The Wallet Bible

What is a wallet, really?

The name is misleading. Understanding what a wallet actually is changes everything.

A crypto wallet does not contain your cryptocurrency. Your tokens, your NFTs, your ETH: none of that lives inside MetaMask or your Ledger. All of it lives on the blockchain, recorded in a global, distributed ledger that thousands of nodes maintain simultaneously.

What a wallet actually holds is a private key: a secret number that proves you are the owner of a specific address on the blockchain. Everything else, the interface, the balance display, the send button, is software built around that one secret.

Think of it this way: the blockchain is a vast public library where everyone can see which shelf belongs to which person. Your wallet is not the shelf. Your wallet is the key to the lock on your shelf. Anyone can see what is on the shelf, but only the person with the key can move things in or out.

This distinction matters enormously. If a wallet app disappears tomorrow (as Foundation is disappearing), your assets are not gone. They are still on the blockchain. You only need another app that accepts your private key or seed phrase to access them again. The wallet is replaceable. The key is not.

The private key: where everything begins

A random number so large that guessing it is statistically impossible.

A private key is a 256-bit random number. That means it is a number between 1 and approximately 1.158 x 10⁷⁷. To give you a sense of scale: there are roughly 10⁸⁰ atoms in the observable universe. Your private key lives in a numerical space almost as large as the number of atoms that exist.

This is not metaphor. This is the actual security model. No one can guess your key because the space of possible keys is so astronomically vast that even if every computer on Earth tried billions of combinations per second for billions of years, they would not find yours.

How the randomness is generated

When you create a wallet, the software needs a source of randomness (called entropy) to generate the private key. Good wallets use the operating system's cryptographically secure random number generator (CSPRNG), which collects entropy from physical sources: mouse movements, keyboard timing, disk I/O latency, hardware noise.

This is why creating a wallet on a compromised computer is dangerous. If malware can predict or observe the entropy source, it can reconstruct your private key. The randomness must be genuine and unobservable.

What the private key looks like

In its raw hexadecimal form, a private key looks like this:

That is 64 hexadecimal characters (each representing 4 bits, totaling 256 bits). This is a number. Nothing more, nothing less. But from this number, through a precise mathematical process, everything else is derived: your public key, your address, your identity on the blockchain.

From private key to public key to address

Elliptic curve cryptography: the one-way mathematical bridge that makes it all possible.

The relationship between your private key and your public address is not arbitrary. It is a precise mathematical derivation that works in one direction only: from private to public, never the reverse.

Step 1: Private key to public key (secp256k1)

Both Bitcoin and Ethereum (and most blockchains) use the same elliptic curve called secp256k1. An elliptic curve is a mathematical object defined by the equation y² = x³ + 7 over a finite field. On this curve, there is a special predefined point called the generator point G.

Your public key is computed by multiplying your private key (a scalar number) by the generator point G using elliptic curve point multiplication:

The result is another point on the curve: a pair of 256-bit coordinates (x, y), giving a 512-bit public key. This operation is computationally trivial in one direction (given k, compute K) but computationally infeasible in reverse (given K, find k). This asymmetry is called the elliptic curve discrete logarithm problem, and it is the foundation of the entire security model.

Step 2: Public key to Ethereum address (Keccak-256)

An Ethereum address is not the public key itself. It is derived from it:

1. Take the uncompressed public key (the 512-bit x,y coordinates, without any prefix).
2. Hash it using Keccak-256 (a variant of SHA-3). This produces a 256-bit hash.
3. Take the last 20 bytes (160 bits) of that hash.
4. Prefix it with 0x.

That is your Ethereum address. For example: 0x71C7656EC7ab88b098defB751B7401B5f6d8976F

The capitalization of the hexadecimal letters (A-F vs a-f) serves as a checksum (EIP-55), helping detect typos when you copy an address.

Bitcoin addresses work differently

Bitcoin uses SHA-256 followed by RIPEMD-160 instead of Keccak-256, and encodes the result in Base58Check format (starting with 1 or 3) or Bech32 format (starting with bc1). The underlying curve (secp256k1) is the same, but the address derivation path diverges.

