SSP Editorial Team

What Is a Crypto Wallet? Keys, Coins, and Control

·7 min read·By SSP Editorial Team
Illustration of a crypto wallet as a keyring holding private and public keys, with a blockchain ledger behind it

What a crypto wallet actually is

Ask ten people what a crypto wallet is and most will tell you it is a place where your coins are kept. That picture feels natural — a leather wallet holds banknotes, so a crypto wallet must hold crypto. It is also the single most useful misunderstanding to clear up before you go any further, because almost every confusing thing about crypto starts to make sense once you fix it.

A crypto wallet does not store coins. Your coins are not files, and they are not "inside" any app or device. They are entries in a shared public ledger — the blockchain — that thousands of computers around the world keep in sync. What a wallet actually stores is a set of keys: secret numbers that prove you, and only you, are allowed to move the balance the ledger has recorded against your name.

Put plainly: the blockchain holds the money, and the wallet holds the proof that the money is yours. A wallet is less like a billfold and more like a keyring.

The blockchain holds the balance, not the wallet

It helps to picture the blockchain as a giant public spreadsheet that anyone can read but no one can secretly edit. Every account has a row, and every row shows a balance. When someone sends you Bitcoin, no object travels to your device. The network simply updates the spreadsheet: one row goes down, your row goes up.

Your wallet reads that spreadsheet to show you a number. Delete your wallet app and the number does not vanish — the row is still on every copy of the ledger worldwide. Reinstall the wallet, give it your keys again, and the balance reappears instantly. Nothing was ever "in" the app. The app was only a window onto the ledger, plus a tool for signing instructions to change it.

This is why losing your phone is not the same as losing your money, and why losing your keys is.

Private keys: the secret that controls everything

The private key is the heart of a wallet. It is a very large, randomly generated number — so large that guessing it is, for practical purposes, impossible. Whoever holds the private key can authorise transactions from the account it controls. There is no separate password, no support desk, no account-recovery form. The key is the authority.

That cuts both ways. It means no bank or company can freeze or seize your funds. It also means there is no one to undo a mistake. If someone copies your private key, they can move your balance and the network will accept it, because from the ledger's point of view a valid signature is a valid signature. Protecting the private key is therefore the entire job of wallet security.

Most wallets do not show you the raw private key. Instead they show a recovery phrase — usually 12 or 24 ordinary words. That phrase is a human-readable seed from which all of your keys are mathematically derived, following the BIP-39 standard. Anyone with the words can rebuild the keys, so the recovery phrase deserves exactly the same care as the keys themselves: write it down, store it offline, and never type it into a website.

Public keys and addresses: what you can safely share

Every private key has a matching public key, produced from it by one-way mathematics. "One-way" is the important part: you can calculate the public key from the private key in an instant, but no computer can run the calculation backwards to recover the private key from the public key. This asymmetry is the foundation of all modern cryptography — Bitcoin's own design rests on it, as described in the Bitcoin whitepaper.

From the public key, your wallet derives an address: the shorter string of letters and numbers you hand out to receive funds, often shown as a QR code. An address is safe to share publicly. The worst anyone can do with it is send you money or look up your balance. They cannot spend from it, because spending needs the private key, and the private key never leaves your control.

So a wallet juggles three related things:

  • Private key — secret. Proves ownership and signs transactions. Never share it.
  • Public key — derived from the private key. Used to verify your signatures.
  • Address — derived from the public key. Safe to share so others can pay you.

Signatures: how a wallet proves it is you

When you send crypto, your wallet builds a transaction — a message that says "move this amount from this address to that address" — and then signs it with your private key. The signature is a piece of mathematics that does something subtle: it proves the message was approved by the holder of the private key, without ever revealing the key itself.

Every computer on the network can check that signature against your public key. If it matches, the transaction is valid and gets recorded. If a single character of the message changed, the signature would no longer fit, and the network would reject it. This is what "the wallet is what proves you control the coins" really means in practice. Your balance moves only when a valid signature, made with your key, says it should.

This also explains a slogan you will hear constantly in crypto: not your keys, not your coins. If an exchange or app holds the keys, then it — not you — produces the signatures, and it is really in control. A wallet where you alone hold the keys is called self-custody, and it is the model SSP is built around. If you want to see that in practice, read Meet SSP Wallet: self-custody with 2-of-2 multisig.

What a wallet is — and what it is not

It is worth stating both sides plainly.

A crypto wallet is: a keychain, a transaction signer, and a viewer onto the blockchain. It generates and protects your keys, builds and signs transactions, broadcasts them to the network, and reads the ledger back to you as a balance and a history.

A crypto wallet is not: a vault holding coins, a bank account with a help line, or a place that "has" your money in any physical sense. It does not contain value; it controls value that lives on the chain.

One practical consequence: if your keys exist in only one place, that place is a single point of failure. Lose it and the keys are gone; let an attacker reach it and the keys are theirs. This is the gap SSP closes by splitting signing authority across two devices, so no single compromised device can move funds on its own.

Where to go next

You now have the mental model that the rest of crypto is built on: coins live on the blockchain, keys live in the wallet, and a signature is how the two connect. Everything else — hot versus cold storage, software versus hardware wallets, browser and mobile wallets — is a different answer to the same question: where do the keys live, and how well are they protected?

The next articles in this series take those answers one at a time. Start with Hot wallet vs cold wallet to see how being online or offline changes a wallet's risk, then Software wallet vs hardware wallet for how the keys are physically held. When you are ready to put theory into practice, Setting up your first SSP wallet walks you through it step by step.

Share this article

Related articles

SSP Academy cover comparing a network-connected hot wallet with an offline cold wallet

Hot Wallet vs Cold Wallet: A Beginner Guide

Hot wallet vs cold wallet, explained for beginners: online convenience vs offline safety, what cold storage protects against, and the middle ground.

7 min read
SSP Academy cover comparing a software wallet on a phone with a dedicated hardware wallet device

Software Wallet vs Hardware Wallet: A Guide

Software wallet vs hardware wallet, explained for beginners: what each is good at, where each is weak, and where SSP fits in between.

7 min read
Illustration of a browser extension wallet protected by a sandbox and a 2-of-2 signing lock

Browser Extension Wallets, Explained

How browser extension wallets work, the security risks they carry, and how SSP contains them with LavaMoat sandboxing and a 2-of-2 design.

6 min read