Address in crypto is the public identifier that funds get sent to. Derived from the public key — which is itself derived from the private key — through hashing and encoding steps that vary by chain. Bitcoin addresses begin with "1," "3," or "bc1." Ethereum addresses are 42-character hex strings starting with "0x." Solana addresses are 32-44 character base58 strings. The address is what you share publicly; the private key is what you guard.
How an address gets built
On Bitcoin, the modern flow looks like: private key → public key via secp256k1 elliptic curve → SHA-256 hash → RIPEMD-160 hash → Base58Check encoding with version byte. The result is the address you see. Different versioned address types (P2PKH starting with "1", P2SH starting with "3", native SegWit bech32 starting with "bc1q", Taproot bech32m starting with "bc1p") use the same private key but different derivation tails.
On Ethereum, the flow is shorter: private key → public key → keccak-256 hash → take the last 20 bytes → display as 40-character hex with "0x" prefix. Optionally apply EIP-55 checksum via mixed case. The address is the same regardless of which EVM chain you're on — Ethereum, Polygon, Arbitrum, Optimism, Base, BNB Chain all use the same address format.
What an address reveals on chain
Once an address has signed a transaction, the entire transaction history at that address becomes public. Chain analytics firms (Chainalysis, Elliptic, TRM Labs) build address-graph databases from these public histories, linking related addresses and inferring real-world identity behind them.
For Bitcoin, best practice has historically been to generate a fresh address for each receive. Modern wallets do this automatically. Reusing an address makes you slightly easier to track and slightly easier to dust-attack (see Dusting attack).
For Ethereum, the account-based model means a single address accumulates all activity. Privacy on Ethereum is meaningfully harder than on Bitcoin without specialized tools (Tornado Cash, Aztec, Railway).
Vanity addresses
An address that contains a chosen prefix — "bc1qcafebabe..." or "0x0000..." — generated by brute-force search of random private keys until one matches the pattern. Generators like vanity-eth.tk can produce moderately rare prefixes (6-8 character match) in minutes; 10+ character matches take hours.
The danger: address-poisoning attacks where the attacker generates a vanity address that visually resembles a known destination (your hardware wallet, your exchange deposit address), then "primes" the target's wallet history by sending a small transaction from the vanity address. Later, when the target copies an address from history, they may copy the vanity instead of the real destination. The defense: always verify first four and last four characters of any address, not just the prefix.
Smart-contract addresses
Not all Ethereum addresses are user wallets. Many are smart contracts. The address shape is identical; the distinction is whether the address has bytecode deployed at it. Etherscan and Blockscout flag contracts visibly. Sending normal ETH or tokens to a contract address that does not implement a receive function will typically not lose funds (the transaction reverts), but sending to a contract with a custom receive function can produce unexpected behavior.
Further reading: Public key, Private key, Etherscan.