The seed phrase: BIP-39

Twelve or twenty-four words that encode your entire cryptographic identity.

Writing down a 64-character hexadecimal string is error-prone and impractical. In 2013, a standard called BIP-39 (Bitcoin Improvement Proposal 39) introduced a human-readable way to represent the same information: the mnemonic seed phrase.

How it works: three stages

Stage 1: Generate entropy. The wallet generates a random number of 128 bits (for 12 words) or 256 bits (for 24 words). The quality of this randomness is critical, since everything depends on it.

Stage 2: Convert to words. A checksum is computed by taking the first few bits of the SHA-256 hash of the entropy (4 bits for 128-bit entropy, 8 bits for 256-bit entropy). This checksum is appended to the entropy. The resulting bit string is divided into groups of 11 bits. Each group indexes a word from a predefined list of 2,048 English words.

Stage 3: Derive the master seed. The mnemonic is not the seed itself. The actual cryptographic seed is derived using PBKDF2 (Password-Based Key Derivation Function 2) with the mnemonic as the password, the string "mnemonic" + an optional passphrase as the salt, 2,048 iterations, and HMAC-SHA512 as the pseudorandom function. The result is a 512-bit master seed.

The 2,048-word list

The BIP-39 word list was carefully chosen. No two words share the same first four letters, which means you can identify any word from its first four characters alone. The words are common English words (like "abandon", "rhythm", "village", "ocean") selected for clarity and distinctness. Lists exist for other languages (Spanish, Japanese, Korean, French, Italian, Czech, Portuguese, Chinese), but the English list is the most widely supported.

12 words vs 24 words

A 12-word phrase encodes 128 bits of entropy. The number of possible phrases is 2¹²⁸, which is approximately 3.4 x 10³⁸. A 24-word phrase encodes 256 bits: 2²⁵⁶ possibilities, approximately 1.16 x 10⁷⁷. Both are astronomically beyond brute-force capability. The 24-word version provides a larger security margin for the future (relevant if quantum computing advances), but for current purposes, 12 words is considered secure.

The optional passphrase (the "25th word")

BIP-39 allows an additional passphrase that is concatenated with the mnemonic during PBKDF2 derivation. This means the same 12 words with a different passphrase produce a completely different wallet. Some users exploit this for plausible deniability: the phrase without a passphrase opens one wallet (perhaps with a small balance), while the phrase with a secret passphrase opens the real wallet.

Hierarchical deterministic wallets: BIP-32 and BIP-44

One seed, infinite keys, organized in a tree.

In the early days, wallets generated each key independently. Every new address required a separate backup. Lose one key, lose that address. BIP-32 (2012) changed this by introducing hierarchical deterministic (HD) wallets: a system where a single master seed can derive an entire tree of keys, deterministically and reproducibly.

The tree structure

From the 512-bit master seed, the wallet derives a master private key and a chain code (used as additional entropy for child key derivation). From these, it can derive child keys, grandchild keys, and so on, forming a tree. Each level of the tree uses an index number (0, 1, 2...) and can be either normal (public derivation) or hardened (private derivation, marked with an apostrophe ').

BIP-44: the standard path

BIP-44 standardizes how the tree is organized across different blockchains. Every key is identified by a derivation path:

• m = master key (the root)
• purpose' = always 44' for BIP-44 compliant wallets
• coin_type' = identifies the blockchain (0' for Bitcoin, 60' for Ethereum, 501' for Solana, 1729' for Tezos)
• account' = separate accounts under the same seed (0', 1', 2'...)
• change = 0 for receiving addresses, 1 for change addresses (mostly relevant in Bitcoin's UTXO model)
• address_index = sequential address within the account (0, 1, 2...)

Chain-specific paths

Note that EVM-compatible chains (Polygon, Arbitrum, Optimism, Base) share the same derivation path as Ethereum (coin type 60). Your address is identical across all of them because they use the same key. What differs is which blockchain the wallet queries to check your balance.

How your wallet talks to the blockchain

The invisible protocol behind every action you take.

