Usually, I often answer questions for some friends who are just getting into Web3, and I encounter various issues.

Some people ask, "Can I recover my wallet if I accidentally delete it or forget my password?"; some take screenshots of their mnemonic phrases and store them in their albums, thinking it's okay as long as they don't share it with others; and some still can't tell the difference between the accounts on trading platforms and the wallets they downloaded.

These questions seem very basic, but in reality, many people who have used wallets for several years might not fully understand them.

Therefore, I am preparing to launch a new series called "Web3 Survival Manual," aiming not to use jargon, focusing on seemingly minor yet genuinely important issues to help everyone gradually understand and use Web3.

This article is the first piece in the "Web3 Survival Manual," starting with the most important topic: what are the differences between private keys, mnemonic phrases, and wallet passwords?

1. Remember one thing: There is actually no coin in the wallet

Many people think that their BTC, USDT, ETH, or other tokens are "stored in the wallet."

But strictly speaking, the assets are not inside the wallet app; they are recorded on the blockchain. In other words, the wallet you use, whether it's MetaMask, OKX, SafePal, TP, or imToken, is more like a tool to help you manage your keys rather than a safe for storing assets:

• The blockchain is responsible for recording how many assets a certain address has, where these assets came from, and where they have been transferred;
• The wallet is responsible for helping you manage the "keys" to this address and assisting you in transferring assets in and out of this address;

For example, when you transfer, exchange tokens, or authorize an on-chain application, the wallet will use its internally stored private key to sign this operation, effectively proving to the blockchain that the person controlling this address indeed agrees to execute this operation.

Therefore, the wallet app is not a safe for storing coins; rather, it is more like a box for holding keys—the real valuables are the keys inside (the private key), not the box itself.

This also explains two things that many people might find difficult to understand:

• Even if the original wallet app closes, is taken down, or is accidentally deleted, as long as you have backed up the correct private key, you can download a new wallet, re-import the private key, and restore it, because currently, the industry is based on the same set of technical standards, and the import logic of various wallets is interoperable; changing the box while putting the same key inside means the lock can still be opened;
• If someone else takes your private key, even if your phone is still in your hands and the wallet app is not deleted, others can still transfer your assets—because they can import this key into their own wallet, and the blockchain recognizes only the key, not who holds the key;

2. What are the differences between private keys, mnemonic phrases, and wallet passwords?

Since private keys are so important, what are mnemonic phrases?

In fact, mnemonic phrases were created mainly to make it easier for ordinary people to back up their wallets. Private keys are long and random strings generated by the system, and manual backups can easily lead to mistakes, making it almost impossible for ordinary people to memorize them directly.

Therefore, the industry adopted a universal standard that "converts" private keys into mnemonic phrases consisting of 12 or 24 English words.

In other words, private keys and mnemonic phrases are essentially the same key, just in a different format. To extend a bit: theoretically, a set of mnemonic phrases can derive multiple private keys; to simplify understanding, the private key can be seen as a specific key, while the mnemonic phrase is more like a comprehensive backup of a keychain (I also discussed why mnemonic phrases are usually generated from a fixed word bank in my article "Starting from "Chasing Shadows": The 2048 Words That Determine Trillions in Crypto Assets", interested friends can take a look again).

Now, most mainstream wallets require users to back up mnemonic phrases during creation, and it is rare for them to ask ordinary users to write down a long string of private keys directly.

However, whether it is a private key or a mnemonic phrase, you must not tell anyone. Normally, wallet customer service, project parties, or trading platform staff will never ask you to send them your private key/mnemonic phrase; anyone who asks you for your private key under the pretense of "wallet verification," "risk management removal," "airdrop collection," or "assisting in asset recovery" can basically be considered a scam.

So, what is the wallet password?

The wallet password is the PIN code or unlock password set when opening the app; it's used only to unlock the app itself, similar to a phone screen lock, and it is completely different from private keys and mnemonic phrases.

Everyone can remember a simple principle:

• If you forget your wallet password, it's okay; you can re-import your private key/mnemonic phrase and set a new password;
• If you lose your mnemonic phrase, if the original wallet can still be opened, there is a chance to back up or transfer assets again;
• If you lose your mnemonic phrase and the original wallet cannot be opened, then it may really be impossible to recover;
• If your mnemonic phrase is leaked, you should immediately transfer your assets to an entirely new wallet;

3. Why doesn’t an account on a trading platform have a mnemonic phrase?

Many people first come into contact with cryptocurrency through trading platforms like BN, OK, BG, and this might raise a question: "I also have BTC, ETH, USDT, and USDC on the trading platform. Why didn’t they give me a mnemonic phrase?"

Because the assets stored on centralized trading platforms are usually not directly managed by you in terms of private keys/mnemonic phrases, but managed by the trading platform on your behalf.

