In our beginner’s guide to cryptocurrency wallets, we aim to cover everything you need to know about them. It would be a long read so let’s get going.
Purpose of cryptocurrency wallets?
Traditionally, banks act as intermediaries enabling individuals to transact with each another.
Traditional banking system
You Bank A Bank B Recipient
In cryptocurrencies, banks are redundant as users can transact directly with one another by paying a mining fee.
Crypto world
You Recipient
In the crypto world, you act as your own bank and cryptocurrency wallets act as your bank account. They increase or decreases in value as you receive or send cryptocurrencies.
Wallets began with basic features such as user interfaces to track balances and technology to estimate mining fees. They have since evolved to provide many complex functionalities such as integrated exchanges.
How wallets work and their lingo?
Unlike traditional bank accounts, cryptocurrency wallets do not store your funds. Instead, they function as a keychain, holding your public keys and private keys. These keys grant you control over your funds which exists on the blockchain.
Each private key generates a unique public key. The public key acts like your email address while the private key acts like the password to your account. Thus, you should never disclose your private key to anyone.
Public keys generate addresses for sending and receiving crypto. While addresses can be derived from public keys which in turn can be derived from private keys, the reverse is not true. In other words, someone with your public key would not be able to derive your private key.
Sample Private key
L2kPiGNtuSH2BrK6ErCgn1uMu7XLZYsktV7ZWVvovf3AK5SuGrms
Sample Public key
034a7ed41b1cd5d3a4f91d479789310fed0c61d2f9f8b460c1e951da56e78e0311
Sample address
12y4v2hSHUKTRVE4yeT7n23kVPEyvhFnDu
Want to try generating your own keys and addresses? Click here. Word of caution: Do not use keys or addresses generated from the site unless you know how to generate them securely.
So how do keys and addresses interact in processing transactions on the blockchain? Let’s illustrate with an example. Suppose Alice wanted to send Bob some crypto.
- Alice would ask Bob for his address.
- Through her wallet, Alice would then send funds to Bob’s address.
- Alice’s wallet signs this transaction using her private key, creating a digital signature. This is then transmitted onto the blockchain.
- Alice’s public key is used to verify the legitimacy of the digital signature. Miners perform such verifications for a small mining fee.
Except for determining mining fees, Steps 3 and 4 are transparent to Alice as her wallet handles them.
What are the different types of cryptocurrency wallets?
There are many ways of categorizing wallets.
By how keys are generated
In Hierarchical Deterministic (“HD”) wallets, a seed (also known as a mnemonic seed) generates public and private keys through a specific algorithm. Thus, as long as you control the seed you would be in control of the funds. For example, if you install a wallet on your desktop and your hard disk fails, you can restore your wallet with your seed on a different computer to regain control of your funds.
Seeds are a sequence of English words as listed in Bitcoin Improvement Proposals 39 (“BIP 39”). Examples of HD wallets implementing BIP 39 are Trezor and Ledger.
Example of a seed
term dolphin taxi fancy category lend brick prize liberty south casino nuclear obey organ tomorrow dash verify gadget drift mule symptom answer avoid lake
The diagram below shows a simplified view of how such wallets function. If you would like to learn more do read BIP 32.
The properties of HD wallets are as follows:
- The Master Private Key can generate all Child Private Keys
- The Master Private Key generates the Master Public Key
- The Master Public Key can generate all addresses in the wallet but none of the private keys
So why the need for such a convoluted system? In an organizational setting, such a system can provide checks and balances. For example:
- Auditors would receive the Master Public Key allowing them to verify balances held by the entire organization.
- Individual departments would hold Child Private Keys allowing them to manage funds allocated to them.
However, the risk of such a system is that anyone with the Master Public Key and any one Child Private Key can derive the Master Private Key, compromising all Child Private Keys. Thus, collusions between an employee from one of the departments and the auditor can comprise the entire system. While there are advanced solutions to deal with this, the easiest way for beginners to avoid this problem is to keep the Master Public Key secret. Alternatively, transactions can be set up such that they require multiple signers to approve them (ie. a multi-signature solution).
