As we covered earlier, genuine cryptocurrency wallets store cryptographic keys that have control over certain amount of cryptocurrency.
From that cryptographic key the wallet app can understand the amount of cryptocurrency user owns as well as derive past transactions associated with the wallet. This cryptographic key usually referred to as private key.
The wallet app is an instrument that essentially stores your private key. This private key is what gives you control over certain amount of cryptocurrency.
The non-custodial wallet app uses private key to retrieve cryptocurrency balances and past transactions from the blockchain.
We are not going to explain how the private keys work under the hood. Just know that a term private key usually refers to a cryptographic key we talked about earlier.
Below, we are going to look a bit deeper into security aspects to give you a better understanding of private keys, and the related security aspects.
1. Keep Key Private
Quite often scammers (by impersonating wallet support teams) trick users into sharing their private keys. When a user shares the key the scammer steals the funds on the balance.
There is absolutely no valid reason for you as a wallet app user to ever share the private keys with anyone. This applies to all wallets.
Never reveal your private key to anyone, even when you're communicating with people who built your wallet app.
You may reveal your private key to someone only when you intentionally want to pass the ownership of your funds to that person. Almost all non-custodial wallet provides means for the user to access and view private key from within the wallet app.
2. Backup Key
Most non-custodial wallet apps show the private key during the wallet app setup. The wallet app usually prompts user to write down the private key and store it somewhere safely offline.
The private key is the only way to restore access to funds in case the device with the wallet app become inaccessible i.e. if it gets stolen or simply stops working.
To make it easier to backup the private key, blockchain engineers came up with a way to convert the private key to a plain set of 12 or 24 regular words.
Most non-custodial wallets will display the private key in a human-readable form, generally in a form 12/24 words.
Backup the private key and make sure there are no typos in your backup. Other than actual words, the ordering is just as important.
If you lose or unknowingly expose the private key to someone, they can get control of your cryptocurrency.
The 12/24 words should be backed up in the correct order. A non-custodial wallet may understand if you make a typo in one of the words and show an appropriate warning.
If the words positioned incorrectly a non-custodial wallet will still restore some random wallet, it just won't be yours. So, the correct order is just as important.
3. Private Key Generation
When you first setup a non-custodial wallet app, the code powering the wallet app randomly generates a secure private key for you. For the private key to be truly secure it's important for a wallet app to generate a private key which is truly random.
If the private key generated by a non-custodial wallet is not random then the wallet is not safe.
That's one of the reasons why non-custodial wallets keep the code open. Third-party engineers can then analyze the code and check whether the wallet app generates the private key correctly.
There are websites like WalletScrutiny.com which exist to ensure wallets published on Google Play in fact use the same code as the code publicly shared with the community.
Any good non-custodial wallet app should be engineered in accordance with the publicly documented security guidelines and wallet standards.
4. One Key, Many Coins
Another essential aspect, a single private key can be used to control balances for multiple cryptocurrencies. When using such key the wallet apps can automatically locate the balances for all supported cryptocurrencies.
For instance, when creating the wallet on Unstoppable wallet the user gets a single private key for 5 cryptocurrencies:
- Bitcoin Cash
The same private key used to control multiple cryptocurrencies, each with its own balance and transactions.
5. Balances & Transactions
As was mentioned above there are 'private key' standards designed by engineers throughout the years. These standards define how exactly wallet apps should handle the private key for use with multiple cryptocurrencies.
The wallet uses your private key to derive your payment address for each cryptocurrency. The payment address is the address you are sharing with others that want to pay you in cryptocurrency.
Just by looking at your private key the wallet app should be able to derive your address for Bitcoin, Ethereum and many other cryptocurrencies. Different address for each cryptocurrency.
When you import the private key to another standard-compliant wallet that other app will also derive same addresses.
That's basically how a wallet app can take a private key used on another app, and from that key restore balances and transactions for multiple cryptocurrencies
If a private key generated in a standard-compliant manner, then any other standard-compliant wallet should be able to correctly derive payment addresses and past transactions for each supported cryptocurrency.
Once the app knows the addresses for say Bitcoin, it connects to the Bitcoin blockchain and looks for transactions involving those addresses. As a result of that process the wallet app can display the balances and past transactions associated with that private key.
6. Moving Between Wallets
Good non-custodial wallets enable private key migration between wallets. In other words, a private key created on one non-custodial wallet app should be compatible with other non-custodial wallet apps.
The user should not be restricted to a single wallet provider and should be able easily migrate to other non-custodial wallet apps built by different parties.
If your phone breaks, or the wallet app stops working, your funds are safe; you will always be able to restore access to your cryptocurrency using the private key. There are no time frames---the same key would work years later.
When choosing a wallet look for one that is standard compliant and supports import/export of private keys.
Note: When migrating your private key from one wallet to another you need the destination wallet to support all cryptocurrencies that private key controls.
If your private key has some balance on Bitcoin and Ethereum but the destination wallet supports only Bitcoin then your Ethereum balance won't be visible. It will still be yours and accessible from some other wallet.