Your wallet does not contain a copy of the blockchain. It does not validate transactions. It does not mine or stake anything. What it does is communicate with a blockchain node that does all of those things. This communication happens through a protocol called JSON-RPC (Remote Procedure Call).

What happens when you check your balance

When you open MetaMask and see your ETH balance, this is what actually happens behind the scenes:

1. MetaMask sends a JSON-RPC request to a remote Ethereum node.
2. The request asks: "What is the balance of address 0x...?"
3. The node checks its copy of the blockchain state and replies with the balance.
4. MetaMask displays the number in your interface.

The request looks like this:

What happens when you send a transaction

Sending ETH or minting an NFT involves more steps:

1. Your wallet constructs the transaction data (recipient, amount, gas price, nonce).
2. It signs the transaction locally with your private key. This happens inside your device. The private key never leaves.
3. It sends the signed transaction to the node via JSON-RPC (eth_sendRawTransaction).
4. The node broadcasts it to the network's mempool (the waiting room for pending transactions).
5. A validator includes it in a block.
6. The transaction is confirmed.

The RPC endpoint: a URL, a door

Every wallet needs at least one RPC endpoint to function: a URL pointing to a node that speaks JSON-RPC. Without it, your wallet is blind. It holds your key but cannot see the blockchain, cannot send transactions, cannot do anything.

MetaMask ships with a default endpoint for each network. For Ethereum mainnet, that default is provided by Infura, a service owned by ConsenSys (the same company that builds MetaMask). This default can be changed to any other RPC provider, but most users never change it.

This is where the decentralization story begins to get complicated.

The gateway problem: Infura, Alchemy, and centralization

The most important chapter in this guide. The place where ideology meets infrastructure.

Ethereum is a decentralized network of thousands of nodes. Anyone can run a node. The protocol is open. The ledger is public. And yet, the vast majority of users access this decentralized network through a tiny number of centralized companies.

The numbers

Infura and Alchemy together handle approximately 90% of all Ethereum RPC traffic. This means that 9 out of 10 requests to the Ethereum network, from balance checks to NFT mints to DeFi trades, pass through servers controlled by two private companies. Both run their infrastructure primarily on Amazon Web Services (AWS).

What this means in practice

In October 2025, a major AWS outage lasted 14-16 hours. During that time, users could not access their wallets, could not send transactions, could not interact with dApps, even though the Ethereum protocol itself continued running perfectly. The blockchain was fine. The doors to the blockchain were closed.

This is the paradox: the blockchain is decentralized, but the access layer is not.

The censorship precedent

In August 2022, when the US Treasury sanctioned Tornado Cash (a privacy protocol), both Infura and Alchemy immediately blocked all RPC requests related to Tornado Cash contracts. Users who relied on these providers could not interact with the protocol at all, even though it remained operational on-chain.

This was not a theoretical risk. It happened. A private company decided which parts of a public blockchain its users could access.

How many doors are there?

There are currently over 50 public RPC endpoints from roughly 30 providers for Ethereum alone. These include Infura, Alchemy, QuickNode, Chainstack, Ankr, Pocket Network, Blast API, dRPC, LlamaNodes, and others. Some are centralized services (Infura, Alchemy, QuickNode), some are decentralized networks of node operators (Pocket Network, Ankr, Lava Network).

Changing your RPC in MetaMask

You are not locked into Infura. In MetaMask, you can add custom RPC endpoints for any network. Go to Settings, then Networks, select the network, and add or replace the RPC URL. You can point your wallet to Ankr, Pocket Network, your own node, or any other provider. Most users simply never do.

Infura's response: DIN

Infura has acknowledged this problem and is building DIN (Decentralized Infrastructure Network), a system that routes requests across independent node operators rather than through a single company's servers. Whether this solves the centralization problem or merely rebrands it remains to be seen.

Types of wallets

Each type represents a different trade-off between convenience and security.

Hot wallets (software wallets)

A hot wallet is any wallet connected to the internet. Your private key lives in the software, protected by encryption and a password, but ultimately accessible from the device.

