A blockchain wallet does not actually hold any coins. It holds a cryptographic keypair, and that keypair lets the wallet sign messages the network accepts as valid transactions. The coins, tokens, and NFTs you "own" are entries on a public ledger that recognize signatures from your private key. The wallet is the signer. The chain is the vault.
​

Once you internalize that, the wallet landscape stops looking like a product comparison and becomes a set of design choices around one question: who holds the key, and how does it sign? This pillar covers what a wallet actually stores, how signing works, and the splits that matter in 2026: custodial vs non-custodial, EOA vs smart, hardware vs software, and chain-abstraction.
​

A blockchain wallet is software or hardware that generates and uses cryptographic keys to sign transactions on a blockchain. It does not store crypto. Tokens live as state on the network; the wallet stores the private key that proves you can move them. Most wallets also derive a 12-word or 24-word seed phrase that can regenerate the keypair on any compatible device.
​

The standard for that backup is BIP-39, supported by nearly every wallet on the market. BIP-39 turns a large random number (the entropy) into a list of words drawn from a fixed 2,048-word dictionary, with the final word acting as a checksum. From that seed, the wallet deterministically derives an unlimited number of keypairs across whichever chains it supports. The same 24 words restore a wallet on Ledger, MetaMask, Trezor, or any BIP-39-compatible signer.
​

What a wallet stores is some combination of three things: the seed phrase (rarely, only if the user explicitly backed it up), the derived private keys (always, in some encrypted form), and a UI that constructs and broadcasts transactions. Where each piece lives is what every wallet category below is really arguing about.
​

A wallet signs a transaction by hashing the transaction's contents and producing a digital signature with the user's private key. The network then uses the public key (derivable from the address) to verify the signature could only come from the matching private key. The private key never leaves the wallet. The signature is the only thing broadcast.
​

Inside an Ethereum wallet, the flow is: a dapp sends a transaction object (to, value, data, nonce, gas). The wallet shows a confirmation screen. On approval, the wallet hashes the RLP-encoded transaction with keccak-256, signs that hash with ECDSA secp256k1 using the user's private key, and attaches the resulting (r, s, v) signature. The signed payload goes to a node, propagates to the mempool, and gets included by a block builder. Every step downstream of signing is public.
​

The mental model worth holding: a wallet is a signer plus a UI. Which chains it supports, what tokens it displays, how it pays gas, and what it can do socially or institutionally are all design choices layered on top of that core signing function.
​

The first split is who holds the private key. A custodial wallet means a third party (usually an exchange or fintech) holds the key on the user's behalf. A non-custodial wallet means the user holds the key directly, typically through a seed phrase or a passkey on their own device. The trade-off is recoverability versus sovereignty.
​

Custodial wallets are what you get when you sign up for Coinbase, Binance, Kraken, or Robinhood Crypto. The exchange shows balances and routes withdrawals, but cryptographically the funds sit in pooled wallets the exchange controls. Lose a password, support can reset it. If the exchange freezes the account, the user has no chain-level recourse. If it becomes insolvent, the user is an unsecured creditor.
​

Non-custodial wallets push the keypair back to the user. MetaMask, Phantom, Rabby, Coinbase Wallet (distinct from coinbase.com), Trust Wallet, and hardware devices like Ledger or Trezor all fall here. No password reset. Lose the seed phrase, the funds are unreachable. In exchange: no counterparty risk on the wallet provider, no withdrawal limits, no permission required to interact with a contract.
​

The split is not always clean. "MPC custodial" wallets (Fireblocks, BitGo, Coinbase Prime) split keys across multiple parties using multi-party computation. Smart-wallet non-custodial setups with social recovery keep the user as the owner but let trusted guardians help recover access. The question is always: in the worst case, who can move the funds?
​

The second split sits inside the non-custodial half. An externally owned account (EOA) is a wallet whose address derives directly from a single private key, with no code attached. A smart wallet is a wallet whose address is itself a smart contract: signing rules live in code, not in one key. Chains supporting both treat them as different account types.
​

EOAs are the original Ethereum wallet. MetaMask, Phantom, Rainbow, and almost every browser-extension wallet defaults to an EOA. The signing flow is the ECDSA-over-secp256k1 process described above. Strengths: minimal gas overhead, universal support, simple recovery. Weaknesses: a single point of failure, no native batching, no gas abstraction, no spending limits, no recovery if the seed is lost.
​

