Note for 5yo: there are no wallets or coins like physical ones, users have only secret keys to create digital signatures of transactions.
Leak of a private keys == leak/lost of funds
There are many attack vectors, to reduce attack surface what can be actively done:
- Use one private key only once — one-time signatures
- Use multiple signatures for one transaction — multisig, even you are alone
- Manage/use private keys on a protected hardware device
- Don’t accumulate assets in one account — all eggs in one box
If no hardware wallet available, some old offline computer(s) can be used to manage keys and sign transactions (better than nothing solution).
Private key is just a random byte array, don’t use any seed phrases, magic solutions or any other insecure management.
Private key can be encrypted, stored and used on offline, isolated and protected hardware device.
One-time signatures are a great concept in cryptography. It is almost impossible to hack even with quantum computers or any other type of future computers that may exist. It’s naturally can be implemented in UTXO-based blockchains and in account-based ones (ethereum for example) but some simple smart contract is required.
