Section 01 · What a Wallet Really Stores
An Ethereum wallet stores keys, not coins
The wallet on your phone does not contain any ETH. It contains the cryptographic key that proves the ETH on the blockchain is yours to spend.
Quick answer
What does an Ethereum wallet actually store? An Ethereum wallet stores a private key (and the seed phrase that generates it). The wallet uses that key to sign transactions on your behalf. The ETH and tokens live on the blockchain at addresses derived from the key. If you lose the key and the seed phrase, no one can recover the funds. If someone copies the key, they can drain every address it controls.
Think of the blockchain as a public spreadsheet that lists balances next to addresses. Every Ethereum node on earth keeps a copy of this spreadsheet and updates it when new blocks arrive. Your address is one row in the spreadsheet. The balance next to it is yours because you can produce a signature only the holder of the matching private key could produce.
The wallet software is a key manager and a transaction builder. It generates the keys when you set up a new wallet. It stores them encrypted on disk under your device password. When you click Send, it builds a transaction object, hashes it, signs the hash with the private key, and broadcasts the result. Nothing else is happening that your private key would not happily do in a few lines of Python.
This is also why you can uninstall MetaMask, install it on a different machine, type in your 12 words, and see all your funds again. The funds were never inside MetaMask. They were always at addresses on the blockchain. The seed phrase rebuilds the keys, and the keys unlock the addresses.
Section 02 · The Four Pieces
Private key, public key, and the address
Every wallet has four artifacts and they are produced in a strict order. Each one is a function of the one before it.
The four pieces are the seed phrase, the private key, the public key, and the Ethereum address. They form a one way chain: the seed phrase produces the private key, the private key produces the public key, the public key produces the address. You can always go forward. You can never go backward.
Seed phrase
A 12 or 24 word mnemonic. It encodes 128 or 256 bits of random entropy in human readable form using the BIP39 word list. The seed phrase is the master backup. From it the wallet can deterministically reproduce every private key, every public key, and every address it has ever shown you. Lose it and all your funds are gone. Leak it and they are gone in a different way.
Private key
A 256 bit secret integer derived from the seed phrase using BIP32 hierarchical key derivation (the Ethereum default path is m/44/60/0/0/0). The private key is what actually signs transactions. Anyone holding it can move every asset at every address derived from it. It must never leave the wallet, never be logged, never be screenshot, never be typed into a website.
Public key
A point on the secp256k1 elliptic curve, computed by multiplying the curve's generator point by the private key. The public key can be shared safely. It is what nodes use to verify your signatures. Reversing it back into the private key is the discrete logarithm problem on secp256k1, which on current hardware is not solvable in any meaningful time.
Ethereum address
The keccak256 hash of the uncompressed public key, with the leading 0x04 byte stripped, then the last 20 bytes kept and a 0x prefix added. So your address is twenty bytes (forty hex characters) long. It is what people send ETH to. It is what shows up on Etherscan. The mixed case capitalisation you usually see is the EIP-55 checksum.
One subtle point worth knowing. A single seed phrase can derive an unlimited number of accounts, each with its own private key and address, by changing the BIP32 path. When you click Add account in MetaMask, you are not creating a new wallet. You are walking the derivation tree to a different leaf and showing a different address. Before pasting any derived address into a contract call or transfer, run it through the Ethereum Address Validator to confirm the EIP-55 checksum.
Section 03 · The Seed Phrase
Why one phrase backs up your entire wallet
The seed phrase looks like an inventory of nouns. Under the hood it is the most important secret you will ever own.
When you set up a new wallet, the software generates 128 or 256 bits of entropy from a cryptographic random source. It then maps the bits onto words from the BIP39 list. The list is exactly 2048 words, so eleven bits map to one word. Twelve words gives 132 bits (128 of entropy plus 4 of checksum). Twenty four words gives 264 bits (256 of entropy plus 8 of checksum).
The seed phrase is run through PBKDF2 with 2048 iterations of HMAC SHA512 to produce a 512 bit seed. That seed is fed into BIP32 to derive a master private key. From the master key, BIP32 walks a path of derivation indices to produce the actual account private keys. Ethereum wallets use the path m/44/60/0/0/n where n is the account index.
Your seed phrase is the only real backup
The wallet password on your device protects the local copy of the keys, nothing more. If the device dies, the password dies with it. The seed phrase is what survives. Write it on paper and put it somewhere you would still find in ten years. Never type it into a website, an app, a chat, or a search bar. No legitimate wallet, exchange, or support person will ever ask for it. Anyone who asks is trying to drain you.
A useful test of your backup: imagine your laptop, your phone, and your hardware wallet all break tomorrow. Can you still get your funds back from the seed phrase alone? If the answer is no, the backup is not done.
Section 04 · How Signing Works
Why your private key never leaves your machine
When you click Confirm in a wallet, the private key signs a hash. The signature travels over the network. The key does not.
Ethereum uses ECDSA on the secp256k1 curve for signatures. The wallet builds the transaction (sender, recipient, value, data, nonce, gas), serializes it using RLP, hashes the result with keccak256, and feeds the hash plus the private key into the ECDSA signing function. The output is a triple called (r, s, v) that any node can verify against your public key.
The verification step is the clever part. A node receives your signed transaction. It does not have your private key. But by running ECDSA recovery on (r, s, v) and the transaction hash, it can mathematically extract the public key that must have produced the signature. It then derives the address from that public key and checks that the address matches the from field. If everything lines up, the signature is valid and the transaction is allowed in.
