Ethereum wallets: A beginners guide to storing ETH
An Ethereum wallet is a piece of software or hardware that allows users to interact with the Ethereum blockchain. Wallets allow users to manage their accounts on the Ethereum network. An Ethereum account is a type of account that can send transactions and keep track of its balance, with as many Ethereum addresses as it wants to send and receive funds, create smart contracts, interact with decentralized applications and more.
An Ethereum address is a public string of letters and numbers starting with “0x.” The balance of every Ethereum address can be seen on the blockchain, although who controls which address is not known because an address on the network is represented through a string of numbers and letters. Wallets are software or hardware that allow users to control as many addresses as necessary.
Ethereum wallets are controlled through a private key, or a “password,” that allows users to move the funds within the wallet. These private keys are only supposed to be known to the wallet’s creator, as anyone who knows them can access their funds.
There are several types of Ethereum wallets to choose from including some that are held on your desktop or mobile device and some that are held offline through a piece of paper, titanium, or hardware.
Here’s everything you need to know about Ethereum Wallets.
Understanding Ethereum wallets
Ethereum wallets come in all shapes and sizes, but not all of them have the same features. Some wallets only allow users to send Ether (ETH) between addresses, while others have more functionalities and even let users create smart contracts, which are self-executing agreements written in code.
Setting up an Ethereum wallet often involves either downloading or writing down a private key or seed phrase. Private keys allow users to send or spend their crypto, and seed phrase gives them access to their wallet and all the private keys in the wallet. Private keys or seed phrases are crucial for securing funds, and a crypto wallet acts as a password manager for users' cryptocurrency holdings. As long as users know their master password (the seed phrase), they can access their crypto funds.
Storing private keys using third-party programs such as applications may seem like an easy alternative, but malicious actors may access these services if the users’ device is compromised because access to the keys means access to the funds.
There are two main types of Ethereum accounts: externally owned accounts (EOAs) and contract accounts. Externally owned accounts are made up of public and private cryptographic pairs of keys. Public and private keys prevent forgeries by proving that the sender genuinely signed a transaction. Because users use their private key to sign transactions, it gives them control over the funds in their account. Users only have private keys (while never really hold cryptocurrency), so the funds always lie on Ethereum's ledger. The Ethereum ledger is a record-keeping system that anonymously keeps track of individuals' identities, ETH balances and a record of all valid transactions between network participants.
In contract accounts, a smart contract is deployed to the network. Each smart contract has a unique Ethereum address controlled by the code.
Despite the above differences, both types of Ethereum accounts have four characteristics in common: a nonce, balance, codeHash and storageRoot, as listed below:
Nonce: For externally owned accounts, this number represents the number of transactions sent from the account's address. For a contract account, the nonce is the number of contracts created by the account.
Balance: This ETH address owns a certain number of Wei (an ETH unit of denomination), with 1e+18 wei (exponential notation) per ETH. 1e+18 wei means 1 ETH is equivalent to 1x1018 wei.
codeHash: This hash represents the code of an account on the Ethereum virtual machine (EVM). Ethereum's own virtual computer, known as the EVM, is the part of the protocol that actually performs transaction processing. The codeHash field for EOAs is the hash of the empty text. For contract accounts, the code is hashed and stored as the codeHash.
storageRoot: This hash is a Merkle Patricia tree's root node (a tree of hashes). This tree, which is empty by default, encodes the hash of the storage contents of the ETH account.
Full nodes and light nodes
Similar to Bitcoin wallets, Ethereum wallets can be referred to as clients or either light nodes or full nodes, with the latter requiring the user to download the entire blockchain onto their device and the former being a small application. Running a full node allows users to verify transactions on the network instead of getting data of what goes on in the blockchain from others, but consumes more computational resources like storage space and random-access (RAM) memory because of the size of the blockchain.
Full nodes allow the network to remain decentralized and can be run through several major Ethereum clients, otherwise known as software that allows nodes to run the Ethereum blockchain.
Full nodes are often used by more experienced Ethereum users who are more committed to the network. For less experienced users, a light node that does not require them to allocate significant computational resources may make more sense.
Light nodes require less space and can easily be run on devices with less computational power such as smartphones. Since light nodes do not hold a full copy of the blockchain, they need full nodes to get that information and verify the entire state of the system in block headers. Block headers are sections of mined blocks on the blockchain that contain information on the block itself. This connection happens seamlessly in the background, significantly improving the user experience.
Hot and cold wallets
In the cryptocurrency sector, there are two main types of wallets: hot and cold. Hot wallets are those stored on devices connected to the internet such as a desktop PC or Mac and a mobile device.
Cold wallets, on the other hand, store the user’s private keys offline. Being offline eliminates several attack spots that hackers could take advantage of such as infecting other people’s devices with malware to access their keys. Malware is software designed to either damage or gain unauthorized access.