• MetaMask - Browser extension and mobile app. The de facto standard for Ethereum and EVM chains. Default RPC: Infura.
• Rainbow - Mobile-first, designed for simplicity. Popular with NFT collectors.
• Phantom - Originally built for Solana, now supports Ethereum and Bitcoin as well.
• Temple - The primary wallet for the Tezos ecosystem.
• Rabby - Security-focused, shows transaction simulations before signing.

Hot wallets are convenient for daily use but carry higher risk: if your device is compromised, so is your wallet.

Cold wallets (hardware wallets)

A hardware wallet stores your private key on a dedicated physical device that never exposes the key to the internet. When you sign a transaction, the data is sent to the device, signed internally, and only the signed result is returned.

• Ledger (Nano S Plus, Nano X, Stax) - Uses a secure element chip (similar to credit card chips). Supports hundreds of chains. Closed-source firmware (controversial in the community).
• Trezor (Model T, Safe 3, Safe 5) - Open-source hardware and firmware. No secure element in older models (uses a general-purpose microcontroller).
• GridPlus Lattice1 - Enterprise-grade, with a large touchscreen for verifying transaction details.

Multi-signature wallets

A multi-sig wallet requires multiple private keys to authorize a transaction. For example, a 2-of-3 multi-sig requires any 2 of 3 designated signers to approve before a transaction executes. These are implemented as smart contracts on-chain (the most established being Safe, formerly Gnosis Safe).

Multi-sigs are used by DAOs, treasuries, teams, and individuals who want an additional security layer. Even if one key is compromised, the attacker cannot move funds without a second key.

Paper wallets

A paper wallet is simply a printed copy of your private key or seed phrase on physical paper (or engraved on metal). There is no software. The "wallet" is the paper itself. It is completely offline and immune to digital attacks, but vulnerable to physical destruction, theft, or loss. Paper wallets are rarely used today because HD wallets with seed phrases provide the same offline backup capability with better usability.

Smart contract wallets (account abstraction)

A new category that replaces the traditional key-based account with a smart contract. These wallets can implement custom logic: social recovery, spending limits, session keys, batched transactions, and gas payment in tokens other than ETH. We cover this in detail in Chapter 14.

Multi-chain: one seed, many worlds

How the same twelve words give you keys to different blockchains.

As we saw in Chapter 5, BIP-44 derivation paths include a coin type parameter that determines which blockchain a key belongs to. This means your single seed phrase can generate valid keys for Bitcoin, Ethereum, Solana, Tezos, and dozens of other chains simultaneously.

Same seed, different cryptography

Not all chains use the same elliptic curve. Ethereum and Bitcoin both use secp256k1, so the underlying mathematics are identical (though the address format differs). Solana and Tezos use Ed25519 (based on Curve25519), a different curve with different mathematical properties. Your wallet software handles this transparently: it derives the master seed from your mnemonic, then applies the appropriate curve mathematics depending on the derivation path.

EVM-compatible chains: same key, same address

All EVM (Ethereum Virtual Machine) compatible chains share the same derivation path, curve, and address format. Your address on Ethereum mainnet is identical on Polygon, Arbitrum, Optimism, Base, Avalanche C-Chain, and all other EVM chains. The private key is the same. What changes is which RPC endpoint your wallet uses to query the state of that specific chain.

This is why you can "add a network" in MetaMask and instantly see assets on a new chain without creating a new wallet. You are not creating a new key. You are pointing the same key at a different blockchain.

Transaction anatomy: what your wallet actually signs

Understanding what you are authorizing every time you click "Confirm".

Every Ethereum transaction contains a specific set of fields. When your wallet asks you to confirm, it is asking you to sign all of these with your private key:

• nonce - A sequential counter of transactions sent from your address. Prevents replay attacks.
• gasPrice / maxFeePerGas - How much you are willing to pay per unit of computation.
• gasLimit - Maximum units of computation this transaction can consume.
• to - Recipient address (another wallet or a smart contract).
• value - Amount of ETH to send (in wei, where 1 ETH = 10¹⁸ wei).
• data - For smart contract interactions, this encodes the function being called and its parameters.
• chainId - Identifies which chain this transaction is for (1 for Ethereum mainnet, 137 for Polygon, etc.).

