Wallets in Web3 are somewhat like accounts in Web2 systems. Take Google, for example, when you create an account, your identity sits with Google, and Google decides how to handle your data (with compliance laws in place to ensure appropriate use). In Web3, however, your identity sits with you. I touched on that in my last article. Today, let's explore the different types of wallets.
Two Categories Every Wallet Falls Into
Before diving into specific wallet types, there are two axes every wallet falls on:
Hot vs. Cold
Is the private key on a device connected to the internet (hot), or on something air-gapped and offline (cold)? A hot wallet means the key sits on a device that could be connected to the internet. A cold wallet lives outside of the internet entirely, a hardware wallet, for instance, which we'll get to shortly.
Custodial vs. Non-Custodial
Do you control the private key, or does someone else hold it for you? Think of it like the difference between money sitting in an app's internal wallet versus money in your own bank account. Custodial means the application manages the wallet on your behalf. Non-custodial means you created the wallet yourself and have direct access to the private keys, no middleman.
With those concepts in place, let's walk through the different wallet types.
1. CLI Wallet
A CLI wallet is generated locally, either via a script or using the Solana CLI:
// Generate a brand new keypair
const wallet = await generateKeyPairSigner();
console.log("Your new wallet address:", wallet.address);
console.log("\nThis address is your public key. It's safe to share.");
console.log("The private key stays in memory. In a real app, you'd save it securely.");
Your private key for this wallet lives at ~/.config/solana/id.json. You can inspect it by running cat ~/.config/solana/id.json. This type of wallet is built for development, running scripts, testing programs, interacting with devnet. It is not something you would use in production or on mainnet with real value.
2. Browser Extension Wallet
A browser extension wallet (like Phantom or Backpack) stores its private keys locally on your computer, within the browser's dedicated storage for that extension. During setup, you create a password that encrypts the key at rest, and you receive a seed phrase, usually 12 or 24 words that lets you recover your wallet if you lose access to the device.
The key security feature of a browser wallet is the confirmation popup. Every time a website wants to sign a transaction on your behalf, the wallet asks you to approve it first. That one step makes a meaningful difference: you see exactly what you're authorizing before anything happens on-chain.
3. Mobile Wallet
Mobile wallets work similarly to browser wallets, but with a few distinctions. Private keys are stored on the phone's local storage, encrypted using a PIN, password, or biometrics like Face ID or a fingerprint. Depending on the device, some mobile wallets can go further and use OS-level or hardware-backed secure storage for key material, adding another layer of protection.
Where Do These Three Fall?
All three wallets above: CLI, browser extension, and mobile, are non-custodial, since you have direct access to the private keys. They are also all hot wallets, because the private keys reside in an internet-connected environment.
4. Hardware Wallet
A hardware wallet, like a Ledger, stores your private key on a separate physical device. The key never leaves that device. When you need to sign a transaction, the transaction data is sent to the device, signed internally, and only the signed result is sent back. Your computer never sees the private key.
This makes a hardware wallet a cold wallet, high security, lower convenience. Most people use these for storing real value over the long term.
5. Multisig Wallet
A multisig wallet (like Squads on Solana) requires multiple people to approve a transaction before it executes. Think of it like requiring two signatures on a company cheque, no single person can move funds alone. DAOs and teams use these to manage shared treasuries and reduce the risk that one compromised key can drain everything.
Choosing the Right Wallet
The "best" wallet depends entirely on what you're doing. A CLI wallet is ideal for scripting and testing. A browser or mobile wallet suits everyday use and interacting with dApps. A hardware wallet is the right choice when you're holding significant value. A multisig wallet makes sense when multiple stakeholders need to authorize decisions together.
Understanding where each wallet stores its keys and who controls them is the foundation of staying safe in Web3.
Top comments (1)
I like how clearly this explains the tradeoffs between CLI, browser, mobile, and hardware wallets.