Chapter 5: Crypto Wallets — Core Concepts Explained

This chapter centers on the “keys = control” wallet paradigm: it clarifies the derivation chain and risk boundaries of private key / public key / address / mnemonic, contrasts hot vs. cold wallets (convenience vs. attack surface), and explains the core difference between self-custody and CEX custody (Not your keys, not your coins). It also outlines the non-custodial interaction model with DEXs and best practices (backups / signing approvals / hardware signing / anti-phishing). Finally, it offers a three-dimensional lens—security, usability, sovereignty—to help readers pick a key-management setup, laying practical anchors for the product/protocol interactions in later chapters.

1. Wallet Fundamentals

A wallet is not a coin container; it’s a key manager and signing tool. Assets always live on-chain. The wallet keeps your private keys, builds transactions, and signs them.

1.1 Core Elements

  • Private key: A 256-bit random number generated by a cryptographically secure PRNG.

  • Public key & address: One-way derivation from the private key. Ethereum addresses take the last 20 bytes of a hashed public key; Bitcoin uses multiple address encodings.

  • Mnemonic & standards: BIP-39 maps entropy to a 12/24-word list (optionally with a passphrase). BIP-32/44 define hierarchical derivation paths, e.g., m/44'/60'/0'/0/0.

  • Signing & approvals: Transactions use ECDSA signatures (r, s, v). EIP-712 enables typed, human-readable signatures to reduce blind signing. ERC-20 allowances must be managed to avoid risky “infinite approvals.”

1.2 Wallet Archetypes

  • EOA (Externally Owned Account): Directly controlled by a private key.

  • Smart-contract wallet (Account Abstraction, e.g., ERC-4337): Supports social recovery, daily spend limits, batching, and gas sponsorship (paymasters).

  • Multisig: m-of-n threshold approvals, common for treasuries.

  • MPC (Multi-Party Computation): Threshold/signature sharding lowers single-point exposure, but depends on the service’s operational robustness.

2. Wallet Categories

2.1 Hot vs. Cold

  • Hot wallets: Online, convenient, larger attack surface. Common for DeFi/NFT usage.

  • Cold wallets: Offline signing devices; higher security, higher operational friction.

2.2 Composable Setups

  • Three-tier management: Hot wallet (small, daily spend) → Contract/multisig (medium, strategy funds) → Cold/MPC (treasury, long-term).

  • Hardware signing + hot UI: Review and confirm on the hardware screen to defeat UI tampering.

2.3 Common Threats (and Core Defenses)

  • Phishing sites: Look-alike domains luring blind signatures.

  • Malicious approvals: Unlimited ERC-20 allowances.

  • Private-key leakage: Screenshots, cloud sync, keyloggers.

  • Malware/extensions: Address replacement, clipboard hijacking.

  • Social engineering: Impersonators requesting mnemonics.

Defend with: hardware confirmation, regular approval revocation, offline backups, never disclose your mnemonic.

3. Wallets and Exchanges

  • CEX (custodial): Superior liquidity and fiat on/off-ramps, but introduces counterparty risk; withdrawals can be limited.

  • DEX (non-custodial): Self-managed keys and on-chain settlement; risks include contract bugs and user error.

Pragmatic strategy: Use CEX for fiat in/out and short-term trading; keep core assets in self-custody.

4. Operational Checklist

  1. Mnemonic: 24 words + passphrase; store multiple offline copies in separate locations.

  2. Derivation path: Record and standardize your path to avoid “missing” funds after wallet migration.

  3. Hardware: Require hardware confirmation for high-value transfers and approvals.

  4. Approvals: Audit and revoke unlimited allowances monthly with tooling.

  5. Multisig/MPC: Team treasuries at 2/3 or 3/5; individuals use contract wallets for high-value holdings.

  6. Environment hygiene: Keep only small balances on hot wallets; use burner/alias addresses for unfamiliar dApps; isolate and keep wallet software up to date.

Summary

A crypto wallet is fundamentally a key-management and signing system; assets remain on the blockchain. Security rests on your mnemonic and derivation path. Hot wallets fit everyday convenience; large balances demand hardware signing, cold storage, or multisig/MPC. CEXs offer liquidity but add counterparty risk—long-term safety relies on non-custodial control. The best practice is layered custody (three tiers), hardware confirmations, and routine approval hygiene to minimize risk and institutionalize security.

PreviousChapter 4: The Blockchain “Trilemma”NextPart III: Industry Trend Analysis

Last updated