tron

Considerations:

• One seed phrase can often generate addresses for multiple chains
• Always verify you're on the correct network before transacting
• Some chains have different address formats that look similar but aren't

Recommended first wallet: Rabby (browser extension) for its security features and transaction previews.

Setup process:

1. Download only from the official website (rabby.io)
2. Create a new wallet and set a strong password
3. Write down your 12-word seed phrase on paper
4. Verify the seed phrase when prompted
5. Store the seed phrase securely (not on your computer)

Important:

• Never screenshot your seed phrase
• Never store it in cloud storage, notes apps, or email
• Test recovery before depositing significant funds

The 3-2-1 backup rule:

• 3 copies of your seed phrase
• 2 different storage types (paper + metal)
• 1 copy in a different physical location

Testing recovery:

1. Write down your seed phrase
2. Uninstall the wallet
3. Reinstall and use "Import existing wallet"
4. Enter your seed phrase
5. Verify your accounts and balances appear

Metal backup options:

• Cryptosteel Capsule
• Billfodl
• DIY stamped steel washers

Paper burns and fades. Metal survives fires and floods.

When you interact with DeFi protocols or NFT marketplaces, you "connect" your wallet.

What connecting does:

• Shares your public address (not your private key)
• Allows the site to request transaction signatures
• You still approve every transaction

Safety tips:

• Verify you're on the real website (bookmark trusted sites)
• Check what you're signing before approving
• Revoke permissions for sites you no longer use
• Use a separate wallet for risky experiments

WalletConnect: A protocol that lets you connect to dApps using QR codes or deep links. Useful for using desktop dApps with mobile wallets.

Portfolio trackers aggregate your holdings across wallets and chains into a single view.

Top options:

• DeBank: The most comprehensive DeFi portfolio tracker. Shows positions, health factors, protocol interactions, and historical data.
• Zapper: Clean interface with NFT display and transaction history
• Zerion: Combines a wallet with portfolio tracking

What they track:

• Token balances across chains
• DeFi positions (lending, LP tokens, staking)
• NFT collections
• Transaction history
• Net worth over time

These services are read-only—they can't move your funds.

Managing multiple wallets or distributing tokens to many addresses? Batch tools save time and gas.

Common batch operations:

• Wallet Sweep: Consolidate assets from multiple wallets into one
• One-to-Many Transfer: Distribute tokens to many recipients in one transaction
• Balance Scanner: Check balances across multiple addresses at once

Use cases:

• Airdrop distribution
• Consolidating old wallets
• Team payroll
• NFT minting to multiple addresses

Always test with small amounts first.

Phishing:

• Fake websites that look identical to real ones
• Often promoted through ads, DMs, or search results
• Always verify URLs carefully

Malicious approvals:

• Signing a transaction that gives unlimited access to your tokens
• Attacker can drain your wallet later
• Always check what you're approving

Seed phrase theft:

• Fake wallet apps that steal your seed phrase
• Support scams asking you to "verify" your phrase
• Clipboard malware that replaces copied addresses

SIM swaps:

• Attacker takes over your phone number
• Can bypass SMS 2FA
• Use hardware keys instead of SMS

Essential habits:

• Use a hardware wallet for significant holdings
• Never share your seed phrase with anyone
• Bookmark sites you use regularly
• Use a separate browser profile for crypto
• Enable transaction simulation (Rabby has this built-in)

Approval hygiene:

• Regularly review and revoke token approvals
• Use Revoke.cash to audit your approvals
• Prefer limited approvals over unlimited when possible

Hot/cold strategy:

• Keep day-to-day funds in a hot wallet
• Keep long-term holdings in cold storage
• Never connect cold storage to random sites

Wallet drains happen when attackers trick users into signing malicious transactions.

Multisig requires multiple keys to authorize transactions—like requiring multiple signatures on a check.

Common configurations:

• 2-of-3: Any 2 of 3 keyholders must sign
• 3-of-5: Any 3 of 5 must sign
• 2-of-2: Both must sign (no redundancy)

Benefits:

• No single point of failure
• Protects against key compromise
• Enables team/DAO treasury management

Best practices:

• Use Safe (Gnosis Safe) - the most battle-tested option
• Distribute keys geographically
• Use hardware wallets for each signer
• Document the recovery process

For Solana: Use Squads for multisig functionality.

