New: Wallet recovery made easy with Ledger Recover, provided by Coincover

Get started

Up your Web3 game

Ledger Academy Quests

  • Test your knowledge
  • Earn POK NFTs
Play now See all quests

The Classroom

PATHWAY J) Wallet Knowledge II - The Evolution of Crypto Storage

chapter 4/4

How Does A Crypto Wallet Work?

Read 8 min
Black closed belt on a black background.
— A crypto wallet generates and stores public and private keys, enabling users to create blockchain accounts and manage assets. At the heart of it is Public Key Cryptography (PKC) which enables secure crypto transactions.

— How crypto wallets secure your private keys can differ; software wallets store them on your host device; whereas hardware wallets store them in chips isolated from the internet.

— Where your private keys are stored and how your wallet accesses them affects your security—So knowing how a wallet works is extremely important for the safety of your crypto.   

There’s a lot more to how crypto wallets than you might think. While you might already be familiar with terms like private and public keys, there’s a lot more happening behind the scenes.

From a network’s underlying infrastructure, to how you confirm transactions—every piece of the puzzle is crucial.

Understanding these cryptographic keys is undeniably vital, but the type of wallet you choose significantly influences how these keys work to execute transactions too. Whether you use a physical hardware wallet or a software wallet on your web2 device, understanding how they handle transactions is imperative. It could make or break the security of your accounts!

So, whether you’re new to the world of crypto or just curious about how these wallets operate, you may want to get your head around how different wallets process transactions. 

From hardware to software wallets, let’s dissect the intricacies of how crypto wallets work, and help you protect your assets effectively.

Understanding Crypto Wallets: The Blockchain Tech

On a very simple level, a crypto wallet acts as a user interface, allowing you to send, receive, and manage the assets you are storing on the blockchain. And it does so by storing your private keys. These keys allow you to sign transactions, proving to the blockchain’s nodes that each transaction is authentic. 

As you might already know, most crypto wallets use an HD structure, meaning you can create and manage a near-infinite number of accounts using a single wallet. Plus, they usually supply you with a Secret recovery phrase in the initiation process, a single mnemonic that allows you to restore all of your accounts with any compatible wallet provider.

But of course, there’s a bit more to it than that. Each wallet generates and stores private keys slightly differently and this greatly affects how they operate. Beyond that,  they don’t just rely on blockchain tech, but on software and hardware too. So how does a crypto wallet process a transaction exactly?

How Does a Crypto Wallet Execute Transactions?

In a generic sense, a crypto wallet simply provides a way for a user to initialize, sign, and then broadcast the transaction to the network. It also stores private keys and allows the user to access them, hopefully, without revealing them to any malicious onlookers in the process.

Here’s a step-by-step process of how a crypto wallet works in practice:

  1. You initialize a transaction via the wallet’s interface
  2. The interface presents you with the “intent”, a digital proposal with the details of your potential transaction
  3. You press confirm on the wallet interface 
  4. The wallet uses your private key to sign the transaction
  5. The signed transaction is sent to the network via an internet connection.

However, even within this framework, crypto wallets all behave a little differently depending on their underlying tech. To understand how let’s look at each type of crypto wallet and how their different processes vary.

How Does a Software Wallet Work?

So firstly, if you don’t know what a software wallet is, make sure you check out the full article. But essentially software wallets operate via software that you must download and install on your web2 device, such as a smartphone or laptop. These wallets are free and easy to install so tend to be very popular. 

Let’s see how the crypto transaction process works with a software wallet:

  1. You initialize the transaction from your wallet’s interface
  2. The interface provides you with the intent.
    However, this intent is presented to you via the screen of your internet-connected device. This means the display of your transaction details can potentially be tampered with by hackers. In this sense, a software wallet can never offer you absolute certainty about what you are signing. 
  3. You press confirm to approve the transaction 
  4. The software wallet signs the transaction using the private key stored on the host device.
    In doing so, your software wallet accesses and uses that private key while your host device is connected to the internet. This is a potential threat, as the host device—your laptop or smartphone—is vulnerable to malware and spyware. Yes, if you use these types of wallets a hacker can extract your private keys. Or, they can even tamper with your screen to lure you into accepting a malicious transaction. 
  5. The software wallet uses the internet connection of its host device to broadcast the signed transaction.

