The Hot and Cold Distinction

The terms "hot" and "cold" describe whether a wallet is connected to the internet:

Hot Wallet Connected to the internet. Your private keys exist on a device with network access. Convenient for frequent transactions but exposed to online threats.
Cold Wallet Not connected to the internet. Your private keys are stored offline, making remote hacking virtually impossible. Less convenient but far more secure for long-term storage.

Types of Hot Wallets

  • Mobile apps (BlueWallet, Trust Wallet) — convenient for daily spending, vulnerable to phone malware and theft
  • Desktop software (Electrum, Exodus) — more features, vulnerable to PC malware, keyloggers, and clipboard hijackers
  • Browser extensions (MetaMask) — required for DeFi, highest risk due to browser attack surface, malicious sites, and phishing
  • Exchange accounts — technically custodial hot wallets managed by the exchange on your behalf

Types of Cold Wallets

  • Hardware wallets (Ledger, Trezor) — dedicated devices that sign transactions offline. The private key never touches an internet-connected device. The gold standard for security.
  • Paper wallets — private keys printed on paper. Completely offline, but fragile (fire, water, ink fading) and awkward to use for transactions.
  • Air-gapped computers — a computer that has never been and will never be connected to the internet. Used to generate and store keys. Transactions are signed offline and transferred via USB or QR code.
  • Steel/metal seed storage — seed phrase stamped or engraved into metal plates. Resistant to fire, water, and physical degradation. Not a wallet itself, but a cold backup of your keys.

Security Comparison

Remote hacking Hot wallets are vulnerable. Cold wallets are immune (keys never touch the internet).
Malware Hot wallets can be compromised by keyloggers, clipboard hijackers, and screen capture malware. Hardware wallets display transaction details on their own screen for verification.
Phishing Hot wallets (especially browser extensions) are prime phishing targets. Hardware wallets require physical button presses to confirm transactions, adding a layer of protection.
Physical theft Hot wallets on stolen devices may be accessible if not properly encrypted. Hardware wallets are protected by a PIN and are useless to a thief without it.
Convenience Hot wallets allow instant transactions. Cold wallets require connecting the device or using an air-gap transfer process.

When to Use Each

💡
Think of it like physical money

A hot wallet is like a wallet in your pocket — keep enough for daily spending. A cold wallet is like a safe — keep your savings there. You would not carry your life savings in your back pocket.

  • Hot wallet: Small amounts for regular transactions, DeFi interaction, testing and learning
  • Cold wallet: Long-term savings, any amount you cannot afford to lose, amounts exceeding the cost of a hardware wallet
  • Both: Most experienced users keep a small hot wallet for convenience and a hardware wallet for the majority of their holdings

Summary

  • Hot wallets are internet-connected and convenient but expose keys to online threats
  • Cold wallets store keys offline, making remote attacks impossible
  • Hardware wallets are the most practical form of cold storage for most users
  • Use hot wallets for spending money and cold wallets for savings
  • The best approach combines both: small amounts hot, savings cold
🎉
You understand the hot vs cold tradeoff!

Ready to secure your assets? Learn how to set up a hardware wallet in the next tutorial.

Related Tutorials