Ten years in, the wallets I actually use are the same four or five. The on-chain tools I open every morning are the same six. The information sources that hold up across a full cycle are much fewer than the noise would suggest. This page is that short list — not the "best of" anything, just the one I open every day.
The list is intentionally short. Most of the noise out there is people recommending tools they have never genuinely depended on. Toward the end of the page there is a section on the affiliate-code situation — why I link to exchanges through a referral code, whether it costs you anything, what it means for the trustworthiness of the recommendations. Read that section honestly and then decide for yourself.
Wallets · 6 I have actually used for a decade
Three things to say up front about wallets. First, never photograph your seed phrase, never store it in cloud storage, never paste it into any chat window of any kind — not WhatsApp, not iMessage, not Signal, not Telegram. Second, a self-custody wallet means "you are your own bank" — one wrong character in the seed phrase and the funds are gone forever, and there is no recovery process anywhere. Third, the most cost-effective split after ten years of doing this: large balances on hardware, daily-use balances on software, on-chain exploration in a separate small "burner" wallet. The burner wallet is the one you connect to unknown contracts; it carries the absolute minimum value needed to interact, so a malicious approve only drains a small position.
Software wallets · 4
MetaMask (metamask.io) — the classic browser extension for EVM-compatible chains. Strengths: it supports the largest number of chains and has the best dApp compatibility — almost every Ethereum-ecosystem application "just works" with it on the first try. Weaknesses: the default RPC routes through Infura, which is run by ConsenSys and gives one centralised vendor visibility into all your queries; the in-wallet swap quotes are usually a few basis points worse than going directly to Uniswap. I have rotated through other wallets several times and always end up back on MetaMask as the main one.
Phantom (phantom.app) — the canonical Solana wallet, now extended to Ethereum and Bitcoin as well. The UI is friendlier than MetaMask's, and the in-wallet swap uses Jupiter aggregation which usually gets best execution in the Solana ecosystem. If you are doing anything serious in Solana — meme-coin trading, Jupiter / Drift / Marginfi DeFi, NFT minting — this is the wallet you will end up with.
OKX Web3 Wallet (okx.com/web3) — the best Web3 wallet to come out of an exchange. Cross-chain bridging is built in, the DEX aggregator has competitive quotes, and the UI is the closest thing crypto has to a Coinbase-grade consumer experience. Suited to "I do not want to install three wallets" users. Important caveat: it is genuinely self-custody — the seed phrase is yours to safeguard, OKX does not have a copy, and there is no exchange-style account recovery if you lose it.
Rabby (rabby.io) — built by the DeBank team. Its signature feature is that it simulates the transaction before you sign it and shows you exactly what assets will move where, which is the single most effective defence against approve-phishing. When I am interacting with high-risk new contracts, Rabby is the primary wallet. It has caught several obviously malicious calls in real time that MetaMask would have happily signed.
Hardware wallets · 2
Trezor (trezor.io) — the oldest hardware wallet, fully open-source, with a community-audited security model. The Model T has a touchscreen and the best user experience; the Model One is the cheap entry-level option. Buy from the official site only. Never from Amazon third-party sellers, never from a forum, never secondhand — a hardware wallet that has been tampered with at the firmware level can silently leak your seed phrase the first time you use it. This is not a hypothetical; it has happened to multiple people I know personally.
Ledger (ledger.com) — the market-share leader. Supports more tokens than Trezor and the Bluetooth Nano X model is convenient for mobile use. The 2020 customer-database breach (where customer names, addresses and phone numbers leaked, leading to a years-long wave of physical-mail phishing) dented my trust somewhat, but the secure-element chip itself was never compromised — the lesson is to never give your real address or phone number to any crypto company you do not strictly have to.
The iron rule for hardware wallets: buy directly from the official website only. Any secondhand channel, any e-commerce third-party storefront, any private seller — all of them are no-go. Paying an extra USD 50 retail beats losing the entire stack to a tampered device.
On-chain explorers + dashboards · 6 I open daily
On-chain data is the rarest first-hand information source in crypto. Not the news, not the KOL tweets, not the podcasts — what addresses are actually doing. The six tools below are in rough order of how often I open them in a typical day:
Etherscan (etherscan.io) — the search engine of EVM chains. Look up transactions, inspect contracts, view token holdings, trace fund flows — Etherscan does all of it. The single highest-leverage habit is to learn the "Read Contract" tab to query contract state directly — that is one hundred times more reliable than reading any news article about a project. Each L1 has its sibling: bscscan.com for BNB Chain, polygonscan.com for Polygon, basescan.org for Base, arbiscan.io for Arbitrum, optimistic.etherscan.io for Optimism.
