First and foremost, I’m not going to tell you which wallet to choose. Of course you can choose whatever wallet you want, they’re your hard earned moneroj after all, be your own bank, etc. But if you are kinda lost with the decision let’s take a look at the types of wallets out there, how they work, and more important: what does that choice mean to you from a security and privacy standpoint.
First, we need some very basic understanding of how Monero works
- Monero has a distributed book or ledger where all the transactions are recorded. It is distributed because there’s no central place where it’s stored, but instead thousands of copies of it sit in hard drives around the world.
- Each of those computers that have a copy of the ledger is called a node. Together, they connect to each other and form a network. Wallets connect to one of those nodes to be able to read from and write to that ledger.
- The Monero ledger is public (anybody can read it) but it’s obfuscated (nobody can tell what the transactions contain, not amount, not sender, not recipient).
- Prepare for mindblown. A Monero wallet does not store any coins, it’s more like a keychain with a couple of keys. The coins that belong to you are recorded on that shared ledger, and your keys are what you need to interact with them.
- One of those keys is called a view key. It’s like magic glasses that allow you to watch any copy of that distributed ledger, and see only the transactions that belong to you.
- Another of those keys is the spend key. It’s like the key of a safe. It allows you to send your moneroj to another wallet. Additional mindblown: you’re not actually sending anything. You’re using your key to write down on that ledger that those moneroj you want to give, now belong to someone else.
Let’s take a look at the different kinds of wallets and their perks, and after that wrap it all up on a neat comparison table:
A full wallet
We have the Official Wallet, which is as official as it gets for a leaderless group of charismatic cypherpunks. It comes in two flavours that only change how you use the wallet, but not how it works: the CLI and the GUI. To use the CLI you have to do everything by typing commands on a terminal screen. If you have to read this article it probably isn’t for you. The GUI has a graphical interface like most programs you normally use. Let’s see some characteristics:
- Remember the nodes that had a copy of the ledger? Well, the official wallet is a full wallet. That means that it comes with its own node. The good thing is that you’re on your own. You’re not relying on anybody else to keep a ledger copy for you.
- It keeps the network more decentralized, as it means one more node in the network. It also gives you crypto cool points.
- It’s more private. Imagine that if you have to connect to someone else’s node, that person knows that someone from your computer address is using Monero. He still can’t see what you’re doing, but he can tell it’s Monero-related.¹
- A copy of the complete ledger is not small. The Monero blockchain weighs more than 50GB, so having a full wallet requires as much space as that, and it grows a tiny bit more every two minutes.
A light wallet
Also known as lightweight wallets, precisely because they don’t store their own copy of the shared ledger, but instead they have to connect to a node somewhere. Monerujo on Android, Cake Wallet on iOS, MyMonero on iOS and desktop, Edge on iOS or Android are light wallets.² Some common characteristics:
- They don’t take much space, and therefore are great to run on phones. So they have to connect to an external node to be able to scan the ledger and find the coins that match your key.
- The not-so-great aspect of that is that you are trusting that node to have a valid copy of the ledger, and also revealing to the owner of the node that you’re connecting to it to do Monero stuff. It’s not a big deal in the big majority of cases, but it’s not a super perfect solution either. There’s a solution that bridges somehow the best of both worlds: on some of them you can set up the wallet to connect to your own node. That way you can have the convenience of a mobile wallet with the privacy and autonomy of a full wallet. To do so you’d have to have a computer of sorts running a node program and connected to the internet.
But they have some important differences between them that are good to know from a privacy perspective:
- Monerujo and Cake Wallet store your keys encrypted on your device. When they connect to a node, they don’t share it with them, the wallet just asks to see the ledger and then scans for new funds by itself. This takes a bit of time usually (the less often you do it the more you have to wait when you do it) but doing it this way ensures that only you (who keep your view key on your device) can see your funds.
- MyMonero and Edge work differently. They keep your keys encrypted as well, but they keep a copy of your view key on their server. Remember that your view key only allows for them to see what coins are yours, not spend them. So you’re losing some privacy to them. Why would I do that? You may be asking. Well, since they have your view key, they can scan the ledger for you, and tell you almost inmediately if you received new coins, for example. So you’re trading privacy for speed.
Also they’re connecting to a central server, so they’re less decentralized than the other two. That means than if their server is down, you cannot use the wallet. In the case of MyMonero, you can bypass that by running your own server, which is not just a node but function-wise it’s the same. That way you’d be getting both speed and independence, but it’s certainly not newbie-friendly so far.