Signing vs sending

Your wallet can also sign messages without sending transactions. This is what happens when a dApp asks you to "Sign in with Ethereum" or verify ownership. The wallet uses your private key to sign arbitrary data, proving you control the address. No gas is consumed, nothing is written to the blockchain.

There are two flavors:

• personal_sign - Signs a human-readable message. Relatively safe.
• eth_signTypedData (EIP-712) - Signs structured data with named fields and types. Used by marketplaces for gasless listings (like creating a sell order on OpenSea). More powerful but harder to verify visually.

Token approvals: the hidden danger

The permissions you grant and forget about.

When you interact with a decentralized exchange, an NFT marketplace, or any dApp that moves tokens on your behalf, you typically must first approve the contract to spend your tokens. This approval is a separate on-chain transaction that grants a specific smart contract permission to transfer a specific token from your wallet.

The unlimited approval problem

For convenience, many dApps request unlimited approval: permission to move any amount of a given token from your wallet, forever, until you explicitly revoke it. If that contract is later exploited or turns out to be malicious, the attacker can drain your approved tokens without any further interaction from you.

This is not hypothetical. Numerous exploits have drained wallets through previously granted unlimited approvals to compromised contracts.

How to check and revoke approvals

Tools like revoke.cash and Etherscan's Token Approval Checker let you see every active approval your address has granted. You can revoke any of them (which costs a small gas fee). It is good practice to periodically review and revoke approvals you no longer need.

Security: real threats and real defenses

The attacks are not mathematical. They are human.

No one has ever cracked secp256k1 or brute-forced a seed phrase. The cryptography is sound. What fails is the human layer: the way we store keys, the links we click, the contracts we trust, the urgency we feel.

Phishing and social engineering

The most common attack vector in crypto. A fake website mimics a real dApp (OpenSea, Uniswap, a minting page), convinces you to connect your wallet, and presents a malicious transaction or approval for signing. The site looks identical. The URL is slightly different. One click, and your assets are gone.

Defenses: bookmark the sites you use regularly. Never follow links from Discord DMs, tweets, or emails. Verify URLs character by character. Use wallets like Rabby that simulate transactions before execution.

Malicious smart contracts

Interacting with a smart contract is inherently an act of trust. The contract code dictates what happens. If you call a function on a malicious contract, it can do anything the approval and transaction allow. "Free mint" scams often involve contracts that, once approved, drain the wallet.

Clipboard hijacking

Malware that monitors your clipboard and replaces copied wallet addresses with the attacker's address. You copy your friend's address, paste it into MetaMask, but the address that appears is the attacker's. Always verify the first and last characters of any pasted address.

Seed phrase theft

Any request for your seed phrase from a website, app, person, or "support team" is a scam. No legitimate service ever needs your seed phrase. MetaMask will never ask for it. Ledger will never ask for it. No one should ever see it except you.

Physical security

• Store your seed phrase on metal (steel plates or capsules), not just paper. Paper burns, gets wet, fades.
• Store it in a physically secure location (safe, safety deposit box). Consider splitting it across multiple locations.
• Never photograph it. Never type it into any website. Never store it in a cloud service, email, or note-taking app.
• Consider a Shamir's Secret Sharing scheme (supported by Trezor) to split the seed into multiple shares, where only a subset is needed to reconstruct it.

The decentralization spectrum

Where the pure ideal meets the messy reality of infrastructure, law, and commerce.

Decentralization is not binary. It is a spectrum, and different layers of the crypto stack sit at different points.

Layer 1: The protocol

Ethereum's consensus layer is genuinely decentralized: over 900,000 validators distributed globally. No single entity can alter the ledger or censor transactions at the protocol level. This is the strongest layer of decentralization and the one that justifies the "trustless" label.

Layer 2: The access infrastructure

As we discussed in Chapter 7, 90% of user access flows through two private companies. This is a centralization chokepoint. The protocol is open, but the practical doors through which humans reach it are narrow and privately controlled.

Layer 3: The frontends

Most dApps are accessed through web frontends hosted on centralized servers (Vercel, AWS, Cloudflare). These can be censored, modified, or taken offline. The smart contracts remain on-chain, but without a frontend, most users cannot interact with them. This is why some projects distribute their frontends on IPFS or as downloadable applications.

