🕠How to Set Up Your First Crypto Wallet: MetaMask & Phantom Step-by-Step (2026)
Setting up your first cryptocurrency wallet is the single most important step you'll take in crypto. Do it right, and your assets are secure. Make a mistake—especially with your seed phrase—and you could lose everything with no recovery possible. This guide walks through the two most popular non-custodial wallets step by step.
âš ï¸ Before You Start: A non-custodial wallet means you are the bank. There's no "forgot password" button. There's no customer support who can restore your funds. If you lose your seed phrase or private keys, your crypto is gone forever. Read every step carefully.
Which Wallet Should You Choose?
| Wallet | Best For | Platform | Chains |
|---|---|---|---|
| MetaMask | Ethereum and EVM chains (Arbitrum, Optimism, Base, Polygon, BSC) | Browser extension + Mobile app | Ethereum + all EVM L2s |
| Phantom | Solana-first users who also need Ethereum/Polygon/Bitcoin | Browser extension + Mobile app | Solana, Ethereum, Polygon, Bitcoin |
Our recommendation for beginners: Start with Phantom if you're on Solana. Start with MetaMask if you're on Ethereum or any EVM chain. Many users install both—they're free and serve different ecosystems.
Part 1: Setting Up MetaMask (Browser Extension)
Step 1 — Download from the Official Source
Go to https://metamask.io and click "Download." This is the ONLY safe source. Never search Google for "MetaMask download" and click a sponsored ad—scammers clone the page and inject malicious code.
- Chrome: Install from Chrome Web Store (publisher: "MetaMask")
- Firefox: Install from Firefox Add-ons (publisher: "MetaMask")
- Brave/Edge: Same Chrome Web Store link
- Mobile: iOS App Store or Google Play Store (publisher: "MetaMask")
Step 2 — Create a New Wallet
- Click "Get Started" then "Create a Wallet" (not Import Wallet—that's for recovery)
- Agree to the terms and click "Create a new wallet"
- Create a strong password — minimum 12 characters with numbers and symbols. Do NOT reuse passwords from other sites
- Click "Create"
Step 3 — The Seed Phrase (Most Critical Step)
MetaMask will display a Secret Recovery Phrase—12 random words. This is the master key to your wallet.
- Never screenshot it. Never type it into any website. Never store it in Google Drive, iCloud, Notes, or email drafts
- Write it down on paper — use the official MetaMask recovery sheet or plain paper. Write each word in the exact order shown
- Verify the phrase — MetaMask will ask you to select the words in order. Do this carefully to confirm you wrote them correctly
- Store the paper in a fireproof safe or a sealed envelope in a secure location (locked drawer, safety deposit box)
- Consider a metal backup — for any portfolio above $1,000, invest $20-30 in a stainless steel seed plate (Billfodl, Cryptosteel, or stamped washers on a bolt)
🚨 Common Mistakes That Lead to Loss:
- Storing the seed phrase in a password manager (80% of theft cases involve cloud-stored seeds)
- Typing the seed phrase into a "verification" or "support" website (these are phishing scams)
- Showing the seed phrase on a video call or screen share
- Losing the paper backup (write TWO copies, store in separate locations)
Step 4 — Add Additional Networks (Optional but Useful)
MetaMask comes with Ethereum Mainnet pre-configured. To add other chains (Polygon, Arbitrum, BSC, Base, Optimism):
- Go to chainlist.org (the official community-maintained chain directory)
- Connect your MetaMask wallet
- Search for the chain you want (e.g., "Polygon")
- Click "Add to MetaMask" and approve the prompt
- Verify the chain ID and RPC URL match known data (match against Chainlist or the official chain docs)
Step 5 — Fund Your Wallet
- Copy your wallet address (starts with
0x...) - Send crypto from an exchange (Coinbase, Kraken, Binance) to this address
- Send a small test transaction first — send $5 worth, confirm it arrives, then send the rest
- Always double-check the address. Even one wrong character and funds are lost
Part 2: Setting Up Phantom Wallet (Browser Extension)
Step 1 — Download Phantom
Go to https://phantom.app and click "Download." Phantom is available for Chrome, Firefox, Brave, Edge, and Opera. Mobile apps are available on iOS and Android.
