How Cryptocurrency Wallets Work

Blockchain and cryptocurrency is the first technology to enable electronic transfers of value without the requirement to use a financial intermediary such as a bank.

They have the capability to be instant and fee-less.

They are performed peer-to-peer, negating the requirement to open accounts with personal information.

All of these great benefits necessitate the use of a specialized software to enable the transfer and storage of these cryptocurrencies.

In this lesson, we will learn about what cryptocurrency wallets are and how they work.

Simply put, a wallet is a place to store, send and receive cryptocurrencies.

It is usually a software program that has a user interface that one can interact with to perform these functions, though it can also be as simple as a piece of paper.

Wallets are critically essential to the cryptocurrency ecosystem, one cannot hold or transact in cryptocurrencies like bitcoin, without using a wallet.

This can get fairly technical to explain but essentially a wallet is comprised of a public key and private key.

Cryptocurrency protocols like bitcoin use a feature called asymmetric cryptography, which is where the concept of a two-key system came about.

In short, it is a method to assure that one can provide a public key address that everyone has visibility into, and a private key that only the owner of the blockchain record has access to.

This method allows anyone to check and confirm that the sender owns the address, without actually knowing what the private key secret is.

There are actually other Distributed Ledger Technologies (DLT) such as a Directed Acyclic Graph (DAG) that also makes use of asymmetric cryptography, but for the sake of simplicity, we will continue to use “blockchain” as a generic term to encompass all DLT’s.

The public key is the address you provide to others to receive cryptocurrency and the private key is what you use to sign the transaction to provide irrefutable evidence that you authorized a send transaction.

Wallets are actually nothing more than software programs that utilize a private and public key to enable sending, receiving and viewing transactions on the blockchain.

A user doesn’t actually ever possess or hold their coins in a traditional account – their ownership is represented by a global accounting ledger that is publicly viewable and stored on a blockchain.

Regardless of the technology, when a user needs to send money from one place to another, they need a recipient and a destination.

In traditional banking, this is an account, represented by an account number, and further identified by the name of the bank, the routing number, sometimes a SWIFT code, the name of the account holder, and addresses for both.

With this information a user can execute a transfer and expect fiat funds to end up at the destination account.

In cryptocurrency transactions like bitcoin, all that is needed is a public key or more commonly a wallet address.

For bitcoin this is represented by a 26-35 character, alphanumeric identifier.

A user generally needs some sort of software program to actually execute the send transaction and input the known wallet address.

A wallet software is generally responsible for this.

When a user “sends” bitcoin from their one address to another, the wallet software is actually publishing a request to the nearest node.

The request is then queued up in the mempool, where it is stored until a miner takes the request and processes it (called “mining”).

The subsequent activity results in a recording of a transaction onto the blockchain.

Once it has received one full confirmation, the funds are said to be successfully received by the destination wallet.

It is important to understand that the recipient didn’t actually receive anything.

Instead a massive public ledger of millions of wallets was updated to say a balance was deducted from sender and the same amount was added to the recipient.

This has the same effect as an electronic transfer, even though everything has occurred exclusively on the blockchain.

Since no other information is required, cryptocurrency transactions are said to be anonymous.

Wallets can also aggregate cryptocurrencies held in different addresses and combine their balances together to send the requisite amount of coin.

For example if a sender needs to send 1 BTC, but only has three wallet addresses that each hold 0.35 BTC – the wallet software can send the requisite amount of funds from these three addresses to a single destination, so that the total received at the destination wallet is equal to the 1 BTC required.

Software wallets also help a user to create new public and private keys.

We learned earlier that a public key is also called a wallet address.

A new private key is generally created by submitting a random 256-bit number into the cryptocurrency protocol – but since a random number is difficult to remember, most wallet software utilizes a mnemonic recovery seed, such as BIP39 for Bitcoin, to simplify private seed recovery.

A mnemonic seed is simply a series of randomly generated but specific words, that easier to record than a very long and random number.

This text is actually used to generate a corresponding numeric value that is run through the Bitcoin protocol to create a new wallet address.

The concept of seed is important because it is directly responsible for creating the private key and public key – this is the sole piece of information responsible for determining ownership or a wallet.

If someone were to obtain the seed, they could rebuild your wallet in any wallet software and take ownership of the address, including sending funds out.

