// First wallet to first swap · Crypto & DeFi track
Self-custody, start to finish · plain English

Crypto, from first wallet to first swap.

This is the talk we give in person, written down. What a wallet actually holds, how to guard the one secret that matters, how to install Phantom without getting phished, how to fund it, how to make your first swap, and the exact ways people lose everything. No coin to buy at the end. Just the map.

not advice · self-custody basics · own your keys
Why we teach this in person, 1,000+ times over

A bank can reverse a wrong transfer, freeze a stolen card, and reset a forgotten password. A blockchain does none of that. That is the point of it and also the risk of it. Get the basics right once and self-custody is calm and boring. Get one thing wrong and there is no support line. This page is the boring version, on purpose.

// 02 // 02 · keys, not coins

A wallet holds keys, not coins.

This is the one idea everything else hangs on. Your coins never leave the blockchain. They are entries in a public ledger that thousands of computers all agree on. A wallet like Phantom does not store your money the way a leather wallet holds cash. It stores keys: the credentials that prove a given ledger entry is yours to move.

There are two keys. A public key (your address) is the part you share so people can send you coins. Think of it like an email address. A private key is the secret that authorizes spending. Whoever holds the private key controls the coins, full stop. No name, no password reset, no override.

Takeaway: "not your keys, not your coins" is not a slogan, it is a description of how the system works. When you leave money on an exchange, the exchange holds the keys. A self-custody wallet hands them to you. That is the trade: total control, total responsibility.
// 03 // 03 · the one secret that matters

Your seed phrase is the master key.

When you create a wallet, it generates a seed phrase, usually 12 words in a fixed order (sometimes 24). Those words are a human-readable version of your private key. Anyone who types them into any wallet app instantly controls your coins, on any device, anywhere. There is no second factor behind them. The words are the money.

Phantom shows the phrase once, during setup, and asks you to write it down. It does not keep a copy. Phantom's own words: they cannot recover it for you if you lose it. That cuts both ways. Lose the words and no one can help you get back in. Leak the words and no one can stop the person who has them.

Do

  • Write it by hand on paper, or stamp it into a metal plate.
  • Keep two copies in two safe physical places.
  • Assume any app or site asking for it is a thief. A real wallet never asks you to re-enter it after setup.
  • Consider a hardware wallet once the balance is real, so the key never touches an internet-connected device.

Don't

  • Screenshot it, photograph it, or type it into a computer. Malware scans for exactly this.
  • Store it in Notes, email, iCloud, Google Drive, or a password manager synced to the cloud.
  • Enter it on a website to "verify," "sync," "migrate," or "claim." That is the phishing script, word for word.
  • Tell it to anyone. No legitimate support agent will ever ask.
Takeaway: the seed phrase is written down once, offline, and never touches a screen again. If any screen ever asks you to type it in after that first setup, you are being robbed. Close the tab.
// 04 // 04 · install it once, from one place

Installing Phantom safely. The one-link rule.

We onboard people with Phantom because it is Solana-first, works as a browser extension and a phone app, and the setup is hard to fool up. The danger is never the real app. It is the fake one. Scammers publish counterfeit "Phantom" extensions and lookalike download sites that hand your keys straight to them.

Phantom wallet ghost logo, official brand mark in purple
Phantom
Get it from one place and one place only: type phantom.com into the address bar yourself.
image: phantom.com official brand asset · logo © Phantom

Type the address yourself

Go to phantom.com by typing it. Do not click a search ad, a link in a DM, or a "download" result. Phishing kits buy the top search slots on purpose. From there, install the extension for your browser or the app from the real App Store or Google Play listing.

Create a new wallet

Open Phantom and choose Create a new wallet. It generates your seed phrase. Write the words down, in order, on paper. Then set a password. That password only unlocks the app on this device. It is not a backup and it cannot recover your coins. The seed phrase is the backup.

Turn on the device locks

On the extension, keep the password. On mobile, turn on Face ID or a fingerprint. These stop someone with physical access to your unlocked device, and they are separate from the seed phrase.

Verify you have the real thing

A genuine Phantom pop-up behaves like a real browser window and shows a chrome-extension:// address; a phishing page in the browser tab cannot fake that prefix. Phantom will never pop up asking you to re-enter your seed phrase to "update," "sync," or "verify." That pop-up is the scam.

A real, documented trap

Through 2025, attackers pushed fake Phantom "update your extension" pop-ups that connect to your actual wallet, then ask for the seed phrase to "complete the update." Hand it over and they drain you. Security researchers also found a phishing operation, FreeDrain, running more than 38,000 subdomains that ranked in search results and tricked people into entering their seed phrase on lookalike pages. The tell is always the same: something asked you to type the words in. Real wallets don't.

// 05 // 05 · getting your first SOL in

Funding it. Getting your first SOL.

On Solana you need a little SOL before you can do anything, because SOL pays the network fees for every action, including swaps. Two common ways to get it into your Phantom wallet, each with a real cost.

RouteHow it worksRough cost
Exchange, then withdraw Buy SOL on a regulated exchange (Coinbase, Kraken, etc.), then withdraw it to your Phantom address. The cheaper path if you already have an account. low platform fee
+ small network fee
In-wallet card on-ramp Phantom's built-in "Buy" uses a provider like MoonPay or Coinbase to sell you SOL with a debit or credit card, delivered straight to your wallet. Fastest, most convenient, most expensive. card fees up to
~3.99%–4.5%

The convenience of the in-wallet card route is real, and so is the markup. Card on-ramps commonly run around 3.99% and up, with a small minimum fee on tiny purchases. Buying on an exchange and withdrawing is usually cheaper, at the cost of one extra step. Neither is wrong; just know which one you picked and why.