When we log into trading platforms, we typically use our phone number/email + login password, as well as two-factor verification tools like SMS verification codes or Google Authenticator. The balances you see in your account are mainly recorded in the internal system of the trading platform, rather than being a completely independently controlled on-chain address.

The advantage of this method is simplicity—even if we forget our password, we can contact customer service, complete facial recognition or identity verification, and retrieve our account, but the corresponding cost is that we need to trust the trading platform to securely hold assets and properly manage everyone’s deposits and withdrawals.

Wallets, on the other hand, are different; the private key is stored by you, and the control over assets mainly lies with you. You can transfer assets whenever you want and to whomever you want, typically without needing approval from the trading platform, but at the same time, you also need to take on the responsibility of managing your mnemonic phrases, recognizing phishing sites, and avoiding operational mistakes.

Therefore, I have always told everyone, it's not about whether trading platforms or personal wallets are necessarily safer; rather, they represent two different ways of distributing responsibility: using a trading platform means entrusting part of the security and custody responsibilities to the platform; using a wallet means taking back asset control and corresponding responsibilities into your own hands.

Which one to choose depends on the scale of your assets, usage frequency, and your risk management capability.

But today, there is also a point that can cause confusion: most mainstream trading platforms typically offer both a "trading platform account" and a "Web3 wallet." For example, in the same BN or OK app, you can log into your trading platform account and create a self-custody wallet that requires backing up a mnemonic phrase.

Although the entrances are placed together, the two are not the same account, and the asset control methods are completely different. The criteria for judgment are simple: if the wallet requires you to back up the mnemonic phrase separately and clearly states that the platform cannot recover it for you, then it is a self-custody wallet.

4. The difference between hot wallets and cold wallets also lies in private keys

Once you understand private keys/mnemonic phrases, it becomes easy to distinguish between hot wallets and cold wallets:

• Hot wallets: private keys are stored on connected devices and are signed via mobile phones or computers; wallet apps provided by brands like MetaMask, OKX, SafePal, and TP usually belong to hot wallets;
• Cold wallets: the hardware wallets we often hear about are a common implementation of cold wallets; its private keys are generated and stored in specialized offline hardware devices, and the keys do not leave the device during signing, such as hardware devices from Ledger, Trezor, and OneKey;

Of course, nowadays, most projects making hardware wallets also have their own compatible software apps, like SafePal and OneKey.

It should be noted that cold wallets do not mean that the entire device never interacts with the internet; more accurately, the private key itself does not leave the hardware device and is not directly exposed to connected mobile phones or computers. The actual process is roughly as follows:

• The phone or computer creates a transaction waiting for signing;
• The hardware wallet completes the signing internally within its secure chip;
• The hardware wallet sends the signed result back to the phone or computer;
• The phone or computer then broadcasts the transaction to the blockchain;

Throughout the process, the private key remains safely stored within the secure chip of the hardware device.

However, cold wallets or hardware wallets do not equate to absolute safety; if you take a picture of your hardware wallet's mnemonic phrase and upload it, enter it on a phishing site, or mistakenly authorize a malicious contract, then the safety of the hardware device itself becomes irrelevant.

Ultimately, hardware wallets protect the storage and signing environment of private keys but cannot prevent users from actively leaking their mnemonic phrases.

We will discuss the specific choices regarding hot wallets, cold wallets/hardware wallets in the next article.

5. Can mnemonic phrases really not be stored on cloud drives?

Some friends have repeatedly asked me, "Can I store the mnemonic phrase in my phone's memo and not share it with others?" "Is it safe to store it in a steel box on Alipay or in an encrypted cloud drive?"

Objectively speaking, safety issues are rarely simply a matter of "it will definitely be stolen" or "it definitely won’t"; rather, different storage methods correspond to different risk probabilities.

Storing mnemonic phrases in regular memos, WeChat favorites, chat records, emails, or albums carries the highest risk that the phone may get infected or remotely controlled, or that the cloud account may be hacked, and the album and memo may automatically sync, so certain apps might read the clipboard or local content. Furthermore, when selling or repairing an old phone, the data may not be thoroughly cleared.

Of course, tools with independent passwords and encryption features can indeed be somewhat safer than regular albums and memos, but you still need to trust the apps, cloud accounts, and password strength associated with your phone system simultaneously. Any one flaw in the chain could lead to leakage.

Therefore, for larger amounts that you plan to hold long-term, it is still recommended to handwrite the mnemonic phrase on paper or record it on a special metal mnemonic board (most mainstream hardware wallet providers also offer similar mnemonic steel plates, which will be discussed in the next article), storing them in two relatively safe and independent locations.

Of course, offline storage also comes with risks, such as damage to paper, loss during moving, or risks from fire or water damage, so a truly reasonable security solution involves multiple backups.

We will discuss techniques for managing crypto assets, the specific use cases and choices for hot wallets/cold wallets (hardware wallets) in the next article.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。