Skip to main content
Don't invest unless you're prepared to lose all the money you invest. This is a high-risk investment, and you should not expect to be protected if something goes wrong. Take 2 min to learn more.

What Is a Wallet Address? The String Everyone Copies

What the string everyone copies actually is, why each chain formats it differently, and the two scams that prey on people who paste without reading.

beginner6 min readDan Clarke
Hero image for what-is-a-wallet-address

TL;DR

  • A wallet address is a public identifier built from your wallet's keys: share it to get paid, it cannot spend a thing on its own.
  • Every chain formats addresses its own way, and EVM networks share one format, which is why withdrawal screens make you pick a network.
  • One wallet mints many addresses; bitcoin wallets rotate them routinely and the old ones keep working.
  • Address poisoning and clipboard malware both bet on blind copying: never copy from transaction history, and check four characters at each end.
  • Education only, nothing here is financial advice.

You are mid-purchase, the app asks where the coins should go, you paste a string that starts bc1q, forty-odd characters of alphabet soup, and you read precisely none of it. Everyone does this. The thing looks like line noise, so we treat it like line noise: copy, paste, hope.

That string is a wallet address, and it repays two minutes of proper attention, because the classic ways people lose coins to thieves all begin with an address nobody read. This is an explainer, and none of it is financial advice.

A public identifier, and only that

An address is derived from your wallet's keys by one-way maths. Publish it on a billboard if you like: anyone who has it can send you coins. The address itself cannot spend a thing, because spending needs the private key, which stays in your wallet and cannot be worked out from the address. Treat it like a sort code and account number rolled into one string, handing it out is the whole point.

The other idea beginners get backwards: coins never sit inside the app. The balance lives on the blockchain, not in the wallet, and the address is how that public ledger files it. Delete the app, drown the phone, and the coins have not moved. Bitcoin's first address, mined into existence in January 2009, still shows its balance to anyone who cares to look, seventeen years on.

Why every chain's address looks different

No two blockchains ever agreed a shared format, so each grew its own, and the one upside is that you can usually tell them apart on sight.

Bitcoin runs three generations at once: legacy addresses start with 1, script addresses with 3, and the modern bech32 style starts with bc1, which arrived with the SegWit upgrade in August 2017. All three still work, an address never expires.

Ethereum addresses are 42 characters starting 0x, and the trap hides inside that tidy fact: Polygon and the rest of the EVM family use the same format, usually the identical string for your account on every one of them, so the address alone cannot tell anyone which network is meant. That ambiguity is why every withdrawal screen makes you pick a network from a menu.

Tron addresses start with T, and Solana addresses run 32 to 44 characters with no 0x in sight.

The capital letters are doing a job

Look closely at an Ethereum address and some of the letters are capitals, oddly scattered, and those capitals are a checksum, a convention adopted in 2016. Mangle a character while typing and the string almost always fails validation rather than paying a stranger, and Bitcoin addresses carry a checksum of their own, so the text is error-checking you for free the whole time.

One wallet, many addresses

A wallet mints addresses in bulk, all derived from one seed phrase. Bitcoin wallets go further and rotate to a fresh receiving address after every payment, as standard behaviour. Beginners meet this and assume something broke, because yesterday's deposit address has vanished from the screen. Nothing broke. Old addresses keep working, and coins sent to them land in the same wallet as ever.

Exchange deposit addresses are the same trick from the other side: an address the exchange controls, earmarked for your account, and it may change between visits.

Nobody pretends the raw strings are friendly, which is why the Ethereum Name Service launched in 2017 to map readable names like yourname.eth onto addresses, and it helps where apps support it. Most days you will still be copying the raw string though, so the fix only goes so far.

Public forever

Addresses are pseudonymous, not private: no name is attached on-chain, yet every transaction an address has ever touched is published permanently, amounts and timestamps included, on a ledger anyone can query for nothing. Paste a friend's address into a block explorer and you are reading their payment history inside ten seconds.

There is an entire industry reading those trails for a living: Chainalysis, founded in 2014, sells that tracing to exchanges and governments. Rotation exists precisely because reusing one address stitches your payments into a single public thread, which is something to sit with before you print one on a poster and call it a tip jar.

The two scams built on not reading

Address poisoning works on the copying habit alone. The attacker generates a lookalike address that shares the first and last few characters of one you already use, then sends a tiny dust payment so the lookalike shows up in your transaction history, and then he waits, because one day you will copy your old address from that history and the one you grab will be his. In May 2024 a trader did precisely this and sent wrapped bitcoin worth about $68 million to a poisoned lookalike. The attacker returned it days later, an ending rare enough to make the news twice. So never copy an address out of transaction history, take it fresh from the receiving wallet, or from the person paying you, every time.

The second scam is clipboard malware: code on your device that swaps the address between copy and paste. The screen you copied from still shows the right address while the field you pasted into holds a different one. The counter is unglamorous: check the first four and last four characters after pasting, and prefer QR codes, which take typing and clipboards out of the story altogether.

Moving coins properly, test sends and network menus included, is a ritual we cover in a separate guide. Reading the address is the part that never changes, whichever chain you are on.

Where the on-ramp stops and you start

When you buy crypto and have it delivered to your own wallet, the platform can verify your card and your identity, and it can hold your quote. Banxa has run that fiat-to-crypto plumbing since 2014, across 100-plus payment methods in 100-plus countries where it operates, and the one thing no on-ramp can check is whether the pasted address is really yours. That part is your department, and always will be, and it costs about ten seconds to read four characters at each end of the string. For what it protects, there is no cheaper habit in crypto, and hardly anyone has it.

Frequently Asked Questions

No. An address can only receive. Spending needs the private key, and the address does not reveal it. What a stranger can do is watch, since every payment in and out of that address is public. And if a tiny unexplained deposit appears, treat it as poisoning bait: ignore it, and never copy addresses out of your history.

Rotation is standard. Bitcoin wallets hand out a fresh receiving address after each payment, mainly for privacy, because reusing one address links all your payments together in public. The old addresses keep working, and coins sent to any of them end up in the same wallet.

No, and the difference is the whole security model. The address is public and made for sharing. The private key signs spending, never leaves your wallet, and no honest platform or support agent will ever ask for it, or for the seed phrase behind it.

The format often matches, and that is the trap. An Ethereum address is usually valid on Polygon and other EVM networks, but each network is a separate ledger. Coins sent on a network the receiving side does not watch are usually gone for good, so match the network menu to what the receiver supports before anything moves.

Usually nothing moves. Addresses carry checksums, Ethereum hides one in its capital letters, so a mangled string almost always fails validation before any coins leave. The dangerous case is a valid but wrong address, which is why QR codes and reading the ends beat retyping every time.

No. Bitcoin's first address dates from January 2009 and could still receive coins today. Wallets retire nothing; they add fresh addresses on top, and everything an old address receives still lands in your balance.

By Dan ClarkeLast updated: 14 July 2026