ONCHAINSITE
Back to Blog

How Crypto Wallets Work: Keys, Seed Phrases, and Smart Accounts

Crypto 101

Learn what crypto wallets actually do, how private keys and seed phrases control your assets, and why smart contract wallets are changing Web3 security.

Summarize this post with
ChatGPTClaudeClaudePerplexityPerplexityGrok

If you're new to crypto, you've probably heard someone say "not your keys, not your coins." But what does that actually mean? And what exactly is a wallet doing when you "approve" a transaction or "sign" a message?

Here's the truth: crypto wallets don't hold your coins. Your assets live on the blockchain, recorded in a public ledger anyone can verify. Your wallet's real job is managing the cryptographic keys that prove you control those assets. Understanding this distinction changes everything about how you interact with Web3 safely and confidently.

This guide walks through how wallets actually work under the hood. You'll learn what private keys and seed phrases do, how transactions get signed and sent, and why new smart contract wallets are introducing features like social recovery and sponsored gas that make onchain life easier and more secure.

What a Crypto Wallet Really Is (And What It Isn't)

Let's start by clearing up the biggest misconception: wallets don't store cryptocurrency the way bank accounts store dollars.

When you "have Bitcoin" or "own an NFT," what you really have is control over a blockchain address. The Bitcoin or NFT itself exists as a record on a public blockchain that thousands of nodes maintain. Your wallet simply stores the private key that lets you authorize transactions from that address.

Think of it this way: the blockchain is a giant public spreadsheet showing who controls which assets. Your wallet is the signing authority that proves you're authorized to update your row in that spreadsheet.

Here's what wallets actually do:

  • Generate and store private keys (the secret codes that control your assets)
  • Derive public addresses from those keys (where others send you crypto)
  • Sign transactions cryptographically to authorize moving funds
  • Connect to blockchain networks to broadcast signed transactions
  • Interact with decentralized applications by proving ownership without revealing your keys

The wallet app you see on your phone or browser is just an interface. The real "wallet" is the set of keys it manages. This is why you can recover the same wallet on a completely different app using your seed phrase: the keys and addresses are derived mathematically from that phrase, not stored in any single piece of software.

Keys and Addresses 101: The Foundation

Every crypto wallet revolves around a pair of cryptographic keys that work together like a lock and a unique signing pen.

Private Keys: The Master Control

Your private key is a long random number (typically 256 bits, or 64 hexadecimal characters for Ethereum). This key is what actually controls your assets. Anyone who has access to your private key can move funds from the associated address with no additional password, no recovery option, and no questions asked.

For example, an Ethereum private key might look like:

0x4c0883a69102937d6231471b5dbb6204fe512961708279f8c5b9d6e5d1f1b8e3

You should never share this or store it online. Ever.

Public Keys: Derived, Not Secret

From your private key, your wallet uses elliptic curve cryptography (specifically the secp256k1 curve for Ethereum) to mathematically derive a public key. This process only works one way: you can always calculate the public key from the private key, but you cannot reverse it to find the private key.

The public key is what gets transformed (hashed and encoded) into your familiar blockchain address.

Addresses: What You Share

Your address is a shortened, checksummed version of your public key. On Ethereum, addresses start with 0x and contain 40 hexadecimal characters:

0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb2

This is what you share with others to receive payments. It's safe to make public because, without the private key, no one can authorize transactions from this address.

The checksum built into Ethereum addresses (mixed uppercase/lowercase letters) helps catch typos: send to the wrong character and wallet software will often warn you the address is invalid.

Key takeaway: The private key is everything. The public key and address are just derived representations that prove ownership without exposing control.

Seed Phrases Explained: One Phrase, Many Accounts

Managing individual private keys for every blockchain address would be a nightmare. Imagine tracking dozens of 64-character codes across Bitcoin, Ethereum, and other networks.

That's where seed phrases (also called mnemonic phrases or recovery phrases) come in.

What Is a Seed Phrase?

A seed phrase is a list of 12, 18, or 24 common words generated by your wallet when you first create it. Here's an example 12-word phrase:

witch collapse practice feed shame open despair creek road again ice least

These words encode a large random number (128 to 256 bits of entropy) using a standardized word list defined in BIP39. That number becomes the master seed from which all your private keys are mathematically derived.

One Seed, Many Keys

Modern wallets use hierarchical deterministic (HD) key generation (specifically the standards BIP32 and BIP44) to create multiple addresses from a single seed.