Layer 4: The wallet software

MetaMask is developed by ConsenSys, a private company. Phantom is a private company. These companies can push updates, change defaults, or implement policies. The open-source nature of some wallets (MetaMask is open source) mitigates this, as anyone can fork the code, but in practice most users accept updates without examination.

Layer 5: Fiat on/off-ramps

Converting between crypto and traditional currency requires regulated exchanges (Coinbase, Kraken, Binance) that comply with KYC/AML laws. This is the most centralized layer: it is controlled by governments, regulated by financial authorities, and subject to sanctions, freezes, and reporting requirements.

Where does the private enterprise begin?

Everywhere except the protocol layer. The nodes that serve your requests, the wallet software you use, the marketplaces where you trade, the exchanges where you cash out, the DNS that resolves domain names, the cloud servers that host frontends: all of these involve private companies making decisions about availability, access, and compliance.

The future: account abstraction and social recovery

The next generation of wallets is already here.

Traditional Ethereum accounts (called Externally Owned Accounts, or EOAs) are controlled by a single private key. Lose the key, lose the account. This model, while cryptographically elegant, is hostile to human error and adoption.

ERC-4337: Account Abstraction

Deployed on Ethereum mainnet in March 2023, ERC-4337 enables smart contract wallets that can define their own rules for authorization. Instead of a single private key, the "account" is a smart contract that can implement any logic its creator designs.

Over 40 million smart accounts have been deployed across Ethereum and L2 networks, with nearly 20 million deployed in 2024 alone. Over 100 million UserOperations have been processed. This is no longer experimental; it is production infrastructure.

What account abstraction enables

• Social recovery - Designate trusted friends, family, or devices as "guardians". If you lose your key, a threshold of guardians (e.g., 3 of 5) can authorize a key rotation, restoring your access. No seed phrase needed for recovery.
• Session keys - Grant a dApp limited permissions for a specific time period, without approving every single transaction. Useful for gaming and frequent interactions.
• Gas sponsorship - A third party (a dApp, a DAO, a friend) can pay your gas fees. New users do not need ETH to start interacting.
• Batched transactions - Approve and swap in a single transaction instead of two. Mint and list in one click.
• Spending limits - Set daily or per-transaction limits. Even if compromised, the damage is bounded.
• Multi-factor authentication - Require a hardware key AND a phone confirmation AND a time delay for large transfers.

EIP-7702: Bridging old and new

Introduced with Ethereum's Pectra upgrade in May 2025, EIP-7702 allows existing EOAs (your current MetaMask account) to temporarily execute smart contract code. This means you can gain some account abstraction benefits without migrating to a new address, a crucial bridge for adoption.

Running your own node

The ultimate sovereignty: trusting no one but yourself.

The most complete solution to the RPC centralization problem is to run your own Ethereum node. When you do, your wallet connects directly to your own copy of the blockchain. No Infura. No Alchemy. No intermediary. No censorship. No downtime imposed by third parties.

What you need

• A computer that can run 24/7 (a dedicated machine, a NUC, or a Raspberry Pi 5 for lightweight clients).
• At least 2 TB of SSD storage (the Ethereum state is large and growing).
• A stable internet connection with no data caps.
• An execution client (Geth, Nethermind, Besu, or Erigon) and a consensus client (Prysm, Lighthouse, Teku, or Nimbus).

Simplified options

Products like DAppNode and Avado provide pre-configured hardware and software that make running a node as simple as plugging in a box and following a setup wizard. These are designed for non-technical users who want sovereignty without the command-line complexity.

Light clients: the middle ground

A full node stores the entire blockchain state. A light client stores only block headers and requests specific data on demand, using cryptographic proofs to verify the data is correct. Light clients require far less storage and bandwidth, making them viable on laptops and even phones. Projects like Helios (by a]16z) offer Ethereum light clients that can serve as local RPC endpoints, giving you trust minimization without the hardware investment of a full node.

Glossary

Key terms used throughout this guide.