DEV Community

Temiloluwa Akintade
Temiloluwa Akintade

Posted on

What are web3 wallets?

#blockchain #security #web3

Metamask, Phantom, Rabby and a plethora of others... what is all the fuss about?

If you have a mobile device and are connected to the internet, chances are, that you have come across, heard about, seen or even used a web3 wallet.

Metamask, Phantom, Rabby, Trust, OKX... the whole shebang.

This article will provide a high-level overview of web3 wallets and how they work under the hood.

Basically, web3 wallets are software or hardware products that can connect to and communicate with the blockchain to read or modify its state.

You might be wondering, hardware? Yes, there are hardware wallets, physical, hand-held devices that serve as wallets. More on that in a bit.

Private keys, recovery phrases...

Web3 wallets are secured using seed phrases, those 12-24 words you are shown when setting up a wallet, I wrote on how it is generated here.

This seed phrase is used to generate private keys (for signing transactions) which is then used to generate a public key (that verifies the signature was from the corresponding private key) and a wallet address (a truncated from of the public key that can be used to identify a user on the blockchain).

Software wallets are applications or browser extensions you can download on your device and use online, that is why they are also called Hot Wallets. Hardware wallets on the other hand, work offline, they are also referred to as Cold Wallets.

Web3 wallets do not only hold assets (tokens, NFTs), they provide an interface by which users can sign and send transactions to the blockchain network. This makes the wallet independent of the tokens, meaning that you can always import your accounts and tokens into a new wallet as long as you have the recovery mechanisms in place.

Are they safe?

Security is a big issue in the web3 space, and security is mostly in the hands of the user. The wallets only generate your unique seed phrase, private keys and wallet addresses in a deterministic manner, this is why you can import your metamask wallet into phantom and your balances would be the same.

One big security rule of thumb is to NEVER share your seed phrase. Your seed phrase is like a master key to all addresses that are derived from it, anyone with it can generate your private key which they can use to sign transactions on your behalf and act as you.

Keep this in mind: The seed phrase controls the whole wallet, the private key contols an account, an account could have multiple addresses within it, exposing your private key gives access to an account and all of its subaddresses. Exposing your seed phrase gives access to your entire wallet.

Also, NEVER store your seed phrase in password managers, vaults, screenshots or on a device, write it down in a notebook and keep it in a safe. Once your wallet is compromised, there is no 'support' or 'forgot password' option in a permissionless web3.

Another security tip is to always verify transactions before signing them, your wallet will pop up with a confirmation screen, always ensure the addresses you are sending tokens to are correct. Verifying transactions will be covered in a future article.

Hardware wallets or software wallets?

While hot wallets are more accessible and easier to use, they run the risk of being targeted for attacks because they are connected to the internet and could contain malicious code or could even be compromised by other malicious software on the device.

Cold wallets, however, work offline and the attack surface area is greatly reduced because your keys never leave the device, there is no risk of being compromised by 3rd party applications.

One could say, use cold wallets to store valuable tokens and large amounts of money and hot wallets for smaller amounts of money and regular transactions. The choice, however, is up to the user, but understanding security is very important.

If this article helped you understand wallet architecture better, consider supporting my work by using my link below to grab your own OneKey device. OneKey is an open-source hardware wallet company backed by Coinbase Ventures, Dragonfly, and YZi Labs.

As a developer, I value transparency; you can actually audit their firmware on GitHub. If you're looking to upgrade your security stack, you can check out their range here, you will get 10% off any purchase you make, I will also earn a small commission at no extra cost to you.

In my next piece, I will dive into hardware wallets and how they work offline in air-gapped environment.

Top comments (0)