Traditional Ethereum accounts (EOAs) have fixed rules: one private key, must pay gas in ETH, same signature scheme forever.

Account Abstraction allows:

• Custom validation logic (any signature scheme)
• Sponsored transactions (someone else pays gas)
• Batched transactions (multiple actions in one)
• Session keys (limited permissions for specific apps)
• Social recovery without changing your address

Think of it as programmable account rules instead of hardcoded ones.

ERC-4337 brings Account Abstraction to Ethereum without changing the protocol.

Key components:

• Smart Account: Your wallet as a smart contract
• UserOperation: A new transaction type for smart accounts
• Bundler: Collects UserOperations and submits them on-chain
• Paymaster: Optional contract that sponsors gas fees
• EntryPoint: The central contract that processes everything

Infrastructure providers:

• Pimlico: Bundler and Paymaster infrastructure
• Stackup: SDK and bundler services
• Biconomy: Complete AA SDK with gasless options

Several projects are building the next generation of wallets using Account Abstraction.

Developer-focused:

• ZeroDev: Modular smart accounts with Kernel
• Alchemy Account Kit: Complete AA infrastructure
• Biconomy: Gasless transactions and social login

Consumer wallets:

• Soul Wallet: Native ERC-4337 wallet
• Obvious: Smart wallet with social recovery
• Candide: Open source smart wallet

What this enables:

• Email/social login (no seed phrases!)
• Gas paid in any token (or sponsored)
• Automated strategies without signing each tx
• Recovery via trusted contacts

Embedded wallets let apps create wallets for users without requiring a browser extension or app download.

How it works:

1. User logs in with email, social, or phone
2. Wallet is created in the background
3. Private keys are sharded and distributed (MPC)
4. User interacts with the app without knowing it's "crypto"

Providers:

• Privy: Social login with progressive onboarding
• Dynamic: Multi-wallet authentication
• Web3Auth: MPC-based key management
• Particle Network: Complete Wallet-as-a-Service

Trade-offs:

• Easier onboarding vs. less user control
• Some still allow export of keys
• Trust in the provider's key management

Hierarchical Deterministic (HD) wallets generate unlimited addresses from a single seed phrase.

How it works:

• One seed → infinite private keys
• Uses a tree structure with numbered branches
• Same seed + same path = same key

Derivation paths (BIP-44):

m / purpose' / coin_type' / account' / change / index

• Ethereum: m/44'/60'/0'/0/0
• Bitcoin: m/44'/0'/0'/0/0
• Ledger Live uses different paths than MetaMask

Why this matters:

• Same seed can show different addresses in different wallets
• When recovering, use the same derivation path
• Document which path you used

Getting the most security from your hardware wallet.

Initial setup:

• Buy only from official sources
• Check for tamper-evident packaging
• Update firmware before first use
• Generate seed on the device (don't import)

Passphrase (25th word):

• Creates a completely separate set of accounts
• Provides plausible deniability
• If you forget it, those funds are gone
• Store passphrase separately from seed

Air-gapped setups:

• Keystone uses QR codes—no USB or Bluetooth
• Maximum isolation from online threats
• More complex but highest security

Connecting to dApps:

• Use Rabby or Frame as the front-end
• Transaction details shown on device screen
• Verify details on device before signing

Organizations managing large amounts need enterprise-grade solutions.

Requirements:

• Multi-user access with role-based permissions
• Approval workflows (multiple signers)
• Insurance coverage
• Regulatory compliance (SOC 2, etc.)
• Integration with accounting systems

Options:

• Fireblocks: MPC-based custody, most popular for institutions
• BitGo: Multisig custody with insurance
• Anchorage: Regulated digital asset bank
• Copper: European institutional custody

MPC vs Multisig:

• MPC: Key shards distributed, never fully assembled
• Multisig: Multiple complete keys required
• Both provide threshold security