Solscan (solscan.io) — the Etherscan of Solana. Because Solana transactions are cheap and fast, the chain activity is much denser than Ethereum mainnet's, and a single hour of address activity on Solscan can teach you more about how traders actually behave than a week of reading commentary.
DexScreener (dexscreener.com) — cross-chain DEX market aggregator. New tokens show up here within minutes of launch with their candlestick chart, liquidity profile and order-flow visible. For meme-coin trading, new-project surveillance, or spotting pump-setup patterns, this is the standard tool. The free version is sufficient; Pro mainly adds faster loading and customised alerts.
DefiLlama (defillama.com) — the de facto standard for DeFi TVL dashboards. Use it to see which chains are gaining or losing TVL, which protocols are growing, how stablecoin supply is shifting between chains, and which narratives have real on-chain traction versus which ones are pure Twitter-shilling. The single fastest way to assess "is this sector actually being used?"
Glassnode (glassnode.com) — on-chain metrics for BTC and ETH. The origin of canonical indicators like MVRV, SOPR, LTH supply, Realised Cap, NUPL and so on. The free tier is limited; the genuinely useful indicators are behind a paywall starting around USD 39 per month. For positioning over multi-quarter horizons, the subscription pays for itself easily.
Dune (dune.com) — community-built on-chain dashboards backed by SQL queries over indexed chain data. You can write your own queries against arbitrary chain data, or use dashboards built by others. For evaluating whether a new protocol has real users, checking airdrop eligibility, or analysing wallet behaviour, a small amount of SQL fluency goes a very long way.
Those six are the daily set. Beyond them, when you want to go deeper there is also Nansen (address-label intelligence), Arkham (entity attribution) and Token Terminal (per-protocol revenue metrics) — but those are "specialise in one direction first" tools. New traders should master the six above before adding any of those.
For US / EU readers · power-user tools and three safety rules
This section is the one that matters most if you are reading from the United States, the European Union or the United Kingdom — partly because the most sophisticated on-chain tools are disproportionately built and used by US/EU operators, and partly because the regulatory posture makes a small number of safety habits non-negotiable for readers in those jurisdictions.
Power-user dashboards (predominantly US/EU operator base)
Dune Analytics (headquartered in New York) — by far the most powerful general-purpose on-chain SQL workbench. The community has built tens of thousands of dashboards covering everything from Uniswap v4 hook adoption to per-validator slashing statistics on Ethereum. For US-based institutional desks, hedge funds and serious independent researchers, Dune is the workbench of record. A free account is sufficient for browsing; the paid tier mostly adds private queries and faster execution.
Nansen (Singapore-headquartered, but a US-heavy user base) — the address-label intelligence layer. Nansen tags addresses across chains with human-readable labels: "Smart Money," "Top Whales," "Funds," and so on. The premium tier is expensive (around USD 150 per month), but for following whale flows and identifying which sophisticated wallets are accumulating a token before retail catches on, it is best-in-class.
Arkham (Arkham Intel Exchange, US-based) — entity attribution and intelligence marketplace. Arkham clusters on-chain addresses into named entities (exchanges, market makers, DAO treasuries, individual identifiable wallets), letting you see which entity is behind a particular flow. The token launch in 2023 was controversial but the underlying product is genuinely useful for entity-level analysis.
Token Terminal — the "P/E ratio of protocols" dashboard. Tracks protocol revenue (the fees actually paid by users), distinguishes from "protocol incentives" (tokens emitted to subsidise usage), and computes price-to-sales and price-to-earnings ratios across DeFi. The single most useful tool for assessing whether a protocol's market cap is justified by actual revenue.
L2 explorers worth bookmarking — arbiscan.io (Arbitrum), optimistic.etherscan.io (Optimism), basescan.org (Base, Coinbase's L2), explorer.zksync.io (zkSync), lineascan.build (Linea, ConsenSys's L2), scrollscan.com (Scroll). Bookmark these because L2 activity has eclipsed L1 mainnet in transaction count, and the canonical Etherscan covers L1 only.
