Back to Learn

Web3 Wallets

Your keys, identity, and transaction control layer for the decentralized web. Learn how wallets sign, connect, and protect assets so you can interact with Empoorio safely across networks, dApps, and governance workflows.

Overview Keys Custody Security

A wallet is a key manager + transaction authorizer

Blockchains do not store “accounts with passwords”. They store state controlled by cryptographic keys. Your wallet generates and protects private keys, derives public addresses, and signs messages/transactions. The network verifies signatures and applies state transitions.

What you control
Keys & approvals

Private keys sign. Approvals delegate. A safe wallet minimizes approvals and makes signatures explicit.

What you do not control
Network execution

Miners/validators execute rules. Your wallet chooses what you sign and where you connect.

Concept diagram
Sign → Verify → Execute
Wallet Private key Signature Network Verify signature Consensus State update Balances Contracts You sign locally. Validators verify globally. Execution is deterministic.
Tip: if a wallet UI ever hides what you are signing (spender, chain, amount, contract), treat it as unsafe.

Keys, seed phrases, and addresses

Most wallets use a seed phrase (also called a recovery phrase) to derive many private keys. The seed is the root secret: anyone with it can recreate your wallet and spend your funds.

Private key

The signing secret. Never share it. Never type it into websites.

Seed phrase

Human-friendly backup that regenerates keys. Store offline. Prefer metal backup for long-term.

Address

Public identifier derived from a public key. Safe to share. Used to receive assets.

Minimal signing model
// Pseudocode (conceptual)
message = "Send 25 DMS to 0x...";
signature = Sign(privateKey, Hash(message));
Broadcast({ message, signature });

// Validators verify: Verify(publicKey, Hash(message), signature) == true

Custody models

Wallets differ mainly by who can sign transactions. Choose the model that matches your risk profile, operational needs, and threat environment.

Self-custody
You sign
Recommended
  • • Maximum sovereignty and censorship resistance
  • • Requires disciplined backups and security hygiene
  • • Ideal for dApps, governance, and non-custodial investing
Custodial
A provider signs
  • • Easier recovery, but introduces counterparty risk
  • • Provider can freeze withdrawals or be compromised
  • • Useful for simple trading, not ideal for deep Web3 usage
Hardware wallets
Keys never leave device
  • • Best-in-class protection against malware
  • • You still need secure seed backup
  • • Prefer for high-value, long-term holdings
Multi-sig / MPC
Distributed signing
  • • Enterprise-grade governance and key management
  • • Reduces single-point-of-failure risk
  • • Enables policy controls (limits, approvals, roles)

How wallets connect to dApps

When you connect a wallet to a dApp, you are not “logging in” with a password. You are authorizing a session where the dApp can request signatures. The wallet should clearly separate: message signing vs transaction signing.

Message signatures

Used for authentication ("Sign in"), proving ownership of an address, or creating off-chain attestations. A safe wallet shows the exact domain and message.

Transaction signatures

Changes on-chain state: transfers, swaps, staking, approvals, contract calls. A safe wallet displays chain, fees, recipients, and contract method details.

Critical concept: approvals (allowances)

Many token standards allow a contract to spend on your behalf after you approve it. Approvals are convenient, but they are also a common attack surface. Prefer exact amounts, short-lived sessions, and periodically revoke unused allowances.

Security best practices (practical checklist)

Wallet security is mostly operational. The strongest cryptography can be defeated by weak processes. Use this checklist as your baseline.

Protect the seed
  • • Store offline (paper + metal backup for redundancy)
  • • Never photograph or copy to cloud notes
  • • Split backups only if you understand the operational risk
Harden the device
  • • Keep OS and browser updated
  • • Use a dedicated browser profile for crypto
  • • Avoid unknown extensions and sideloaded apps
Defeat phishing
  • • Bookmark official sites; verify domains carefully
  • • Treat urgent prompts as hostile
  • • Verify token contracts and recipient addresses
Manage approvals
  • • Prefer exact approvals instead of unlimited
  • • Revoke old allowances periodically
  • • Separate wallets: daily use vs treasury vault
Recommended operating model

Use a “hot wallet” for day-to-day interactions with limited balances, and a “cold vault” (hardware or MPC) for long-term holdings. Move funds between them intentionally.

Cross-chain reality: networks, bridges, and addresses

Wallets can support multiple chains. That does not mean assets automatically move between chains. A token on one chain is not the same token on another chain unless bridged or wrapped.

Networks

Each chain has its own RPC endpoints, chain ID, fee token, and address format. Always confirm you are on the correct network before signing.

Bridges

Bridges can be powerful but introduce additional risk. Prefer canonical bridges and transparent proofs. For high-value transfers, consider staged transactions and verification.

Next steps

If you understand wallets, you can safely explore staking, governance, and smart contracts. Follow these learning paths to build real competence.

Review: Wallets Learn: Smart contracts Practice: Staking DracmaS