The process works like this:

  1. Master seed generated from your phrase
  2. Derivation path applied (a formula like m/44'/60'/0'/0/0 for Ethereum)
  3. Private key calculated for that specific path
  4. Public key and address derived from the private key

Each number in the derivation path represents a level:

  • 44' = BIP44 standard
  • 60' = Ethereum coin type
  • 0' = account index
  • 0 = external chain (addresses shown to others)
  • 0 = address index (first address, then 1, 2, 3...)

By incrementing the final number, your wallet can generate unlimited addresses, all recoverable from the same 12–24 word phrase.

This is why you can restore your entire wallet (all accounts, all addresses) on a new device or different wallet app just by entering your seed phrase.

Optional Passphrases: The "25th Word"

Some wallets support an additional passphrase (sometimes called the 25th word) that acts as an extra layer of security. The passphrase changes the mathematical derivation, generating completely different keys and addresses from the same seed words.

Benefits:

  • Plausible deniability: You can reveal your 12-word seed under duress but keep your passphrase secret, protecting a separate set of assets
  • Enhanced security: Even if someone finds your seed phrase, they can't access accounts without the passphrase

Risks:

  • Not compatible with all wallets (you must use apps that support BIP39 passphrases)
  • Lose the passphrase, lose everything tied to it (there's no recovery)
  • Must remember exact spelling and spacing (even one character difference creates different accounts)

Custody and Wallet Types: Finding Your Fit

Not all wallets offer the same level of control or security. Understanding the custody spectrum helps you choose the right tool for your needs.

Self-Custodial vs Custodial

Self-custodial (non-custodial) wallets mean you control your private keys. Examples include Ledger/Trezor hardware wallets, or Base app used with a self-custody wallet. If you lose your seed phrase or hardware device, no one can recover your funds, not even the wallet provider.

Custodial wallets are managed by a third party (like an exchange). Kucoin, Binance, or Kraken hold your keys on their servers. You log in with a username and password, and they execute transactions on your behalf. This is easier for beginners but requires trusting the platform with your assets.

Semi-custodial or MPC wallets split key control across multiple parties. No single entity holds the full key. Recovery often involves cloud backups or trusted contacts. These balance convenience with improved security compared to pure custodial options.

Hot vs Cold Storage

Hot wallets are connected to the internet: browser extensions like Rabby, mobile apps like Base app, or web-based interfaces. They're convenient for daily transactions but more vulnerable to hacks, phishing, and malware.

Cold wallets stay offline. Hardware wallets like Ledger or Trezor store keys on a physical device. To sign a transaction, you connect the device briefly, confirm on its secure screen, then disconnect. This isolation dramatically reduces attack surface, making cold wallets the gold standard for storing significant amounts.

Feature Hot Wallet Cold Wallet
Internet Connection Always online Offline, connects only to sign
Convenience High (instant access) Moderate (requires device)
Security Lower (vulnerable to remote attacks) Higher (isolated from internet threats)
Best For Daily use, small amounts Long-term storage, large holdings
Examples Base app, Rainbow, Phantom Ledger, Trezor, paper wallets

Best practice: Use a hot wallet for everyday onchain activities and DApp interactions. Keep the majority of your funds in a cold wallet that you only access when moving significant amounts.

EOAs vs Smart Contract Wallets (Account Abstraction Made Simple)

Up until recently, almost every wallet created an Externally Owned Account (EOA), the original Ethereum account type controlled by a single private key. EOAs are simple and battle-tested, but they have limitations.

Smart contract wallets (also called smart accounts) are a new breed of wallet governed by programmable smart contract code instead of a single key. They unlock features that EOAs simply can't offer.

What Makes EOAs Limited

EOAs traditionally work like this:

  • One private key controls everything
  • Lose the key → lose all funds, permanently
  • No spending limits, no multi-signature requirements, no recovery options
  • Must hold ETH (or the native token) to pay gas fees
  • Can't batch multiple transactions into one

If your key is compromised or you forget your seed phrase, there's no safety net. However, EIP-7702 (covered below) now offers a way to upgrade EOAs with smart contract features while keeping your existing address.

