Wallets as Access Control
A Mental Model for Confidently Owning and Protecting Digital Art
After sharing my initial thoughts about wallets in a previous post, I received feedback suggesting a clearer mental model could help people better understand them. Having built platforms like Feral File—helping thousands of collectors confidently own and experience digital art—I agree clarity matters immensely. This post provides that foundational framework, especially helpful if you're new to digital art.
Here’s the fundamental insight right up front:
A blockchain is essentially a new type of computer—open, global, decentralized, secure, and accessible to anyone without needing permission. Your "wallet" is actually your access control system for this new global computer. It’s how you prove ownership, interact confidently with digital assets, and safely participate. And like any powerful system, how you access it determines what you can do—and what you might risk.
Unfortunately, terminology in this space is quite confusing. "Wallets" aren’t really wallets; "hot" and "cold" storage terms are borrowed awkwardly from physical storage systems; and plugging your "cold" wallet into your computer via USB or Bluetooth feels contradictory at best. Even "Web3" isn’t simply an evolution of the original web—it’s actually something entirely new. If this feels confusing, you're not alone—most of us have had to unlearn what we thought these terms meant.
Having this clear mental model—wallets as access control—will help you confidently navigate blockchain technology and digital art ownership.
1. Wallets Aren't Wallets—They're Keychains
It's common to assume wallets store your assets—but they don't. Wallets store keys:
Public keys ("addresses"): Your public-facing locations on the blockchain—safe to share openly (think of them like email addresses).
Private keys: Your secret passwords, which you must protect at all costs.
Think of wallets like keychains. Your assets exist on a global, decentralized computer (the blockchain)—not inside your wallet. Your wallet is your access control to this computer.
What's actually on the blockchain?
A blockchain acts like a single, global computer—but it’s actually a virtual machine created by thousands of physical computers working together. Each of these individual computers runs the same programs (called smart contracts) and keeps an identical copy of the data (tokens). They synchronize continuously, verifying one another's work through cryptography and consensus. This ensures reliability, transparency, and security without relying on a central authority. Once data is recorded, it's permanent—it cannot be changed or erased. Tokens stored on this immutable ledger can represent financial assets (such as cryptocurrency) or unique "non-fungible" assets (NFTs), such as digital art.
Digital Art Specifically: Programs, Not Just Certificates
In digital art, blockchain offers something radically different from traditional certificates of authenticity (COAs). Unlike a traditional COA—usually a static document verifying authenticity—a blockchain-based artwork can exist as a living, dynamic program known as a smart contract. When an artist creates digital art on the blockchain, they're essentially publishing software onto this decentralized global computer. To me, this is one of the most beautiful shifts in how art can live—not just archived, but encoded as action.
Within each smart contract is crucial data, including a unique token known as an NFT ("non-fungible token"), which certifies authenticity. But unlike traditional COAs, smart contracts can actively manage ownership transfers, handle direct sales, automatically distribute royalties, and even enforce rules about how the artwork can be displayed or used. These operations happen transparently, automatically, and without needing a trusted intermediary or central authority.
These blockchain-based programs permanently record essential information, such as:
Authenticity and verification: cryptographically confirming the artwork’s legitimacy.
Provenance: immutable records of creation, previous owners, and transfers.
Economics and royalties: automatically managing payments and royalties without intermediaries.
Often, the artwork itself—such as images, videos, or code—exists off-chain, stored on traditional servers or other external systems. However, these external files can still be cryptographically linked and verified against the blockchain’s smart contract data, securely tying the actual artwork files to their blockchain records.
Your wallet provides direct access control to these smart contracts and all their associated rights. Losing your wallet’s keys doesn't erase the blockchain’s data, but it does permanently remove your ability to control or interact with your artwork and its associated rights.
2. Hot vs. Cold: The Security Spectrum
Wallets exists along a spectrum from "convenient yet riskier" to "highly secure but less convenient":
Hot Wallets (online):
Always connected to the internet.
Fast, convenient for frequent transactions, but more vulnerable to theft, phishing, and malware attacks.
Cold Wallets (offline):
Usually disconnected from the internet, connecting only briefly when signing transactions.
Less convenient but significantly safer for long-term storage.
Imagine a hot wallet as your home—quick, convenient access, but more vulnerable. A cold wallet is like a bank vault—harder to access, requiring deliberate steps, but substantially safer.
Why Briefly Connecting is Still "Cold"
Connecting a cold wallet briefly to your computer might seem contradictory, but it remains "cold" because your private keys never actually leave the device—even during connection. When connected via USB or Bluetooth, your transaction request goes into the device, is signed securely inside, and only the signed transaction (never the key itself) leaves the device. This critical separation protects your keys from malware, hacks, and unauthorized access.
Thus, "cold" doesn't mean "never connected"—it means your keys remain isolated and never directly exposed online. You’re not exposing the vault—you’re just passing a sealed envelope through the slot.
3. Why Not Just One Set of Keys? (Separate Keys, Separate Risks)
Simplicity is attractive—one set of keys controlling everything sounds great. But relying on a single set of keys creates both a single point of failure and a single point of compromise. Imagine if your home contained not just your everyday items, but your life savings in cash, stacks of gold bars, rare collectibles, sensitive documents, your passport, and all your investments. While convenient, you'd feel extremely uncomfortable knowing that one successful break-in would mean losing everything at once—and you'd likely become a prime target.
In the real world, we manage this risk by distributing assets across secure, specialized places:
Banks for financial accounts.
Safe deposit boxes for rare valuables.
Separate secure storage for sensitive documents.
Similarly, using multiple wallets—each with their own set of keys—protects your digital assets by isolating risks. Consider dedicated wallets for frequent transactions, long-term storage, or active selling. This way, even if one wallet is compromised, your losses remain limited and contained.
Going a Step Further: Dealing with Multiple Blockchains
As your digital art collection grows, you'll likely encounter multiple blockchains—like Ethereum, Tezos, Bitcoin, or various Layer 2 solutions (L2s)—each typically requiring its own dedicated wallet. Today, most wallets are designed for specific blockchains or closely related networks. For example, MetaMask primarily handles Ethereum and Ethereum-compatible L2s, but won’t seamlessly integrate Bitcoin (Ordinals) or Tezos. This means managing a diverse collection naturally leads to having multiple wallets, each secured independently.
While maintaining separate wallets for different blockchains increases complexity, it also significantly improves your security by isolating risks. If a malicious transaction compromises one wallet, assets on other blockchains remain safe. If you're managing a valuable or significant digital art collection, this blockchain-specific isolation can greatly enhance your security, despite the added complexity.
This extra precaution isn't mandatory for everyone, but understanding these practical considerations—and the inherent limitations of wallet compatibility—will help you thoughtfully navigate digital art and blockchain technology.
4. Seed Phrases: Your Wallet’s Digital DNA (Guard Carefully)
Your seed phrase is a sequence of 12–24 randomly chosen words acting like your wallet’s digital DNA. From this single piece of carefully guarded information, your entire wallet—every private key, every address, every piece of data—can be perfectly reconstructed. Just as an organism’s DNA contains all the instructions needed to perfectly recreate its fundamental structure, your seed phrase precisely regenerates your entire wallet—down to every private key and address—without any variation or external influence.
This seemingly simple sequence holds such vast, random complexity ("entropy") that guessing or duplicating it is practically impossible. It’s the ultimate foundation of your digital assets, and losing it means permanently losing your ability to access or control those assets.
Therefore, thoughtful planning around protecting and recovering your seed phrase is crucial:
Physically store multiple copies, separated geographically. Never store digitally or online, due to security risks.
Provide a clear, simple set of recovery instructions for trusted family members or friends—without exposing your seed phrase directly.
If your collection becomes especially valuable or significant, consider an even stronger strategy called Sharded Secret Key Reconstruction (SSKR). This standard allows your seed phrase to be split into multiple parts (e.g., "2 of 3" shares). Only a certain number of shares are needed to regenerate your wallet, greatly reducing risk. (For practical advice on setting up SSKR, see my earlier post.)
It’s astonishing that so much power hinges on something so simple. But remember, your seed phrase isn't simply a password or key—it's the digital DNA that defines and regenerates your entire wallet. Protect it accordingly.
5. "Smart Contract" Wallets: Wet vs. Dry Code
Smart-contract wallets (enabled by account abstraction and related technologies) promise greater convenience and flexibility—easier recovery, flexible permissions, and automated processes. However, the phrase "smart contract" suggests intelligence or judgment that isn't really there. In reality, a "smart contract" is just a piece of software: it can only follow instructions exactly as programmed, nothing more. Unlike humans, software cannot interpret intent, handle unexpected scenarios gracefully, or apply common sense. This makes it powerful—but also incredibly fragile. Even a small oversight or unintended flaw can cause major failures.
Traditional fiduciary systems (banks, trustees, financial institutions) rely on human judgment—what cryptographer and smart-contract pioneer Nick Szabo calls "wet code"—which is flexible, adaptable, and capable of handling messy real-world situations (though, as Wall Street has repeatedly shown, still far from perfect!). Smart contracts, in contrast, are "dry code": literal, rigid, and unforgiving when mistakes inevitably occur.
The difference can be profound: Human fiduciaries (theoretically) have incentives and responsibilities aligned around managing mistakes, fraud, and disputes, though their real-world execution can be imperfect and messy. Smart contracts lack this flexibility entirely. They enforce exactly what they’re programmed to enforce—nothing more, nothing less.
Consider the now-infamous "The DAO" incident from Ethereum's history:
In 2016, The DAO launched as one of the largest crowdfunding projects ever, amassing roughly 14% of all Ether in existence at that time into a single, auditable smart contract. Intended as a revolutionary form of decentralized investment fund without traditional human management, its smart contract logic was completely transparent—but also rigidly literal. Exploiting an unintended loophole in that code, an attacker siphoned off around 3.6 million Ether—at the time valued around $50 million—roughly a third of the entire DAO's holdings.
The Ethereum community faced an existential crisis. While the attacker had technically followed the exact rules of the smart contract's "dry code," the result was ethically catastrophic and financially devastating. Ultimately, the Ethereum core developers controversially chose to implement a "hard fork," rolling back the blockchain to restore stolen funds to their rightful owners. This decision split Ethereum into two separate chains—Ethereum (the forked, restored blockchain) and Ethereum Classic (the original, uncompromised blockchain)—a split that still exists today.
The DAO crisis illustrates the severe limitations of relying solely on dry, literal code to manage complex human affairs. Code has no concept of fairness, intent, or ethics. When it fails, it fails spectacularly.
This event profoundly impacted how I think about blockchain: smart contracts ("dry code") alone aren't enough. While they're incredibly promising and worth exploring, they're also relatively new and still evolving—meaning we shouldn't yet rely on them exclusively. Humans, messy and imperfect as we are, remain essential to interpret intent, handle disputes, and step in when software inevitably falls short. So by all means, experiment with smart contracts, but do so thoughtfully: recognize their current limitations, diversify your approach, and don't put all your trust or assets into this single, still-maturing technology.
6. Where I Think We're Headed: Combining Human and Code-Based Trust
Ultimately, I don't think the future will force us to choose between human-based ("wet") and code-based ("dry") solutions. Traditional fiduciary systems—imperfect as they are—have refined nuanced models of trust over generations. Meanwhile, blockchain and smart contracts invite us to rethink these models from first principles, offering transparency, automation, and decentralized reliability.
In fact, early versions of this hybrid approach already exist. Personally, I use Sharded Secret Key Reconstruction (SSKR), where cryptography (dry code) ensures secure key recovery, and trusted friends (wet code) each hold a piece of the puzzle. At Feral File, we use Tholos, a multisignature wallet that combines programmable controls with collaborative human decision-making.
These setups aren’t perfect, but they’re promising. They show what’s possible when we thoughtfully combine human judgment with the strengths of software. Exactly how this hybrid future will unfold—I don’t know. But it fascinates me. And it's something I continue to explore.
For now, understanding wallets, protecting yourself thoughtfully, and staying grounded in both the strengths and limitations of this technology is the best path forward.
Ideally, as Steve Jobs once said, all this complexity will eventually “disappear.” The goal is not to make the world more complicated—but to give people tools they can trust. Until then, having a clear mental model—and combining human trust with programmable systems—is the best we’ve got.
—
Thanks to Michael Nguyễn, Lauren Jones, Whitney Hart, and Madeleine Pierpont for reading drafts of this.
Absolutely loved this post.