Mobile — Coinbase Wallet (separate product from the Coinbase exchange, fully self-custody, US-friendly), MetaMask Mobile (browser-extension equivalent on phone), Trust Wallet (a Binance-owned multi-chain mobile wallet with strong adoption among US/EU casual users). For daily on-chain phone use, the Coinbase Wallet + MetaMask Mobile combination covers almost every situation.
The three safety rules that matter most
For US and EU readers — where the legal recovery picture for stolen crypto is bleak even when the FBI gets involved — these three rules are the single highest-leverage habits you can adopt. Internalise these three, and the probability of losing a meaningful amount of crypto to front-end attacks drops by roughly an order of magnitude.
Rule 1 · Do not click crypto downloads sent through Telegram, Discord, X DM, email or forum links. Every meaningful malware campaign in crypto over the last three years has started with a social-engineered download — fake Zoom client, fake meeting app, fake "investor pitch" PDF that turns out to be an executable, fake wallet update. The norm should be that the only way you ever install a crypto-related binary is by typing the URL of the official project manually into your browser. If anyone in chat suggests you download anything, treat it as hostile by default. This single rule would have prevented several of the largest individual losses in crypto history.
Rule 2 · Always simulate token-approve transactions before signing. The vast majority of "drainer" attacks on Ethereum and other EVM chains work by tricking a user into signing a malicious approve transaction that hands the attacker permission to spend their tokens. Rabby (mentioned above) does this simulation natively. MetaMask's recent updates include a transaction-preview feature that does something similar. Etherscan has a free "verify contract" interface where you can paste a transaction hash and see exactly what it will do. Use one of these every single time you sign anything on a new front-end. The thirty seconds you spend on the simulation is the difference between a normal transaction and a complete wallet drain.
Rule 3 · Hardware wallet for any meaningful balance, and only from the official site. For any balance over a few thousand dollars, a hardware wallet is non-negotiable. Buy from ledger.com or trezor.io directly; not from Amazon, not from a third-party reseller, not from a "great deal" anywhere else. Tampered hardware wallets with malicious preloaded seed phrases have been a documented attack vector since at least 2018. Pay the extra retail markup; do not optimise for the wrong thing.
Beyond those three, a fourth habit worth building: maintain a "burner" address that you fund with a small amount and use exclusively to interact with new, unaudited contracts. If a malicious approve goes wrong, it drains the burner — not your main address. The cost of maintaining the burner is a few dollars in extra gas per month; the upside is that no single malicious contract can take more than what is in that small wallet.
Why this matters under MiCA and US enforcement
Under the EU's MiCA framework, custody and exchange-related crypto-asset services are subject to detailed licensing requirements (CASP authorisation), but self-custody itself remains unregulated — the regulator's view is that you are responsible for your own keys, full stop. In the US, the same posture holds: self-custody is your own affair, and if your keys leak because you did not follow basic operational security, no regulator or insurance scheme will make you whole. The FBI's IC3 portal will accept your report, but recovery of stolen self-custodied funds is genuinely rare. The three rules above are therefore not optional best practices — for a self-custody user in a US/EU jurisdiction, they are the only thing standing between you and a total loss.
The affiliate-code situation · the honest version
The exchanges I link to throughout this site (Binance, OKX, Bybit, Bitget, Gate) all involve affiliate referral codes. When you register through one of them and trade, I receive a share of the fees from the exchange's marketing budget. Your fee structure is not affected — the share I get is taken from the exchange's own marketing spend, not added on top of what you pay. Several exchanges actually give you a small fee discount when signing up through a referral.
What that means in practice for trust: when I recommend an exchange in an article, I am recommending one that I would use anyway and that pays me a small ongoing share when readers trade through it. The recommendation logic does not change because of the referral — I have publicly criticised Binance, OKX, Bybit and others when warranted, and the article archive contains posts that are explicitly negative on exchanges I receive affiliate fees from. The referral arrangement is fully disclosed on the disclaimer page in compliance with FTC Endorsement Guides and ESMA equivalent rules.
You are entirely free to register directly through any exchange homepage, skipping my referral code entirely. The articles are not gated. The tools are not gated. You will not see a single sentence less of content if you do not use the referral code. The reason the affiliate arrangement exists at all is to make a small operating budget for the site possible without running ads, charging for content, or selling courses — all of which would compromise the independence of the writing in ways that a transparent referral arrangement does not.