A further standard that governs HD wallets is BIP 44. This standard defines the derivation path for the wallet. In short, BIP 44 spells out a specific format for a BIP 32 wallet.
Non-deterministic wallets, on the other hand, generate new private keys and addresses as needed, utilizing each private key only once. These wallets require frequent backups as failure to backup newly created private keys would result in loss of funds. As managing such wallets is too cumbersome, it is advisable to stick with deterministic wallets for Bitcoin.
The distinction between deterministic and non-deterministic wallets is not applicable to all cryptocurrencies. For example, using deterministic wallets for Ethereum would only complicate transaction processing as it is built differently.
A simplified view of how non-deterministic wallets work is as follows.
By purpose of the wallet
Users usually split their holdings into two types of wallets, hot wallets, and cold wallets.
Hot wallets act like checking accounts and are used for everyday spending of crypto. Examples of such wallets include those on cryptocurrency exchanges such as Binance.
On the other hand, cold wallets are like savings accounts and are used for secure long-term storage of crypto. They should store the vast majority of your holdings which are infrequently used. Examples of such wallets include dedicated hardware wallets such as Trezor and Ledger.
Cryptocurrencies stored in hot wallets are exposed to more risks than those in cold wallets. This is because hot wallets are actively connected to the internet so as to be readily available for use. Thus, such convenience comes at a price as they are more prone to being hacked. Cold wallets, on the other hand, are only connected to the internet when a transaction has to be made.
While it is a hassle to manage multiple wallets, the importance of doing so cannot be emphasized enough. Separate wallets are necessary due to the following:
- Operating systems such as Windows, Android, and iOS on which users use to access and store their cryptocurrencies are filled with security loopholes. Therefore, there is a need to manage risks that each wallet is exposed.
- Malware like keyloggers and trojans have resulted in the theft of large amounts of cryptocurrencies. Such malware is more likely to infect hot wallets connected to the internet than cold storage hardware wallets.
For those heavily invested in cryptocurrencies, hardware wallets are the default choice for cold storage. They offer highest-grade security coupled with ease of use and price anywhere between $100 to $400 making them great value for money.
By how they are implemented
Wallets can be implemented in the form of software, hardware, paper, and brain wallets.
Software wallets. A software wallet is an application which stores public and private keys. Also, it manages crypto transactions, allowing clients to send crypto and view their balance. Most software wallets today provide user-friendly control panels to view the wallet’s status and perform online transactions. Several types of software wallets exist, and listed below are the most important ones.
- Client-side wallets. These are applications that users install on their PC, smartphone, or tablet. The public and private keys are stored locally within a wallet file. Many such wallets allow users to manage a wide variety of cryptocurrencies. Example: Bread wallet allows users to manage Bitcoin, Ethereum and other cryptocurrencies.
- Web-based wallets. Such wallets are managed by trusted third parties and are accessed via online websites. The private keys are stored in the provider’s database and clients do not get access to them. Example: Using wallets on cryptocurrency exchanges.
- Watch-only wallets. Watch-only wallets allow the user to check existing transactions but don’t allow them to create new ones. Only public keys are stored in such wallets. Example: Setting up Mycelium with your Master Public Key from your Trezor wallet.
Hardware wallets. In hardware wallets, private keys are stored in trusted dedicated hardware devices. These devices are connected to the host computer via USB. They usually contain security features such as embedded screens and PIN codes. In such wallets, transactions are signed within a trusted computational environment within the device (eg. the ARM TrustZone). Thus, private keys are never exposed to the host computer. Examples of such wallets include Trezor and Ledger.
A common source of confusion when dealing with hardware wallets are the terms used.
- Pin – This is what you have to key into your device to access it. In short, it protects your device from being used. The pin has nothing to do with the passphrase or the seed.
- Seed – This refers to the 12 – 24 word mnemonic phrase which we explained above.
- Passphrase – This is an extra word that when combined with your seed generates your keys and addresses. Thus, each passphrase creates a new wallet and protects your wallet/seed from being used.
