← All modulesModule 7 of 13
How it works

Keys, Wallets & Addresses

Your address is like an inbox; your private key is the only key to it.

⏱ About 9 min

Keys, Wallets & Addresses illustration

By the end of this module you’ll be able to:

  • Tell apart a private key, a public key, and an address — and know which to share
  • Understand the seed phrase as the master backup, and how to protect it
  • Choose between custodial and self-custody, and hot vs cold storage, with eyes open

Owning bitcoin isn't about holding coins in an app — it's about holding keys. Once you grasp the difference between what you share and what you guard with your life, the whole idea of a wallet clicks into place.

A wallet doesn't hold coins

First, a myth to clear up. Your bitcoin is never inside your wallet app or device. The coins always live on the shared public ledger we met in the last module. A wallet is really a keychain: it stores and manages the secret keys that let you move coins recorded on that ledger.

Wallet
Not a purse of coins — a keychain. It stores the keys that prove which coins on the blockchain are yours and let you spend them. Lose the keys and you lose access, even though the coins still sit on the ledger.

Myth

"My bitcoin is stored inside my wallet app or hardware device."

Reality

The coins always live on the blockchain. Your wallet only stores the keys that control them — which is why protecting those keys is everything.

Two keys: one to share, one to guard

Every wallet is built on pairs of keys. The private key is a secret number that proves ownership and authorizes spending. The public key is generated from it by one-way math — and from that you get a shareable address.

Private key
A secret number that proves you own your bitcoin and authorizes spending it. Whoever knows it controls the coins. It is never shared. Every transaction is 'signed' with it to prove you approved it.
Public key & address
The public key is derived from the private key by math that only runs one way — you can't reverse it to find the private key. Your address is a short, shareable string derived from the public key (e.g. starting with bc1...) that people use to send you bitcoin.

The mailbox and its key

Think of your address as your mailbox slot: anyone can drop mail (bitcoin) in. The private key is the only key that opens the mailbox to take the mail out. You can paint your mailbox number on the street — share the address freely — but you never copy the mailbox key.

Sharing your address is safe

A common worry is that giving out your address or public key is risky. It isn't — they exist to be shared so people can pay you. Modern wallets even generate a fresh address for each payment for privacy; they all still belong to the same wallet. Only the private key and seed phrase must stay secret.

The seed phrase: your master backup

You'll never write down a raw private key by hand. Instead, wallets give you a seed phrase — a list of 12 or 24 ordinary words that is the human-readable master backup for your entire wallet.

Seed phrase (recovery phrase)
A list of 12 or 24 plain words that is the master backup of a wallet. From it, the wallet can regenerate every private key, public key, and address it will ever create. (It follows a standard called BIP39.)

The master key plus the blueprint

The seed phrase is like the master spare key plus the blueprint for every lock in your house. Write those 12–24 words down once, and you can rebuild the entire wallet on any new phone or device if yours is lost, stolen, or broken.

Myth

"A seed phrase and a private key are the same thing."

Reality

A single private key controls one address. The seed phrase is the master backup that can regenerate ALL of a wallet's private keys and addresses at once.

Your seed phrase is the whole ballgame

Anyone who reads your seed phrase can recreate your wallet and drain it from anywhere in the world — no device required, with no way to reverse it. And if you lose it with no backup, the bitcoin is gone forever. Treat those words as the single most important secret you own.

Who holds the keys? Custodial vs self-custody

This is the big fork in the road. Either you hold your keys, or someone else does for you.

Custodial vs self-custody
Custodial means a third party (like an exchange) holds your keys for you, similar to a bank holding your money. Self-custody (non-custodial) means YOU hold the private keys and seed phrase — full control, and full responsibility.

There's a mantra you'll hear constantly, and it captures the whole trade-off: not your keys, not your coins. If you don't control the private keys, you don't really hold bitcoin — you hold an IOU, a promise from a custodian.

