A private key is a string of letters and numbers that gives you access to your cryptocurrency. Think of it as the password to a vault. You can tell anyone the address of that vault, but only the person who holds the private key can open it and move what is inside.
Every time you set up a crypto wallet, two keys are generated together: a public key and a private key. The public key is what others use to send you funds. The private key is what you use to authorize spending those funds. They are mathematically linked. One cannot work without the other, and knowing the public key gives no one the ability to figure out the private key.
Never share your private key with anyone. Whoever holds it controls everything in that wallet.
What is public key cryptography?
The system behind private and public keys is called public key cryptography, sometimes shortened to PKC. It was developed in the 1970s by Whitfield Diffie and Martin Hellman and later formalized in the RSA algorithm. Before PKC, secure digital communication required both parties to share the same secret key beforehand, which was difficult to do safely over open networks. PKC solved that problem.
PKC uses two mathematically linked keys instead of one. What one key encrypts, only the other can decrypt. The math that links them is built on what cryptographers call a trapdoor function: easy to compute in one direction, practically impossible to reverse. You can generate a public key from a private key in seconds. Going the other way, from public key back to private key, would take a supercomputer longer than the age of the universe.
Cryptocurrencies use this same principle. When you send Bitcoin or any other crypto, you are using your private key to sign the transaction. The network verifies that signature using your public key, without ever seeing the private key itself. For more on how this connects to the broader blockchain structure, read our guide on what is blockchain.
What is a public key?
A public key is a cryptographic code that allows other people to send you cryptocurrency. It is derived from your private key through a one-way mathematical process, so sharing it with anyone is safe. Knowing your public key gives no one access to your funds.
In practice, you rarely see the raw public key. Most wallets convert it into a shorter, more readable format called a wallet address. For Bitcoin, that is a string of letters and numbers starting with 1, 3, or bc1. For Ethereum, it starts with 0x. The wallet address is what you share when you want to receive funds. Think of it as your account number: anyone can deposit funds to it, but only you can withdraw them.
A public key is safe to share publicly. You can post it on a website, include it in an email, or put it on a donation page. None of that puts your funds at risk.
What is a private key?
A private key is a randomly generated number, usually 256 bits long, represented as a string of 64 hexadecimal characters.
Here is what a Bitcoin private key looks like:
E9873D79C6D87DC0FB6A5778633389F4453213303DA61F20BD67FC233AA33262
That number is so large that guessing it by chance is statistically impossible. The total number of possible private keys in Bitcoin exceeds the number of atoms in the observable universe.
The private key has two jobs. First, it generates your public key and wallet address. Second, it signs every transaction you authorize. When you send cryptocurrency, your wallet uses the private key to create a digital signature that proves you authorized the transaction. The network checks that signature against your public key. If the signature is valid, the transaction goes through. If not, it is rejected.
You never transmit the private key itself. The signature proves ownership without revealing the key, which is the point of the trapdoor function described above.
For context on what cryptocurrency is and how ownership works at a basic level, see our guide on what is cryptocurrency.
How public and private keys work together
The simplest way to understand the relationship is through an analogy. Your public key is like a padlock that you hand out freely. Anyone can use it to lock a box and send it to you. But only you have the physical key that opens that padlock. Nobody else can open the box, even if they have an identical padlock.
In a crypto transaction, the process works like this:
- Someone encrypts a transaction using your public key to send you funds.
- You use your private key to create a digital signature authorizing the transaction.
- The network uses your public key to verify the signature is genuine.
- Once verified, the transaction is confirmed and recorded on the blockchain.
The result is that transactions are open and verifiable by anyone on the network, but only the holder of the private key can authorize them. Bitcoin has worked on this principle since the first transaction in January 2009. More on that history is in our Bitcoin history guide.
What is a wallet address?
A wallet address is a shortened, human-friendly version of a public key. In Bitcoin, the public key goes through two hashing processes (SHA-256 and RIPEMD-160) and then Base58 encoding, which produces the address you see in wallets. The address is shorter and includes a checksum to catch typos.
The relationship between these three things is one-directional:
- Private key generates the public key.
- Public key generates the wallet address.
