Wallet Types

• Software Wallet: An application (desktop or mobile) that stores your keys locally (e.g., MetaMask, Trust Wallet).
• Hardware Wallet: A physical device that holds your private keys offline, protecting against hacks (e.g., Ledger, Trezor).
• Web Wallet: A browser-based wallet where keys may be held by a third party—convenient but less secure.
• Paper Wallet: A printed piece of paper with your public and private keys—completely offline but vulnerable to physical loss.

Key Management

• Private Key: A secret alphanumeric string that grants full control of your funds—never share it.
• Public Key: Derived from your private key; used to generate wallet addresses and receive funds.
• Seed Phrase (Mnemonic): A list of 12–24 words that backs up your private keys—write it down and store securely.
• BIP39 / BIP44: Standards that define how seed phrases generate deterministic wallet addresses.
• Multisig (Multi-Signature): A wallet requiring multiple private keys (e.g., 2-of-3) to authorize transactions.

Security Practices

• 2FA (Two-Factor Authentication): An extra login step (SMS, authenticator app, or hardware key) to protect your account.
• Phishing: Fraudulent attempts to steal your credentials by mimicking legitimate sites or communications.
• Cold Storage: Keeping keys completely offline (hardware or paper) to protect high-value holdings.
• Air-Gapped Device: A computer or device never connected to the internet, used only for signing transactions.
• Recovery Plan: A documented process to regain access (e.g., backup seed, trusted contacts) if keys are lost.

Common Threats

• Rug Pull: Malicious developers empty a project’s liquidity and disappear, crashing the token.
• Smart-Contract Exploit: Hackers use a vulnerability in a contract to drain funds (e.g., reentrancy).
• SIM Swap: Attackers port your phone number to steal SMS-based 2FA codes—use authenticator apps instead.
• Keylogger / Malware: Software that records keystrokes to capture passwords and private keys.
• Supply-Chain Attack: Compromising software updates or dependencies to inject malicious code.

Protective Tools

• Hardware Security Module (HSM): Dedicated hardware for secure key storage and cryptographic operations.
• Multi-Sig Wallet Services: Platforms like Gnosis Safe that simplify creating and managing multisig setups.
• Audit Report: A security firm’s review of a smart contract, highlighting vulnerabilities and fixes.
• Whitelisting: Restricting which addresses your wallet can send funds to, blocking unauthorized transactions.
• Transaction Review: Manually inspecting contract calls and parameters before approving in your wallet.

Backup & Recovery

• Seed Sharding (Shamir’s Secret Sharing): Splitting your seed phrase into parts stored separately—requires a quorum to recover.
• Encrypted Backup: Storing your seed or key file in a password-protected, encrypted format (e.g., KeePass).
• Air-gapped Backup: Keeping backups on devices never connected to the net—USB drives stored in safes.
• Emergency Contacts: Trusted individuals who hold backup shares or recovery instructions in case of emergency.

Pin this thread as your go-to reference for securing your on-chain assets. Spot a missing term or need more examples? Drop a comment below!