It is also important to note that ones private key is also equally as important, as this is used to sign a blockchain transaction, proving ownership – whoever owns the key, owns the wallet.

Wallets can create and maintain near limitless amount of new wallet addresses from a single seed.

Wallets come in all shapes and forms.

Remember, a wallet is merely a software program that communicates with a blockchain.

All wallets need access to the internet to perform send and receive transactions, lookup account balances, and create new addresses.

This is because the software needs to publish or lookup these transactions on the blockchain.

A centralized wallet is one in which a central entity or organization owns the private keys to the wallet.

They are the entity responsible for sending and signing transactions and creating and assigning new addresses to a user.

The user does not go through the process of generating a recovery seed.

Centralized wallets are primarily used by cryptocurrency exchanges such as Coinbase.

They enable convenience by allowing the central entity to create and deploy wallets on behalf of its customers without a cumbersome setup process.

The tradeoff is that cryptocurrencies held on these exchange wallets are actually technically in custody of the exchange itself – the user does not actually possess these funds.

If an exchange is hacked, these funds can be stolen from customers, as we’ve seen in many instances before.

These are wallets that are owned and managed by a user, directly.

This can also be through a software program.

A user creates new addresses from a seed and directly controls and owns the private key.

No other entity can execute transactions on behalf of the user without the seed or private key.

Wallets like MyEtherWallet and Ledger are both examples of decentralized wallets.

Decentralized wallets allow a user to retain maximum ownership of a wallet at the expense of inconvenience.

A user must set up a wallet with a recovery seed, and must secure and store the recovery seed and private key.

If this is lost, the wallet, without exception, becomes unavailable for use, and all funds stored on this wallet are lost with it.

If either the seed or key are stolen, the thief can transfer all of your holdings to another wallet.

Transfers that occur on a blockchain are irreversible, so the stakes are quite high for an individual or entity to secure their seed and private key in a decentralized wallet.

Hierarchical Deterministic wallets are wallet that generate a series of random but deliberately selected words called a mnemonic phrase.

These words a specifically chosen to reduce the potential for mistakes when entering, for example avoid words that might be confused with each other when handwritten.

These words can be converted to a number which serves as the seed integer to a deterministic wallet that generates all of they key pairs used in the wallet.

This means a new seed is not required for each new address that is created.

Most modern wallets are HD wallets, though some paper wallet software allows a user to configure their own random private key, manually. This would be an example of a wallet that is not HD.

A hardware wallet is a special type of wallet in which the user’s private keys are stored on a secure hardware device that looks similar to a thumbdrive.

Hardware Wallets are still utilized by a software application to view balances, create additional addresses, and to initiate send transactions.

The difference is that the private key is secured into the physical media, rather than being stored within the software application itself.

Transactions cannot be signed without the private key stored on the hardware device, so it is said to be more secure, since the hardware device can be disconnected from a computer and stored “offline” without the possibility of exposure to hacking.

It can also be securely stored in a physical vault, preventing access.

Hardware wallets are still susceptible to recovery seed theft, since the seed can be used to rebuild a mirror hardware or software wallet.

Remember, even if they key is stored in a hardware device, the public key is still just a record on a blockchain, storing the private key in a piece of hardware does not change this.

This is a wallet software that runs on a website like Parity or MyEtherWallet.

They offer convenience since they can be accessed by any browser with an internet connection, and do not require any specialized software.

Most employ good security to enable transacting in cryptocurrencies using a browser.

There is some risk, for example, of malware that may have visibility to any private keys that are being copy-pasted into the web wallet.

This is a wallet software that runs natively on your desktop.

This usually involves downloading a package that is deployed through your operating system, usually OSX or Windows.

They can interact directly with connected hardware and are thus preferred by hardware wallet manufacturers that need a software UI to interface with their hardware.

They still require an internet connection to publish transaction requests to the blockchain.

A type of wallet that runs natively on your mobile Android or iOS device.

Work similar to other wallets except the private key is encrypted onto the device itself.

This is similar to a hardware wallet, the key goes wherever your phone goes and is not stored in the cloud or on some centralized server.

Offers the convenience of a web or desktop wallet, with the security of native encryption.

