Wallet

A deterministic wallet is a system where all keys are derived from a single starting point—a master seed (usually a 12 or 24-word mnemonic). This allows for easy backup and restoration of an entire wallet hierarchy.

• Key Derivation: Uses hierarchical deterministic (HD) structures defined by standards like BIP-32 and BIP-44.
• Benefit: A single backup (the seed phrase) restores all generated addresses and their transaction history.
• Universal Standard: This is the foundational technology for virtually all modern user-friendly wallets, both hot and cold.

A smart contract wallet (or account abstraction wallet) is a wallet whose logic is governed by a smart contract on-chain, rather than a simple externally owned account (EOA). This enables advanced features.

• Examples: Safe (formerly Gnosis Safe), Argent, and ERC-4337 "account abstraction" wallets.
• Advanced Features: Can enable multi-signature security, social recovery, transaction batching, spending limits, and gas fee payments in ERC-20 tokens.
• Use Case: DAO treasuries, institutional funds, and users seeking enhanced security and user experience beyond EOA limitations.

A seed phrase (or mnemonic phrase) is a human-readable sequence of 12-24 words generated from a BIP-39 standard. It is the master secret from which all a wallet's private keys and addresses are deterministically derived. This allows for:

• Portable Recovery: Regenerate an entire wallet on any compatible software.
• Hierarchical Deterministic (HD) Structure: Based on BIP-32/44, enabling the generation of unlimited key pairs from a single seed.
• Secure Backup: The single point of failure; anyone with the phrase controls all derived assets.

The fundamental cryptographic unit of a wallet. A private key is a secret 256-bit number used to cryptographically sign transactions, proving ownership. The corresponding public key is derived from it and can be shared publicly. From the public key, a wallet address (a hashed version) is generated. The relationship is one-way: a public key can be derived from a private key, but the reverse is computationally impossible, securing the funds.

An Ethereum standard that redefines wallets as smart contract accounts (Smart Accounts), separating the logic of transaction validation from the key-based ownership. This enables advanced features not possible with traditional Externally Owned Accounts (EOAs), such as:

• Social Recovery: Regain access via trusted parties.
• Gas Sponsorship: Let a third party pay transaction fees.
• Batch Transactions: Execute multiple operations in one signed action.
• Custom Security Rules: Set spending limits or multi-signature policies.

A cryptographic approach that splits a single private key into multiple key shares distributed among different parties or devices. Transactions require a threshold of shares to collaboratively sign, eliminating a single point of failure. This enables institutional-grade custody with features like:

• Distributed Signing: No single entity holds the complete key.
• Policy Enforcement: Require M-of-N approvals for transactions.
• Key Rotation: Compromised shares can be replaced without changing the wallet address.

An Ethereum Improvement Proposal designed to solve the wallet provider conflict in browser environments. When multiple browser extension wallets (like MetaMask, Coinbase Wallet) are installed, they traditionally overwrite the global window.ethereum object. EIP-6963 introduces a standardized event system that allows all wallets to announce their providers simultaneously, enabling dApps to detect and present all available wallet options to the user, promoting a better user experience and fairer ecosystem.

The private key is the cryptographic secret that proves ownership of assets. Its compromise means total loss of control. Core security models include:

• Hot Wallets: Connected to the internet (e.g., browser extensions, mobile apps). Convenient but vulnerable to malware and phishing.
• Cold Wallets: Offline storage (e.g., hardware wallets, paper wallets). Highly secure against remote attacks but less convenient for frequent use.
• Key Custody: The choice between self-custody (user holds keys) and custodial wallets (third-party, like an exchange, holds keys) defines the trust model and attack surface.

A seed phrase (or recovery phrase) is a human-readable backup of the private key, typically 12 or 24 words. It is the single point of failure for non-custodial wallets. Major risks include:

• Phishing: Fake websites or support agents trick users into entering their seed phrase.
• Physical Theft: Photographs, written notes, or digital screenshots of the phrase can be stolen.
• Shoulder Surfing: Observing the phrase during setup or recovery. Best practice is to write it on durable material, store it physically in a secure location, and never digitize it or share it with anyone.

