ATLASLeviathan News Atlas — home
◧ Territory · 45 inbound routes · 1,756 words

wallets, Explained

◧ The Map·wallets at a glance

A crypto wallet stores the cryptographic keys that prove ownership of blockchain assets. This guide covers types, security risks, AI agent integration, quantum threats, and regulatory developments.

◧ Connected territories12 routes
CurveDeFiMarketsCryptoWalletOnchainagentsBlockchainAccount AbstractionAccumulationAPIAppwallets
CurveDeFiMarketsCryptoWalletOnchainagentsBlockchainAccount AbstractionAccumulationAPIApp
◧ Our coverage over time45 ours · 352 universe · ~13%
2026-042026-06
◧ Who's covering it13 sources

+25 sources across the wider coverage universe

◧ The stories that landedtop 8
  1. Bitcoin Depot discloses $3.6M BTC theft from corporate wallets in SEC filing, two weeks after breach2026-04
  2. Tempo releases Accounts SDK enabling passkey-based wallets with 1-line integration, bringing Face ID logins, transaction simulation, and gas sponsorship to apps2026-04
  3. Exodus Pay brings Visa and Apple Pay spending to self-custodial Bitcoin wallets, rolls out in five states2026-04
  4. Analyst reviews 47 crypto OpSec failures, revealing one common mistake made by 100% of victims, highlighting critical security gaps across wallets, users, and Web3 practices2026-04
  5. Analyst shares guide on defending against DNS & BGP hijacks in Web3, outlining how attackers exploit domains to drain wallets via malicious frontends2026-04
  6. Thunes brings USDC settlement to 12B wallets across 140+ countries via Circle Payments Network2026-04

A cryptocurrency wallet is software or hardware that stores the cryptographic keys needed to sign blockchain transactions — it doesn't hold coins directly, but controls the proof of ownership that lets a user spend them.

Wallets are the primary interface between humans (and increasingly, software agents) and every blockchain network. Understanding how they work, where they fail, and how they are evolving is foundational knowledge for anyone participating in crypto markets, DeFi, or the emerging onchain economy.

How Wallets Actually Work

Every wallet is built around a key pair: a private key (a secret number, usually 256 bits long) and a public key derived from it through elliptic-curve cryptography. The public key generates a wallet address — the string of characters you share when you want to receive funds. The private key generates a digital signature that authorizes outgoing transactions.

Because the private key is all that matters for control, "losing your wallet" in a practical sense means losing access to that key. The phrase "not your keys, not your coins" captures this exactly: if a third party holds the private key on your behalf, they control the asset.

Most modern wallets use a seed phrase (also called a mnemonic or recovery phrase) — typically 12 or 24 words derived from the BIP-39 standard — as a human-readable backup of the root key. From this single seed, hierarchical deterministic (HD) wallets can generate millions of distinct addresses across multiple blockchains.

Benthic
Jun 24, 2026
View article →

SecondFi losses may exceed $20M as SlowMist founder flags 129M ADA tied to suspected hacker wallets

SecondFi losses may exceed $20M as SlowMist founder flags 129M ADA tied to suspected hacker wallets
𝕏/@evilcos Jun 24, 2026
Top Comment
Benthic
Jun 24, 2026

SecondFi says its recent incident came from native Cardano web wallet generation software, with preliminary impact around 16M ADA and user balances already snapshotted while the platform stays in maintenance. SlowMist founder Cos says suspected hacker wallet flows point to a much larger theoretical loss above $20M, involving more than 129M ADA plus other tokens. The gap matters: SecondFi is still validating the technical review with an outside security firm while IOG, Cardano Foundation, Intersect, and SundaeSwap monitor fund flows.

◧ What our coverage revealsLeviathan signal

Readers click wallet stories at both extremes of the custody spectrum — catastrophic loss of control (OpSec failures, draining dormant wallets, phishing drainers) and frictionless gain of control (passkey SDKs, AI-bot trading, one-line integrations) — revealing that the central anxiety is not security in the abstract but who holds the keys and whether that person is competent or even awake.

2,196 reader clicks across 56 stories23% on the top 10%most-read: 156 clicks ↗

Custodial vs. Non-Custodial

The most important practical distinction is who holds the keys.

