Back to all posts
FundamentalsSecurity

How Crypto Wallets Actually Work

A deep dive into the cryptography behind wallets. Learn about private keys, seed phrases, and why your wallet doesn't actually store any crypto.

InfraxaInfraxa Team
January 29, 20258 min read

I was explaining crypto wallets to a friend last week when they asked: "So if I delete the app, do I lose my crypto?" It's the question that reveals the biggest misconception about wallets.

Your wallet doesn't actually store any cryptocurrency. The name "wallet" is misleading. What it really stores is a key that proves you own certain assets on a blockchain.

Here's the mental model that finally made it click for me: your crypto lives on a public ledger that anyone can read. Your wallet just holds the password that proves you're the owner.

Let's break it all down.

What You'll Learn

  • Why "wallet" is a misleading name (and what it actually does)
  • How private keys are generated and why they're impossible to guess
  • The math behind public key derivation (without getting too technical)
  • Why seed phrases exist and how they work
  • Security practices that actually matter

The Core Concept: Public Key Cryptography

At the heart of every crypto wallet is something called public key cryptography. This is a mathematical system that generates two related keys:

Private Key

A secret number that only you know. Think of it like the password to your email — never share it.

Public Key

Derived from the private key, this can be shared with anyone. Like your email address — you share it so people can send you crypto.

The magic is that you can use your private key to create a digital signature that anyone can verify using your public key. But nobody can figure out your private key from your public key.

Quiz

If someone has your public key (wallet address), what can they do?

How a Private Key is Generated

A private key is essentially a random 256-bit number. That's a number between 1 and approximately 10^77 (a 1 followed by 77 zeros).

To put that in perspective, there are roughly 10^80 atoms in the observable universe. The chance of someone guessing your private key is essentially zero.

Here's what a private key looks like in hexadecimal:

e9873d79c6d87dc0fb6a5778633389f4453213303da61f20bd67fc233aa33262

This randomness is crucial. Good wallets use cryptographically secure random number generators to create these keys.

From Private Key to Public Key

Once you have a private key, the wallet uses elliptic curve cryptography (specifically, the secp256k1 curve for Bitcoin and Ethereum) to derive your public key.

Think of it like a one-way street. You can easily drive from your private key to your public key, but there's no road going back. The math makes it practically impossible to reverse.

Quiz

Why is it called a 'one-way function'?

From Public Key to Address

Your wallet address is derived from your public key through hash functions.

What's a Seed Phrase?

Managing a raw 256-bit number is impractical for humans. That's where seed phrases come in.

A seed phrase is a human-readable representation of your private key. The standard (BIP-39) uses a list of 2048 carefully chosen words:

abandon ability able about above absent absorb abstract absurd abuse access accident

Hidden gem: The last word of your seed phrase is partially a checksum. If you make a typo when entering your phrase, the wallet will likely reject it — this catches about 99.6% of single-word errors.

Quiz

Why do crypto wallets use seed phrases instead of raw private keys?

Hierarchical Deterministic (HD) Wallets

Modern wallets don't just generate one key — they generate billions from a single seed phrase. This is called HD key derivation.

Master Key

Your seed phrase generates a master private key.

Child Keys

The master key can derive child keys using a derivation path.

Address Tree

Each child can derive its own children, creating a tree of addresses.

A derivation path looks like: m/44'/60'/0'/0/0

  • m — master key
  • 44' — BIP-44 standard (multi-coin)
  • 60' — Ethereum's coin type
  • 0' — first account
  • 0 — external chain (for receiving)
  • 0 — first address

The benefit? You can generate a new address for every transaction while only backing up one seed phrase.

Quiz

You restore your wallet on a new phone using your seed phrase. What happens to your funds?

How Transactions Work

When you "send" crypto, you're not moving data between wallets. You're broadcasting a signed message to the network.

1. Create Transaction

Specify the recipient address, amount to send, and gas fees.

2. Sign Transaction

Your wallet uses your private key to create a digital signature.

3. Broadcast

The signed transaction is sent to the network.

4. Verify

Network nodes verify your signature and update the blockchain.

Your tokens never "leave" the blockchain — the blockchain just updates its ledger to reflect new ownership. Transactions are irreversible, so always double-check addresses!

Hot Wallets vs Cold Wallets

Examples: MetaMask, Phantom, Rainbow

Hot wallets keep your keys on a device connected to the internet. They're convenient for daily use but riskier — malware could potentially extract your keys.

Best for: Small amounts, frequent trading, DeFi interactions

Quiz

Why are hardware wallets considered more secure than browser extensions?

Security Best Practices

Understanding how wallets work helps you understand security threats. Here are the rules that actually matter:

  1. Never share your seed phrase — anyone with it controls your funds
  2. Never enter your seed phrase online — legitimate services never ask for it
  3. Use a hardware wallet for large amounts — keeps keys offline
  4. Verify addresses carefully — blockchain transactions are irreversible
  5. Use unique wallets for different purposes — separate your DeFi playground from your long-term holdings
Quiz

Someone claiming to be MetaMask Support asks for your seed phrase. What should you do?

Smart Contract Wallets

Traditional wallets are called Externally Owned Accounts (EOAs). But there's a newer type: Smart Contract Wallets.

ERC-4337 (Account Abstraction) is changing how wallets work. It enables features like paying gas in stablecoins and recovering wallets without seed phrases. Worth watching as the ecosystem matures.

Next Steps

You now understand how wallets actually work. Here's where to go from here:

  1. Set up a hardware wallet — If you have more than you'd be comfortable losing, move it to cold storage. Ledger and Trezor are solid options.

  2. Practice recovery — Generate a test wallet, write down the seed phrase, delete the wallet, then recover it. Do this before you have real funds at stake.

  3. Audit your current setup — Are you using the same wallet for DeFi degen plays and long-term holdings? Consider separating them.

  4. Learn about multi-sig — If you're managing significant value, a 2-of-3 multi-sig (like Safe) adds a crucial layer of protection.

The cryptography has been battle-tested for decades. The vulnerabilities are almost always human: phishing attacks, malware, poor seed phrase storage. Protect your keys, and the math will protect your assets.

Building something in crypto and need infrastructure? Check out what we're building at Infraxa. Questions? Hit us up on Twitter.

Back to all postsShare on Twitter