How Smart Contract Wallets Change the Game

With smart accounts, the rules are written in code deployed onchain. This enables:

  • Social recovery: Designate trusted friends or family as "guardians" who can help you regain access if you lose your keys (no seed phrase needed)
  • Multi-signature authorization: Require 2-of-3 or 3-of-5 approvals for high-value transactions
  • Spending limits: Cap daily withdrawals; require extra verification for large amounts
  • Session keys: Grant temporary permissions to apps (e.g., "this game can spend up to 10 USDC per day for a week")
  • Batched transactions: Bundle multiple actions (approve token, swap, deposit to a DeFi protocol) into a single transaction to save gas and improve UX
  • Gas abstraction: Let apps or protocols pay transaction fees on your behalf, or pay fees in tokens other than ETH

ERC-4337 and Account Abstraction

ERC-4337 is the Ethereum standard enabling account abstraction without changing the core protocol. It introduces:

  • UserOperations: Special transaction formats processed by bundlers and verified by contracts
  • Paymasters: Smart contracts that sponsor gas fees for users (enabling gasless onboarding)
  • Bundlers: Off-chain services that collect UserOperations and submit them onchain

On Layer 2 networks like Base, ERC-4337 adoption is growing rapidly. Many DApps now integrate paymasters so new users can interact without holding ETH first (the app covers the gas). This removes a major onboarding friction point and shows how smart accounts enable real-world usability gains.

EIP-7702: Upgrading Your EOA to a Smart Wallet

One of the most exciting recent developments is EIP-7702, which gives existing EOAs "superpowers" by allowing them to temporarily act like smart contract wallets.

Here's how it works: an EOA owner signs an authorization that allows their account to set its code based on any existing smart contract. This authorization can be submitted by anyone as part of a special transaction type. The code remains active until replaced by another authorization, and can be set for a single chain or all chains at once.

What this means in practice:

  • No migration needed: Your existing EOA can gain smart wallet features without moving funds to a new address
  • Temporary upgrades: Enable smart contract functionality when you need it, revert to a simple EOA when you don't
  • Full compatibility: Works with existing smart account implementations and EIP-4337 infrastructure (paymasters, bundlers, etc.)
  • All the benefits: Transaction bundling, gas sponsorships, custom permissions, and more, all from your familiar EOA address

Real-world adoption:

Base app and MetaMask were the first two wallets to support EIP-7702, making it easy for users to upgrade their existing accounts without learning new workflows or addresses. This marks a significant step toward making smart account features accessible to everyone, not just those willing to create entirely new wallet types.

The flexibility of EIP-7702 means you can experiment with different smart wallet implementations, test new features, and customize your wallet's behavior while maintaining the same address your contacts and apps already know.

EOA vs Smart Account Comparison

EOA Smart Contract Wallet
Control Single private key Programmable logic (multi-sig, guardians, modules)
Recovery Seed phrase only; lose it = lose funds Social recovery, guardians, backup keys
Gas Fees Must hold native token (ETH) Can be sponsored by apps (paymasters)
Transaction Features Simple send/receive Batching, spending limits, session keys, custom logic
Security Model All-or-nothing key control Layered: time locks, spending caps, multiple approvers
Risks Key loss, single point of failure Smart contract bugs, higher complexity, potential new attack vectors
Examples Coinbase wallet (old), Rabby, and most traditional wallets Base app, Safe, Avocado, Argent

When to consider a smart account:

  • You want backup recovery options beyond a seed phrase
  • You need multi-signature security (treasuries, DAOs, shared funds)
  • You're building onchain apps and want sponsored transactions for users
  • You interact frequently with DeFi and want to batch approvals/swaps for efficiency

When an EOA is fine:

  • You're comfortable managing a seed phrase
  • You prefer simplicity and maximum compatibility
  • You don't need advanced features like social recovery (or can use EIP-7702 when needed)

With EIP-7702, the line between EOAs and smart accounts is blurring. Many users now start with an EOA and can upgrade it temporarily or permanently as their needs evolve, without the friction of moving to an entirely new account.

How Signing Works: From "Approve" to "Send"

Every onchain action (whether sending ETH, swapping tokens, or minting an NFT) requires your wallet to cryptographically sign data proving you authorized it.

Let's walk through what happens when you click "Confirm" in your wallet.

Transaction Anatomy

A basic Ethereum transaction contains:

  • to: Recipient address (or contract address)
  • value: Amount of ETH being sent
  • data: Optional input for smart contract interactions
  • gas limit: Maximum gas units willing to spend
  • gas price / priority fee: How much you pay per unit (higher = faster inclusion)
  • nonce: Transaction count from your address (ensures proper ordering)
  • chainId: Which network (prevents replay attacks across chains)

Your wallet fills most of this in automatically based on the action you're taking.

