How Bitcoin Wallets Work
A wallet does not hold Bitcoin. It holds the keys that prove you own it. Here is how that works and why it matters.
The first thing to unlearn
A Bitcoin wallet is not like a bank account or a physical wallet. It does not "contain" Bitcoin the way a folder contains files. Bitcoin exists on the blockchain - a global, distributed ledger. Your wallet holds the private key that proves you control a specific amount of Bitcoin on that ledger.
A better analogy: your wallet is like a keyring. The Bitcoin lives in a lockbox (the blockchain). Anyone can see the lockbox. Only the person with the right key can open it.
This distinction matters because it changes how you think about security. You are not protecting "your Bitcoin." You are protecting your key. If someone copies your key, they can move your Bitcoin. If you lose your key, nobody - not the wallet company, not the Bitcoin network, nobody - can help you get it back.
The three things a wallet manages
Private key, public address, and seed phrase. Everything else is interface.
Private key
A 256-bit number - essentially an extremely long password - that gives you the ability to spend Bitcoin associated with it. Your wallet generates this when you set it up. Anyone who knows this number controls your Bitcoin. It must never be shared, photographed, or stored on a connected device.
In practice, you never see or type your private key directly. The wallet handles it behind the scenes. What you interact with is the seed phrase (below).
Public address
Derived from your private key through a one-way mathematical function. This is what you share when you want to receive Bitcoin - like a bank account number. Anyone can send Bitcoin to your public address. But knowing the address does not let anyone spend from it - only the private key can authorize spending.
Modern wallets generate a new address for each transaction for privacy. They all derive from the same private key, so you control all of them.
Seed phrase (recovery phrase)
12 or 24 random English words generated when you create a wallet. This is a human-readable encoding of your private key. If your device breaks, is stolen, or is lost, you can restore your entire wallet on a new device using these words.
This is the most important thing you will ever write down. Store it offline - on paper, on metal. Never type it into a website. Never photograph it. Never store it in a notes app. If someone gets your seed phrase, they have your Bitcoin.
"Not your keys, not your coins"
The single most important distinction in Bitcoin wallets is who holds the private key.
Custodial (exchange holds the key)
When you "hold" Bitcoin on Coinbase, River, or any exchange, they hold the private key. You have an IOU - a claim on Bitcoin, not Bitcoin itself. This is convenient, but it means you are trusting the exchange not to lose it, get hacked, freeze your account, or go bankrupt (FTX, Celsius, Mt. Gox).
Analogy: keeping cash in a bank. Convenient, but the bank could fail.
Non-custodial (you hold the key)
A non-custodial wallet means you - and only you - have the private key. No company can freeze your funds, lose them in a hack, or prevent you from transacting. The trade-off: you are solely responsible for backup and security. Lose your seed phrase, lose your Bitcoin.
This is the recommended approach for any meaningful amount of Bitcoin.
Types of non-custodial wallets
From most convenient to most secure.
Software wallets (hot wallets)
Apps that run on your phone or computer. Your private key is stored on the device. Free, convenient, good for smaller amounts.
Our picks: Sparrow (A-) for desktop power users. BlueWallet (C+) for mobile. Phoenix (B-) for Lightning payments.
Risk: Your keys live on a device that connects to the internet. If the device is compromised by malware, your keys are exposed.
Hardware wallets (cold wallets)
Dedicated physical devices that store your private key offline and sign transactions without exposing the key to your computer. Cost $70-$170. The gold standard for any significant amount.
Our picks: Coldcard (B+) for maximum security (air-gapped). Trezor (B) for open-source and ease of use. Ledger (D) is popular but has closed-source firmware and data breach history.
Risk: The device itself is not the risk - it can be replaced. The risk is losing your seed phrase backup.
Multisig wallets
Require multiple keys (e.g. 2-of-3) to authorize a transaction. Keys are stored on separate devices in separate locations. No single compromised key means no loss of funds.
Our picks: Sparrow (A-) supports multisig setup. Unchained (B) provides guided multisig with a key agent.
Risk: Complexity. Setup errors can lock you out. Not recommended unless you have the technical comfort and the amount justifies it.
What most people should do
Under $1,000: A software wallet is fine. Use BlueWallet on your phone. Write down the seed phrase on paper. Store the paper somewhere safe.
$1,000 - $50,000: Get a hardware wallet. A Trezor Safe 3 or Coldcard costs $70-$170 and dramatically improves your security. Stamp your seed phrase on metal. Store it in a separate location from the device.
Over $50,000: Consider multisig. Store keys in different geographic locations. Have a plan for what happens if you die. This is real money - protect it like real money.
At every level: use a DCA strategy on an exchange like River or Swan, then periodically withdraw to your own wallet. Do not let Bitcoin accumulate on exchanges.
Related
Go deeper on Bitcoin security and storage