Here’s a sentence that should bother you more than it does: a crypto wallet does not contain any crypto. Open one up — peek inside, shake it — and there are no coins rattling around. So where are they? They’re sitting on the blockchain, the shared public ledger that every participant agrees on. Your “wallet” never holds the money at all. What it actually holds is a set of keys — secret numbers that prove you, and only you, are allowed to move the entries the ledger has filed under your name. Get this one idea straight and seed phrases, “not your keys not your coins,” hardware wallets and the panic of a lost password all suddenly make sense.
A Wallet Holds Keys, Not Coins
Before you read — take a guess
Guess before reading: when you have '2 bitcoin in your wallet,' where do those coins actually live?
A blockchain is, at heart, a giant public spreadsheet that everyone can read and nobody can secretly edit: address A holds 3 coins, address B holds 0.5, and so on. Your coins are just rows in that ledger. A wallet is the tool that holds the keys to your rows — it’s much closer to a keyring than to a leather billfold stuffed with cash.
Think of the ledger as a wall of public lockboxes, each with a glass front so anyone can see how full it is. Your wallet doesn’t store the contents of your box; it stores the key that opens it. That distinction has a wonderful consequence: if your phone dies, your laptop is stolen, or the wallet app vanishes from the app store, your coins are fine — they were never in the app. As long as you can recreate the keys, you can walk up to any new wallet, unlock the same boxes, and carry on.
Myth #1: 'My wallet stores my coins'
It doesn’t. The ledger stores your coins; the wallet stores the keys that prove you control them. This is why losing a wallet app is a non-event if you’ve backed up your keys — and why a thief who copies your keys can drain you even if they never touch your phone.
The Key Pair: One Secret, One You Can Shout
Crypto wallets are built on a clever bit of math called asymmetric cryptography. “Asymmetric” because it uses two keys that work as a matched pair, but do opposite jobs:
- A private key — a long secret number. This is the one that matters. Whoever holds it controls the funds. You never share it. Ever.
- A public key — mathematically derived from the private key, and safe to hand to anyone. It can check the private key’s work without being able to do the private key’s work.
The magic — and it really is a genuine mathematical one-way street — is this: it’s easy to compute the public key from the private key, but effectively impossible to run the calculation backward and recover the private key from the public key. The secret stays secret even though its partner is out in the open.
A everyday analogy: think of the private key as the only key that can lock a padlock, and the public key as a transparent padlock you can mail to anyone. People can snap your padlock shut around things and check that your padlock did the locking — but no amount of staring at the padlock tells them how to cut a copy of your key.
Match each piece of the key pair to its job.
Pick a term, then click its definition.
Digital Signatures: Proving It Without Revealing It
So you have a secret key you can never reveal — how do you ever use it to prove something? With a digital signature.
When you want to move coins, your wallet builds a transaction (a message that says, roughly, “send 0.5 coins from my address to Bob’s”) and runs it through your private key to produce a signature — a chunk of data that’s unique to both that exact message and that exact key. Then anyone on the network uses your public key to verify the signature: the math confirms “yes, this was signed by the holder of the matching private key, and the message hasn’t been altered.” Crucially, verifying never reveals the private key — it only confirms the signature is genuine.
Two properties fall out of this, and they’re the whole point:
- Authenticity — only the private key holder could have produced a valid signature, so a valid signature is the proof of authorization.
- Integrity — the signature is bound to the exact message. Change even one character of the transaction afterward and the signature no longer matches; verify it and it instantly fails.
Don’t take my word for it — drive it yourself. Hit sign to lock your private key around the message and watch a signature appear. Hit verify with the public key and see it pass. Then tamper with the message and verify again — watch the check fail the instant the message and signature stop agreeing:
Message
Signature
Only the private key can produce the signature, but anyone can verify it with the public key. Change the message after signing and verification fails — that mismatch is how a blockchain spots a forged transaction.
That failed check is the entire security model in one gesture. A blockchain doesn’t need to know who you are or trust your wallet app — it just re-runs the verification on every transaction. A forged or altered transaction can’t produce a signature that checks out, so the network rejects it without ever seeing your secret.
Addresses: The Safe-to-Share Mailbox
You don’t hand people your public key directly when they want to pay you. Instead you
share an address — a shorter string (think bc1q… or 0x…) that’s derived from
your public key by running it through a hash function (a one-way scrambler that
turns any input into a fixed-size fingerprint). An address is basically a public
mailbox number: anyone can drop coins into it, and the whole world can see its balance,
but only your private key can spend from it.
This is where beginners get the danger exactly backward. Sharing your address (or public key) is completely safe — it’s designed to be posted publicly, printed on a QR code, pasted into a tip jar. The catastrophe is sharing your private key or the seed phrase behind it. Mix these up and you either refuse to accept payments out of misplaced fear, or you cheerfully hand a stranger the one secret that empties your funds.
Myth #2: 'Sharing my address is dangerous'
The opposite. Your address and public key are the public half of the pair — share them freely, that’s how you get paid. The private key (and the seed phrase that generates it) is the secret. Rule of thumb: if it’s what people send money to, it’s safe to share; if it’s what authorizes spending, guard it with your life.