Hot wallets are often more user-friendly and allow users to access their funds anytime from anywhere. On the other hand, cold wallets are typically less intuitive and can make it a tad harder to move your funds.
Due to security concerns, users should keep most of their cryptocurrency offline in cold wallets, while moving only what they need to meet short-term obligations in hot wallets.
The process of storing most cryptocurrency offline in cold wallets could be similar to what is already common with fiat currencies. Bank accounts and safe deposit boxes are safer and people rely on them to store their savings (just like cold wallets). And just like with checking accounts, the crypto people carry for daily transactions should be kept in hot wallets.
Types of Ethereum wallets
Some use cryptocurrency exchanges and other services including marketplaces and lending services offered by wallets for users to store their Ethereum holdings. These are called custodial wallets, which are wallets that hold users’ private keys for them. These have a trade-off as the service controls the private keys to the wallet and lets the user access the funds in them, instead of the user controlling the funds directly.
Storing funds with a third-party through custodial wallets increases counterparty risk — the risk of another party defaulting on their obligations. The service holding the private keys may get hacked or go rogue, for example.
To take full advantage of the decentralized applications (DApps) built on Ethereum, users need access to their own private keys. Decentralized applications are digital applications that run on blockchains.
Different wallets may be useful for different types of users. Most wallets only let users send and receive Ethereum or tokens built on the network using the ERC-20 standard. The ERC-20 token standard defines a list of rules for issuing tokens on the Ethereum network. However, not all Ethereum wallets share the same features.
Some Ethereum wallets can be connected to a credit or debit card to let users buy cryptocurrency directly to their wallets. Other features include allowing users to hold nonfungible tokens (NFTs), which are cryptographic assets on the blockchain with unique identification data. While Ether, for example, is fungible as 1 ETH will always be worth 1 ETH, no two NFTs are alike.
With Ethereum wallets, it may also be possible to use DApps, or digital programs on the blockchain. Social media platforms, games, marketplaces and financial services platforms have been built on Ethereum and other blockchains. Ethereum wallets with built-in browsers compatible with DApps let users access them directly.
Ethereum wallets also make it easier to buy crypto directly by letting users connect their bank accounts. Bank account transfers often charge lower fees and make it easier to buy and sell crypto through recurring payments.
To bolster security, Ethereum wallets may let users choose addresses to move their funds. If anyone tries to transfer funds to an address not on the list, the transaction is blocked. Ethereum accounts may also offer multisignature (multisig) accounts that require more than one signature to move funds. Multisig accounts are common in several blockchain platforms and even in the traditional financial system.
Some wallets have several of the features described above, while others only have one. More advanced wallets even let users hold Ethereum, ERC-20 tokens and other cryptocurrencies to explore decentralized applications on various networks.
It is worth pointing out that you do not have to choose one out of all the Ethereum wallets available. Private keys give you access to your wallet, which can be accessed via mobile phones, desktops, browsers, or in printed form like paper wallets all at the same time. The interface used to connect to the Ethereum blockchain changes, but addresses, transactions and other data remain the same, similar to the way that different browsers may be used to access the same website. Limiting your exposure by using only one type of wallet may nevertheless be better to ensure that your funds are safe.
Mobile wallets are light nodes that do not require users to download the entire blockchain. Mobile wallets are applications that can be installed on mobile devices as easily as any other application from Apple’s App Store or Google Play, and can be used to access your funds using a cellular connection.
They rely on miners to relay precise information about the network's present state. Some of the disadvantages with a mobile wallet is that it is easy to hack and if your mobile device is lost, you may lose access to your Ethereum funds. However, having backups can keep you safe from any loss arising out of hacks or unintentionally losing your keys.
Most popular mobile wallets support Ethereum and ERC-20 tokens and come with built-in browsers ready to interact with decentralized applications and the decentralized finance (DeFi) sector, which is built out of decentralized applications offering financial services.
Desktop wallets run on operating systems (OS) like macOS, Microsoft Windows, or Linux OS. Desktop wallets are ideal for those who prefer to handle their finances on desktops. Because most desktop wallets keep keys locally, users will need to use their computers to access their Ethereum wallets.
Users can use a light client or download a full client with the entire Ethereum blockchain with such wallets. Downloading a full client is considered to be a preferable alternative because it eliminates the need for miners to feed them accurate data. Instead, they validate transactions themselves, resulting in increased security.
Similar to mobile wallets, desktop wallets not only allow users to send and receive Ethereum, but can provide a number of advanced features to allow users to create smart contracts or run a full node, effectively giving users more functionalities within their wallets.
Since desktop wallets are connected to the internet, they are considered hot wallets. The private keys to these wallets are stored on users’ machines and not on any external servers, making them vulnerable to hacking.