How Does a Hardware Wallet Work?

A hardware wallet is a physical device that keeps your private keys secured in an offline environment. These wallets physically store your private keys within a chip inside the device. The beauty of using a hardware wallet is the security it provides to your private keys. Signing offline means your private keys remain out of reach of hackers, even as you’re transacting. 

To operate, it needs a connection to a separate device, such as a smartphone or laptop, where you can install its companion software. This is what allows you to send transactions via the internet even though your hardware wallet does not connect to the internet itself. 

To understand the process fully, let’s explore how a hardware wallet processes a transaction:

  1. You initialize the transaction from your wallet’s interface, the companion software you have installed on your internet-connected device
  2. The interface provides you with the intent.
    This is shown on your internet-connected device’s screen    
  3. You confirm the transaction using the interface on your internet-connected device and then authenticate the transaction by physically confirming it on your hardware device.
    This acts as a form of 2FA to guarantee that only someone with physical access to the device can execute a transaction. That means hardware wallets must also employ measures to protect users from thieves and physical hackers.
  4. The hardware wallet signs the transaction using the private key stored in its chip
    Your hardware wallet stores your private keys on its computer chip. When you confirm a transaction on the device it can use your private key to sign the transaction. However, it does so offline within the device’s chip, away from an internet connection. This keeps them protected from potential onlookers using spyware on your laptop or smartphone.
  5. The hardware device sends the signed transaction to your internet-connected device via Bluetooth or USB-C cable, and then broadcasts it to the blockchain.
    An already signed transaction is safe to send through a potentially insecure channel. So from there, your interface can send the transaction to the network’s nodes for validation.

However, it’s important to note that not all chip types offer the same level of security. To clarify, hardware wallet hacks do happen. And often, unaudited chips are to blame. A wallet is only as secure as its security model—more specifically as its embedded software stack and hardware components.

So with that in mind, how do Ledger devices work?

How Does a Ledger Crypto Wallet Work?

Well, Ledger devices contain many components and features that set them apart from other devices on the market. Plus Ledger’s battle-tested security model extends much further than its devices too. All pieces of the Ledger ecosystem, from the device’s OS and embedded apps to the companion app Ledger Live, work together to keep your assets safe. And they all contribute to your security throughout each transaction. Let’s first explore how your Ledger wallet stays secure.

PIN code

The only way to unlock a ledger device and use it to sign transactions is through a PIN code. Plus, only one person will ever know the PIN. The only way to create it is when setting up a new Ledger device. Essentially, it guarantees that no one other than the wallet’s owner can execute a transaction. This keeps your wallet safe from thieves who could potentially gain physical access to your device. 

Secure Element

Ledger distinguishes itself from other hardware devices through its key security component: the chip. All Ledger devices contain a component known as a Secure Element. This high-security computer chip is so safe it’s the same chip you will find in your bank card and biometric passport. This chip is practically tamper-proof and protects against countless hacks. It also runs the embedded apps you install on your device and stores your private keys.

Trusted Display and Physical confirmation

Ledger devices also feature a Trusted Display, a tamper-proof screen isolated from the internet connection. The screen enables you to verify the full details of your transaction instead of trusting the screen of your internet-connected device before physically verifying the transaction using the two buttons on the device. 

Operating system

Ledger has developed a custom OS called Blockchain Open Ledger Operating System or BOLOS. This OS ensures all the applications on your device operate separately from one another. This means that there is no single point of failure within the wallet. 

Moreover, it’s Ledger’s OS that mandates a physical confirmation for each cryptocurrency transaction. This means nobody can ever transact without your knowledge. Only you can confirm each transaction, and you must do so physically with your device.

Ledger Live: A Secure Companion App

Ledger devices connect to your host device via Ledger Live, a secure companion app. This piece of software is installed on your smartphone or laptop and allows you to initiate transactions and communicate with the blockchain. While your Ledger device handles signing transactions offline and keeping your private keys safe, Ledger Live is responsible for granting you access to apps and services. And, of course, it also delivers your device the latest security updates. To guarantee your security, Ledger Live is able to verify your device is authentic. Plus, every app within Ledger Live comes with a clear signing plugin. In short, this plugin guarantees that you can read each transaction in human-readable language—ensuring you don’t sign away your assets without knowing it. Simply, Ledger Live is the perfect companion app for your Ledger device: secure, accessible, and easy to use.

Example of How Ledger Devices Work

So now you understand how Ledger wallets are unique, let’s see how these pieces work in practice

  1. You initialize the transaction via the Ledger Live App
    Ledger Live is the companion app for Ledger devices that allows you to initialize transactions.  From this single app, you can also access countless blockchain apps and services. You can only initiate transactions if you connect your device securely. The added security feature of a PIN code guarantees that even someone with physical access to your device cannot access your funds.
  2. Ledger Live provides you with the intent, which you can then confirm or reject
  3. When you confirm the transaction via Ledger Live it will prompt you to approve the action physically on your Ledger device
    At this point, the destination address is also shown on your Ledger’s trusted display. This allows you to double-check that the destination address on your hardware wallet matches your host device. This way, no one can trick you with malware on the latter. To clarify, your Ledger device (including its trusted display) is practically un-hackable, so you can trust the transaction details it shows.

    Confirming the transaction physically on the device guarantees that only someone with physical access to your device can confirm a transaction. Only you can unlock your device with the PINcode, so no one can access your funds remotely.
  4. The transaction is signed using your private key stored in the secure element.
    The transaction is signed in the Secure Element chip, a completely offline environment. This guarantees that your private keys stay safe from potential onlookers via spyware on your internet-connected device. Plus, the secure element is also tamper-proof, serving as another layer of security against physical hacks.
  5. Your Ledger device sends the signed transaction to your internet-connected device via Bluetooth or USB-C cable, which then broadcasts it to the blockchain.
    Ledger Live also checks the authenticity of your device, meaning that if your device has been tampered with, you will be able to tell. That means you can send transactions from your Ledger device to the blockchain with confidence.

You’re Only as Secure as Your Crypto Wallet

Because remember, you’re only as safe as your crypto wallet—and by extension the secret recovery phrase that protects it. No matter how you’re interacting with that ecosystem – whether it’s exploring dApps and DeFi, or strictly trading crypto– it’s important to understand what happens each time you hit confirm.

That’s why choosing the right crypto wallet is so important, and why Ledger takes security seriously.

Malicious actors will always be looking for potential vulnerabilities. That’s why Ledger’s security team, the Ledger Donjon, constantly tests the security level of devices; rolling out updates to fix any vulnerabilities and build stronger security measures for the wider ecosystem too. 

In short, Ledger devices keep your private keys safe and give you agency over your own assets. Meanwhile, the wider Ledger ecosystem gives you the option to buy, swap, stake, and manage your crypto holdings securely. Essentially, Ledger gives you the possibility to be in control of your digital life.

So why wait? Start exploring web3 from the safety of the Ledger Ecosystem, where only YOU control what happens to your crypto.

Stay in touch

Announcements can be found in our blog. Press contact:
[email protected]

Subscribe to our

New coins supported, blog updates and exclusive offers directly in your inbox

Your email address will only be used to send you our newsletter, as well as updates and offers. You can unsubscribe at any time using the link included in the newsletter.

Learn more about how we manage your data and your rights.