LearnCryptoWallets & Security
Crypto · Lesson 06 of 12

Wallets & Security

6 min read  ·  Beginner

In crypto, you are the bank. There's no fraud department to call, no reversible transaction, no customer support that can recover stolen funds. The security model is completely different from traditional finance — and the consequences of getting it wrong are permanent. These aren't optional details. They are the difference between keeping your assets and losing everything.

What a wallet actually is

A crypto wallet doesn't store your coins — those live on the blockchain. What it stores are your private keys: the cryptographic proof that authorises transactions from your address. Whoever controls the private key controls the funds. The wallet is a key manager, not a vault.

Every wallet has a public address (like a bank account number — share freely to receive funds) and a private key (like a PIN combined with the ability to empty the account — never share this with anyone, ever, under any circumstances).

Hot wallets vs cold wallets

A hot wallet is connected to the internet — a browser extension (MetaMask), a mobile app (Trust Wallet), or an exchange account. Convenient for active trading and DeFi interactions. Higher risk: if your device is compromised or you click a malicious link, attackers can drain it.

A cold wallet (hardware wallet) stores your private keys on a physical device — a Ledger or Trezor — that never connects to the internet when signing transactions. To approve a transaction, you physically press a button on the device. Even if your computer is completely compromised, an attacker cannot move your funds without the physical device.

The rule of thumb: keep only what you actively trade in a hot wallet. Store anything you're holding long-term on a hardware wallet. If you have meaningful crypto holdings, the £70–150 cost of a Ledger is the best investment in your portfolio.

Seed phrases — the master key

When you create a wallet, you're given a seed phrase — typically 12 or 24 random words. This phrase generates all your private keys. It is the master backup. Anyone who has your seed phrase can import your wallet and drain every asset, on every network, immediately. Treat it with the same security as cash.

The most common attacks

Phishing: fake websites that look identical to real ones — MetaMask, OpenSea, Uniswap. The URL is subtly wrong. You connect your wallet and approve a transaction that drains it. Check URLs obsessively. Bookmark the real ones.

Malicious approvals: DeFi requires you to "approve" contracts to interact with your tokens. A malicious contract approval gives unlimited access to drain your wallet later. Use tools like Revoke.cash to audit and revoke old approvals regularly.

Discord / Telegram scams: fake "support" accounts DMing you after you mention a problem. They will ask for your seed phrase. Always. Ignore and block.

Exchange risk — "not your keys, not your coins": when you hold crypto on an exchange (Coinbase, Binance, Kraken), the exchange holds the private keys, not you. FTX held $8 billion of customer assets in November 2022 — within days it had collapsed and customers couldn't withdraw. Self-custody is the only way to truly own your crypto.

Put this to the test in RIP.

Answer questions on wallets & security, earn XP, and challenge your mates to a stock duel.

Download free on iOS →