Web interface wallets are a popular alternative to both mobile and desktop wallets, and are essentially websites that let users interact with the Ethereum blockchain after connecting their wallets to the interfaces.
Web wallets allow users to use a web browser to connect with their accounts. These wallets take advantage of cloud storage and can be accessed from anywhere in the world. Cloud storage makes use of the enormous computer servers housed in data centers that physically store data and make it accessible to customers via the internet. The stored data can be delivered on-demand with just-in-time capacity and costs, eliminating the need to purchase and manage data storage equipment.
Using web interface wallets directly can be risky, as users have to trust a website with their private keys. While some web interfaces are considered trustworthy, users may still be vulnerable to a number of attacks unrelated to the wallets themselves.
These attacks include phishing schemes in which hackers can access a website impersonating the legitimate web interface. Similarly, domain name system (DNS) attacks may occur where users' internet activity is redirected to a malicious server that uses collected data like login credentials to access their information.
Browser extensions are used on desktop browsers to interact with decentralized applications and can store both ETH and ERC-20 tokens, all while supporting a nearly infinite number of addresses. To more advanced users, browser wallets are also useful because they can be used to interact with other blockchains.
Browser extensions are seen as a safer alternative to web interfaces, as they store users’ private keys on their browsers in an encrypted way. To access their wallets, users will need to protect them with a password which bolsters security.
Like mobile wallets, installing browser extensions is easy and is done in the same way users install any other browser extension. Some browsers already come with built-in Ethereum wallets that make it even easier to interact with DApps.
Hardware wallets are pieces of hardware that store users’ private keys offline and are, as such, cold wallets. Hardware wallets have to be connected to a computer for the funds to be moved and are password or PIN protected.
To gain access to the funds, a malicious party would need physical access to the device and know the password protecting the funds. However, hardware wallets can be expensive for users with smaller amounts of funds to store.
It is important to never buy a used hardware wallet nor buy one from a third-party vendor. After being used for the first time, these wallets could be compromised to trick users into believing that they are sending funds to a wallet only they control, while the initial owner of the hardware wallet may already have access to it.
Paper wallets are a more basic type of cold wallet and essentially involve printing out the private keys that control the funds onto a piece of paper and storing it. To access the funds, malicious actors would need access to that piece of paper. The main advantage of this type of wallet is its accessibility, as all that is needed is a pen and a piece of paper.
Because of the fragile nature of the material they are printed on, these wallets may not be suitable to hold long-term, as there have been cases of the paper getting destroyed or mistakenly thrown out. Alternatives include pricier titanium plaques that could even resist natural disasters because of the material they are made of.
Funding your ETH wallet
After choosing an Ethereum wallet to use and explore the network, it is necessary to add funds to it. To interact with decentralized applications on Ethereum, users will need Ether, the native cryptocurrency of the network that is used to pay for transactions.
Ether can be bought on centralized exchanges and withdrawn to a user’s wallet. Doing so will involve sending the funds to a public wallet address, which can be seen as the equivalent of an international bank account number (IBAN) used in the traditional financial system.
Every transaction on Ethereum incurs a transaction fee that is paid to network validators who help maintain its integrity. The amount of fees can vary according to demand for block space on the blockchain. Block space refers to the amount of space available in each block of data added to the network. Software wallets provide fee estimates to help users avoid overpaying by estimating network transaction fees according to the latest demand for block space.
It is worth noting that EOAs communicate with each other and with smart contracts through messages. The term transaction refers to a signed package of data that stores a message, which can be sent between accounts. These communications are “wrapped” in transactions funded with Ether.
Contracts can also send messages to other contracts. For this to happen, a transaction creating a new contract has to first occur so the contract can then be triggered.
Keeping your ETH safe
Users often do not worry about how safe their funds are while they are stored in a bank account, nor do they worry about a third-party accessing their bank account and draining it without authorization.
When it comes to Ethereum wallets and other cryptocurrency wallets in general, the above-mentioned scenarios are a possibility, and avoiding them is fundamental to the protection of funds. The Ethereum community recommends that users triple check everything to ensure they always send funds to the right address, always interact with the applications they intend to and write down the private key as they should.
Bookmarking your web wallet and the websites of any decentralized applications you regularly use is also a known best practice to help avoid phishing schemes. Some browser extension wallets have a list of known phishing schemes, and will automatically block undesirable websites to protect users.
When dealing with DeFi protocols, it is always important to find out whether the service is legitimate and audited to ensure that security experts have reviewed its code. To find out, simply search the web for the name of the service and the word “audit” or “review.”
Finally, keep in mind that if it looks too good to be true, it probably is. Scammers often hijack verified social media accounts to promote fake giveaway scams and other schemes to trick users into sending them Ethereum. Avoiding such schemes is simply a matter of ignoring what looks too good to be true and doing your own research into newer projects.