A Web3 wallet is software that stores the private keys for your blockchain address. Beyond this, Web3 wallets also act as a control panel for your different crypto accounts, displaying your different balances and enables you to interact with Web3.
Unlike traditional wallets, Web3 digital wallets don’t store your currency inside; they only store the keys for your crypto. Let’s take a closer look at that.
When you own crypto of any variety, it will have an associated “key pair”. This pair of keys – one public, one private – are unique to the blockchain address where your crypto lives.
The public key acts as the “address” for your blockchain wallet, enabling others to find you.
Conversely, the private key gives access to your blockchain address and control of everything stored there. To secure your crypto, you must secure that private key, which is the function of your wallet.
So how exactly do Web3 wallets work? The main functions of a Web3 wallet include
Your Web3 wallet has a fundamental job. It creates an address for you on the blockchain, and generates the associated public and private keys for that address.
It then secures the highly sensitive private key within its software, making sure nobody can access it. It’s the most important
When you start a new web3 wallet, one of the first things you’ll see is a string of 12 or 24 words, known as your recovery phrase. The point of this phrase is to back up your wallet. If you ever become locked out of the wallet interface, or physically lose your wallet in the case of a hardware device, you’ll be able to recover all of your private keys by entering this phrase into another wallet interface. This commitment to interoperability on Web3 is deliberate: it means YOU are in control of your crypto, not your wallet provider.
Storing your recovery phrase securely is absolutely essential – we’ll come back to that below.
Your Web3 wallet is your interface for sending and receiving crypto within the decentralized web. This might include coins such as BTC and ETH, as well as DeFi tokens and NFTs. All you need to do is create an account for the relevant blockchain within your wallet.
For example, if you create an Ethereum wallet, you’ll be able to send and receive ETH on the Ethereum network.
Whatever your activities, you’ll want to keep an eye on your crypto wallet balance. Web3 wallets (generally speaking) display your balance on their interface, letting you get a quick overview of all your accounts.
You might also be looking to use your crypto for other things. The DeFi ecosystem offers a whole spectrum of different services, from crypto trading on decentralized exchanges to crypto lending, yield farming and much more. You may even want to get involved with the world of NFTs, engaging with NTF marketplaces or swapping with other users.
Whatever you’re into, all of this means interacting with smart contracts – and your trusty Web3 wallet should be equipped to handle that for you.
Now you know the main functions of a Web3 wallet, let’s get into the different types you might use, and what they offer.
A browser extension wallet is a piece of software that lives within your web browser, and stores your private keys. It is a type of hot wallet (online wallet), since your private keys will always be connected to the internet.
Browser extension wallets have the advantage of being non-custodial, because you control your keys directly, not a third party. They are also a convenient choice, enabling you to send and receive crypto with a simple login. These digital wallets are also equipped to communicate with smart contracts, meaning you can interact easily with DeFi services and dApps.
However, they also come with some risk. With your private keys always online, they can be exposed to malware and sophisticated hacks deployed via your connection.
A good example of a browser extension wallet is Metamask, which clocks over 30million monthly users.
Desktop wallets are another subcategory of hot wallets. A desktop wallet is an app on your computer that you can access via login credentials – often, there is also 2FA for extra security.
It can be downloaded for free, and has the advantage of convenience, since using it as you browse is seamless. It is also non-custodial, leaving you in direct control of your private keys.
However, as with any hot wallet, desktop wallets mean your private keys are always connected to the internet. This exposes them to hacks and malware attacks.
As with desktop wallets, mobile web3 wallets are software applications (mobile apps) downloaded to your phone. Mobile wallets are free to use, and secure your private keys within their software. This makes the mobile wallet a convenient choice for trading or exploring web3 on the go.
They come with the usual security concerns of keeping private keys online. However mobile wallets remain a nimble self-custody option for small amounts of crypto.
Some Web3 wallets use a combination of hardware and software to secure your private keys. A hardware wallet is specialised device that generates and stores your private keys in an offline environment. It’s coupled with a software interface, enabling users to interact with Web3 while their keys remain offline.