Presents some security risk for those that do not secure their phones with a strong password, in combination with FaceID or TouchID.

Losing or breaking ones mobile device carries some risk of loss if the seed is not secured.

A multi-signature wallet is a type of wallet security feature that requires two or more signatures to authorize a transaction.

This is helpful when an organization does not want to entrust the movement of funds to a single individual, or if wallet transfers require the approval of a majority, for example, under the control of a board of directors.

This feature can co-exist with any of the above wallet types and ensures a high level of security in the case of theft, where compromise of an individual’s key does not compromise the security of the wallet.

Simplified Payment Verification wallets, sometimes called thin or lite wallets, do not contain a record of the entire blockchain in which it transacts, called a node.

Instead it relies on an external node to publish transactions to a blockchain.

Since a full node, today, may require over a terabyte of space, most desktop and mobile wallets are SPV wallets.

SPV wallets require trust in the wallet software creators to assure that transactions submitted are properly posted to a trusted node.

A brain wallet is simply a type of wallet that was created using basic software that translates a user provided set of predetermined text into the digital seed used to create a private key.

This is in contrast a randomly generated seed provided by most wallet software.

Brain seeds are generally easier to memorize since they are created by the wallet owner.

The requirement to physically record and secure the seed is reduced, since it can be remembered.

However, humans are generally not very good at generating random text and time has proven that hackers have been successful at extract funds held in brain wallets – even those created with obscure text such as an unknown Afrikaans poem.

Highest Security – Paper and Hardware Wallets.

Medium Security – Desktop and Web Wallets.

Low Security – Exchange and Centralized Wallets.

Wallet security is important as funds have been lost due to poor security practices by wallet owners and wallet software developers. Centralized wallets like CoinCheck and Parity have lost hundreds of millions in hacking and theft.

Wallets consists of several main components with specific purposes and security issues.

Seed – used to generate the wallet private key; seeds can be used to rebuild or mirror a wallet, including gaining access to its private key – whoever has the seed can send transactions out of one or more wallets.

The seed can be written down, memorized (not recommended unless you never forget anything), or recorded in steel using something like Cryptosteel®.

For maximum security some entities record sections of the seed onto different mediums and then secure these mediums separately in remote locations that only the wallet holder and trusted party know about.

Private key – used to sign a send transaction, authorizing it; since this key is directly responsible for enabling transactions, whoever possesses the key, has the ability to send crypto out of the wallet.

The private key can be written down but is usually stored in encrypted format on a software program or hardware device.

So long as the encryption is very strong, it is unlikely to be hacked, however private keys are generally vulnerable in transit, that is, if a user is copy-pasting them into a form, or saving the key file to the cloud.

This is why QR codes are used, so that malware cannot capture form data.

Special care should be taken to secure keys, as they are still vulnerable if “hot,” that is, connected online.

Hardware wallets are recommended since their secure element is nearly impossible to hack, meaning, even if they are stolen, a thief may have trouble gaining access to the funds before you can transfer funds out, and without a connection to the internet, are not susceptible to remote hacking.

Public key – used to receive transactions; should be secured to prevent linking a public key to a person, for example, storing your public keys in a folder on your desktop that is accessible by another party could enable that party to link wallet addresses directly to you, negating the anonymous aspect of cryptocurrency wallets.

No risk of loss of funds due to exposure, the security risk is mainly a privacy one.

Hardware – Ledger Nano X, Trezor

Web Wallet – MyEtherWallet

Desktop Wallet – Exodus, Electrum

Mobile Wallet – Mycelium, Jaxx

Wallets are software programs that enable a user to perform the following actions:

- Create new public addresses.

- Send cryptocurrency.

- Receive cryptocurrency.

- Track and lookup holdings.

- Aggregate all wallet balances into a single total.

- Track history of transactions.

- Automatically combine wallet addresses to send an amount of cryptocurrency that exceeds any single wallet addresses balance.

- Do not require any user information and therefore enable some form of anonymity.

- Utilize various mediums such as web, desktop, mobile, or hardware.

- Secure cryptocurrency holdings using an array of methods (multi-signature, offline cold storage).

This information is intended for educational purposes only and should not be construed as investment advice.

As with all financial decisions you should contact your licensed financial advisor before investing in any financial instrument.