What is a crypto wallet: Keys, signatures, and who can move your coins

A crypto wallet is a trade authorization device: it manages cryptographic keys, generates a wallet address for receiving funds, and signs transactions to move assets recorded on a blockchain. Your crypto is not “in” the wallet, and ownership is operational because whoever can produce a valid signature from the private key controls the funds.

Key Takeaways

• A crypto wallet does not store coins. It generates a wallet address that points to on-chain assets and signs transactions that move them.
• Control is defined by the private key, and the public key side is safe to share for receiving because it cannot be used to derive the private key.
• The biggest fork in the road is custodial vs non custodial wallet setups, which changes recovery options, counterparty risk, and dApp compatibility.
• In self-custody, the seed phrase is the master backup that can recreate private keys. Lose it and access can be permanent. Leak it and the device does not matter.

Crypto wallets as keys and addresses

The first thing a beginner needs to delete is the mental image of a wallet as a container. On-chain ledgers already hold the record of who owns what. A cryptocurrency wallet is the interface layer that lets a user point to that record and authorize changes to it.

Two objects do most of the work on the screen. The wallet address is what gets pasted into a withdrawal form or shared with a counterparty so funds can be sent in. Under the hood, that address is derived from the wallet’s public side of the key material, which is why it is designed to be shareable. The spend side is the private key, which never needs to be shown to anyone for a receive, and should never be.

This is why the “my crypto is in my wallet” phrasing causes so many unforced errors. If the wallet app disappears, the chain does not. If the phone breaks, the chain does not. What matters is whether the credentials that can authorize spending still exist and are still controlled by the right person.

That framing also explains why wallet UX differences can be misleading. One app might show balances, NFTs, and transaction history in a clean dashboard, while another looks like a developer tool. Those are presentation choices. The control plane is still the same question: who can produce a valid signature that the network will accept.

How wallets authorize crypto transactions

A wallet earns its keep at the moment it signs. When a user hits “send,” the wallet software constructs a transaction message that says, effectively, “move asset X from address A to address B.” The network does not care about the app’s branding. It cares about whether the message is accompanied by a valid cryptographic signature.

That signature is generated with the private key. The public key is the counterpart used by the network to verify that the signature matches the sender’s address. The design goal is asymmetric: the public key can be shared widely, but it should be infeasible to work backward from the public key to the private key. Blocktrade explicitly frames this as a one-way property of asymmetric cryptography, developed as a breakthrough in the 1970s, and notes that deriving the private key from the public key is not possible.

Mechanically, the flow looks like this:

1. Inputs: the destination wallet address, the amount, and the network context the wallet is connected to. 2. Process: the wallet uses the private key to sign the transaction, producing a signature that proves control of the sending address. 3. Outputs: the signed transaction is broadcast, and the blockchain records it once accepted.

The consequence is blunt. If an attacker can sign, the attacker can spend. If a user cannot sign, the user cannot move funds, even if the balance is visible in an app. That is why “how crypto wallets work” is less about storage and more about authorization.

Custodial vs non-custodial wallet control

The custody model answers the desk-trader question: who can move the coins if the owner is asleep. MoonPay and Crypto.com both reduce custodial vs non custodial wallets to the same defining difference, which is who controls the private key.

A custodial wallet means a third party, often an exchange, holds and manages the private keys. The user experience tends to look like a normal account: login, password resets, and customer support. MoonPay’s framing is that recovery is the selling point. If access is lost, the custodian can often restore it because the custodian still controls the key material. The tradeoff is concentrated risk. Centralized key storage creates a single target, and MoonPay points to the Liquid exchange hack, where roughly $90 million was stolen, as an example of what can happen when keys are held at scale.

A non custodial wallet means the user controls the private key directly. That can be a hot wallet on a phone or browser extension, or a cold wallet device that signs offline. MoonPay’s guide also ties non-custody to Web3 usability, stating that non-custodial wallets are compatible with dApps, DeFi protocols, and DEXs, while custodial wallets are generally not.

