Video Briefing

Offshore Citizen: Clearing up confusion: How CRYPTO and HARDWARE wallets work?

Dec 11, 2020Video Briefing19:31Watch on YouTube

Cryptocurrency wallets do not actually “store” coins in the way a physical wallet stores cash. Crypto assets remain recorded on the blockchain, while the wallet controls the private keys needed to access and move funds from a blockchain address.

Crypto is recorded on a decentralized ledger

Cryptocurrencies operate on a blockchain or similar decentralized ledger system.

A blockchain can be understood as a shared database maintained by many computers around the world. These computers store and update the same transaction record. Because the data is distributed across many nodes, there is no single point of failure.

Ethereum is given as an example, with around 9,000 nodes globally. Even if thousands of nodes were taken down, the network could continue operating.

This distributed structure is part of what makes blockchain systems resistant to shutdown and difficult to attack compared with a centralized bank account.

A wallet is not where the coins physically sit

The term “wallet” can be misleading.

A crypto wallet does not hold coins in the same way a bank account holds a balance or a physical wallet holds cash. The tokens are recorded on the blockchain.

What the wallet controls is access to an address on that blockchain.

Each wallet address has funds associated with it. To move funds out of that address, the user needs the correct cryptographic key.

Public keys and private keys

Crypto wallets rely on two linked cryptographic keys:

  • Public key: This is comparable to the wallet address. It can be shared so others can send funds to the address.
  • Private key: This is the secret key that allows the owner to access and move funds from the address.

The public key can be derived from the private key, but the private key cannot be derived from the public key.

This is the critical security feature. Someone can know a wallet address and send funds to it, but they cannot move funds out unless they have the private key.

The private key must be protected. If it is lost, there is no password recovery. If someone else obtains it, they can access the funds.

Crypto transactions are usually irreversible

Crypto systems place responsibility on the user.

With a bank or centralized online service, there may be password recovery, fraud reversal, or customer support. With Bitcoin and many blockchain systems, once a transaction is sent, it is final.

If funds are sent to the wrong address, they may be permanently lost.

It is possible to send funds to an address that effectively cannot be accessed. This is sometimes referred to as “burning” tokens. In practical terms, unless someone can produce the matching private key, the tokens are lost.

Software wallets protect access to private keys

Many wallet applications add a user interface around the private key.

For example, software such as MetaMask may use a password or login process. That password does not replace the private key. It protects access to the private key stored through the wallet software.

Exchanges work differently. If a user stores crypto on an exchange such as Binance, the exchange controls the private keys. The user logs in with a username and password, but the exchange holds custody of the wallet keys.

This creates counterparty risk. The exchange could be hacked, freeze withdrawals, lose funds, or otherwise fail to give the user access.

The common phrase is: “your keys, your coins.” If the user does not control the private keys, they do not fully control the crypto.

Why hardware wallets exist

A hardware wallet is designed to protect private keys from being exposed on an internet-connected computer.

The crypto itself is not moved into the hardware device. The tokens remain recorded on the blockchain. The hardware wallet stores the private key and signs transactions securely.

A hardware wallet typically connects to a computer by USB. When the user wants to send a transaction:

  1. The transaction is prepared on the computer.
  2. The unsigned transaction is sent to the hardware wallet.
  3. The hardware wallet signs the transaction internally.
  4. The signed transaction is sent back to the computer.
  5. The transaction is broadcast to the blockchain.

The private key does not leave the hardware wallet.

This matters because if a computer is hacked, malware may be able to see files, keystrokes, or data stored on the machine. But it should not be able to see the private key stored inside the hardware wallet.

Hardware wallets reduce one major security risk

The main purpose of a hardware wallet is to prevent an attacker from stealing the private key from the computer.

The transcript compares this to signing a check. If the signature is stored on the computer, someone who hacks the computer may copy it and reuse it. A hardware wallet instead signs the transaction inside a separate device and only sends back the signed result.

The attacker can see the signed transaction, but not the private key used to create it.

This makes hardware wallets useful for people who want stronger security over their crypto holdings.

Hardware wallet manufacturers should not have your key

A hardware wallet manufacturer should not know or store the user’s private key.

The key should be generated by the user’s device or setup process. The manufacturer should not keep a database of keys linked to devices.

If the manufacturer goes out of business, the crypto should still be accessible because the funds are not stored on the manufacturer’s system. They are recorded on the blockchain, and access depends on the user’s private key or recovery phrase.

Recovery phrases are critical

When setting up a wallet, users are usually given a recovery phrase, often a list of words.

This phrase can restore access to the wallet if the hardware device is lost or damaged.

The recovery phrase must be protected carefully. Anyone who has it may be able to restore the wallet and move the funds.

If a hardware wallet is stolen, the user should immediately restore the wallet using the recovery phrase and move the crypto to a new address controlled by a new private key.

A PIN may protect the device, but a stolen device should still be treated as a serious risk.

Exchange custody is less secure than private custody

The transcript recommends not storing crypto on exchanges when security matters.

Buying through services where the user does not control the actual wallet is also discouraged. Examples mentioned include PayPal and Grayscale.

The preferred structure is:

  • Buy the crypto directly.
  • Hold it in a private wallet.
  • Use a hardware wallet to protect the private key.
  • Keep the recovery phrase secure and offline.

This gives the user direct control rather than relying on a centralized service.

Why crypto wallets matter now

The transcript presents cryptocurrency as increasingly important because traditional banking systems are becoming more restrictive.

Examples mentioned include banks in Europe holding up routine transactions, creating problems for suppliers and clients. Hong Kong, the U.S., and offshore jurisdictions are also described as having international transaction issues.

Cryptocurrency can help users transact more easily outside some of these banking frictions, although it also creates new responsibilities and risks.

Practical security principles

Anyone using cryptocurrency should understand the following:

  • The coins are not stored in the wallet device; they are recorded on the blockchain.
  • The wallet controls private keys.
  • The private key controls access to funds.
  • Losing the private key can mean permanent loss.
  • Sharing or exposing the private key can mean theft.
  • Exchange balances are not the same as self-custodied crypto.
  • Hardware wallets help keep private keys away from hacked computers.
  • Recovery phrases must be stored securely.
  • Transactions are usually irreversible.

The practical conclusion is that crypto security depends heavily on key management. A hardware wallet is not a physical container for coins; it is a tool for protecting the private key used to sign blockchain transactions. For users holding meaningful amounts of crypto, direct custody with a hardware wallet is presented as the safer approach.