LEVEL: BEGINNER
READ TIME:  10 MIN

You’ve heard this one before, but here it is again:

With great power, comes great responsibility.

— Ben Parker, Marvel Universe

Ownership of crypto and digital assets is still a new concept to a lot of people and it can be confusing at first. If you bought some Bitcoin or Ethereum and want to make sure it doesn’t get confiscated, locked up, lost or stolen, you’ve come to the right place.

This article will go through everything you need to know about crypto wallets and storing crypto safely. We’ll share top recommendations and best practices at each step. You’ll know how and why to use self-custody wallets to store your crypto.

Once you’re familiar with this topic you can be confident that all your digital assets will remain safe and secure for the long term—without risking any of it to common mistakes, hackers or scammers.

What Exactly is a Crypto Wallet and Why Do You Need One?

A crypto wallet holds crypto obviously.

Yes and no. Technically it’s just no.

There’s no crypto actually being held in a crypto wallet. Coinbase doesn’t have any on its servers. There’s none anywhere on anyone’s iPhone, laptop or USB drive. 

Instead, every cryptocurrency exists only as code on its respective blockchain. None of it can ever leave that blockchain. And since no one can actually remove any crypto from its respective blockchain, ownership comes down to access and permissions.

For example:
If you or I owned some BTC, it would simply mean that we’d have the authority to transfer the rights of ownership from our own private Bitcoin wallet over to any other Bitcoin wallet (every transfer of BTC  takes place exclusively on the Bitcoin blockchain).

Transactions are peer-to-peer.

Crypto wallets allow you to store, send and receive cryptocurrencies.

There are more advanced features, but these are the essentials.

Think of it like this:
A crypto wallet is like a digital “safe” where you hold your cryptocurrency.

Or better yet, it’s a “virtual P.O. box”.

Just like a P.O. box in the real world, a crypto wallet has a public address for receiving and it has locks and keys to keep the contents secure. This way anyone who has the address can send to it, but only the owner has access to what’s inside.

Another example is your email account.
Anyone can send you an email including spam, but only you (the account owner) have the permission to read, write or delete emails. 

One distinction in crypto is that the contents of the “mailbox” is a public ledger and anyone can see the entire history for every account.

Privacy coins like Monero (XMR), and DERO exist specifically to obscure transaction and user data, however most people don’t seem too concerned about giving up their privacy. How much value you place on privacy is a choice and it’s worth considering as more and more data are added to each of digital records over time.

In addition to these key functions, many crypto wallets also allow users to exchange or swap cryptos, stake some cryptos to earn interest (rewards) and participate in the growing Web3 ecosystem.

What Exactly are Public and Private Keys?

Every crypto wallet has two cryptographic keys: public and private.

A crypto wallet pairs these two keys together allowing it to send and receive.

Public Keys Allow for Receiving.

Anyone can send any amount of crypto to anyone else’s public key at any time.

Crypto transactions do not need you to accept or approve them.

A public cryptographic key is a code, specifically a large number that is used in combination with a private key to encrypt and decrypt data. Public keys are often used to create a unique address, such as a Bitcoin address, which can be used to receive funds.

A public key is like the address on the outside of a mailbox where others can send mail (or in this case, cryptocurrency) to you. 

Anyone who has your public key (address) can send you crypto. You don’t need to approve or accept it. It’s like email or mail. In crypto this is known as a Peer-to-peer transaction because it doesn’t require a central authority like a Post Office or Bank to pass it along.

Public addresses don’t use real names or identities, they use pseudonyms. 

For example this is a public key that points to a Bitcoin wallet:

bc1qju2mq6qyjrjvacwl5s5mdgwqlm6ajxjln73r68

It can also be displayed as a QR code.

Anyone can see a complete transaction history of any public Bitcoin address. These are censorship resistant and immutable records stored on the blockchain, but they aren’t tied directly to a personal identity. However, they are not private either and transactions can always be traced back to an individual by someone using the right tools.

Here’s what the address above looks like on Blockchain.com
(spoiler: there’s not much to see) 

Private Keys Allow for Sending.

Anyone can receive funds, but only the person who has the private key can send them.

Private keys are like passwords. They’re managed by your crypto wallet. This is effectively what your  crypto wallet does — it holds the private keys to allow you to interact with different blockchains and spend or send crypto.

Only the owner has access to a private key. 

Do not share your private keys no matter what or you will have given away your crypto.

Different Types of Crypto Wallets are Better Suited to Specific Uses. 

Crypto wallets can do different thins but they tend to be mainlt built for one of a few specific purposes.

