Introduction

I've noticed quite a few misconceptions on this subreddit about what wallets actually are and what the essential difference is between software wallets and hardware wallets. So, I've decided to write a thorough guide aimed and beginners and intermediate users who still have some gaps in their knowledge. This is not an advertisement for any particular wallet, nor even a recommendation to use some type over another or to employ a particular strategy. I just want to explain how they work, what the differences are, and what some key terminology means.

Note that this post is extremely long and might contain information that it either too basic for you or too advanced for you, so I invite you to skip to sections that are actually useful or interesting to you.

Public keys, private keys, and signed & unsigned transactions

As you probably know, a wallet of any type is basically an entity that knows your public key and a private key, which are associated with an address, the thing which can be involved in transactions on that chain. The public key is not sensitive, and is used whenever someone else sends assets to your address, but both the public key and the private key are used whenever your address makes an outgoing transaction.

Specifically, the private key is used to sign transactions, which is necessary for them to become actual transactions that get added to the blockchain, and therefore actually occur. An unsigned transaction is simply a package of data containing the sender's address, the receiver's address, and the amount of assets being sent. But an unsigned transaction can never actually be executed until it has been signed. Signing a transaction is a cryptographic step whereby the private key is used to add a proof to the transaction that the creator of the transaction knows the private key associated with the public key of the sending address. It is crucial to understand that nobody can infer your private key by looking at a transaction signed by your private key, but anybody can easily verify that whatever private key was used to sign the transaction is indeed the one associated with the public key doing the sending. This seems like magic, and it kind of is: it's cryptography.

As an analogy, imagine I want to demonstrate to you that I know the combination to a lock to prove that I am the lock maker (ie: the person who generated the blockchain address), but I don't want to actually tell you the combination (or else you'd be able to convince others you're the lock maker). I can prove I know it by having you cover your eyes, and then opening the lock, and then having you uncover your eyes. In this analogy, the lock itself is kind of like the public key: it's something anyone can handle and inspect, and by opening it I can prove to anyone that I'm the lock maker. (How this is mathematically achieved is way beyond the scope of this guide but is fascinating and also central to cryptography; I suggest looking up asymmetric encryption and RSA if you're interested. It has to do with primes and modulo operations). The public and private keys are mathematically linked, almost like they have common DNA, sort of like how the lock and the combination are inherently related to each other, and yet nobody can infer the private key by looking at its associated public key, just like how nobody can figure out the combination just by looking at the lock. Note than in this analogy, the lock isn't keeping your funds safe in the traditional way a lock on a box would. The lock is instead being used as a mechanism to prove you know something only the proper owner of the wallet could know, without actually revealing what it is you know.

So, any wallet is basically a piece of software or hardware that knows your public and private key, and uses the private key to sign outgoing transactions with a proof that the creator of the transaction knows the private key associated with the public key of the sending address. Once the signed transaction has been broadcast into the network, anyone who sees it can easily verify it and know: “well, whoever created this transaction clearly knows the private key associated with the public key of the sending address, so it must be a legitimate transaction.”

Seeds

You might be wondering why I haven't mentioned seed phrases yet. Aren't seeds the thing we need to keep safe?

A seed is a string of 12 or 24 words that a wallet will generate randomly for you when you first set up an address. This seed is then actually used to generate your public/private key pair using a standard, deterministic algorithm. The algorithm used to generate the keys from a seed is usually something called BIP39. Since it is deterministic, anyone in the world who uses the same seed to generate an address will get the same key pair, meaning they will have access to the same address.

The point of these seed phrases is that they are much easier to remember and manage than the random strings of characters that make up public and private keys. Since we can always generate the same key pair from a seed in a deterministic fashion, and since there is a 1-to-1 relationship between seeds and key pairs, we can use seeds to remember our keys without actually having to remember our keys. If we lose our keys, we can just generate them anew, assuming we still have our seed.