Compliance and onboarding differ too. MoonPay notes custodial wallets typically require KYC/AML checks, while non-custodial wallets generally do not require KYC/AML to create and use. That difference is not a moral badge. It is an operational constraint that affects how quickly an account can be opened and what recovery policies exist.

Security and recovery with seed phrases

Self-custody security collapses to one artifact: the seed phrase. Coinpaper describes a seed phrase, also called a recovery phrase or mnemonic phrase, as typically 12 or 24 words generated when a wallet is created. It is often built using the BIP-39 standard and drawn from a fixed list of 2,048 words. Entering that phrase into a compatible wallet recreates the underlying private keys and restores control.

That design creates two failure modes that beginners routinely underestimate:

1. Loss: if the seed phrase is gone and the device is gone, there is usually no recovery path. MoonPay and Coinpaper both warn that losing access to the private key or seed phrase in a non-custodial setup can mean permanent loss. 2. Exposure: if someone else learns the seed phrase, they can recreate the wallet and move funds without needing the phone, the hardware wallet, or the app password. Coinpaper is explicit that the seed phrase is enough.

Coinpaper’s threat model is mostly human and endpoint-driven, not cryptographic. The phrase is not “hacked” out of the blockchain. It is stolen through phishing and social engineering, malware and keyloggers, or sloppy digital storage like screenshots, cloud drives, and email.

A simple pre-flight checklist before moving size is boring and effective: verify the correct network, verify the wallet address character-by-character, and do a small test send. Wallets sign what they are told to sign. They do not provide customer service when the wrong destination is final.

Choosing a wallet for your needs

The decision framework is less about brand names and more about matching custody to the job. MoonPay’s examples make the menu concrete, with custodial wallets including exchange and custodian products, and non-custodial wallets including software wallets like MetaMask and hardware wallets like Ledger and Trezor.

A useful way to choose is to map each option to three questions:

1. Recovery policy: is account recovery handled by customer support, or is the seed phrase the only master key. Custodial setups usually offer recovery because the provider controls the private key. Non-custodial setups usually do not. 2. Attack surface: is the signing environment online all the time, like a hot wallet, or isolated, like a cold wallet that can sign offline. MoonPay’s view is that offline hardware wallets reduce exposure because keys can stay off internet-connected devices. 3. Workflow requirements: will the wallet be used with dApps, DeFi protocols, and DEXs. MoonPay’s guide draws a clean line that non-custodial wallets are compatible with those Web3 applications, while custodial wallets generally are not.

Beginners also run into a category error when they compare “exchange wallet” and “DeFi wallet” as if they are interchangeable. They are different tools. A custodial exchange account is optimized for login, compliance, and support-driven recovery. A non-custodial wallet is optimized for direct signing and Web3 connectivity, with the seed phrase as the master backup.

Readers looking for next steps should treat these as separate tasks: crypto wallet types explained is about custody and connectivity, how to choose a crypto wallet is about matching those traits to the intended workflow, and how to set up your first crypto wallet is about generating and protecting the seed phrase before any meaningful funds touch the wallet.

The Take

I’ve watched beginners blow themselves up by treating a wallet like a folder where coins “sit,” then acting shocked when the only thing that mattered was who could sign. The clean mental model is brutal but freeing: the blockchain tracks ownership, and the wallet is the authorization device. If the private key or seed phrase is controlled by someone else, that someone else can move the funds. If it is controlled by nobody because it was lost, the funds might as well not exist.

The expensive misconception is thinking recovery works like Web2. On a custodial venue, support can often unwind a login problem because the venue holds the keys. In a non custodial wallet, the seed phrase is the whole account. I’ve seen people keep it in screenshots and notes apps, then get phished and drained without the attacker ever touching the phone. The device was never the vault. The signature was.

Sources

• MoonPay
• Blocktrade
• Coinpaper