img width: 750px; iframe.movie width: 750px; height: 450px;
Setup Recover Core Wallet wallet extension guide for beginners
Setup core wallet extension guide for beginners
First, install a reputable browser plugin from the official store. This is the only safe way to begin. For your initial setup, create wallet option by generating a new seed phrase. Do not take a screenshot or store this phrase digitally. Write the 12 or 24 words on paper using a pen. This phrase is your master key; if lost, your funds are gone permanently. A recent study by crypto security firms shows that over 70% of lost funds are due to misplaced recovery phrases, not hacking.
After you create a new vault, the software will ask you to confirm your seed phrase. This is a mandatory step to prove you saved it. If you fail this verification, the process will restart. Never skip this. The plugin will then ask you to set a local password. Use a unique password that is at least 12 characters long with mixed case, numbers, and a symbol. This password protects the app on your specific device, not the blockchain itself.
If you already hold assets elsewhere, you can bypass generating a new set and instead import wallet via your existing seed phrase or a private key. Use this method only if you are transferring from an older platform and you are certain the source device is free of malware. To do this, select the "import" function, paste your 12-24 word mnemonic, and enter a new local password. The application will scan the blockchain and automatically display your balances and transaction history from that address.
After either path–creating or importing–you must make a test transaction. Send a very small amount (0.0001 of the network’s token) to your new address. Verify the address character by character before confirming. This single test validates that your recovery phrase and the software are functioning correctly. Only after a successful test should you move larger amounts. Follow this tutorial exactly in sequence: generate, protect your phrase, verify, set password, test.
Downloading and verifying the official wallet extension from the Chrome Web Store
Open Chrome Web Store and search for "MetaMask" only from the developer "MetaMask." Verify the publisher name matches exactly: current version must show over 10 million users and a rating above 4.5 stars. Click "Add to Chrome" and inspect the permission dialog–it must request access to only "read and change your data on a few sites" like chrome-extension:// URLs. Reject any variant requesting broader permissions like "your data on all websites." After installation, click the puzzle icon in Chrome’s toolbar, pin the MetaMask icon, and open it. The app will present a terms-of-service screen: read the exact document linked to consensys.net/terms-of-use/ before clicking "I agree." Do not skip this step. Immediately check the extension’s fingerprint by right-clicking the icon, selecting "Manage extension," and confirming the ID matches the official one listed on the MetaMask GitHub repository (under the "Permissions" section in their source code). If the ID deviates by even one character, uninstall instantly and scan your computer for malware.
For verification, use the Web Store’s "Support" tab to confirm the developer’s official email (support@metamask.io) matches the store listing. The correct Chrome Web Store URL must start with https://chromewebstore.google.com/detail/metamask/nkbihfbeogaeaoehlefnkodbefgpgknn–copy and paste this directly into your address bar to avoid phishing pages. After installation, never download a "setup tutorial" or "create wallet" PDF from third-party sites claiming to be an official guide; these are scams to inject malicious scripts. Instead, use Mozilla’s official JavaScript hash checker: open Chrome’s developer tools (F12), navigate to "Sources," find the extension’s background script, and compute its SHA-256 hash using an online tool (like emn178.github.io/online-tools/sha256.html). The hash must exactly match the published value on MetaMask’s official GitHub releases page at github.com/MetaMask/metamask-extension/releases (look under "Checksums" for the latest release). A mismatch of even one hexadecimal character means the extension is compromised–remove it immediately and report the store listing to Google. After confirmation, proceed to the "import wallet" or "create wallet" tutorial within the official app itself, ignoring any third-party "how to import wallet" pop-ups or external linking apps.
Creating your first wallet: seed phrase backup and password setup steps
Write down the 12 or 24-word recovery phrase on paper, not a digital file. This phrase is the only key to restore access if your device breaks. Store this paper in a fireproof safe or a bank deposit box. Never type it into any website, app, or photo. Use a metal backup tool like Cryptosteel or Billfodl for permanent protection against water and fire damage.