A smart wallet, standardized under ERC-4337 and extended by EIP-7702, replaces "one key signs everything" with arbitrary code. A smart wallet can require two signers, enforce a daily spend limit, sponsor its own gas in USDC, batch ten swaps into one transaction, or rotate signing keys without changing the address. The trade-offs are deployment cost and a younger security surface.
​

By late 2024, tens of millions of ERC-4337 smart accounts had been deployed across Ethereum and its L2s per Bundlebear tracking. EIP-7702, live since the Pectra hardfork in May 2025, lets an existing EOA temporarily delegate to a smart-wallet contract without migrating addresses, opening smart-account features to users with funds already at an EOA.
​

The third split is where the private key physically lives. A software wallet keeps keys on a general-purpose device (laptop, phone, browser). A hardware wallet keeps keys on a dedicated device with a secure element; signing happens offline, and only the signature crosses the wire. Both can be EOA or smart. The split is about attack surface, not key ownership.
​

Software wallets like MetaMask, Phantom, Rabby, and Trust Wallet inherit the security of the host operating system. A compromised laptop or a malicious browser extension can in principle exfiltrate keys or trick the user into signing. Software wallets fit hot balances, frequent dapp use, and lower-value flows.
​

Hardware wallets, sold by Ledger, Trezor, GridPlus, and Keystone, isolate the private key inside a tamper-resistant chip. The transaction is constructed on the host, sent to the device for signing, and approved on a physical screen the user can see. Even with a fully compromised host, the attacker cannot extract the key or approve a transaction without it showing on the device. Deeper mechanics live in our hardware-wallet pillar.
​

Many users combine the two: a hardware wallet for long-term holdings, a software wallet for daily use, and a smart wallet that lists the hardware device as one of multiple signers. Safe (formerly Gnosis Safe), the dominant institutional smart-wallet contract, treats hardware signers as first-class.
​

Most wallets started as single-chain. By 2026, most have either become multi-chain (one wallet, many networks, separate balances per chain) or chain-abstracted (one balance, the wallet figures out which chain the funds are on and routes the transaction accordingly). The distinction matters because the second category changes how users think about networks.
​

Multi-chain wallets like MetaMask, Rabby, Trust Wallet, and Phantom (which now supports Ethereum and Bitcoin alongside Solana) maintain separate balances and addresses per chain. The user picks a network before sending. Bridging between balances is a separate action with its own fees, latency, and trust assumptions.
​

Chain-abstraction wallets present a single balance across many chains. Examples in 2026 include Particle Network's Universal Accounts, OneBalance's Credible Accounts (integrated into Privy), and NEAR's Chain Signatures, which use MPC to let a NEAR account sign transactions on Ethereum, Bitcoin, and Solana from one interface. Under the hood, these wallets rely on solver networks, intent-based routing, and cross-chain settlement to move value where the transaction needs to land.
​

The right wallet depends on what you are doing. A user who occasionally swaps on one chain has a different surface area than a treasury team managing multi-sig approvals across five networks. The table below lays out the five splits side by side.
​

A few patterns from 2026: a builder testing a new dapp holds an EOA in MetaMask with small balances and a hardware wallet for anything material. A team managing protocol-owned funds runs a Safe multisig with hardware signers. A consumer app onboarding non-crypto users defaults to a passkey-backed smart wallet (Coinbase Smart Wallet, Privy, Magic). An agent routing programmatic stablecoin payments uses a smart wallet with spending limits and session keys. None of these is "the best wallet." They are different answers to "what does this user need to sign?"
​

Eco does not issue a wallet. Eco builds the routing layer underneath wallets, so that when a user holds USDC on Base and pays a merchant who settles on Arbitrum, the wallet can complete the transaction in one action. Most chain-abstraction wallets and embedded-wallet SDKs hit the same cross-chain stablecoin problem.
​

Eco's Routes infrastructure provides the underlying intent-based settlement so wallet teams can stay focused on UX and key management instead of bridges.
​

Sources and methodology. Smart-account deployment counts via Bundlebear tracking through Q1 2026. BIP-39 mechanics from the Bitcoin BIPs repository. ERC-4337 specification from eips.ethereum.org. EIP-7702 deployment via the Pectra hardfork, May 2025. Figures refresh quarterly.
​