This also means that someone getting ahold of your seed is just as bad as someone getting ahold of your keys, since they can just generate your keys from that seed in the same way you did when you first set up the wallet, and then they will be able to control your assets using your keys.

To be clear, seeds are not actually used when creating and signing transactions, and cryptocurrency could exist without seeds (in fact, it used to). They are just a mnemonic from which your keys can be derived using an algorithm that everyone has access to.

So, in summary, the process is this: you decide to set up a wallet, so 24 words are chosen randomly from a big set of words defined by BIP39. You write these down as a backup, and then the BIP39 algorithm deterministically generates a public key and a private key which are mathematically linked, and then an address is generated deterministically from your public key. The public key and address are not sensitive, but the private key is, and since the private key can be determined from the seed, the seed is equally sensitive.

Software wallets

With a software wallet that you have on your computer or phone, the software itself knows both your private and public key. That is to say, your keys are stored on your hard drive. Since it knows your private key, it can be targeted by malware. There could even be a screen spy virus or a keylogger that records your wallet telling you the seed phrase that first time that you generate it. In general, since your computer has internet access, it is a target. As long as your computer has a software on it that knows your private key, that key is only safe so long as your entire computer itself is fully safe, which is extremely hard to guarantee. Ideally, if you want full peace of mind, your private key should never be known by any machine that is ever connected to the internet.

Hardware wallets

A hardware wallet, on the other hand, is always offline, and is isolated from a risky environment like a PC. When you want to send crypto from your hardware wallet, you set up the unsigned transaction using a software on your PC (like Ledger Live or Trezor Suite, etc.), but you can't actually sign the transaction and send it on your PC, because that software doesn't know your private key (that software might feel like a wallet, but it absolutely is not, because it is not in possession of you private key). Instead, to actually send the transaction, you attach your hardware wallet to your PC with a USB, the software sends the unsigned transaction to the wallet through the USB, and you press a physical button on the wallet to confirm you want it to sign the transaction. You might think that to do this, it must send your private key through the USB to the software on your PC, but it doesn't. It signs the transaction on the physical device itself, using the private key, then sends the signed transaction back through the USB to the software, which then sends it off into the network. The crucial thing to understand here is that the key never leaves the hardware wallet; the only thing that travels from the wallet to your unsecured PC that is full of malware is the signed transaction, which is not sensitive. In theory, all of this can be done without your PC even being connected to the internet; only once the software on your PC has received the signed transaction back from the wallet do you need to connect to the internet so that it can broadcast the transaction to the network. The software (and the entire PC) never know anything sensitive throughout this entire process.

So, really a hardware wallet is just a transaction signer. It is an offline object that adds your private key signature to transactions when you tell it to, and then it sends those transactions back through a USB. Your private keys therefore never appear on your PC screen, are never typed by your PC keyboard, and are never known by any drive on your PC, or by any entity that has internet access.

Paper Wallets

If you decided to go the "paper wallet" route of literally just memorizing your keys, or writing them on paper, rather than having a hardware or software wallet, the problem is that to actually make an outbound transaction, you would have to use any one of a hundred different online tools or executable applications or whatever to actually type in your key (or seed) and the details of the transaction, because you can't interface directly between your brain and the blockchain. Now, you're back in the original situation of having an online machine see your private key (in reality, it's a bit more complex than this; there are workarounds that allow you to do this relatively safely, but I don't want to complicate this too much). This technique is largely considered obsolete, and most people do not recommend it.

Air-gapped wallets

Some hardware wallets have an extra layer of security called an air gap. These wallets do not even need to be plugged in to a device with a USB. Instead, the software on your PC creates a QR code of the unsigned transaction, which the wallet device then scans with an optical reader. Once the wallet has signed the transaction, it creates its own QR code of the signed transaction, which you then scan with your phone to get that signed transaction back in the hands of the software that will broadcast it into the network. This way, there is always a literal gap of air around your device.

