Probably, you heard or read that crypto currencies are stored in crypto wallets, by analogy as cash is stored in ordinary physical wallets. If you believe in this statement then you was fooled by the above analogy as many, so called crypto experts, were fooled. The real fact is that in crypto wallets there are no any cryptos. All crypto wallets, except virtual/phantom wallets, are places, where cryptographic private keys are stored. For convenience, many crypto wallets have software, which allows to retrieve information from blockchains, where all transactional data is stored, and make new transactions by means of the private keys.
Blockchains are distributed databases of all transactions. In many cases, we can think of a blockchain as a set of multiple copies of all transactional data, with each copy of the database on a separate computer, connected to internet. For the reason that all transactions are in the public domain (internet), anyone can see all information about transactions, including amounts on each account (blockchain address). You do not need any crypto wallet to see all this information. You can use publicly available blockchain explorers. Type a blockchain address in a blockchain explorer’s input field and as a result you will have information about all transactions on this address (or addresses), including the current balance amount.

To make transactions you need private keys for your blockchain addresses. Each private key corresponds to each blockchain address. Extended (master) private keys have many associated blockchain addresses. You can think about a private key as an analog of a password to your online bank account. You need a private key to make a transaction from your blockchain address in the same way as you need a password to make a transaction from your online bank account. Private keys allow you to control transactions on your blockchain addresses in the same way, as your online passwords allow you to control transactions in your online bank accounts. If some person will be able to find or reconstruct your private key then this person will be able to transfer all your cryptos from a blockchain address controlled by you to a blockchain address controlled by this person. In other words your cryptos can be easy stolen if other persons will have your private keys. Now, you know why it is so important to have a secure way to generate and store your private keys.
A simple way to understand why the majority of crypto wallets are not secure is to know that all crypto wallets, except virtual/phantom wallets (see [1-9]), have a single point of failure problem. A single point of failure is a component that, if it is the only thing that fails, can make the system unsafe. Safety requires no single points of failure (see [10]).
Let us consider some examples.
Example 1. Paper wallets
There are two stages in this case. The first stage is the stage of creation. To generate private and public keys, usually online or offline paper wallets generators are used. As a rule, it is claimed that these generators are random, but in fact they are deterministic (pseudo random). This means that anyone, who knows the deterministic algorithm, by which the keys are created can reconstruct generated by you paper wallet. The second stage is the stage of usage. On this stage, people use the private keys to make transactions and store these private keys on a paper, which is placed in a safe deposit box secured by a key. Anyone, who has this key (from/to the deposit box) or break the deposit box, will be able to access the paper with your paper wallet (private and public keys). As you can see, paper wallets have a single point of failure problem, therefore they are not very secure (contrary to the popular belief).
Example 2. Hot/Online/Mobile wallets
There are two stages in this case. The first stage is the stage of creation. To generate private and public keys, wallets internal generators are used. As a rule, it is claimed that these generators are random, but in fact they are deterministic (pseudo random). This means that anyone, who knows the deterministic algorithm, by which the keys are created can reconstruct the generated wallet (private and public keys). The second stage is the stage of usage. On this stage people use the private keys to make transactions and store these private keys in encrypted files, which are stored on devices (computers, mobile phones, servers, etc.) connected to internet. The encrypted files are protected by passwords. If either, the passwords or the file’s encryption will be hacked then the hackers will have your private keys. As we can see, in this case we have a single point of failure problem. Therefore, these wallets are not secure.
Example 3. Cold/hardware wallets
There are two stages in this case. The first stage is the stage of creation. To generate private and public keys, generators in internal microchips of hardware wallets are used. As a rule, it is claimed that these generators are random, but in fact they are deterministic (pseudo random). This means that anyone, who knows the deterministic algorithm, by which the keys are created can reconstruct the generated wallet (private and public keys). In fact, the majority of known hacks were performed by reverse engineering the algorithms on the hardware wallet’s microchips (see [11]). The second stage is the stage of usage. On this stage, people use the private keys to make transactions and store these private keys in encrypted files, which are stored on hardware not connected to internet. The encrypted files are protected by passwords. If either, the passwords or the file’s encryption will be hacked then the hackers will have your private keys. As we can see, in this case we have a single point of failure problem. Therefore, these wallets are not secure.
Example 4. Virtual/phantom wallets
In this case, the generated private keys are not stored in any place. In fact, outside of a time interval on which they are generated and used, they do not exist in the real world. Therefore, they can not be hacked, broken, stolen, damaged, confiscated, etc. when they do not exist in the real world. Generation of virtual/phantom wallets is based on the principle of multi-level hierarchical puzzle. This means, that there are many levels of the puzzle and on each level, many pieces are required to solve the puzzle. For this reason these wallets do not have a single point of failure problem, therefore they are the most secure crypto wallets.
For example, to create a virtual wallet a person needs a virtual key and a generator. The virtual key is created by means of a private DPG (see [1]). To create/re-create the virtual key a hacker needs 3 things: 1) access to your private DPG; 2) knowledge of input parameters (key+date); 3) knowledge of rules to create the virtual key. For the reasons that the last two things are in your brain memory only, and there are no easy to use devices to read your brain memory, it is almost impossible to reconstruct your virtual key by external hackers. Therefore, in this case there is no a single point of failure problem.

Traditional passwords managers keep all passwords in encrypted files, called vaults. This violates the main principle of risk management to not put “all eggs in a single basket”. The encrypted file is protected by a master password. If this master password or the file’s encryption will be broken then all passwords will be compromised. As we can see, in this case, also there is a single point of failure problem (in addition to a violation of the main risk management principle), therefore keeping all passwords in passwords vaults is not as secure, as it is advertised.
Dynamical passwords generators (DPGs) do not have a single point of failure problem, because they are based on the principle of a multi-level hierarchical puzzle. This means, that there are many levels of the puzzle and on each level, many pieces are required to solve the puzzle. DPGs do not store passwords in any place, therefore they do not violate the main principle of risk management. In fact, dynamical passwords are virtual passwords, which do not exist in the real world, outside of a time interval on which they are generated and used.
References:
[10] https://betterembsw.blogspot.com/2014/03/safety-requires-no-single-points-of.htm