The passphrase feature allows you to create hidden wallets within the same device. You can thus store the bulk of your holdings in one wallet while putting small amounts in another. That way if someone coerces you into revealing your holdings, you can always open up the wallet with the smaller amounts while concealing your other holdings.
To illustrate:
| Passphrase 1: [empty passphrase] | 0.05 BTC |
| Passphrase 2: correct-horse-battery-staple | 0.10 BTC |
| Passphrase 3: Brainy2$Mccoy$Tie6 | Main Stash |
Paper and brain wallets. In paper wallets, the private key is stored on a printed piece of paper. They are usually encoded as a QR code or printed in a form of an alphabet string. There are online websites that generate printable wallets such as bitaddress.org.
Paper wallets are often thought to be the most secure wallets because they are completely offline and hence unexposed to cyber threats. However, as we have stated in our other post on securing cryptocurrency wallets, this applies only to a handful of expert information security professionals. If you do not know how to generate such wallets securely, then your keys can be obtained by a hacker if one of your devices is compromised.
In brain wallets, the private keys are not stored in digital form. Instead, the wallet owner creates the mnemonic recovery phrase of the wallet. Should this phrase be forgotten, then access to funds within the wallet is lost. We do not recommend using brain wallets as they are not as secure as you think and can be brute-forced.
By whether it runs a full node or not
Full node wallets are those that download the entire blockchain onto your computer. By doing so, you are able to use cryptocurrencies in a trustless way since you can verify first hand whether the rules of the blockchain has been observed. An example of such a wallet for Bitcoin would be the Bitcoin Core wallet.
Sometimes it may be impractical to download the entire blockchain due to limitations such as a lack of disk space. Lightweight node wallets can be used in such instances. Such wallets do not download the entire blockchain and rely on full nodes to function and validate the rules of the blockchain. While such wallets load faster, the trade-off is that they are less secure since they are not performing the validation themselves and are placing reliance on another party who could be compromised. An example of such a wallet for Bitcoin would be Electrum.
Which wallet should you choose?
This is like asking what’s better, a Lambo or a bulldozer? If you trying to go fast on a very flat surface, then the Lambo would suit you. But if you are trying to flatten a surface, the bulldozer would do the job.
Thus, the answer to this question depends on what you are trying to achieve. And there isn’t a perfect wallet that would suit everyone. The key is to find the right balance of the features you want. You may wish to consider some of the following areas.
| Features | Considerations |
|---|---|
| Privacy | Do you need wallets that automatically generate new addresses for each transaction? If so, use deterministic wallets. |
| Security | Does it provide 2 factor authentication? Are your funds insured? |
| Value of holdings | Is it significant enough to warrant investments in hardware wallets? |
| Ease of use | Do you need wallets that are easy to use or those that are full of features? |
| Transaction amounts | Are you transferring large amounts of crypto? If so, running a full node would make sense since you don’t want to delegate the responsibility for verifying transactions to another party. |
| Usage | Do you make daily payments with them or would it be for long-term storage? For daily payments, mobile wallets would suffice but for long-term storage, dedicated hardware wallets are needed. |
| Cost | What is your budget? If you want a free wallet, then a software wallet would suit you. If you have cash to spare, why not go for a hardware solution such as Trezor or Ledger? |
| Platform | Does it work on Android, iOS or Windows? |
| Coin support | Does the wallet support your coin? Information on coins supported by a particular wallet can be found on the wallet provider’s website. A common term mentioned by wallet providers is the ability to support ERC-20 tokens. In short, these are tokens that have been built on the Ethereum blockchain. A full list of such tokens can be found here |
| Reviews | Does the wallet have a good reputation? Is the support for the wallet good? One way to check this is to look at the Telegram or Reddit sites of the wallet providers. |
| Source code | Is the source code open and therefore available for inspection? This allows any developer in the world to audit the code and make sure the final software isn’t hiding anything fishy. |
| Other features | For example, do you need a wallet with fee estimation technology, multi-signature capabilities or in-built exchanges? |
Attached is a list of reputable wallet solutions for you to check out. Paper, brain or web-based wallets are not included in our list as they are not recommended for storing your crypto. To find out why do read the following post on cryptocurrency wallet security.