There are really the only three types of crypto wallets that you need to know the difference between. Technically, you could count “paper wallets” as option four, but we’re not doing that. 

Crypto wallets are a lot like financial services accounts.

They can be set up specifically for trading, earning interest, saving long-term, or using for day-to-day purchases.

Each type of wallet has a specific purpose and is best suited for a unique benefit. There are trade-offs between them so you can expect to need a few crypto wallets to serve different purposes.

1

Software wallets — aka HOT storage wallets

A software or hot wallet is always connected to the internet. 

These are downloadable mobile / desktop applications or browser extensions.

Using a “hot” wallet allows for easy access and management of your funds, but it also makes your funds more vulnerable to hacking and theft. For this reason, hot wallets are typically used for frequent trading and smaller day-to-day transactions.

Is there any good reason to carry all of your stacks of BTC around with you on your iPhone?

Hot wallets should be protected by both your device password (biometric or PIN) as well as an app-specific PIN or password.

Many hot wallets are private and non-custodial, which means you hold and manage the private keys that allow you to send and receive crypto. You are the custodian.

Because of this, writing down and safely storing your Recovery Seed Phrase is extremely important. This seed phrase is the only way you’ll ever recover the funds in this wallet if you were to lose either your device or your login credentials. 

Bottom line:
Hot wallets are more convenient but they can be less secure.

2

Hardware wallets — aka COLD storage wallets

A cold storage wallet is not connected to the internet until you need to use it. Up until that point it’s safely hidden or kept in a safe place. Like in a hidden safe.

Cold wallets are small physical devices that connect to your computer or phone (and the internet) via USB or BlueTooth. They have a small screen and require you to enter a PIN number to verify any  transactions.

The private keys needed to access the crypto in a cold wallet are stored offline. 

Being offline makes cold wallets more secure than hot wallets, because the risk of hacking and theft is greatly reduced by requiring a physical device. 

Bottom line:
Cold storage wallets are typically used for long-term storage of larger amounts of cryptocurrency.

3

Exchange wallets — aka Custodial wallets

An exchange wallet is used to buy cryptocurrencies with fiat.

They will offer more services than buy and sell but we think it’s helpful to think of them primarily as an on and off ramp connecting your crypto assets to your bank account and your personal identity.

Crypto exchange wallets are convenient. They allow you to easily buy, sell, and trade cryptocurrencies. This is often the exchange where you bought them, so you don’t need to move things around initially. 

However, it’s really important to understand that when you store crypto on a centralized crypto exchange, you’ll lose control over your private keys, which are used to access your funds.

This means that your exchange has custody over your funds and you’ll have to trust that they will keep your funds safe and secure. 

If your exchange goes out of business (like FTX, Celsius, Gemini, QaudricaCX) or gets hacked, you’ll likely lose most or all of the funds you’ve kept stored with them.

Bottom line:
Use a trusted crypto exchange to buy crypto but move it off the exchange and into a self-custody wallet.

How to Use a Crypto Wallet

We’re focusing on self-custody private crypto hot wallets for now.

Recall that you alone will be able to spend or send your crypto from this wallet because this wallet you allow you to hold your own keys.

This wallet will be on your phone or computer and is connected to the internet.

Exchange wallets are different — by acting as a custodian, and accepting fiat currency directly from a bank, they are required to follow Anti Money-laundering Laws (AML). These laws require a completely different account setup involving registration, identification and linking your bank account.

Private self-custody wallets do not require your iD to set up.

Self-custody wallets don’t keep any personal record of  who you are, where you live or your phone number — there will be records of amounts of different cryptocurrencies held in different accounts, but these are not tied directly to your real life identity.

If you choose to buy crypto directly within your wallet using your bank card, visa or apple pay, you would need to verify your identity. The payments would go through a partner and they legally need to validate your personal info because of AML.

These are the steps:

1. Download the wallet (Exodus for this example)
2. Click “Get Started“
3. Write down your Secret (Recovery) Phrase 
4. Store your Recovery Phrase safely (not online)
5. Create a Passcode (PIN) to unlock the mobile wallet
   (use a strong password for the desktop wallet)
6. Follow their simple 3-step onboarding guide
7. Once complete, you are able to receive crypto like (BTC, ETH, ADA etc.) Do this by sending crypto  from your exchange where you bought it with fiat
   (or transfer from another crypto wallet)
8. Add more specific coins of your choice — you’ll automatically generate a unique address for each coin you add

Important:
Remember that, if you lose your Recovery Phrase and forget the PIN /  Password, there is no customer support that can ever retrieve them.

So take this part seriously.

Using a crypto wallet is easy once you become familiar with the interface.

Recommendation:
Always do a test transaction with a small amount to make sure the addresses are correct — once this is verified you can send an larger amounts with confidence.

Here’s what your crypto wallet can do:

1. Receive crypto.
   Either by transferring it to your new wallet from your exchange wallet (eg. Coinbase or Binance) or get someone else to send some to you.
2. Send your crypto to someone else.
   You just need their wallet address.
3. Exchange one crypto for another.
   You can do this within your wallet and neither crypto ever leaves your possession.
4. HODL (store your crypto)
   You hold the private keys—your crypto is ready to spend or send when you are.
5. Staking and earning
   Certain tokens will pay you rewards if you hold them and meet the criteria.
   Lock up periods typically range from a few days to a few weeks.
   Annual Percentage Yields (APY) also depend on the token (as little as 1% to as much as 20%)
6. Connect to Web3 and use DApps
   Store and use NFTs for example (there are many more Web3 apps and use cases)

Privacy and Self-custody

Self-custody (non-custodial) crypto wallets allow the owner to hold the private keys needed to spend or send crypto. With self-custody you are the custodian, not the exchange or bank.

These wallets are private and can be either hot or cold wallets.

The best advice is to use self-custody to avoid the risks of losing crypto to an exchange that fails. Many of the exchanges today seem trustworthy, yet there continue to be stories of top exchanges failing and taking their customer’s funds with them into Chapter 11.

This can all be avoided with self-custody, but of course it also means taking full responsibility.

If you can handle this you’re ready to be your own bank. 

Congratulations.

Setting Up and Managing Strong Passwords

Creating strong passwords and keeping track of them shouldn’t be difficult. 

Luckily it isn’t.

And yet, people end up reusing passwords or modifying them every so often by changing the last character or two.

Unfortunately, this makes them vulnerable to hacking.

Worse, if someone accesses your email, they can just click through “the forgot password” on other services, and have them reset. And once someone locks you out of your own accounts by changing your passwords to their passwords, you are going to have a tough time sorting it all back out.

Password managers put all of your logins behind a virtual safe, where they’re accessible through one single password. They also generate secure passwords for new logins, and often come with many other useful features. 

Bottom line:
Use a password manager to set up and securely store all your passwords — not just for crypto.

You can’t go wrong with any of these top three password managers.

Our top pick is BitWarden

We use 1Password with the family plan and also LastPass. You can’t go wrong with any of these and they work for everything you don online — not just for crypto.

Recovery and Seed Phrases

What if…

You drop your iPhone into the lake?

Lose the notebook with all the passwords you’ve written down?

Someone steals your Trezor Model T with all your BTC and ETH holdings?

Good news — you’ll be fully covered as long as you’ve taken the time to carefully write down and securely store your 12 or 24 word Recovery Seed Phrase. You need to do this when you set up a self-custody crypto wallet initially.

This is usually called either a Recovery or a Seed Phrase. Sometimes its a Pneumonic Seed Phrase. It’s all the same to you. Hopefully you never need it but if you do ever find yourself faced with the worst case scenario this is your only way to recover your wallet and assets stored there.

As long as you have your Recovery Phrase that you wrote down initially,  you can simply get another wallet and restart (recover) it by using that phrase.

All your funds will be right where you left them.

However, if you ever lost your phone or computer or you forgot the password to unlock it, and you didn’t  have your recovery phrase, you’re going to be in for some trouble. 

Make sure that you understand the implications of this and be absolutely confident that you have your recovery seeds written down and stored offline in a secure location. Possibly even broken into parts and stored in a few different places.

No one knows for sure but according to the internet, almost 20% of Bitcoins have been lost, meaning people cannot recover them because they lost their seed phrase.

Bottom line:
The downside of “Being your own bank” is that without the recovery seed phrase, no one can ever help you get back your funds. 

You are the bank, but you’re also the security system.

Protect Your Crypto from Hackers and Scammers.

Security is going to involve different considerations to protect hot and cold wallets.

Chances are your biggest threat is you hurting yourself. Like a handgun owner, you have to be really careful.

First off, don’t make yourself a target.
Keep crypto holdings private.
Don’t brag or discuss anything that might make a potential thief interested in you — especially on social media. Just pure common sense bro.

No one will target you specifically if you don’t give them a reason to.

Cold Wallets

Definitely consider using cold storage for holding larger amounts of crypto for the long term. 

This makes it next to impossible for a hacker to get access to it unless they break into your place, steal your  hardware wallet AND happen to find the PIN needed to unlock it.