Send a test first

The first time you move coins to a new address, send a tiny test amount first, confirm it lands, then send the rest. A five-cent test has saved people from fat-fingering an address and firing their whole balance into the void. There is no recall button.

Takeaway: keep a small buffer of SOL sitting in the wallet at all times. If your SOL hits zero you can get stuck, because you need SOL to pay the fee to move or swap anything, including to buy more SOL.
// 06 // 06 · your first swap, step by step

Your first swap.

A swap trades one token for another. There is no order book you manage and no counterparty you pick. Phantom hands your swap to an aggregator (Jupiter on Solana), which shops your trade across the on-chain exchanges (Raydium, Orca, and others), routes it for the best price, and returns the result to your wallet. All of it in one confirmation.

Open Swap and pick the pair

In Phantom, tap Swap. Choose what you're paying with (say SOL) on top and what you want on the bottom. Enter an amount. Phantom shows a live quote: how much of the new token you'll receive.

Read the quote before you confirm

The quote shows the rate, the network and provider fees folded in, and the slippage setting. Phantom sets slippage and priority fee to Auto by default, which is fine for a first swap. Read the "you receive" number and make sure it matches what you expect.

Confirm, and wait a few seconds

Approve the transaction. On Solana it usually settles in seconds. The new token appears in your wallet. That's the whole thing. Your first swap is the same shape as your thousandth.

Before you swap into a random token

Anyone can create a token on Solana and name it anything. A ticker means nothing on its own. Scam tokens copy real names and logos to bait a swap, and some are built so you can buy but never sell. For a first swap, stick to well-known assets. Verifying a specific token's real contract address is its own lesson, and it's the difference between a token and a trap.

// 07 // 07 · what a swap actually costs

Fees and slippage, explained.

Three separate things chip at a swap. Bundle them in your head and the "why did I get less than the quote" mystery disappears.

Slippage is a guardrail, not a cost.

Phantom defaults slippage to Auto and lets you pick 0.5%, 1%, 2%, or a custom value from 0.1% up to 30%. Low slippage protects your price but a fast-moving or thin token may fail to fill. High slippage almost always fills but invites a worse price, and cranking it wide open is exactly how a bad token drains you on the way in. For normal pairs, Auto or 1% is plenty.

What your swap actually nets

Provider fee (0.85%)$0.85
Network + priority$0.02
Worst-case slippage give-up$0.99
You receive at least$98.14
A planning estimate, not a quote. Slippage is a ceiling you rarely hit in full on liquid pairs; most fills land near the quote. The provider fee and network fee are always taken.
Takeaway: on a normal swap the real cost is the provider fee plus a few cents of network fee. Slippage is a worst case you set, not a bill you always pay. If a token can only be swapped with slippage cranked way up, treat that as a warning, not a workaround.
// 08 // 08 · the ways people actually lose it

How people get drained.

Almost nobody loses money because the cryptography broke. They lose it because they were tricked into signing or typing something. These are the real patterns, with real numbers, so you recognize them before they cost you.

The playHow it gets youDocumented damage
Seed phrase phishing A lookalike site or pop-up asks you to "verify," "sync," or "recover" by typing your 12 words. You just handed over the master key. FreeDrain ran 38,000+
phishing subdomains
(2025)
Wallet drainers A malicious site gets you to approve a transaction that grants it permission to move your tokens. One signature, wallet emptied. ~$494M stolen from
~332,000 wallets in 2024
(up 67% YoY)
Fake Phantom update A pop-up mimics a Phantom "update your extension" prompt, then asks for the seed phrase to "finish." Phantom never does this. active campaign
through 2025
Address poisoning The attacker sends you a dust transaction from an address that looks like one you use. Later you copy the wrong one from your history and send funds to them. $2.91M lost in one
Nov 2024 transfer;
$3.1M+ in a month
Fake token / honeypot A token copies a real name and logo to bait a swap. Some are coded so you can buy but never sell. endemic on every
open chain
The three habits that stop almost all of it

One: never type your seed phrase into anything after setup, ever, for any reason. Every drainer that goes through the phrase dies right here.

Two: read what you're signing. A wallet drainer needs your signature on a permission. Slow down on any transaction you didn't clearly start, and reject anything you don't understand.

Three: never copy an address from your transaction history. Paste it fresh from the real source, and check the first and last four characters every time. That one habit kills address poisoning.

If it happens anyway

A drained wallet cannot be un-drained; the ledger is final. Move anything left to a brand-new wallet with a brand-new seed phrase immediately, assume the old phrase is burned forever, and never reuse it. The lesson is cheap only if you learn it before the balance is big. That is the entire reason this page exists.

// 09 // 09 · the printable version

The checklist. Print it, tape it up.

Everything above, compressed to the things you actually do. If you can run this list, you have the basics that keep most people safe.

Installed Phantom by typing phantom.com myself, not from a search ad, DM, or download link.
Wrote the seed phrase on paper, by hand, in order. No screenshot, no photo, no cloud, no typing it into a computer.
Stored two copies in two safe physical places. Metal if the balance ever gets real.
Set a device password and turned on Face ID or fingerprint on mobile.
Sent a small test transfer first, confirmed it landed, then sent the rest.
Keep a little SOL in the wallet at all times to pay network fees.
Read every swap quote and every transaction before approving. Reject anything I don't understand.
Never copy an address from history. Paste fresh, check first and last four characters.
Locked in the one rule: no site, pop-up, or "support agent" ever gets my seed phrase. Full stop.
Next in this track

DeFi, past the buzzwords → Liquidity, lending, yield, and where the risk actually hides. Once you can hold and swap safely, that's the next layer. Coming to the education portal.

← Back to the education portal