People wrong-foot themselves because of getting one thing wrong. Then, when things don't match their perception while working with their wallet or exchange and it causes all manner of confusion and, even, panic when they think their digital assets have 'disappeared' or have gone to the wrong place.
There are four common misconceptions; the 'location' of the digital assets, the role of wallets, the difference between an account on a ledger/blockchain and a customer account at an exchange and the difference between custodial and non-custodial applications and services.
Where are my assets held?
Wallets don't 'hold' cryptocurrency.
Digital assets are not 'on an exchange'.
Cryptocurrency only ever exists on its ledger/blockchain.
The assets can move from one address to another or, more properly, the balance of the addresses can change, but it doesn't actually go anywhere.
There isn't actually anything to move.
Cryptocurrencies are just numbers in a specialized and, usually decentralized, accounting system.
The Role of Wallets
Wallets display information from a specific ledger/blockchain about a particular address of interest.
Wallets safeguard the account credentials (seed, secret, passphrase) and use those credentials to do transactions.
What is thought of as a transaction is actually a proposal in the form of a specially-formatted message signed using cryptography.
Wallets take user input about the destination address and amount (and, optionally, a memo or some other field) format it for a specific ledger/blockchain and encrypt it with the key for that account. Commonly after asking the user for a passphrase (or bio-metrics) to 'sign' the transaction.
Wallets typically require a passcode or bio-metrics to open the app because that provides access to the keys to do transactions.
The message is sent to the network of servers that process transactions for that blockchain/ledger where it gets evaluated for the correct format and credentials then added into a block of transactions to be approved by that network's method of agreeing on which block gets to be the next link in the chain.
The technical term for this method of agreeing on a set of transactions is Consensus Algorithm.
So, 'sending' assets to another address is actually asking the network to reduce the balance value in one address and increase the balance value in another address. No moving parts.
In a real-world example of the confusion misunderstanding this process causes, a user reached out to Xumm Support because, in migrating from Toast to Xumm, they ended up with the same account in both applications. They couldn't understand how it could be in two places at once.
Of course it isn't. Its on the XRP ledger where it's always been. They just have two windows open onto the same view.
Ledger Account vs Exchange Account
Another all-too-common occurrence is when the assets get 'lost' because of a second misconception in that people think they have XRP accounts (or fiat currency) on an exchange when what they have is a customer account.
Because of multiple factors (starting with the 10 XRP reserve requirement), exchanges generally do not provide a ledger account for their customers.
Assets are held in the exchange's ledger account and the customer account is credited with a certain amount of those assets.
Transferring XRP to an exchange is actually sending it to an XRP account address controlled by the exchange. The exchange is now in full control of those assets. This is the difference between holding assets in a custodial or non-custodial environments.
Custodial vs Non-custodial
Exchanges are generally custodial - they hold the assets in their XRP accounts on the customer's behalf and credit the customer's account with the appropriate value. Trading the asset (for another digital asset or fiat currency) means the exchange does the transaction on the customer's behalf using accounts in their sole control and reports the outcome to the customer account.
Banks work the same way. Nobody has any money in the bank. The bank has the money. Customers have a credit in their bank account allowing them to go to the bank to get the money or use a card to do a transaction with a third party.
Non-custodial applications (like Xumm) remove that barrier between a user and their assets. Unlock the app with a passcode or bio-metrics (fingerprint, face ID) and the user has full, direct control. They can transact with anyone and nobody else will know. No need to ask permission. The only rules to follow are those of the protocol for that asset which is taken care of by the application.
XRP can appear to get 'lost' when sent to an exchange without a destination tag which is how exchanges know to which customer account the XRP should be allocated.
The transaction is successful in that the exchange's account receives the XRP so it is not lost.
It is on the ledger but because the customer misunderstands the chain of custody and didn't provide the correct routing information their exchange customer account does not get credited.
While we have your attention, it is strongly suggested to have an offline copy (secure and physically safe (think fire, water)) of the credentials AND make it so someone else (lawyer?, trusted third party?) can access them if something happens to you.