Signing a transaction authorizes a blockchain operation. Blind signing occurs when a wallet signs a transaction whose full details (e.g., smart contract function, token approvals) are not displayed in a human-readable format. This is a major risk with dApps and can lead to:

• Unlimited Token Approvals: Granting a smart contract the right to spend an unlimited amount of a specific token.
• Malicious Contract Calls: Unknowingly executing a function that drains the wallet. Hardware wallets and modern software wallets now implement transaction simulation and decoded data display to mitigate this risk.

Wallet drainers are malicious smart contracts designed to steal assets when a user signs a seemingly legitimate transaction. Common attack vectors include:

• Fake Airdrops: Luring users to interact with a malicious site to claim tokens.
• Spoofed dApp Interfaces: Imitating legitimate decentralized applications.
• Malicious NFT Offers: Hiding harmful code in an NFT transfer approval. The payload often involves a cleverly disguised approve or permit function that grants the attacker sweeping permissions. Users must verify contract addresses and use wallets that screen for known malicious code.

Security extends beyond the wallet software to the network and device it runs on.

• RPC Endpoints: Wallets connect to a node via an RPC endpoint. Using a malicious or compromised endpoint can lead to tampered transaction data or frontrunning.
• Man-in-the-Middle (MITM) Attacks: On public Wi-Fi, traffic between the wallet and blockchain can be intercepted.
• Device Security: Keyloggers, screen recorders, or compromised operating systems on the host device can capture sensitive data. Using personal or trusted RPC providers, VPNs, and maintaining rigorous device security are essential complementary measures.

Advanced wallet designs mitigate single points of failure.

• Multi-Signature (Multisig) Wallets: Require multiple private keys (e.g., 2-of-3) to authorize a transaction. This distributes trust and protects against a single key being compromised. Commonly used by DAOs and project treasuries.
• Social Recovery Wallets: Utilize a network of trusted "guardians" (people or devices) who can collectively help recover access if a user loses their signer device or seed phrase. This model, used by wallets like Argent, improves usability without reverting to full custodianship.

A private key is a cryptographically generated, secret alphanumeric string that proves ownership and control of blockchain assets. It is used to digitally sign transactions, authorizing the movement of funds or execution of smart contracts. The private key is mathematically linked to a public address but cannot be derived from it, making its secrecy paramount. Loss or exposure of the private key means irreversible loss of control.

A seed phrase (or recovery phrase) is a human-readable backup, typically 12 or 24 words, generated from a standardized wordlist (BIP-39). It is the master secret from which all a wallet's private keys and addresses are deterministically derived. This allows users to recover their entire wallet on any compatible software by entering the phrase. Securing the seed phrase offline is the single most critical security practice.

A public address is a cryptographic hash of a public key, serving as a publicly shareable identifier to receive assets on a blockchain. It is analogous to an account number or email address. Key characteristics:

• Derived from but cannot be reversed to reveal the private key.
• Format varies by network (e.g., 0x... for Ethereum, bc1... for Bitcoin).
• Can be generated infinitely from a single seed phrase for privacy (hierarchical deterministic wallets).

This distinction defines a wallet's connection to the internet and its corresponding security trade-off.

• Hot Wallet: Software connected to the internet (e.g., MetaMask, mobile apps). Convenient for frequent transactions but vulnerable to online attacks.
• Cold Wallet: A storage method completely offline (e.g., hardware wallets, paper wallets). Private keys are generated and stored offline, providing superior security for long-term holdings. Transactions are signed offline and then broadcast via a connected device.

A multi-signature wallet requires multiple private keys to authorize a transaction, as defined by an m-of-n rule (e.g., 2-of-3). This introduces enhanced security and governance models:

• Security: Prevents single points of failure; a stolen single key is insufficient.
• Governance: Used by DAOs and projects to mandate approvals from multiple parties for treasury disbursements.
• Custody Solutions: Enables institutional or shared custody arrangements.