Signing Process

  1. Wallet constructs the transaction using the recipient, amount, current gas estimates, and your address's next nonce
  2. Transaction data is hashed (converted to a unique fixed-size string using keccak256)
  3. Your private key signs the hash using elliptic curve digital signature algorithm (ECDSA), creating a signature (v, r, s values)
  4. Signed transaction is broadcast to the network via RPC nodes
  5. Validators verify the signature matches your address's public key
  6. Transaction is included in a block if gas fees are competitive
  7. Confirmations accumulate as more blocks are added (typically 12+ confirmations considered safe on Ethereum mainnet)

The signature mathematically proves that the transaction was created by the holder of the private key corresponding to your address, without revealing the key itself.

Message Signing vs Transaction Signing

Not every signature moves funds. Message signing (off-chain signing) lets you prove ownership for authentication or approvals without spending gas.

Common uses:

  • Logging into DApps (e.g., "Sign this message to prove you own this address")
  • Creating verifiable off-chain orders (e.g., OpenSea listings)
  • Token approvals using EIP-2612 Permit (gasless permission to spend tokens)

EIP-712 standardizes human-readable signed data. Instead of signing a cryptic hash, you see:

Sign this message to log in:
Domain: app.example.com
Nonce: 0x7f3b8...
Issued at: 2025-01-02T14:23:00Z

This structured format helps you understand what you're signing and prevents blind signature attacks.

Warning: Malicious sites can trick you into signing messages that grant token approvals or authorize actions. Always verify:

  • The domain requesting the signature matches the site you intended to use
  • What permissions or data you're approving
  • Whether it's a safe operation (some "Permit" signatures can let contracts drain your wallet)

Fees and Gas: What Your Wallet Is Estimating

Every transaction on Ethereum and EVM-compatible chains requires gas, the computational fuel that pays validators to process your transaction.

Gas Price vs Gas Limit

  • Gas limit: Maximum units of computation you allow (sending ETH typically uses 21,000 gas; complex DeFi interactions can use 500,000+)
  • Base fee: The network's minimum fee per gas unit (set algorithmically by EIP-1559)
  • Priority fee (tip): Extra amount you pay to validators for faster inclusion
  • Total cost: (Base fee + Priority fee) × Gas used

If you set the gas limit too low, the transaction fails but you still pay gas for the attempted computation. If you set it too high, you only pay for actual gas used; the excess is refunded.

Wallets estimate gas limits automatically by simulating the transaction. They also suggest gas prices (slow/standard/fast) based on current network congestion.

L1 vs L2: Why Fees Differ Dramatically

Ethereum mainnet (L1) currently averages $1–$5 per simple transaction and $20–$100+ for complex DeFi interactions during peak times. This is due to limited block space and high demand.

Layer 2 networks like Base, Optimism, and Arbitrum process transactions off Ethereum mainnet, bundling many L2 transactions into single L1 batches. Fees drop to $0.01–$0.10 for most actions, often 10–100× cheaper than L1.

Confirmation times also improve: L2 blocks finalize in 1–2 seconds vs Ethereum's 12-second block time.

Sponsored Transactions and Paymasters

On ERC-4337-compatible chains (including Base), paymasters are smart contracts that pay gas fees on behalf of users.

How it works:

  1. User creates a UserOperation (special transaction format)
  2. App or protocol's paymaster verifies the operation
  3. Paymaster covers the gas cost onchain
  4. User completes the action without holding ETH

This feature enables true "gasless onboarding": new users can interact with apps immediately without buying native tokens first. The app or protocol absorbs gas costs as a user acquisition expense.

Real example: A Base-native NFT mint could let users pay in USDC while the minting contract sponsors the ETH gas fee via a paymaster. The user never touches ETH, simplifying onboarding and UX dramatically.

Common Risks and How to Stay Safe

Managing crypto wallets safely requires vigilance. The decentralized nature of blockchains means there's no customer service to call if you make a mistake or get scammed.

Phishing and Malicious Signatures

Phishing attacks trick you into entering your seed phrase on a fake website or signing malicious transactions.