Bitcoin
| Device | Deterministic or not? | Hot or cold?(1) | Wallet implementation? | Full node or lightweight? | Operating system? | Open Source? | Link |
|---|---|---|---|---|---|---|---|
| Bitcoin Core | Y | Hot | Desktop | Full node | Windows, macOS, Linux | Y | Link |
| Mycelium | Y | Hot | Mobile | Lightweight | Android, iOS | Y | Link |
| Electrum | Y | Watch-only | Desktop | Lightweight | Windows, macOS, Linux | Y | Link |
| bitWallet | Y | Watch-only | Mobile | Lightweight | iOS | N | Link |
| Sentinel | Y | Watch-only | Mobile | Lightweight | Android | Y | Link |
| Copay | Y | Hot | Mobile | Lightweight | Windows, Android, iOS | Y | Link |
| Trezor | Y | Cold | Hardware | Lightweight(2) | Windows, macOS, Linux | Y | Link |
| Ledger | Y | Cold | Hardware | Lightweight | Windows, macOS, Linux | N | Link |
| (1) This reflects how we use them. For example, Electrum can be used for cold storage too. (2) There are ways to set it up as a full node wallet but they aren't straightforward. Read more here. | |||||||
Ethereum
| Device | Deterministic or not? | Hot or cold?(1) | Wallet implementation? | Full node or lightweight? | Operating system? | Open source? | Link |
|---|---|---|---|---|---|---|---|
| Ethereum Wallet | Not applicable (2) | Hot | Desktop | Full node | Windows, macOS, Linux | Y | Link |
| Bread Wallet | Hot | Mobile | Lightweight | Android, iOS | Y | Link | |
| Trezor | Cold | Hardware | Lightweight (3) | Windows, macOS, Linux | Y | Link | |
| Ledger | Cold | Hardware | Lightweight | Windows, macOS, Linux | N | Link | |
| (1) This reflects how we use them. For example, Bread wallet can be used for cold storage if it is set up properly on an air gapped mobile phone. (2) Ethereum operates differently from Bitcoin and deterministic wallets would complicate transaction processing. (3) There are ways to set it up as a full node wallet but they aren't straightforward. Read more here. | |||||||
Protecting yourself when using cryptocurrency wallets
This has been covered in depth in our other article on securing your cryptocurrency wallets and we strongly recommend you have a look.
Frequently asked questions
Question: What happens if the wallet manufacturer/developer goes bust?
Answer: You can import your seeds into another compatible wallet and continue using your funds. A compatible wallet is one which conforms to similar standards such as BIP 32, 39 and 44. How would you know this? You can refer to the wallet provider’s website for guidance. For example, Trezor’s website provides a list of compatible wallets and so does Ledger’s website.
Question: Can hardware wallets be compromised?
Answer: If properly used, hardware wallets cannot be compromised. The reason is that no sensitive information ever travels out of the hardware wallet. When processing transactions, the hardware wallet receives from your computer all information it needs about a transaction. It then transmits the signed transaction back to your computer which then broadcasts the transaction to the network. At no point does sensitive information such as your private keys leave the device. Thus, even if your computer were completely compromised, no sensitive information can be captured in the communication between the device and your computer.
Wrapping up
Now it’s your turn. Leave a comment below and let us know which wallet you are going to use.
Will it be a hardware wallet? Will it be a watch-only wallet? Or would you have a wallet to recommend to us?
Let us know with a quick comment below!
What do you know about KEYSTONE cold wallet . . . does “air gap” make it any more secure and would I need multiple cold wallets if the one I choose does not allow a coin type that I have on the exchange?
Very informative article . . especially the link to password security Thanks
Unfortunately, we don’t know enough about the Keystone cold wallet to comment about it. But in general yes if your cold wallet does not support a token, then you will need a separate wallet for it.
Thanks for the complimnent.