Hardware wallets are generally secured by a PIN code, meaning that even if someone has your device, they can’t access your crypto.
They are also non-custodial. This means you have direct ownership of your private keys, and won’t rely on a third party for access to your crypto. But the real advantage of a hardware wallet is that it does not connect to the internet. This means your private keys are stored locally and stay out of reach of malware and hacks.
However, there are some drawbacks. As a physical device, hardware wallets are not free – and can be fairly expensive. They lack the convenience of hot wallets: you will need to connect your device each time you trade. And unlike browser extension wallets, hardware wallets are not equipped for certain smart contract interactions. This means you’ll also need to use middleware to interact with certain dApps and DeFi platforms.
Another important distinction is the difference between custodial and non-custodial wallets.
A custodial wallet is one run by a third party, such as an exchange. It stores your private keys but never gives those keys directly to you. Instead you’ll have login credentials for accessing your wallet. If the custodian ever closes down, or gets hacked, you’ll lose access to your crypto.
Conversely, a non-custodial wallet generates your private keys when you launch the wallet. You are in sole custody of those keys and have direct access to your blockchain address at all times.
You’ll also be responsible for managing your recovery phrase, which backs up everything in your crypto wallet.
Here are some key considerations for anyone using a Web3 wallet
Whether you’re using a hardware or software wallet, it’s likely the underlying software will be updated over time. The point of software updates is to secure you against potential vulnerabilities, so staying up to date ensures your crypto stays safe from attacks.
A seed phrase is a back up of everything in your wallet – think of it as the skeleton key for your crypto. If you ever lose the wallet, or the software crashes, you can still access your blockchain addresses via the recovery phrase. But this phrase is also extremely sensitive – if anyone finds it, they can access all of your crypto assets.
Secure recovery phrase storage means keeping your 24 words hidden in a place nobody has access to. It must also be water and fire resistant to avoid damage.
Some wallet providers offer a service to back up your seed phrase too although this is a very controversial option in the crypto community. Ledger Recover is a well-known example of third-party recovery phrase storage. It splits the raw data from your seed phrase into encrypted shards that cannot be read by the custodian, or anyone else. If you ever lose access to your wallet, you can use the service to recover it.
Web3 wallets are designed to keep your private keys safe but there are exceptions when online wallets can be hacked. The Trust Wallet exploit is a great example of how software vulnerabilities in digital wallets can leave your crypto at the mercy of hackers.
And that’s not the only risk you face. Even if your wallet software is completely secure, social engineering scams are on the rise in Web3.
These scams target you the user, aiming to exploit weaknesses in your technical knowledge of Web3. Social engineering scams create situations that feel genuine, building your trust to trick you into giving the scammer access to your private keys.
There are lots of different examples of this in action including
Offline keys are the safest option, but even the safest wallet can’t prevent scammers from scamming. So stay informed!
Web3 wallets are likely to take new forms in future, as the crypto ecosystem continues to advance and innovate. The ERC-4337 upgrade is a great example.
Web3 wallets as we know them are individual accounts (blockchain addresses) controlled by a private key. While the system is simple, it has the disadvantage of making your private key a single point of failure; if someone has this piece of data, they can access your crypto.
By contrast, account abstraction converts your web3 wallet into a smart contract instead of an external account. This means you can design your own advanced security features (biometric security, 2FA, etc.), beyond your private key. Account abstraction wallets exist as smart contracts with their own customized conditions, designed by you the owner. So even if someone gets access to your private key, they still can’t transact with your crypto without meeting the other validation rules you’ve set up.
For example, you might have set up your contract account to require multiple signatures, or not to transact beyond a certain value.
In short, account abstraction enables you to add conditions to your crypto wallet, and move away from the private key as a single point of failure. This means new levels flexibility and security as you manage your crypto.
The Web3 ecosystem is still nascent, as is the technology that secures your crypto. But the more you understand the tools at your disposal, the more you can leverage Web3 to your own advantage.