Crypto Ch3: Wallets & Keys

Chapter 3. Wallets, private keys, signatures, and custody

3.1 What a wallet is

A wallet is not where coins are stored.

Assets live on-chain. A wallet is a tool for:

• Managing keys or seed phrases
• Generating addresses
• Building transactions
• Signing messages and transactions
• Reading balances and history
• Interacting with protocols

In other words, a wallet is better understood as a control and interface layer rather than a storage box.

3.2 Private key, public key, address

Private key

The root of control. Whoever has the private key can usually authorize actions for the associated account or funds.

Public key

Derived from the private key. Used to verify signatures.

Address

A public identifier used for receiving assets and referring to accounts or spending conditions.

The most important distinction is that addresses can be public, while private keys must remain secret.

3.3 Seed phrase

A seed phrase is a human-readable encoding of a root secret from which many keys can be derived.

A seed phrase is therefore:

• Not just a password
• Not merely one private key
• More like the root of a key tree

From one seed phrase, a wallet can derive many private keys and addresses across different paths.

3.4 Why deterministic derivation matters

A single root can generate many keys in a reproducible way. This allows users to back up one seed phrase instead of separately backing up every key.

This is a major usability breakthrough. Without deterministic derivation, wallet backup would become operationally unmanageable.

3.5 Custody

Self-custody / non-custodial

You control the keys. You also bear the responsibility.

Custodial

A platform controls the keys or access path. You rely on the platform’s solvency, policies, and withdrawal integrity.

This is why the phrase “not your keys, not your coins” matters technically.

The issue is not ideology first. It is control-path reality.

3.6 Hot wallets vs cold wallets

Hot wallets

Connected or near-connected environments. Convenient, but exposed to more attack vectors.

Cold wallets

Keys kept away from networked environments. Better for long-term storage, but less convenient.

A practical security model often separates funds into:

• Hot wallet for daily interaction
• Cold wallet for long-term holdings

3.7 Signatures

A signature does not prove your real-world identity. It proves that the holder of the private key authorized a given message or transaction.

This means crypto systems are primarily systems of control rights, not identity rights.

3.8 Approvals and permissions

Especially in EVM systems, risk often comes not from direct transfers, but from granting permissions. An approval can allow another contract to move tokens later.

This makes approvals one of the most underestimated user risks.

When reviewing an approval, the critical questions are:

• What token is involved?
• Which address is the spender?
• What amount is being approved?
• Is the amount limited or effectively unlimited?

3.9 Operational security principle

A large share of user losses in crypto are not the result of market mistakes. They are control mistakes.

That includes:

• Seed phrase compromise
• Unsafe wallet environments
• Malicious approvals
• Poor custody discipline

Key takeaway

Crypto users do not “own a wallet app”; they control on-chain state through keys. Most catastrophic user losses are failures of key management, approval hygiene, or custody judgment.

— Mar 22, 2026

Crypto Ch3: Wallets & Keys by Lu Meng is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. Permissions beyond the scope of this license may be available at About.