Common tactics:

  • Fake wallet extensions that steal seeds
  • Discord/Twitter DMs offering "support" and asking for your phrase
  • Sites mimicking real DApps with similar domains (uniswap.com vs uniswaρ.com with Greek ρ)
  • Pop-ups requesting blind signatures for "verification"

Protection:

  • Bookmark real DApp URLs; never click links in DMs
  • Verify contract addresses before interacting (check official sources)
  • Read every signature request carefully, especially Permit messages
  • Use hardware wallets for signing high-value transactions
  • Never share your seed phrase or private key with anyone, ever

Token Approvals and Allowances

When you interact with DeFi protocols, you often "approve" a contract to spend your tokens on your behalf. This approval persists until you revoke it.

The risk: A malicious or compromised contract with an unlimited approval can drain all approved tokens from your wallet at any time.

Safe practices:

  • Grant limited approvals when possible (exact amount needed, not unlimited)
  • Regularly revoke old approvals using tools like Revoke.cash or your wallet's built-in permissions manager
  • Audit approvals after trying new protocols; don't leave unlimited access sitting unused

Backup and Recovery Best Practices

Seed phrase security:

  • Write it down on paper or metal (never digital storage, screenshots, cloud)
  • Store in multiple physical locations (home safe, bank safety deposit box)
  • Consider using a passphrase (25th word) for high-value accounts
  • Test recovery on a fresh device before putting significant funds at risk

Hardware wallet tips:

  • Buy directly from the manufacturer (never second-hand or from unofficial resellers)
  • Verify device integrity (authentic packaging, tamper seals)
  • Keep firmware updated
  • Store device and seed phrase separately

For smart contract wallets with social recovery:

  • Choose guardians carefully (trusted individuals who won't collude)
  • Test the recovery process with a small test wallet first
  • Understand the delay periods and security models of your specific wallet

Connecting to DApps Safely (Without Getting Drained)

Every time you connect your wallet to a decentralized app, you're granting that site the ability to read your address and request signatures.

Wallet Connection Flow

Modern wallets use WalletConnect (for mobile) or direct browser injection (for browser extensions) to establish connections.

When you click "Connect Wallet" on a DApp:

  1. DApp requests your public address (not private key, which is safe to share)
  2. Wallet prompts for approval
  3. You confirm which account to connect
  4. DApp can now:
    • Display your balances and transaction history
    • Prompt you to sign messages or transactions
    • Cannot move funds without your explicit signature approval

Nothing happens automatically. The DApp must request each action, and you approve or reject each request individually.

Verifying Contract Interactions

Before signing any transaction that interacts with a smart contract, verify:

  • Contract address matches the official protocol (check docs, block explorers)
  • Function being called is what you expect (wallets show "Transfer," "Approve," "Swap," etc.)
  • Token amounts and approvals are limited to what you intend

Advanced users can decode transaction data with block explorers (Etherscan, Basescan) to see exactly what functions and parameters are being called.

Using Transaction Simulation

Some wallets and tools simulate transactions before execution, showing:

  • Expected token/ETH changes
  • Net profit/loss estimates
  • Warnings for suspicious activity (high slippage, unknown approvals)

Base app recently integrated Blockaid for automatic simulation warnings. Rabby Wallet shows detailed balance changes before signing. Use these features to catch mistakes or scams before confirming.

Wallet Separation Strategy

Consider using separate wallets for different risk levels:

Wallet 1 (Cold Storage): Hardware wallet or offline seed phrase

  • Purpose: Long-term holdings, high-value NFTs
  • Access: Rarely, only for major moves

Wallet 2 (DeFi Interactions): Hot wallet (browser extension)

  • Purpose: Liquidity pools, lending, swapping
  • Funding: Only what you're actively using

Wallet 3 (Experimental/Mints): Separate hot wallet

  • Purpose: Trying new protocols, minting questionable NFTs
  • Funding: Small amounts you can afford to lose

This compartmentalization limits damage if one wallet is compromised via phishing or a malicious contract.

Troubleshooting and Recovery Scenarios

Even experienced users run into wallet issues. Here's how to handle common problems.

Recovering on a New Device

Process:

  1. Install wallet app on new device
  2. Select "Import wallet" or "Restore from seed phrase"
  3. Enter your 12–24 word seed phrase in exact order
  4. Set a new password for the app (this is local to the device, not part of the seed)
  5. Wait for wallet to derive all addresses

Important: The password you create is just for unlocking the app on that device. Your real security comes from the seed phrase. Anyone with your seed phrase can access your wallet on any device, regardless of the password you set.

