What Is a Private Key? The Number That Owns Your Crypto
The single secret behind every wallet, address and seed phrase, told through two of the most famous losses in bitcoin's history.

TL;DR
- A private key is a very large random number; whoever can sign with it owns the coins, no name or account attached.
- Addresses derive from the key by one-way maths, so sharing an address is harmless and sharing the key is fatal.
- A seed phrase is the same secret as 12 or 24 words; any site or person asking for it is running a scam.
- Custodial platforms hold keys for you; self-custody and hardware wallets put the key, and the backup job, in your hands.
- Educational only, not financial advice; crypto values can fall as well as rise.
Stefan Thomas has two guesses left. The San Francisco programmer holds the keys to 7,002 bitcoin, and in January 2021 his situation made news around the world: the keys live on an encrypted IronKey USB drive, the drive allows ten password attempts before sealing its contents for good, and he has burnt through eight. He can see the coins on the blockchain whenever he likes. He cannot spend them.
What he lost is not the bitcoin, it is a private key, the single secret that decides who owns what on a blockchain. Everything else in crypto grows out of that number or exists to guard it. This guide is an explainer, not financial advice.
A number, and nothing but a number
A private key is a very large random number, and that is the entire object: no certificate attached, no account record, no company that issued it. Keys on Bitcoin and Ethereum are 256 bits long, which written out in decimal runs past 70 digits.
A wallet, despite the name, is key-management software. When you pay someone, it uses the key to produce a signature, a piece of maths the network can verify in milliseconds without the key itself ever appearing. Bitcoin has run on this trick since January 2009. Whoever can sign, owns. The chain does not know your name and does not care.
Addresses come from keys, never the reverse
From the private key your wallet derives a public key, and from that the wallet address people pay you at. Both steps run one way: forwards takes a millisecond, backwards is not computable with any hardware in existence, which is why handing out an address is harmless. Print it on an invoice, paste it into a group chat, fine: the key goes nowhere, ever.
One catch: the number has to be born properly random. In August 2013, Bitcoin.org warned that a flaw in Android's SecureRandom generator had been producing predictable keys, and coins were genuinely stolen from wallets created on affected phones. Randomness quality sounds academic right up until it empties a balance.
A landfill in Newport holds roughly 7,500 BTC
James Howells mined bitcoin early: in 2013 a hard drive carrying the keys to about 7,500 BTC left his house in a bin bag, and it has sat under a landfill in Newport ever since. He has spent years lobbying to dig the site up, so far without success.
Nobody stole anything, the coins are still visible on the ledger today, exactly where they always were. What died was the ability to sign for them, and on a blockchain that ability is the whole of ownership.
Can you reset it?
No.
There is no password desk behind a blockchain, no recovery email, nobody to appeal to. Stefan Thomas has been living inside that answer since January 2021, two guesses from a fortune.
Seed phrases are the same secret, wearing words
Copying 70-odd digits by hand is miserable and error-prone, so in 2013 the BIP-39 standard gave wallets a human format: the key material encoded as 12 or 24 words drawn from a fixed list of 2,048. That set of words is the seed phrase. Write it down and you have written the key down.
Which is exactly why phishing pages beg for it. A fake wallet pop-up, a 'validation' form, a helpful stranger in a support chat: all of them want the words, because the words move the coins. Our guide to backing up a seed phrase covers storage mechanics properly, this piece stays with the key itself.
Custody is the question of who holds the key
Leave coins on an exchange and the platform holds the keys, you hold a login. That is custodial storage, and it stands or falls with the custodian. The warning here is dated February 2014, when the Mt. Gox exchange collapsed while holding users' keys and roughly 850,000 BTC went unaccounted for. 'Not your keys, not your coins' has been the community's shorthand ever since.
Self-custody flips the deal: your wallet, your key, your backup burden. A hardware wallet goes further and keeps the key inside a small device that signs transactions internally, so the number never touches an internet-connected machine at all.
Neither option is wrong: beginners mostly start custodial because there is less to break, then move once the first uneasy headline lands.
One boundary worth drawing: an on-ramp is neither of these. Banxa converts money into crypto and delivers the coins to whichever wallet you point it at, plumbing it has run since 2014 across 100-plus payment methods in 100-plus countries, where available. It does not hold your keys, so decide where the coins will land, and who keeps that key, before you press buy.
Three rules fall out of all this
Everything above collapses into three habits, none optional.
No real service will ever ask for your private key or seed phrase, no wallet app, no exchange, no support agent, no 'verification' step: the request itself is the scam.
A key or phrase typed into any website is burnt, so set up a fresh wallet and move the coins, even if nothing looks wrong yet.
Photograph nothing, because cloud photo libraries get breached, and a picture of 24 words is the key itself, thinly disguised.
Somewhere under Newport sits a drive holding 7,500 coins, and Stefan Thomas still owns an IronKey nobody dares guess at. No hacker appears in either story, ordinary sloppiness did all the damage, which is the real lesson of private keys: choose who holds yours deliberately, then treat the written words like money. They are.
Frequently Asked Questions
On Bitcoin and Ethereum it is a 256-bit number, usually shown as a string of around 64 letters and digits. Most wallets never show it to you at all; they show the 12 or 24 BIP-39 words that encode it instead.
No. A password protects an app or an account, and whoever runs the service can usually reset it. The key is the ownership itself, and nothing on a blockchain can reset that. Lose the key with no backup and the coins stay frozen where they are.
They sit on the ledger, visible and untouchable. The roughly 7,500 BTC under the Newport landfill has not moved since 2013, because without the key nobody can produce a valid signature. There is no recovery desk to appeal to.
A properly generated 256-bit key is beyond brute force, so guessing is not the threat. Keys get stolen through phishing, malware, photos of seed phrases and, rarely, weak generation, like the Android SecureRandom flaw that Bitcoin.org flagged in August 2013. People leak keys; the maths holds.
No. Banxa is an on-ramp and off-ramp: it converts money to crypto and delivers the coins to the wallet address you give it, plumbing it has run since 2014. Key custody sits with you, or with whichever wallet or platform you choose to receive the coins.
Anything online can be phished or breached, and those words are the key itself. Paper or steel, kept offline, is the standard answer. Our seed phrase backup guide walks through the mechanics; the one rule that never bends is that the words stay off the internet.