Coat check vs holding your own coat

'Not your keys, not your coins' is like a coat check. Hand your coat to the attendant and you get a ticket — an IOU — not the coat. If the cloakroom burns down or the attendant runs off, your ticket is worthless. Holding your own keys means holding the coat yourself.

Custodial (exchange holds keys)

  • Convenient — like a bank account for bitcoin
  • A 'forgot password' button and customer support exist
  • You trust the company to stay solvent and honest
  • Hacks, freezes, fraud, or insolvency can mean you never get funds back
  • You hold an IOU, not the actual coins

Self-custody (you hold keys)

  • Total control — no company can freeze or block your funds
  • No middleman to fail, hack, or run off
  • Total responsibility — you must back up and secure the keys
  • No 'forgot password' and no support to reverse a mistake
  • You hold the actual coins, not a promise

Why people take self-custody seriously

The 2022 collapse of the FTX exchange is the cautionary tale cited ever since: it left roughly an $8 billion shortfall, and thousands of users couldn't withdraw their funds. Custodians can fail — which is the practical case for holding your own keys.

Hot wallets vs cold storage

Within self-custody, there's one more choice: how connected your keys are. A hot wallet keeps keys on an internet-connected device. Cold storage keeps them offline.

Hot wallet vs cold wallet
Hot wallet: keys live on an internet-connected device (a phone or computer app) — convenient for spending, but more exposed to hackers and malware. Cold wallet / cold storage: keys kept offline (often a small hardware wallet device) — much safer for long-term holding.

Pocket cash vs the vault

Hot vs cold is like the cash in your pocket versus the savings in a vault. Keep a little in the hot wallet for everyday spending, where it's easy to grab. Keep the bulk cold and offline, where online pickpockets can't reach it. A common setup is exactly this hybrid.

Hardware wallet
A small dedicated offline device that stores your keys and signs transactions internally, so the private key never touches an internet-connected computer or phone. It's the most common form of cold storage for individuals.

Core safety: protect the phrase

Almost all of beginner security comes down to one habit: guard the seed phrase, and back it up well. A few rules cover most of the danger.

  • Never share your seed phrase with anyone — no real support agent, wallet, or website will ever ask for it. If something asks, it's a scam.
  • Keep it offline. Don't photograph it, type it into a website, or store it in email, a password manager, or the cloud. Any internet-connected copy can be hacked.
  • Back it up physically. Write it on paper — or, for larger amounts, stamp it on a fire- and water-resistant metal plate — and store it somewhere safe.
  • Losing the device isn't losing the coins. With your seed phrase, you can restore the wallet on a new device. The device is replaceable; the phrase is what matters.

No undo button

Bitcoin transactions are irreversible — there's no central authority to charge back a payment or reverse a mistake. That's exactly why verifying addresses and guarding your keys matters so much.

Myth

"A photo of my seed phrase in my password manager or cloud is fine."

Reality

Any internet-connected copy can be hacked. Best practice is to keep the phrase offline on paper or metal only — never typed into a website or photographed.

Try it

Keys & addresses, hands-on

Try it yourself: see how a private key produces a public key and a shareable address, and sort out what's safe to hand around versus what you must never reveal.

Tap Generate a new key to mint an example key pair and watch how one value flows into the next.

Knowledge check

Check your understanding

  1. Question 1 of 3

    Which of these is safe to share with someone so they can pay you?

  2. Question 2 of 3

    What does 'not your keys, not your coins' mean?

  3. Question 3 of 3

    What is the safest way to store your seed phrase as a beginner?

Key takeaways

  • A wallet doesn't hold coins — it holds the keys. Your bitcoin always lives on the blockchain.
  • Share your address (and public key) freely to receive funds; never reveal your private key or seed phrase.
  • The seed phrase is the master backup that can rebuild your whole wallet — and anyone who reads it can steal everything.
  • Custodial means a company holds your keys (an IOU); self-custody means you do (full control, full responsibility) — 'not your keys, not your coins.'
  • Keep small spending money in a hot wallet and long-term savings in cold storage; back up your seed phrase offline and never share it.

Tip: finish the interactive activities above to get the most out of this module.