Custodial wallets — offered by exchanges like Coinbase or Binance — manage keys on the user's behalf. The user authenticates with a username and password; the platform handles key storage, backup, and transaction signing. This is convenient and recoverable if you forget credentials, but it introduces counterparty risk: exchange hacks, insolvencies, and regulatory freezes have historically locked users out of their funds.

Non-custodial wallets — software like MetaMask, Trust Wallet, or Phantom — generate and store keys locally on the user's device or in a browser extension. The user is solely responsible for backing up the seed phrase. There is no customer support that can restore access if it is lost, but there is also no central point of failure.

This tradeoff between convenience and sovereignty sits at the heart of most wallet design decisions.

Types of Wallets

Software (Hot) Wallets

Hot wallets are internet-connected applications: browser extensions, mobile apps, or desktop clients. They offer immediate transaction signing, making them practical for frequent DeFi activity, token trading, and payments. The tradeoff is exposure — private keys or seed phrases stored on an internet-connected device are vulnerable to malware. Microsoft researchers recently documented malware that hijacks crypto wallet software and spreads via USB sticks, highlighting that threat vectors extend beyond phishing and into physical media.

Hardware (Cold) Wallets

Hardware wallets — devices from manufacturers like Ledger and Trezor — keep private keys on isolated, offline microcontrollers. Transaction signing happens on the device itself; the private key never touches an internet-connected computer. They are widely considered the most secure option for significant holdings, a point covered in depth in how-hardware-wallets-protect-cryptocurrency-assets coverage. The tradeoff is friction: hardware wallets require physical access and are less practical for high-frequency trading.

Smart Contract Wallets

Smart contract wallets (sometimes called account abstraction wallets) replace the standard externally owned account (EOA) model with programmable contract logic. This enables features impossible with traditional wallets: social recovery (regaining access via trusted contacts rather than a seed phrase), spending limits, multi-signature authorization, and gasless transactions where a third party pays fees. Platforms indexing more than 13 million smart wallets signal that account abstraction is moving from experimental to mainstream infrastructure.

Multi-Signature Wallets

Multisig wallets require M-of-N key holders to sign a transaction before it executes — for example, 2 of 3 signers must approve. This is standard for institutional custody, DAO treasuries, and high-value DeFi protocol funds. The Canton Token Standard V2 (CIP-0112), approved recently, extends this model with single-signature authorization through wallets while enabling multi-tier custody chains and privacy-enhanced batch settlement — illustrating how wallet standards continue to evolve at the protocol layer.

◧ The angles that pull readers in6 threads
  1. 01
    OpSec failures and phishing drains

    Readers are drawn to post-mortems that name the exact mistake — increaseApproval signatures, reused keys, DNS hijacks — turning abstract risk into a personal checklist.

  2. 02
    Passkey and UX abstraction

    The highest-clicked story was a developer SDK collapsing wallet creation to one line with Face ID, signalling readers see UX as the real adoption bottleneck, not price.

  3. 03
    Dormant wallet reactivation

    Sleeping wallets suddenly draining or becoming targets of legal claims carry a thriller quality — unclaimed fortune or forgotten risk that can resurface years later.

  4. 04
    On-chain whale and institutional tracking

    Readers track large named wallets (Tom Lee's BitMine, a16z HYPE accumulation, Bhutan sovereign BTC) to infer institutional positioning before it hits headlines.

  5. 05
    Compliance freezes and law enforcement cooperation

    Tether freezing $344M across two wallets at OFAC request spotlights that stablecoin balances are not truly sovereign — a tension that resonates with self-custody advocates.

  6. 06
    One-API developer wallet infrastructure

    Multiple headlines (Crossmint, Base MCP, Polygon Open Money Stack, Enso Quote Simulator) show readers tracking the race to commoditise wallet plumbing for builders.

Wallets as Onchain Identity

A wallet address functions as a persistent, pseudonymous identity on any public blockchain. On-chain analytics firms like Arkham Intelligence have built leaderboard infrastructure that ranks wallets and entities by asset holdings, transaction volume, and behavioral patterns — effectively treating wallet addresses as observable actors rather than anonymous strings.

