"What is the difference between a hot wallet and a cold wallet?"

"A hot wallet is connected to the internet (browser extensions, mobile apps), offering convenience but greater exposure to hacking. A cold wallet stores keys offline on dedicated hardware devices, providing superior security for long-term asset storage."

"How does a crypto wallet work?"

"A wallet's private key generates a public key, which derives the wallet address visible on the blockchain. Anyone can send assets to the address, but only the private key holder can authorise outgoing transactions through asymmetric cryptography."

Term

What Is a Web3 Wallet? Definition, Types, and Security

Q: "What is a Web3 wallet?"

"A Web3 wallet is a software application or hardware device that manages cryptographic key pairs for interacting with blockchain networks. It stores private keys that prove ownership of on-chain assets and authorise transactions."

Definition

A Web3 wallet is a software application or hardware device that manages cryptographic key pairs used to interact with blockchain networks. Despite the name, a wallet does not store digital assets in the way a physical wallet holds cash. Instead, it stores private keys — the cryptographic credentials that prove ownership of on-chain assets and authorise transactions. The assets themselves exist on the blockchain; the wallet provides the interface through which users control them.

A wallet’s private key generates a corresponding public key, which in turn derives the wallet address — the identifier visible on the blockchain. Anyone can send assets to a wallet address, but only the holder of the corresponding private key can authorise outgoing transactions. This asymmetric cryptography is the foundation of blockchain ownership: control the private key, control the assets.

Core Functions

Key management — Generating, storing, and protecting the cryptographic key pairs that control on-chain assets. This is the wallet’s most critical function, as private key loss means irreversible asset loss.

Transaction signing — Authorising transactions by cryptographically signing them with the private key. Signed transactions are broadcast to the blockchain network for validation and inclusion in blocks.

Asset display — Reading blockchain state to display the user’s token balances, NFT holdings, transaction history, and other on-chain data.

DApp interaction — Connecting to decentralised applications to authorise smart contract interactions. When a user interacts with a DeFi protocol, DAO governance interface, or NFT marketplace, the wallet facilitates transaction signing and approval.

Network management — Supporting multiple blockchain networks and enabling users to switch between Ethereum, Polygon, Arbitrum, and other chains.

Wallet Types

Software Wallets (Hot Wallets)

Software wallets are applications running on internet-connected devices — browser extensions, desktop applications, or mobile apps. They provide convenient access for frequent transactions but expose private keys to online attack vectors.

Browser extension wallets (MetaMask, Rabby) integrate directly with web browsers, enabling seamless DApp interaction through website connections. They are the most common wallet type for active Web3 participation.

Mobile wallets (Trust Wallet, Rainbow) provide smartphone-based asset management with QR code scanning for in-person transactions and WalletConnect for DApp interaction from mobile devices.

Desktop wallets offer dedicated applications with enhanced features — portfolio tracking, multi-chain management, and integrated DEX access.

Hardware Wallets (Cold Wallets)

Hardware wallets are physical devices that store private keys offline, isolating them from internet-connected systems. Transaction signing occurs on the device itself — the private key never leaves the hardware, even during transaction authorisation. Leading hardware wallets (Ledger, Trezor) provide security that software wallets cannot match, at the cost of reduced convenience.

Hardware wallets are essential for securing significant holdings. The additional friction of connecting a device and physically confirming transactions provides protection against remote attacks, malware, and phishing that compromise software wallets.

Smart Contract Wallets

Smart contract wallets (Safe, previously Gnosis Safe) implement wallet logic through on-chain smart contracts rather than simple key pair management. This enables features impossible with traditional wallets.

Multi-signature — Requiring multiple key holders to authorise transactions (e.g., 3-of-5 signatures required), providing shared custody suitable for DAO treasuries, corporate holdings, and family asset management.

Social recovery — Enabling wallet recovery through designated guardian approval rather than sole reliance on seed phrase backup. If a user loses their key, pre-designated guardians can collectively authorise wallet access transfer to a new key.

Spending limits — Enforcing daily or per-transaction spending caps, allowing limited-access configurations for everyday use whilst protecting against large unauthorised transfers.

Account abstraction — Enabling gas payment in tokens other than the native chain token, batch transactions, and customised authentication flows.

Custodial Wallets

Custodial wallets are managed by third parties (exchanges, financial institutions) who control the private keys on users’ behalf. Users access their assets through traditional authentication (username/password, two-factor authentication) rather than direct key management. Custodial wallets sacrifice self-sovereignty for convenience and recovery capability — if a user forgets their password, the custodian can restore access.

Security Considerations

Wallet security is paramount because blockchain transactions are irreversible. Compromised private keys result in permanent asset loss with no recourse to customer support, fraud departments, or regulatory intervention.

Seed phrase protection — The seed phrase (typically 12 or 24 words) that generates a wallet’s keys must be stored securely offline. It should never be entered on websites, shared with anyone, or stored in digital formats vulnerable to hacking.

Phishing resistance — Malicious websites mimicking legitimate DApps attempt to trick users into signing transactions that drain their wallets. Transaction preview features and signing verification help users identify malicious requests.

Smart contract approval management — DApp interactions often grant smart contracts permission to spend tokens from a wallet. Users should review and revoke unnecessary approvals to limit exposure if a smart contract is compromised.

Network segregation — Using separate wallets for different risk levels — a hardware wallet for long-term holdings, a software wallet with limited funds for daily DApp interaction — limits the potential impact of any single security incident.

For the Web3 ecosystem, wallet infrastructure is both the gateway to participation and the most common point of failure. Improving wallet security and usability without compromising self-sovereignty remains one of Web3’s most important design challenges.

Donovan Vanderbilt is a contributing editor at ZUG WEB3, the decentralised protocol intelligence publication of The Vanderbilt Portfolio AG, Zurich. He covers Web3 fundamentals, digital asset security, and the user experience of decentralised technology.

crypto walletWeb3 wallethardware walletwallet security