XDRIPACADEMY
Sign in

Lessons·Foundations·8 min·Beginner

Wallets, keys, addresses, and how to keep them straight

Three words people use as if they mean the same thing. They do not. Once you see the difference, the rest of self-custody stops feeling like guesswork.

People talk about "their wallet" the way they talk about a checking account. A box that holds money. Open it, the money is inside. Close it, the money is safe.

That is not what a wallet is.

If you want to hold crypto without confusion, three words have to live in different rooms in your head. Wallet. Key. Address. Most beginners stack them on top of each other, and every mistake that follows starts there.

A wallet is a keyring, not a vault

A wallet does not hold your coins. Your coins live on the blockchain, the public notebook from the last lesson. Nothing about the wallet sits between you and them.

What the wallet actually holds is a set of keys. The keys are what prove you can move the coins. The wallet is the container that keeps those keys organized, lets you back them up, and signs messages on the network's behalf when you tell it to.

If your wallet app gets uninstalled tomorrow, your coins are not gone. The keys are. And if you have the keys backed up somewhere else, you can plug them into a different wallet app and see the same coins. Different keyring, same keys, same coins.

Key takeaway

The wallet is the keyring. The keys are what spend. The coins never leave the chain. Confuse those three and every other concept in self-custody gets blurry.

The two keys, and what each one does

Every position you hold on a blockchain is unlocked by a pair of keys. They look like long strings of letters and numbers. You usually never see them, because the wallet abstracts them. But they are doing all the work underneath.

  1. Private key. The one that signs. Whoever has it can move the funds. There is no second factor, no recovery flow, no support line. We covered this in the self-custody lesson. The private key is the entire authority.
  2. Public key. Derived from the private key by math that only goes one way. You can compute the public key from the private key, but never the other direction. The public key is, as the name suggests, public. Sharing it does not give anything away.

The relationship is one-way and deterministic. The same private key always produces the same public key. Always. That is the math the network relies on.

And the address is something else again

This is the step most beginners skip.

Your address is not your public key. It is derived from your public key, usually by hashing it and adding a few bytes for error-checking and chain identification. Different chains do this differently. Bitcoin addresses, Ethereum addresses, and Solana addresses look nothing alike. But the pattern is the same. Address is downstream of public key, which is downstream of private key.

You share addresses freely. Putting your address on a payment screen, in a profile, on an invoice. That is the whole point of an address. It is the mailbox number. People send things to it. The private key is the only thing that can open the mailbox and spend what is inside.

Watch out

Sharing the address is fine. Sharing the public key is fine. Sharing the private key is the entire game. If anyone (a support agent, a "wallet validator," a stranger offering help) ever asks for your private key or your seed phrase, the answer is no. There is no legitimate reason.

How modern wallets multiply this

Real wallets do not hold one key. They hold many. From a single backup phrase, usually twelve or twenty-four words, the wallet derives an effectively unlimited tree of key pairs. Each pair gives you a new address. The same backup phrase rebuilds the entire tree on any compatible wallet, anywhere in the world.

That is why people call the backup phrase a seed. It is the seed of every key the wallet will ever generate.

Two practical consequences fall out of this:

  1. Your coins follow the seed, not the app. If the wallet company shuts down tomorrow, your coins are not stuck. Plug the seed into any compatible wallet and they reappear. The app was never the thing holding them.
  2. The seed is the most valuable string of words on Earth, for you. Anyone who reads your seed can reconstruct every key, on every chain that wallet supports, forever. Treat the seed phrase like the master key to a building you own. Because that is what it is.
Worth noticing

A seed phrase typed into a screenshot, a cloud note, a password manager that syncs over the internet, or a friend's phone is a seed phrase that has left your control. It does not matter that you trust the location. The seed only has to leak once.

A working mental picture

Picture a key ring on your belt. On the ring are dozens of keys. Each key opens one mailbox, somewhere in a very large city. The mailboxes have addresses written on them. Anyone in the city can drop letters into the mailboxes. That is what addresses are for. But only the keys on your ring can open them.

Lose the ring, lose access. Copy the ring without permission, someone else has access. Make a master key that generates every key on the ring, and that master key (your seed phrase) becomes the most powerful object you own.

That is a wallet. That is what self-custody is actually managing. The rest of this pillar, and the entire self-custody pillar after it, is about keeping the ring, the keys, and the master key in places you control.

Key takeaway

Wallet is the keyring. Private key signs. Public key is derived from the private key. Address is derived from the public key, and is the only one of the four you should ever paste into a public field. Hold those four sentences in your head, and the next ten lessons stop being confusing.

Track your progress

Create a free account to mark lessons complete and unlock pillar discounts.

← All lessonsYour first transaction (in a sandbox)