Buying and selling cryptocurrency isn’t as easy as using a traditional bank account funded with fiat currency. These transactions require a crypto wallet. Every crypto wallet has a pair of public and private keys. The public key is kind of like a bank account number that can be shared with others to transfer cryptos. The private key is like the account’s password, which should never be shared.
What is a cryptocurrency private key?
A crypto wallet’s private key is a very long string of letters and numbers that gives a user access to the cryptocurrencies associated with that wallet. The key can also be represented in different ways, such as a QR code. When someone says they own cryptos, what they actually have is control of a private key.
In a crypto transaction, a private key digitally signs the transaction, which allows cryptos associated with a wallet to be transferred.
Private keys are also used to create public keys. A public key is similar to a bank account number, and can be shared with others for crypto transactions. Public key cryptography, also known as asymmetric cryptography, is what makes cryptocurrencies possible. The systems have been around for decades, and the same approach to encrypting and decrypting messages is what billions of people use to securely access much of the internet.
A crypto wallet doesn’t technically hold cryptocurrencies in them like a traditional wallet—the crypto is a part of a blockchain, a public ledger, or database. The blockchain records how much crypto is associated with each public address. Whoever controls the private key that’s linked to the public address of a crypto wallet can choose where to send the crypto, and the blockchain gets updated with the new transaction.
Creating crypto private and public key pairs
Cryptocurrency private and public keys are always linked together as a key pair. Often, the process of creating private and public key pairs starts when someone creates a new crypto wallet. They are either assigned or are asked to choose a 12- to 24-word seed phrase.
The wallet uses a private key generator to create a private key based on the phrase. That private key is used to generate a public key. The public key is then used to generate a public crypto address, which can be shared with others to receive cryptos.
The process for creating private and public keys looks like this:
Seed phrase > private key > public key > public crypto address
The public address helps keep the public key secret when receiving cryptos. However, both the private and public keys are used to send cryptos. The private key stays secret and “signs” the transaction, but the public key is revealed so third parties can use it to verify that the transaction was initiated with the linked private key.
Some cryptocurrency wallets use the seed phrase to create multiple private keys. Each private key can create multiple public keys. Using different key pairs for each transaction could help users maintain their privacy.
How key pairs work with crypto transactions
Cryptocurrencies use public blockchains, so everyone can see all the transactions, as well as how much crypto is tied to each public crypto address. It is still possible, however, to send and receive cryptocurrencies securely. Asymmetric encryption makes this possible.
While the private and public key pairs are mathematically linked, the magic behind asymmetric encryption is that it’s easy to create a public key from a private key, but nearly impossible to reverse. (It’s not technically impossible, but it could take thousands of years to do, at least).
Imagine Person A wants to send Person B a Bitcoin. Person A uses their private key to verify that they have and can send the Bitcoin, and uses B’s public address as the destination. Person B’s public address is linked to their public and private keys. They’ll use the private key when they want to spend it. Even though the blockchain database is public, no one can intercept or alter transactions.
Here’s how it works:
- Person A initiates a transaction to Person B’s public address. Person A signs the transaction with their private key. Private keys are not added or sent to the blockchain and are not visible to the public.
- The transaction request is sent to the Bitcoin blockchain. Bitcoin miners using Person A’s public key to verify that Person A’s private key was used to send the Bitcoin.
- Person B receives the Bitcoin and it’s linked to their public key. To spend the Bitcoin, Person B must use their private key.
Bitcoin miners who power the blockchain oversee the basics of this transaction. They compete to finish a proof of work and earn Bitcoin for their work. They use Person A’s public key to verify that Person A’s private key initiated the transfer and has enough Bitcoin to send the designated amount to Person B. Miners also ensure someone isn’t able to spend or transfer the same Bitcoin twice.
Keeping crypto private keys safe
Crypto private keys, and the seed phrases that can recreate them, give someone control over cryptocurrencies. If someone has access to a private key, they in essence have access to the crypto linked to that wallet. This is why it’s essential for users to keep their private keys secret and secure.
Different types of crypto wallets can offer varying levels of control and safety. Here is an overview of the types of crypto wallets and their levels of security:
A custodial wallet is a crypto wallet created and managed by a centralized exchange (CEX), such as Coinbase or Gemini. A user need only create an account on one of these CEXes in order to have a custodial wallet. In custodial wallets, the CEX holds onto the private key, and users can access the funds by logging into their account via a regular username and password.
Using a custodial wallet means trusting a third party to keep the crypto safe. This doesn’t always turn out well. In 2016, the chief executive officer of the Cryptsy crypto exchange hacked the company servers to steal customers’ funds. And in 2019, users of QuadrigaCX, one of Canada’s largest crypto exchanges, were left without access to $190 million of digital assets after the company’s director unexpectedly died—he was the only person who could access the private keys.
Many major crypto exchanges have enacted policies and procedures to avert similar situations. Some major exchanges in the U.S. also proactively comply with state and federal regulations and carry insurance that can help reimburse users if they’re hacked.
A non-custodial wallet is a wallet that a person or organization creates and controls for themselves. These may be hardware (special physical devices) or software wallets. By creating and using their own wallets, investors don’t need to trust someone else to keep their private keys. But they also risk losing access to their crypto.
Someone could lose access to their crypto if they lose their private key. A seed phrase or recovery phrase may be used to restore a crypto wallet. But if a user loses both the seed phrase and private key, there’s a high chance they will not be able to regain access to their crypto.
Many software wallets do not have password recovery or customer service options, either. Some people have inadvertently thrown out hard drives that had private keys linked to Bitcoin that’s now worth hundreds of millions of dollars—crypto they can’t access anymore.
Cold and hot wallets
Crypto wallets are also classified as hot (connected to the internet) or cold (not connected to the internet). A hot wallet, like the web browser plugin Metamask, could be compromised if someone’s computer has malware on it that targets the crypto wallet.
Investors can alternatively use a hardware wallet, like a Ledger thumb drive, and keep their private keys disconnected from a computer and the internet. The hardware wallet will need to be connected to a computer and the internet to make transactions. But, even then, the hardware may have security that protects the private key from infected machines.
What’s the safest option?
There are different risks associated with the various types of crypto wallets, and investors can choose one based on their unique needs.
Most crypto investors use custodial wallets on centralized exchanges to manage their funds. While there’s a risk in giving up control over private keys, legitimate centralized exchanges have a proven track record of keeping the keys safe. Users only have to remember their username and password. Should they forget them, there are options to reset or restore them.
Some crypto exchanges also keep the majority of their users’ crypto funds in cold storage by copying the private keys to thumb drives and writing them down on paper. And they may have insurance to help protect users’ funds from hacks.
The bottom line
A private key is the part of a crypto wallet used to verify ownership of cryptocurrencies and authorize transactions. By using private and public cryptographic keys, people are able to securely send crypto over a public network. However, because a private key gives someone access to all the associated crypto, investors should guard and never share their private keys or seed phrases.