This removes the paranoia of some kind of farfetched attack with a standard hardware wallet where it could somehow have malicious firmware that would send the private key itself through the USB when you plug it in, which would be received by some kind of malware on your PC that would then send it to somebody over the internet.

A lot of people consider this to be overkill, but it does do away with the psychological discomfort of plugging in your hardware wallet to a computer.

Hot and cold wallets

Many people use “hot wallet” and “software wallet” interchangeably, and “cold wallet” and “hardware wallet” interchangeably. However, these terms are not actually synonymous. A hot wallet is any wallet which interacts with smart contracts or wallets that you do not control, while a cold wallet is one that only ever interacts with other wallets you control.

Hardware wallets are very commonly used as cold wallets, but it is also possible to use your hardware wallet to, for example, engage in DeFi and sign smart contracts in order to do all kinds of things like lend assets or yield farm. This would make it a hot wallet, even though it's a hardware wallet. This introduces an entirely new type of risk that is separate from your private key being compromised: smart contract risk. Assuming you aren't actually reading all the smart contracts you sign with your hardware wallet, then you could fall prey to a malicious smart contract that takes your assets. In such a scenario, your private key is never compromised; instead you just unknowingly signed a contract where you agree to all your ETH being sent to some other address, or something. Maybe you meant to go to Uniswap but you went to the lookalike site Unipwned and used your hardware wallet to sign a smart contract transaction that you though was going to buy you 25 LINK but instead was asking you to send out 3000 USDC for free.

A common technique is to use a software wallet (like Metamask) as a hot wallet that interacts with smart contracts to make your DeFi plays, while also using a hardware wallet as a cold wallet for deep storage that only ever interacts with your hot wallet. This technique is kind of like having an airlock (hot wallet) to prevent your submarine's safe pressurized chamber (cold wallet) from ever interacting with the ocean environment (scary smart contracts), while still allowing submariners to pass between the two environments.

Final Clarifications

A common misconception is that a wallet is the thing that holds your coins and tokens. This is not accurate. Your assets are held in a virtual location called an address. Your wallet corresponds to your address, but all your wallet really is is a place to store the keys needed to control that address and its contents.

This is why losing your wallet (whether this means you dropped your hardware wallet in a lake, or the software wallet instance that was installed on your PC was lost when your PC died) doesn't mean you have lost your coins. Your bitcoins don't live on that little device you dropped in the lake. They live in a virtual network.

As long as you still have your seed, you can use any other software or hardware wallet and enter that seed to regenerate your keys and regain access to your assets (well, any wallet that uses the BIP39 standard, which is most).

Something else I'd like to clarify: for simplicity I have been writing as though one wallet corresponds to a single key pair, and therefore a single address. However, in practice, most hardware and software wallets these days are capable of holding on to multiple key pairs, corresponding to multiple addresses, even across multiple block chains. Some software wallets are indeed only meant to be used for one address on one specific block chain for which they were designed, but many wallets, both soft and hard, allow you to hold assets from various chains, like BTC, ETH, and ADA, in what feels like is a single location. In such a wallet, you actually have multiple key pairs corresponding to multiple addresses on multiple chains, all corresponding to a single seed phrase from which all those key pairs can be generated.

Moreover, some devices even allow you to have multiple "accounts" that you can switch between, where each account is essentially its own seed phrase from which you have generated a bunch of key pairs, each of which is for an address on a different chain. For example, I might have a hardware wallet with two accounts, and therefore two seeds, where I use the first one as a cold wallet for BTC, ETH, and ATOM (and therefore, on this account, my seed has generated 3 key pairs for 3 addresses on 3 different chains), while I use the second one as a hot wallet to yield farm ERC20 tokens (so on this account, my seed corresponds to a single key pair for an address on the Ethereum chain, where all ERC20s live). I would probably send ETH back and forth between these two accounts, and it would all be happening on a single device, and therefore it would all arguably be one wallet.

I hope this guide has been useful or interesting!