If this ever happens to you btw (or you think someone has access to your recovery seed), you will immediately be in a race —whoever sets up a new wallet using your recovery phrase first, will quickly send all the crypto to another private wallet that only they can access.

If you’ve taken all the precautions listed above this would be highly unlikely, to say the least.

These are a few things to be mindful of:

1. Be wary of unsolicited email and texts. Don’t respond to or click on any links (or enter personal information into any website) unless you are certain it is legitimate. 
2. Use 2FA (two-factor authentication) to protect your accounts when possible.
3. It’s also a good idea to use anti-virus software.
4. Use official links. Always make sure you are on the official site that you think you’re on. 
5. Use a secure (https) connection.
6. Use reputable companies with good track records and plenty of satisfied customer reviews.
7. Never respond directly to any crypto exchange or crypto company asking for personal info. If you want to respond, find one of their official channels and instigate the contact yourself.
8. Place an immediate hold on any account that reports anything suspicious.

Phishing Attempts

Phishing is an attempt to steal personal information, such as login credentials and credit card information, by tricking you into giving away this information via fake websites, emails or messages. Phishing attempts can take many forms, including email, text messages, and phone calls. 

These will often impersonate legitimate organisations, such as banks or popular online services.

Phishing attempts are often sent to a large number of people in the hopes that some will take the bait and provide their personal information. 

They may ask you to click on a link, download an attachment, or enter personal information into a fake website.

Here are a few examples of phishing listed on the Ledger site

SIM-Swap Attacks

A SIM-swap, also known as a “port-out” scam, is where a hacker, posing as the victim, contacts a mobile phone carrier and requests to port (transfer) the victim’s phone number to a new SIM card controlled by the hacker. If successful, the attacker can gain access to their victim’s personal information and financial accounts, as many online services use phone numbers as a way to verify a user’s identity

To protect yourself from SIM-swap scams, you can request your mobile carrier to add extra security measures to your account, such as a PIN or a password, and use two-factor authentication when available. 

Never validate a transaction on your device if you didn’t instigate it. You don’t need to approve anything to receive crypto.

Investment Scams

These ultimately come down to you using your better judgement. Investment scams rely on you voluntarily giving away your crypto in the hopes of getting a massive return on your investment. 

Be wary of any project that seems too good to be true.

Rug-pulls

A rug pull is all too common in the crypto and NFT space. Creators of a project will pump up a project to get more people to buy into it, then suddenly withdraw all of their funds once it reaches all time highs. This leaves many newer investors with worthless tokens.  

It is important to thoroughly research any cryptocurrency or NFT project before investing in it. Here’s an example where investors lost thousands of dollars to a Squid game rug-pull.

Sharing Your Credentials with People you Trust

Another thing to consider:

What happens to your crypto when you die?

…

Nobody wants to imagine the unlikely (but 100% certain) scenario that they die, but it’s worthwhile to consider this sooner than later.

Who do you want to have your crypto and how will they get access to it? You can’t exactly give out the recovery phrases, and yet some people will need to have access to them.

The best idea that we’ve got is to use an indestructible format for storing your seed phrases.

Crypto steel capsules seem like the best option. 

We like how someone cannot simply take a photo of it and have the whole phrase.

Better yet divide your seed phrase using a multi-factor authentication method. This way you need 2 of 3 (or 4 of 4 etc.) parts for it to work.

Each each part would be stored in separate locations with different people.

In your will you can list how it all comes back together and who gets what.

The Shamir backup on Trezor is a great example of this. Using 2 of 3 seems very reasonable but you could go 3 of 4 etc. 

This is all to you, like almost everything else in crypto.

Bottom line:
Take care of this sooner than later. It’s important. 

Just think how much a single BTC will be worth….long after we’re gone.

Troubleshooting and FAQs for Crypto Wallets

1. What is a self-custody crypto wallet?A self-custody crypto wallet is a digital tool that allows you to securely store, send, and receive cryptocurrencies while maintaining full control of your private keys and funds.
2. How do I create a self-custody wallet?You can create a self-custody wallet by downloading a reputable cryptocurrency wallet app or using a hardware wallet device.Follow the setup instructions to generate your wallet’s public and private keys.
3. Are self-custody wallets safe?Self-custody wallets can be very secure if used correctly.It’s essential to follow best practices like keeping your private keys offline, enabling two-factor authentication, and regularly backing up your wallet.
4. What’s the difference between self-custody and custodial wallets?Self-custody wallets give you full control over your private keys and funds.In contrast, custodial wallets are managed by a third party, like an exchange, which holds your keys on your behalf but may have access to your funds.