Sort each item by whether it's safe to share publicly or must stay secret.
Place each item in the right group.
- Your 12-word seed phrase
- A QR code of your address for tips
- Your receiving address
- Your public key
- Your private key
- A photo of your seed phrase backup
The Seed Phrase: Your Whole Wallet in 12 Words
Private keys are unwieldy strings of gibberish that no human could memorize or copy by hand without errors. So modern wallets give you something friendlier: a seed phrase (also called a recovery phrase or mnemonic) — a list of 12 to 24 ordinary words, like ribbon, oxygen, glide, marble…
Those words aren’t a password sitting next to your keys. They are a compact, human-readable seed from which every one of your private keys — and therefore every address you’ll ever use in that wallet — is deterministically generated. Same words in the same order, every single time, reproduce the exact same keys. That’s why you can restore an entire wallet onto a brand-new phone just by typing the phrase: the device recomputes all your keys from those words on the spot.
Which makes the seed phrase the single most powerful, most dangerous object you own:
- Anyone who has it owns your funds. Full stop. Those words are your keys.
- Lose it with no backup and the funds are gone forever. There is no “forgot password” link, no support line, no company sitting on a copy.
So you back it up offline — written on paper or stamped into metal, stored somewhere safe — and you never type it into a website, photograph it, or paste it into a chat. Treat the words like the deed, the cash, and the keys to a house all fused into one slip of paper.
Myth #3: 'I'll just reset my password by email'
There is no reset. Nobody can email you a new key, restore your account, or recover your funds — that’s the whole design of self-custody. The seed phrase is the only recovery path, and only you have it. This freedom from middlemen is exactly what makes the backup your job and nobody else’s.
Fill in each blank about keys, addresses, and recovery.
Pick the right option for each blank, then check.
The key is the secret that authorizes spending, while the is derived from your public key and safe to share. A of 12–24 words can regenerate every key in your wallet, so anyone who has it can . If you lose it with no backup, the funds are .
Custody: Not Your Keys, Not Your Coins
Now the question that decides how safe you actually are: who holds the private keys? There are two answers, and the crypto world has a slogan for it — “not your keys, not your coins.”
| Self-custody | Custodial | |
|---|---|---|
| Who holds the keys | You do | An exchange / company does |
| What you get | Full control, no middleman | Convenience, password resets, support |
| What you risk | If you lose the seed, it’s on you | The custodian can be hacked, freeze you, or go bust |
| Mental model | Cash in your own safe | Money in someone else’s bank |
With self-custody, you hold the seed phrase and the keys it generates. You answer to no one — and no one bails you out. With a custodial setup (most beginner-friendly exchanges), the company holds the keys for you; you just have a login. That’s convenient and it gives you a reset button, but it reintroduces exactly the middleman crypto was built to remove: counterparty risk — the chance the party holding your money fails, freezes withdrawals, or runs off with it. If the exchange controls the keys, you don’t really hold coins — you hold an IOU.
One more axis, orthogonal to custody: where the keys live while you use them.
- A hot wallet is connected to the internet (a phone or browser wallet). Convenient for spending, but its exposure to the network makes it a juicier target.
- A cold wallet is kept offline (a dedicated hardware device or a seed phrase on paper). Less convenient to transact with, far harder for a remote attacker to reach.
A common pattern: a small “spending” balance in a hot wallet, the bulk of savings in cold storage — the crypto equivalent of cash in your pocket versus the safe at home.
Big picture
Keys & wallets
- Keys & wallets
- The key pair
- Private key — secret, signs, never shared
- Public key — shareable, verifies
- Can't derive private from public
- Using the keys
- Signature proves authorization
- Tampering breaks verification
- Address = hash of public key, safe to share
- Backup & custody
- Seed phrase regenerates all keys
- Self-custody vs custodial (counterparty risk)
- Hot (online) vs cold (offline)
- The key pair
A mixed recap — it pulls from everything above:
What does a crypto wallet actually store?
Check your answer to continue.
Key Takeaways
What to remember
- A wallet holds keys, not coins. Coins are entries on the blockchain ledger; the wallet is a keyring proving you control your rows. Lose the app but keep the keys and your funds are safe.
- One pair, opposite jobs. The private key is the secret that signs (never share it); the public key verifies (safe to share). You can’t reverse a public key back into the private one.
- Signatures prove authorization without revealing the secret — and any change to the message breaks verification, which is how the network spots forged or altered transactions.
- Your address is the safe-to-share mailbox (a hash of your public key); the private key / seed phrase is the catastrophe-to-share secret. People send money to the address; only the key spends from it.
- A seed phrase (12–24 words) regenerates your whole wallet. Back it up offline; there is no password reset. Anyone with it owns your funds; lose it with no backup and they’re gone forever.
- Custody is who holds the keys. Not your keys, not your coins: self-custody = full control + full responsibility; custodial = convenience + counterparty risk. Hot wallets are online and handy; cold wallets are offline and safer.
You now know who can move the coins and how they prove it. But signing a transaction is only the starting gun — it still has to travel the network, get picked up, and earn its place in a block. Next up: a transaction’s journey, and the fee that buys it a seat.