A hardware wallet
So far, the only hardware wallet that supports Monero is a Ledger.³ It works just like a light wallet, but with the added safety that your keys are generated on a specially designed device, and never touched a network connection or many other possible attack vectors.
Think of it as just the keychain with the keys. It still has to connect to a wallet (both the Official Wallet and Monerujo support that connection at the moment) to interact to a node, but the keys remain hidden on your hardware device and with it you authorize the wallet to do stuff with your coins. It’s like they give you a lock, you put it inside a dark sack that cointains your keys, you unlock it there, and then you take it out unlocked without anybody being able to see your keys.
A custodial wallet
These wallets are the ones where you’ve giving up custody of your coins to someone else. A common example would be the wallet you have on an exchange. They may be very easy to setup and useful to trade, but technically it’s not a wallet. Here’s why:
- Since you don’t have the keys to your moneroj, they own it. It works like a bank, they tell you that you have a certain amount of coins under your name and promise to take good care of it. But if they’re not honest, or they get robbed, you’ll probably lose your funds.
- And since most of them require identity verification, you lose your privacy as well. The government of the country where the exchange operate could request information on you, or they can get hacked and any malicious actor can see that you have coins.
- A positive spin on that lack of privacy is that since they verify who you are, you (well, not you) but your loved ones can potentially gain access to your funds in case something happens to you, or yourself if you lose your password, for example. Just like an email provider.
These are not good scenarios. Again, using one makes sense to do trading on an exchange, but keep as few coins there as you need for that and don’t use an online service as a safe, because it’s not. Well, it is a safe in someone else’s house where you don’t have the codes to open it and you’re trusting the home owner to open the door a your will.
A paper wallet
Paper wallets are the apex of old school, steampunk cryptography, and they’re only a wallet in the storage sense. What’s the idea? You generate a seed together with its keys and address with a generator that is offline, in a computer that will not connect to the internet again. You then write everything down on paper (hence paper wallet) and hid it somewhere both safe (so you don’t lose it) and private (so nobody sees it).
- If you do the procedure well, it’s really secure. You air gapped the birth of your seed from any third party, and it’s impossible to guess a seed, so unless somebody gets access to your paper, nobody can touch your coins.
- Since you’re doing most of the procedure manually, there’s nothing to check for errors but yourself. This is the risky part. Pay attention, go slow, and check everything four times before moving along.
- This is intended for long term storage. Realize that if you need to take coins out of your paper wallet you’ll have to enter it somewhere, thus losing the air gapped qualities of it. This makes a paper wallet very cumbersome for daily movements.
- There’s a way to verify the arrival of the funds you send to it without compromising the seed. Some wallets let you create view-only wallets by importing your view key and nothing else. That way you can see incoming funds and verify as often as you like, while your paper seed is safe and secret inside that fortified vault hidden in a mountain on the Swiss Alps you told no one about.
Let’s see the options on a neat table:
As you may notice, there’s no silver bullet, one-size-fits-all solution here, just different needs and associated risks. Try to think about this as you do with your government-issued money: a lot of money goes in the bank or in a safe, a bit of money goes in a wallet on your pocket. A safe might be well, safe, but you’re not carrying one around to do the groceries. As a rule of thumb I read somewhere some time ago and it stuck with me: choose your wallet as if what you’re storing is worth 10x that much.
¹ This can be avoided by using Tor or I2P to hide your traffic, since it will work with most of the wallets I’m not adding it as a difference to any of them.
² The Official Wallet can also be configured to connect to a remote node and work as a light wallet.
³ Trezor already supports Monero but there’s still no wallet that works with it. That is coming soon. We won’t know what soon means until it’s here, though.
I hope that this article helps you at least as a starting point for the famous DYOR (if you don’t know what that means, research). The Monero subreddit is an excellent place to post questions and get reasonable answers even from the very community members that make many of these wallets.
Please don’t hesitate to give me feedback of any inaccuracies I probably made, I checked the contents of this article with a couple of very intelligent people, but something always slips through the reviews.
If you want to donate some nondisclosed amount of XMR please do so to the Monerujo team, which I’m a member of. We really work toward putting the best money we have so far, in the hands of as many people as possible, and enable them to use it in the easiest and safest way we can. So thanks in advance: