Quite simply, private keys are like your signature or pin code. They are what is needed to send any transaction from your crypto wallet. Without your private keys, you can’t send any of your cryptocurrencies, interact with a decentralized application like a decentralized exchange or NFT marketplace, or interact with a smart contract.
Within the blockchain, anyone can send funds to any public address and can see the balances of any address.
This is the transparency of a publicly accessible digital ledger. While anyone can see the balances of all public addresses, only the person who holds the private keys for that address can move the balance. Note that the publicly visible balance aspect does not apply to privacy coins such as Monero (XMR), where all balances are hidden from others.
The reality is that you’ll probably never see your private key and it’s hard to find it intentionally. Instead, you create a password for your wallet and then your wallet automatically uses the private key behind the scenes when you enter the password to sign a transaction.
And my recovery phrase?
Your recovery phrase is a set of 12 or 24 words that is given to you when you create a new crypto wallet. It is used to recover your wallet in case of loss of access or to generate the same wallet within a new application. They must be known in the correct order to “recover” your wallet.
For example, if you create a Cardano wallet with Daedalus you will be given a recovery phrase. If you then decide that you don’t like Daedalus, you can restore the wallet in another software such as the Eternl browser extension. When you enter the recovery phrase you were given via Daedalus in Eternl, the exact same wallet, including all your transactions and balances, will be accessible through Eternl.
It is worth noting that this is not creating a new wallet in Eternl or destroying the wallet in Daedalus. You are simply creating access to the same wallet through another channel. The only difference would be your password, although you could use the same for both channels if you choose to configure it this way. It’s a bit like having a spare set of house keys with a different color. Both sets open the house, you just need to decide which set you want to use.
Why should I (or someone else) publish my private keys in the first place?
The reality is that you are unlikely to decide to post your private keys or recovery phrase on a forum. It’s actually quite difficult to even find your private keys (recovery phrases are much more accessible). It is actually generally through a phishing scam or a false figure of authority scam that occurs. If a newcomer to cryptocurrency doesn’t know anything better, they’re more likely to fall into one of these two main situations.
A phishing scam can happen in a couple of ways, but one of the main ones is a mass email sent to a wide demographic of people. It could be something like an email saying your MetaMask wallet (or another self-custodial) needs to be verified. If you click on the links inside to begin verification, you’ll be asked to provide something like your recovery phrase.
What new users don’t realize is that the email they received was sent to thousands of users, regardless of whether they have a MetaMask account. Scammers are simply throwing a line and seeing who bites. No wallet team will ever need your recovery phrase or verify your account, as this would defeat the purpose of being a decentralized service.
Scams of fake authority figures are more likely to occur on a forum or something like Discord. A user will ask a question, say something is wrong, ask for a release date, etc. A scammer will then miss DMs to the person (assuming they allow DMs from unfriends, which is the default) by posing as an authority figure. They will ask for private keys or a recovery phrase to “help” the user who asked the question. Alternatively, they can send a link to a fake site that looks like the real one and enter your information that they can see as it is not actually a safe page.
So what happens if I give away my recovery phrase or private keys?
To keep things simple, you would apparently lose all your resources. By publishing your private keys or recovery phrase, or giving it to someone else, you are handing them your wallet. They can then retrieve your wallet and send your funds or NFT to themselves. There would be no way to cancel any of these transactions and you would probably have no legal recourse available to you. You’re basically giving them your credit card, security code, billing address, and expiration, just in the form of cryptocurrency.
If you remove one thing from this guide it should be that you should never give anyone your private keys, or the recovery phrase, or publish it anywhere, for any reason. You’re giving away your money.