- You cannot go backwards. A wallet address cannot reveal the public key. A public key cannot reveal the private key.
This one-way chain is what makes the whole system secure. Even though all transactions on the blockchain are public, the private key that controls those funds stays hidden.
Public key vs. private key: main differences
| Feature | Public key | Private key |
|---|---|---|
| Purpose | Receive funds, verify signatures | Sign transactions, authorize spending |
| Safe to share? | Yes | Never |
| Analogy | Bank account number or email address | PIN or vault password |
| Generated from | Derived from the private key | Randomly generated first |
| If lost | Can be recovered from the private key | Funds become permanently inaccessible |
| Length (Bitcoin) | Compressed: 33 bytes | 256-bit / 32 bytes |
What is a seed phrase and how does it relate to private keys?
A seed phrase, also called a secret recovery phrase or mnemonic phrase, is a series of 12, 18, or 24 common English words. It is not the same as a private key, but it controls all of them.
Modern wallets use a standard called HD wallets (hierarchical deterministic wallets), which generate a new private key for every transaction from a single master seed. The seed phrase is a human-readable version of that master seed. If you enter your seed phrase into any compatible wallet, it regenerates all of your private keys and gives you full access to your funds.
The practical difference is this: a private key controls one wallet address. A seed phrase controls every address and every private key generated by that wallet. Lose your device but still have the seed phrase, and you recover everything. Lose the seed phrase, and if the device is also gone, the funds are gone permanently.
Keep your seed phrase offline. Never photograph it. Never store it in email or cloud storage. Write it on paper and store it somewhere physically secure.
Who controls your private keys?
This is one of the most important questions in crypto, and the answer determines whether you actually own your assets.
When you buy cryptocurrency on a centralized exchange like Coinbase or Binance, the exchange holds the private keys on your behalf. You have an account balance that represents a claim on the exchange’s holdings. You do not hold the actual keys. If the exchange is hacked, goes bankrupt, or freezes withdrawals, your funds may be at risk. The phrase used in the crypto community is: “Not your keys, not your coins.”
When you transfer cryptocurrency to a non-custodial wallet, you take direct control of the private keys. The wallet software manages them for you, but you are the only one who can authorize transactions. This gives you full ownership, along with full responsibility. There is no customer support number to call if you lose your keys.
Most hardware wallets, like Ledger and Trezor, store private keys in a secure chip that never exposes the key to the internet. They sign transactions internally and send only the signed transaction to the connected device. The private key itself never leaves the hardware.
For more on how Bitcoin transactions are authorized at a technical level, read our guide on how Bitcoin works.
How to store your private key safely
Losing a private key means losing permanent access to the funds it controls. There is no reset option and no way to recover it. How you store it matters.
Hardware wallets are the most secure option for most people. They store private keys in an isolated chip that never connects directly to the internet. Transactions are signed inside the device. Ledger and Trezor are the two most widely used hardware wallets. They cost between $60 and $200 and are worth the investment for anyone holding significant amounts of crypto.
Software wallets (also called hot wallets) store private keys on a device connected to the internet. Apps like MetaMask, Trust Wallet, and Exodus are software wallets. They are convenient for frequent use but carry more risk than hardware wallets because anything connected to the internet can be targeted by malware or phishing attacks.
Paper wallets are private keys printed or written on paper and stored offline. They are completely immune to remote hacking but vulnerable to physical damage, loss, or theft. Anyone who finds a paper wallet with an unencrypted private key has full access to those funds.
Cold storage refers to any method of keeping private keys offline, including hardware wallets, paper wallets, or a computer that has never been connected to the internet. Cold storage is the standard for long-term holdings.
Regardless of which method you choose: never store a private key or seed phrase in email, cloud storage, screenshots, or any service connected to the internet. These are the most common ways people lose access to their crypto.
To understand why Bitcoin specifically was designed with this key structure, and who built it, see our piece on who created Bitcoin.
Private keys in Bitcoin vs. Ethereum
The underlying cryptographic standard is the same for both: both Bitcoin and Ethereum use the Elliptic Curve Digital Signature Algorithm (ECDSA) with the secp256k1 curve to generate key pairs. A private key in both networks is a 256-bit number.
The differences are in format and address encoding. A Bitcoin private key can be represented in several formats, including raw hexadecimal and WIF (Wallet Import Format), which starts with a 5, K, or L. An Ethereum private key is always shown as 64 hexadecimal characters prefixed with 0x. Bitcoin addresses come in multiple formats (Legacy, SegWit, Native SegWit). Ethereum addresses are always 42 characters starting with 0x.
The security model is identical: both rely on the trapdoor function that makes it computationally impossible to derive a private key from a public key or wallet address.
For an overview of how Ethereum and other cryptocurrencies compare to Bitcoin, see our guide on what is an altcoin.
Common mistakes that lead to lost private keys
- Storing seed phrases in cloud storage or email. iCloud, Google Drive, Gmail, and similar services can be hacked. A seed phrase stored online is not safe.
- Taking screenshots of private keys or seed phrases. Screenshots often sync automatically to cloud services. Even if you delete the screenshot, it may already have uploaded.
- Buying crypto and leaving it on an exchange. The exchange holds your keys. If the exchange fails, your funds may be inaccessible.
- Not backing up the seed phrase. Hardware and software wallets can break, be lost, or be stolen. Without the seed phrase, access is gone.
- Entering a seed phrase on a website. No legitimate wallet, exchange, or service ever asks for your seed phrase online. Any site that does is a scam.
- Sharing a private key for “verification.” No one legitimate ever needs your private key. Requests to share it are always scams.
Understanding the difference between types of crypto assets also helps when thinking about what you are securing. Our guide on crypto token vs coin covers how different assets are structured on different blockchains.
Frequently asked questions
What is a private key in crypto?
A private key is a randomly generated 256-bit number, shown as a 64-character hexadecimal string, that controls access to a cryptocurrency wallet. It is used to sign transactions and prove ownership of the funds at a given wallet address. Whoever holds the private key controls the funds. It should never be shared with anyone.
What is the difference between a public key and a private key?
A public key is safe to share and is used to receive funds. A private key must never be shared and is used to authorize sending funds. The public key is generated from the private key through a one-way mathematical function, so it is impossible to reverse the process and derive the private key from the public key.
What happens if you lose your private key?
If you lose your private key and have no backup of the corresponding seed phrase, access to the funds in that wallet is gone permanently. There is no recovery option. No exchange, no wallet provider, and no one else can restore it. This is why keeping a written backup of the seed phrase in a safe location is so important.
Can someone steal crypto with just a public key?
No. A public key lets someone send you cryptocurrency, but it cannot be used to withdraw or transfer funds. Only the private key can authorize transactions. Even if someone knows your wallet address and public key, they cannot access your funds without the private key.
What is a seed phrase and is it the same as a private key?
A seed phrase is not the same as a private key, but it controls all of them. Modern HD wallets generate one private key per wallet address, all derived from a single master seed. The seed phrase (12, 18, or 24 words) is a human-readable version of that master seed. With the seed phrase, all private keys can be recovered. Without it, if the device is lost, all funds are gone.
What does “not your keys, not your coins” mean?
This phrase means that if you do not hold the private keys to your crypto, you do not truly own it. When cryptocurrency is held on an exchange, the exchange controls the private keys and you hold only an IOU. If the exchange freezes withdrawals, is hacked, or goes bankrupt, your funds may be inaccessible. Holding your own keys in a non-custodial wallet gives you direct ownership.
What is the difference between a hot wallet and cold storage?
A hot wallet stores private keys on a device connected to the internet. It is convenient for regular use but more exposed to online threats. Cold storage keeps private keys offline, either on a hardware wallet, a paper wallet, or a computer that has never been connected to the internet. Cold storage is the standard approach for securing long-term holdings.
Is a wallet address the same as a public key?
No, but they are related. A wallet address is derived from the public key through a hashing process. It is a shorter, more readable version of the public key. In Bitcoin, the public key goes through SHA-256 and RIPEMD-160 hashing, then Base58 encoding, to produce the wallet address. You cannot reverse the process to get the public key back from a wallet address, and you definitely cannot get the private key.