After the software generates your seed phrase, confirm it by entering the words in the correct order. Most clients require a 3-5 word verification test.
Set a strong local password: at least 16 characters mixing uppercase, lowercase, numbers, and symbols. Avoid birthdays, names, or common words. Use a password manager like Bitwarden or KeePass to store this password separately from the seed phrase.
Enable two-factor authentication (2FA) if the application supports it. Use an authenticator app such as Google Authenticator or Authy, not SMS. Generate backup codes and store them with your recovery phrase.
Test your backup immediately: uninstall the application on your test device, reinstall it, and restore using only your written recovery phrase. This confirms your seed phrase works and you wrote it correctly. If restoration fails, repeat the full process from scratch.
For a second layer of security, consider creating a hidden wallet with a separate passphrase. This passphrase (25th word) must be different from your login password and stored separately from the seed phrase. Without this extra word, even someone finding your seed phrase cannot access the hidden wallet. Write this passphrase on a different physical medium and store it in a second secure location.
Update your disaster recovery plan every six months. Check that your paper backup remains legible and intact. If you change your local password, update your password manager record. Never reuse your applied seed phrase across multiple software clients for different blockchains–each chain requires its own unique recovery set generated from that chain’s dedicated tool.
Q&A:
I downloaded a "core wallet" from a random website and installed it in Chrome. Now my browser feels slow. Did I mess up? What should I have done differently?
Yes, that sounds like a problem. A legitimate core wallet extension (like the one for a blockchain network) is usually a small plugin, not a heavy program. If your browser slowed down, you might have installed malicious software disguised as a wallet. The safe way is to always check the official website of the cryptocurrency project you are using (for example, the official Bitcoin or Ethereum site). They usually provide a direct link to the Chrome Web Store or a verified download page. Never trust a random search result or a sponsored ad. Delete that extension immediately and install one from the official source. After installing, the wallet should only ask you to create a new wallet or import an existing one. It should not change your browser speed or behavior.
I see the wallet extension icon in my browser, but I have no idea what a "seed phrase" is. What happens if I lose it? Can I just save it in a text file on my desktop?
A "seed phrase" (also called a recovery phrase) is a list of 12 or 24 random words. It is the master key to your cryptocurrency. If you lose it, you lose permanent access to your funds. There is no password reset or customer service to help you get it back. Saving it in a text file on your desktop is incredibly risky. If a hacker, a virus, or even a friend with access to your computer opens that file, they can steal everything. You should write the words on a piece of paper using a pen and store that paper in a safe place (like a locked drawer or a fireproof safe). Never type it into a website or take a photo of it with your phone unless that phone is offline and kept in a secure lockbox.
I set up a wallet extension but I keep getting a popup asking me to "connect" when I visit random game websites. Should I click "Connect"? What does that button actually do?
No, do not click "Connect" on random websites. When you click that button, you are allowing that specific website to see your wallet address. That might sound harmless, but it also lets them attempt to send you requests to sign transactions. A malicious site could show you a popup that looks like a simple "Login" button, but it is actually a request to send all your coins to their address. Only connect your wallet to official, trusted websites (like a well-known NFT marketplace or a decentralized exchange you have researched). If you are unsure if a site is real, do not connect. You can always check your wallet extension's settings to see which sites have access and revoke permission from any you do not recognize.
I set up the extension and sent some crypto from an exchange. It has been 30 minutes and the coins are not showing up in my wallet. Is my wallet broken?
Usually, the wallet is not broken. The delay is likely due to the blockchain network itself. When you send crypto from an exchange, the exchange processes the withdrawal, but the transaction needs to be confirmed by the network. If the network is busy or if you selected a low transaction fee, the confirmation can take a long time (sometimes hours). First, check the status of your withdrawal on the exchange. Look for a "Transaction ID" (TXID). Copy that TXID and paste it into a blockchain explorer website. That will show you exactly how many confirmations the transaction has. If the explorer shows zero confirmations, you just have to wait. If the explorer says the transaction failed or was rejected, you need to contact your exchange's support, not your wallet provider.