Seed Phrase Compatibility Across Wallet Apps

Most wallets follow BIP39/44 standards, so seed phrases are interoperable. However, differences can cause issues:

Derivation path mismatches:

  • Most wallets use m/44'/60'/0'/0/x for Ethereum
  • Some wallets use m/44'/60'/0'/x (slightly different)
  • Bitcoin wallets use coin type 0' instead of 60'

If you restore your seed in a different wallet and don't see expected funds:

  • Check if the wallet lets you customize derivation paths
  • Try "advanced" restore options and manually input the correct path
  • Contact support for the original wallet to confirm their derivation path

Solution: For maximum compatibility, stick with widely used wallets that follow standard paths.

"Missing Funds" After Restoring

Possible causes:

  1. Wrong network: You're viewing Ethereum mainnet but funds are on Base or Polygon
  2. Derivation path mismatch: New wallet isn't checking the same address indexes
  3. Incorrect seed phrase: One word wrong generates completely different keys
  4. Passphrase required: If you used a 25th word, you must enter it during recovery

Troubleshooting steps:

  • Switch to all networks/chains you previously used
  • Check address on block explorer to confirm funds are still there
  • Try restoring in the original wallet app
  • If you used a passphrase, try recovery with and without it (different wallets handle this differently)

Stuck Transactions

Transactions get "stuck" when you submit with gas fees too low during congestion, and the network ignores them.

How to fix:

  1. Speed up: Resubmit the same transaction with higher gas (most wallets have a "speed up" button)
  2. Cancel: Send a 0 ETH transaction to yourself using the same nonce and higher gas (this replaces the stuck transaction)
  3. Wait: Eventually, low-fee transactions time out (though this can take hours or days on mainnet)

Nonce management: Ethereum processes transactions in order by nonce. If transaction #5 is stuck, transaction #6 can't confirm until #5 completes. Always resolve stuck transactions in order.

Hardware Wallet Connection Issues

  • Update wallet firmware (manufacturers release regular security updates)
  • Use official cables (some third-party cables don't support data transfer)
  • Check browser permissions (hardware wallets need USB/Bluetooth permissions enabled)
  • Clear cache/cookies if using browser extension
  • Try different USB port or different computer if persistent issues

Quick Glossary

Address: Your public identifier for receiving crypto (like an email address for payments)

Cold Wallet: Hardware or offline wallet that stores keys disconnected from the internet

Custodial Wallet: A wallet where a third party controls your private keys

Derivation Path: Mathematical formula for generating multiple addresses from one seed phrase

EOA (Externally Owned Account): Traditional blockchain account controlled by a private key

Gas: Computational fee required to execute transactions on Ethereum and EVM chains

Hot Wallet: Software wallet connected to the internet (browser extension, mobile app)

MPC (Multi-Party Computation): Wallet where multiple parties each hold a piece of the key; no single party has full control

Nonce: Transaction count from your address; ensures transactions process in order

Paymaster: Smart contract that pays gas fees on behalf of users in ERC-4337 systems

Private Key: Secret code that controls your blockchain address and authorizes transactions

Public Key: Derived from private key; used to generate your address

Seed Phrase / Mnemonic: 12–24 words encoding the master key from which all wallet addresses are derived

Self-Custodial Wallet: You control your private keys; responsible for security and recovery

Smart Contract Wallet: Account governed by programmable smart contract code (enables multi-sig, social recovery, etc.)

Transaction Signing: Using your private key to cryptographically approve a transaction

Next Steps: Building Your Wallet Practice

Now that you understand how wallets work, here's how to build good habits:

Start simple, start small:

  1. Set up a self-custodial wallet (Base app is a great starting point)
  2. Write down your seed phrase on paper immediately
  3. Send a tiny test transaction ($1–$5) to verify everything works
  4. Practice connecting to a DApp and signing a message
  5. Try a token swap on a low-fee network like Base

As you grow:

  • Move significant holdings to a hardware wallet
  • Revoke old token approvals monthly
  • Consider a smart contract wallet if you want social recovery or multi-sig
  • Use separate wallets for different activities (experimentation vs long-term storage)

Keep learning:

The most important principle: you are your own bank. No company can reverse a mistake or recover lost keys. That responsibility comes with both power and risk. Understanding how wallets work is the foundation for participating in Web3 safely, confidently, and effectively.