Step 2 — Create a New Wallet
- Click "Create a New Wallet"
- Set a password (same guidelines as MetaMask — strong, unique, never reused)
- Phantom will show your Secret Recovery Phrase — 12 words
- Same rules apply: write on paper, never screenshot, never digitize, never share
- Confirm the phrase by selecting words in order
- Store the paper backup securely
Step 3 — Fund and Explore
- Copy your Solana address (starts with a letter or number, not
0x) - Send SOL from an exchange (Coinbase, Kraken, OKX) — you'll need a small amount of SOL for transaction fees (~$0.01 per transaction)
- Send a test transaction first
- Explore built-in features: swap tokens, stake SOL directly in the wallet, collect NFTs
Part 3: Connecting to dApps
Decentralized applications (dApps) are the reason most people use wallets. Here's how to interact with them safely:
- Visit the official dApp URL — Bookmark it or find it through the project's official Twitter/Discord. Never click Google ads for dApps
- Click "Connect Wallet" — The dApp will trigger your wallet extension
- Check what the dApp wants — MetaMask/Phantom will show a permission screen. Legitimate dApps only request your wallet address (to read your balance). Be suspicious if they ask for unlimited spending permissions or your seed phrase (no dApp ever needs your seed phrase)
- Approve the connection — Your wallet is now connected. You'll see a small icon indicating the connection
âš ï¸ dApp Safety Checklist:
- Check the URL — Phishing sites use domains like "uni5wap.com" instead of "uniswap.org"
- Check permissions — In MetaMask, go to "Connected Sites" to see which dApps have access. Revoke any you don't use
- Use a burner wallet — For new or untrusted dApps, use a separate hot wallet with minimal funds
- Use Wallet Guard or Pocket Universe — Free extensions that simulate transactions before you sign, catching malicious approvals
- Revoke after use — Use revoke.cash to remove token approvals you no longer need
Part 4: Transaction Signing — What You're Actually Signing
Every transaction requires a digital signature from your wallet. Here's what a typical flow looks like:
Swapping Tokens (Example: Swap USDC for SOL on Jup.ag)
- Connect Phantom to jup.ag (official Jupiter DEX)
- Enter the swap amount and click "Swap"
- Phantom opens a popup showing:
- The dApp URL — Verify it's jup.ag
- What you're swapping — e.g., "Swap 100 USDC for ~0.45 SOL"
- Network fee — e.g., "Network fee: 0.000005 SOL"
- Total value
- If everything looks correct, click "Approve" or "Confirm"
- Wait for confirmation on-chain (5-30 seconds on Solana, 10 seconds to minutes on Ethereum)
💡 Pro Tip: Always check the estimated output amount in the wallet popup. If the dApp interface says you'll receive $100 but the wallet popup says "0.0001 ETH," something is wrong—cancel immediately.
Common Transaction Types
| Type | What You're Signing | Risk Level |
|---|---|---|
| Token Transfer | Sending ETH/SOL/USDC to another address | Low — one-time transaction with a clear recipient |
| Token Approval (ERC-20) | Allowing a contract to spend a specific token | Medium — revocable, but until revoked the contract can spend your tokens |
| Unlimited Approval | Allowing a contract to spend unlimited tokens | High — avoid unless absolutely necessary. Use "Custom Spending Cap" instead |
| Contract Interaction | Interacting with a smart contract (swap, stake, mint) | Medium-High — verify the contract address is legitimate |
| Sign Message (Siwe/Login) | Proving you own the wallet (no funds moved) | Low — but watch for "Sign" vs "Approve" scams where fake sites trick you into signing a token approval |
Part 5: Complete Security Checklist
✅ Security Checklist — Mark Each Item Complete
- Seed phrase backed up offline — written on paper (2 copies in separate locations) OR stamped on metal
- Seed phrase never digitized — no screenshots, cloud uploads, password managers, or typed anywhere
- Wallet password is strong — 12+ characters, unique, not reused elsewhere
- Wallet extension locked when idle — MetaMask: Settings → Security & Privacy → "Lock wallet" on idle
- Connected dApps reviewed — checked "Connected Sites" in MetaMask/Phantom, revoked unknown connections
- Token approvals audited — used revoke.cash to remove unused approvals
- Transaction simulation installed — Wallet Guard or Pocket Universe extension active
- Burner wallet created — separate wallet with small funds for untrusted dApps
- Hardware wallet considered — if portfolio exceeds $2K, ordered a Ledger or Trezor
- Test transaction completed — sent a small test transfer before moving full funds
What to Do If Something Goes Wrong
Lost access to your wallet?
If you have your seed phrase: download the wallet app fresh, choose "Import Wallet," and enter your 12/24 words. You'll regain full access.
Accidentally approved a malicious contract?
Use revoke.cash immediately to revoke the approval. Transfer remaining funds to a new wallet. This is time-sensitive — drainers can sweep funds seconds after approval.
Seed phrase compromised?
- Immediately create a new wallet with a NEW seed phrase (do NOT reuse the compromised one)
- Transfer all funds from the compromised wallet to the new one
- Revoke all token approvals on the old wallet
- Never use the compromised wallet again
🚨 Scam Alert: No legitimate service will ever ask for your seed phrase. Not MetaMask. Not Phantom. Not Ledger. Not any "support" team. Anyone who asks for your seed phrase is trying to steal your crypto. Report them immediately.
Already have your wallet set up? Read our Hot vs Cold Storage Guide to level up your security.