Two consequences fall out of this. First, the network never needs your private key, only your signature. Second, the address that signed a transaction is provable from the signature itself; nobody can fake the from field, because changing the from field changes the recovered address and the signature stops verifying.
Section 05 · Wallet Types
Hot, cold, custodial, non custodial
There are two axes that describe every wallet. Where the keys live, and who controls them. The combinations are not all equally safe.
Non custodial hot wallets
Browser extensions and mobile apps like MetaMask, Rabby, and Phantom. You hold the keys, encrypted on the device under a password. They are convenient, free, and good enough for amounts you can afford to lose. The risk is that any malware, malicious browser extension, or phishing site that gets your password (or convinces you to sign a malicious transaction) can drain the wallet.
Non custodial cold wallets
Hardware wallets like Ledger and Trezor. The private key is generated and stored inside a secure chip and never leaves the device. To sign a transaction you confirm it on the hardware itself with a physical button press. Even a fully compromised computer cannot extract the key. This is the right place to keep most of your holdings.
Custodial wallets
An exchange account is a custodial wallet. Coinbase, Binance, and Kraken hold the private keys. You hold a username and a password. You are trusting a company. If the company is hacked, freezes withdrawals, or fails (FTX, Mt. Gox, Celsius), you can lose access to funds the blockchain still says belong to that account. Convenient for trading. Wrong place for long term storage.
Smart contract wallets
ERC4337 wallets like Safe and Argent. The wallet itself is a smart contract on chain that you control through a regular key. This unlocks features that a plain key cannot offer: spend limits, multisig approvals, social recovery, gas sponsorship, and session keys. The tradeoff is more complexity and a small ongoing gas cost when you change wallet rules. The right choice for treasury and high value flows in 2026.
A practical setup for someone who is past the experiment stage: a hardware wallet for the bulk of holdings, a hot wallet for daily DeFi with a small float, a custodial account on a regulated exchange for fiat on and off ramps, and ideally a smart contract wallet for any larger treasury. Different keys, different threat models, different blast radius if any one of them is compromised.
Section 06 · Common Mistakes
The five mistakes that drain wallets
Almost every catastrophic loss in self custody comes from one of the same five patterns. They are easy to avoid if you know what they look like.
Storing the seed phrase digitally
A photo in your camera roll, a note in iCloud, a draft email to yourself, a password manager that backs up to a cloud. All of these put your seed phrase one breach away from a stranger. Paper, etched metal, or an offline device is the only safe storage. If you must keep a digital copy, it has to be encrypted with a strong passphrase that lives only in your head.
Approving unlimited token allowances
Most DeFi sites ask you to approve a token. The default approval is unlimited and forever. If the contract is later exploited, every wallet that approved it can be drained. Approve only the amount you are about to use, and revoke old approvals from time to time using a tool like revoke.cash.
Signing arbitrary messages without reading them
A signed message can authorize anything. Phishing kits build a fake login that asks you to sign a permit2 message. The signature, valid forever, lets the attacker move tokens without ever touching gas. Read what you sign. If a wallet shows the message body and you cannot understand it in plain English, do not sign.
Reusing a seed phrase across hot and cold storage
If your hardware wallet shares a seed with your hot wallet, a single phishing message that gets you to type the seed compromises both. Hardware wallets earn their keep when their seed never touches an internet connected device. Generate a new seed inside the hardware wallet and keep it there.
Trusting an address from clipboard or DM
Clipboard hijack malware swaps the address you copied for one the attacker controls. Sending tokens to a Telegram or Discord pasted address is the same risk. Always verify the first and last six characters of any address before signing. For meaningful amounts, send a tiny test transaction first and ask the recipient to confirm.
Section 07 · FAQ
Frequently asked questions
What is the difference between a private key and a seed phrase?
A private key is the 256 bit secret that signs transactions for one Ethereum address. A seed phrase is a 12 or 24 word backup that the wallet uses to deterministically generate that private key (and many others) through BIP32 derivation. The seed phrase is the master backup. The private key is the working secret for one specific account.
Can someone derive my private key from my Ethereum address?
No. The address is keccak256 of the public key, and recovering the public key from an unused address is not possible. Even when the public key has been revealed by a transaction, recovering the private key from it requires solving the discrete logarithm problem on secp256k1, which is not feasible on any current or near future computer.
If I send ETH to the wrong address, can I get it back?
No. Ethereum transactions are irreversible by design. If the address belongs to a contract or to nobody, the funds are stuck. If it belongs to a person, the only recourse is to ask them to send it back. Always verify the first and last six characters of an address before sending and use a small test transaction for any meaningful amount.
Can the same Ethereum address work on Polygon, Arbitrum, and other EVM chains?
Yes. Every EVM compatible chain uses the same address derivation rules, so your Ethereum address is also your address on Polygon, Arbitrum, Base, Optimism, BNB Chain, and any other EVM network. The balance on each chain is separate. Sending USDC on Polygon to the same address on Ethereum does not move it across chains.
What happens if I import the same seed phrase into two wallets at once?
Both wallets will derive the same private keys and show the same balances. Either wallet can sign transactions for the same addresses. Nothing breaks; the blockchain only sees the signatures. The risk is operational. If both devices are connected to the internet, the attack surface doubles. Better to keep one canonical hot wallet and one cold wallet on separate seeds.