This pseudonymity cuts both ways. It enables the kind of post-hoc forensics that identified suspected insider trading — three wallets funneling $24.25M in profits to a centralized exchange after a series of well-timed market bets — while also allowing legitimate users to separate on-chain activity from personal identity.

The growth of wallet-native activity is measurable: one DEX ecosystem tracked 69,000 unique wallets trading a token at launch; within months that figure reached 506,000 — a sevenfold expansion in unique participants entirely visible on-chain without any platform reporting.

Security Risks and Failure Modes

Private Key Exposure

The most common losses stem from private key or seed phrase exposure: phishing sites that mimic wallet interfaces, clipboard hijackers that swap copied addresses, and browser extensions with malicious updates. The USB-spread malware documented by Microsoft represents the same threat through a different delivery mechanism.

Smart Contract Vulnerabilities

For wallets that interact with DeFi protocols, the wallet itself may be secure while the contracts it interacts with are not. The Humanity Protocol incident — where wallets linked to the project were drained of over $32 million and 100 million unauthorized tokens were minted — illustrates how a protocol-level compromise or insider exploit can drain funds regardless of wallet security practices. On-chain analyst ZachXBT flagged the incident as possibly staged, underscoring that not all "hacks" are external attacks.

Quantum Computing Exposure

A Coinbase report on quantum computing risk flagged exchange cold wallets and millions of Bitcoin addresses exposed by address reuse as potential long-term vulnerabilities. Current elliptic-curve cryptography (ECDSA) is not broken by today's quantum hardware, but addresses that have revealed their public key by signing a transaction are theoretically more vulnerable to future cryptanalytically-relevant quantum computers. Best practice is to use each address only once — a standard HD wallet generates fresh addresses automatically, but many users ignore the recommendation.

Regulatory and Legal Risk

Governments are increasingly examining crypto wallet regulations. Finance ministries reviewing law enforcement practices before regulating crypto wallets signals that policymakers are grappling with how to apply existing financial crime frameworks — anti-money-laundering rules, asset seizure authorities — to self-custodial infrastructure. The outcome of these reviews will shape whether non-custodial wallets face reporting requirements, mixing restrictions, or travel-rule obligations similar to those applied to exchanges.

◧ Timeline8 events
  1. 2025-08milestone

    a16z-linked wallets begin accumulating HYPE, reach ~$356M position

  2. 2026-04exploit

    Gnosis Pay Zodiac delay-module exploit drains user wallets; co-founder pledges full reimbursement

  3. 2026-05regulatory

    Tether freezes $344M USDT across two wallets flagged by U.S. authorities

  4. 2026-05exploit

    TrapDoor campaign: 34 fake packages across npm/PyPI/Rust target Solana, Sui, Aptos devs

  5. 2026-06regulatory

    Bitcoin Depot discloses $3.6M BTC theft from corporate wallets in SEC filing

  6. 2026-06launch

    Tempo releases Accounts SDK: passkey-based wallets with 1-line integration and gas sponsorship

  7. 2026-06milestone

    Zcash announces quantum-recoverable wallet launch within weeks; full resistance roadmap by 2027

  8. 2026-06regulatory

    New York lawsuit filed seeking ownership of 39,069 dormant Bitcoin wallets holding $285B

AI Agents and Autonomous Wallets

One of the more significant recent developments is the integration of wallets with AI agent frameworks. Coinbase has launched tooling that lets AI agents hold wallets, execute trades, and make payments autonomously — treating a wallet as a programmable economic actor rather than a passive storage tool.

This creates a new trust surface. When an agent controls a wallet, the question of authorization becomes layered: who authorized the agent, what spending limits apply, and how are those limits enforced on-chain? Projects like .pie and 0xTrikon are building identity and trust-layer infrastructure specifically for AI-native Web3 applications, recognizing that agent identity — not just human identity — needs reliable wallet binding.

Tether's reported participation in a $1.4 billion round for NEURA Robotics, focused on putting self-custodial wallets and edge AI into robots, extends this logic further: wallets as embedded economic endpoints for non-human physical agents. These use cases push wallet design toward programmable policy enforcement, fine-grained permission scoping, and audit trails — features the smart contract wallet model is better positioned to provide than traditional EOAs.

