Navigation
HomeSecurity
beginner8 min

Crypto Wallets Explained: Self-Custody, Seed Phrases, and Security

A crypto wallet doesn't store your coins — it stores your private key. Learn the difference between hot and cold wallets, how seed phrases work, and how to avoid the most common scams.

Crypto Wallets Explained: Self-Custody, Seed Phrases, and Security

A wallet doesn't store your crypto — it stores the key that proves you own it.

TL;DR

  • Your crypto lives on the blockchain, not in your wallet
  • A wallet stores your private key — the only proof of ownership of your address
  • Your seed phrase (12 or 24 words) can restore access to your wallet from anywhere — and anyone who has it owns your funds
  • Hot wallets (MetaMask) are convenient but online; cold wallets (Ledger) are offline and more secure
  • The biggest threats: phishing, malicious approvals, and rug pulls

What a Wallet Actually Is

A common misconception: your crypto is "in" your wallet. It's not.

Your crypto is on the blockchain. Your wallet stores a private key — an ultra-secret password that proves you're the owner of an address on the blockchain.

Think of it this way:

  • The blockchain = a public safe (everyone can see what's inside)
  • Your private key = the only key that opens your safe
  • The wallet = the keychain that holds that key

Lost your wallet app? Reinstall it, enter your seed phrase, and recover everything. Lost your private key? You lose access. Forever. No support team can help.

The Seed Phrase — The Real Secret

Your private key is a massive number (256 bits) — impossible to memorize. It gets encoded into 12 or 24 readable words: your seed phrase.

Example:

witch collapse practice feed shame open despair creek road again ice least

These 12 words = full access to your wallet from anywhere. All your addresses, all your funds.

What this means in practice:

  • ✅ You lost your phone → reinstall MetaMask + enter your 12 words → everything recovered
  • ❌ Someone sees your 12 words → instant full access from anywhere in the world
  • ❌ You lose your 12 words AND your device → permanent loss, no one can help

Your seed phrase must NEVER be:

  • Photographed on your phone
  • Saved in your notes app
  • Sent by email
  • Stored in the cloud (iCloud, Google Drive...)
  • Typed into any website

Best practice: write it on paper and store it somewhere safe. Serious holders use metal backup plates — fireproof and waterproof.

Hot Wallet vs Cold Wallet

🔥 Hot Wallet

A hot wallet is permanently connected to the internet.

Examples: MetaMask, Phantom, Rainbow

  • ✅ Convenient, free, instant
  • ❌ Vulnerable if your device is hacked or infected

Best for: daily transactions, DeFi, trading, smaller amounts.

🧊 Cold Wallet

A cold wallet is never connected to the internet. The private key is stored on a physical device.

Examples: Ledger, Trezor

  • ✅ Nearly impossible to hack remotely — the key is never exposed online
  • ❌ Costs €50–150, less convenient

Best for: long-term storage of significant amounts.

Practical rule:

  • What you can afford to lose → hot wallet
  • What you want to keep long-term → cold wallet

The Most Common Scams

🎣 Phishing

Fake sites that look identical to MetaMask, Uniswap, OpenSea. You enter your seed phrase → wallet drained instantly.

Protection: type URLs manually, never click Google results or ads for crypto services. Use bookmarks.

⚠️ Malicious Approvals

Some smart contracts request unlimited approval over your tokens. This means they can drain your wallet at any time — now or in 6 months.

Protection: read what you sign. If you see "Approve unlimited" from an unknown protocol → reject.

Use revoke.cash to audit and revoke all your active approvals. Good habit: check monthly.

🪤 Rug Pull

A project launches a token, generates hype, founders disappear with the funds. Usually no technical recourse.

🎁 Fake Airdrops

"You've received $5,000 in tokens!" → you click → you sign a malicious transaction → wallet drained.

Universal rule: if it's too good to be true, it's a scam. Your seed phrase will never be legitimately requested. By anyone. Ever.

Best Practices

Use multiple wallets with distinct purposes

If you connect your main wallet to a malicious protocol, everything is at risk. Separate wallets limit the damage:

  • 🔐 Main wallet (cold) — large amounts, never connected to dApps
  • Daily wallet (hot) — DeFi, trading, small amounts
  • 🧪 Test wallet — try unknown protocols before using real funds

Verify URLs

Type manually or use bookmarks. Never click Google links or sponsored ads for wallets or DeFi apps.

Read what you sign

If you see "Approve unlimited" from an unfamiliar protocol → reject it.

Use revoke.cash regularly

Check and revoke active approvals. Monthly is a good rhythm.

Security