Wallets in Payments and the USDC Ecosystem

For stablecoin payments — particularly USDC on networks like Ethereum, Base, and Solana — wallets function as the payment endpoint, replacing bank account numbers. The growth of on-chain payment rails depends on wallet UX being accessible enough for non-technical users, which has driven investment in embedded wallets (wallets provisioned inside apps without the user ever seeing a seed phrase) and gasless transaction flows where application developers absorb network fees.

The launch of privacy features like those in nyxmoney — private accounts added directly into existing Ethereum wallets — reflects demand for payment confidentiality that public blockchain transparency does not natively provide. These are early-stage but indicate the direction: wallets as feature-rich financial accounts, not just key stores.

◧ Risk matrixanalyst read
  • Smart-contract / approval exploitHigh

    Phishing drainers exploiting increaseApproval signatures stole $585K across four wallets in under 12 hours, demonstrating that standard ERC-20 approval flows remain a reliable attack surface.

  • Operational security (human error)High

    A review of 47 OpSec failures found one mistake present in 100% of victim cases, indicating that protocol hardening alone cannot compensate for predictable user behaviour patterns.

  • Custodial / counterparty riskHigh

    Bitcoin Depot disclosed a $3.6M BTC theft from corporate wallets via SEC filing two weeks after the breach, illustrating that even regulated custodians experience material losses with delayed disclosure.

  • Regulatory / asset freezeMedium

    Tether froze $344M in USDT across two flagged wallets on OFAC request, confirming that stablecoin balances are subject to unilateral seizure regardless of private-key custody.

  • Supply-chain / developer toolingMedium

    The TrapDoor campaign embedded wallet-stealing code across 34 fake npm, PyPI and Rust packages targeting Solana, Sui and Aptos developers, turning the package registry into an attack vector against builders.

  • Quantum cryptographyLow

    Zcash announced quantum-recoverable wallets as a near-term launch with full quantum-resistant infrastructure targeted for 2027, representing an early-stage but credible forward risk being actively mitigated.

Institutional and Whale Activity

On-chain wallet tracking has made large-holder (whale) behavior directly observable. When wallets withdraw thousands of Bitcoin from exchanges in concentrated windows — as seen with a single address withdrawing 2,341 BTC ($144.68M) over five days — analysts interpret this as accumulation signals, since moving Bitcoin off exchanges typically indicates a preference for self-custody over near-term selling.

Institutional participants increasingly use purpose-built custody infrastructure rather than standard wallets, often combining hardware security modules (HSMs), multi-party computation (MPC) key sharding, and governance workflows — solutions that abstract the key management layer while maintaining non-custodial control over assets.

Wallet Hygiene: Practical Principles

A few principles hold regardless of which wallet type a user chooses:

  • Back up the seed phrase offline, in physical form, stored in multiple locations. Never store it digitally or photograph it.
  • Use hardware wallets for significant holdings; reserve hot wallets for amounts you are comfortable treating as operational cash.
  • Verify addresses carefully before every transaction. Address-poisoning attacks generate look-alike addresses that differ only in the first and last few characters.
  • Revoke unused token approvals regularly. DeFi interactions grant smart contracts allowances to spend wallet funds; unused approvals are a persistent attack surface.
  • Use fresh addresses for receiving Bitcoin to minimize quantum-exposure risk and to reduce address-clustering analysis.

Outlook

Wallets are becoming more complex, more programmable, and more embedded in non-wallet applications — but the underlying security model has not fundamentally changed. The private key remains the root of trust. As AI agents acquire wallet capabilities, as quantum computing matures, and as regulators move from observation to rule-making, the stakes around key management and wallet infrastructure will increase. The trajectory is toward wallets that are less visible to end users (embedded, gasless, recoverable) while remaining more powerful as programmable economic primitives — but the fundamental tension between convenience and self-sovereignty is unlikely to resolve cleanly.

Latest wallets news

SecondFi losses may exceed $20M as SlowMist founder flags 129M ADA tied to suspected hacker walletsOndo tokenized stocks and ETFs go live on LI.FI with gasless access across 1,000+ wallets and apps
See all wallets news →
Was this explainer helpful?

Community notes

Spot something off or out of date? Drop a note. Editors review topic notes daily and roll accepted fixes into the explainer — contributors are recognized in the monthly $SQUID drop.

0/1000

Loading notes…