How Cold Storage works in crypto: Cold Wallet vs Hot Wallet compared
With all of the well-known scams in the world of cryptocurrency, alternative storage solutions have become a priority. Yet while everybody has heard of crypto scandals such as FTX, Mount Gox, and more recently Bybit, few are up to date on how to effectively secure their assets. Solutions exist and cold storage may hold the key to crypto investment security.
QUOTE
Bitcoin is not money for the internet. It is the internet of money.
– Andreas Antonopoulos (author and entrepreneur)
– Andreas Antonopoulos (author and entrepreneur)
Big ideas
- Cold wallets store private keys securely and don’t interact with the internet. Hot wallets (like exchanges) hold your private keys online, as a third party, leaving the keys vulnerable to attacks.
- Each crypto wallet has an associated seed phrase. This seed phrase has to be kept secure at all costs to protect assets. This is probably the single most important element in crypto security. Not your keys, not your coins is a common crypto idiom.
- The seed phrase is similar in function to the wallet's private key, but seed phrases are easier to store and use. Private keys are 256 digits, making storage difficult. The seed phrase is a series of 12, 18, or 24 words used for backing up a crypto wallet.
What is a cold wallet or cold storage solution?
DEFINITION
A cold wallet, or cold storage solution, is an offline method of storing cryptocurrency private keys, keeping them safe from online threats like hacking or malware.
Note that the cryptocurrency itself is always on the blockchain and never leaves it.
The entire premise of crypto security is based on protection of your unique wallet private key or seed phrase, generated at the time of wallet initiation.
What cold storage (or any wallet) does is store the private key that proves you own and can control the crypto at that blockchain address. Think of it like this:
The entire premise of crypto security is based on protection of your unique wallet private key or seed phrase, generated at the time of wallet initiation.
What cold storage (or any wallet) does is store the private key that proves you own and can control the crypto at that blockchain address. Think of it like this:
- The blockchain is the public ledger where all transactions live.
- Your coins or tokens are recorded there at your wallet address.
- The private key is the secret code that lets you move those coins around.
So when you put crypto in cold storage, you are not moving the coins off the blockchain. You are essentially moving the keys that give access to them into an offline, more secure environment.
Cold storage is often considered to be among the most reliable options for keeping cryptocurrency assets secure. It works by safeguarding your private key or seed phrase (the unique cryptographic code generated when you first create a wallet).
The private key/seed phrase is stored on a physical device, often resembling a small USB key. This is known as hardware cold storage.
Cold storage is often considered to be among the most reliable options for keeping cryptocurrency assets secure. It works by safeguarding your private key or seed phrase (the unique cryptographic code generated when you first create a wallet).
The private key/seed phrase is stored on a physical device, often resembling a small USB key. This is known as hardware cold storage.
How does cold storage work?
Cold storage works by keeping private keys completely offline. Instead of being stored on an internet-connected device, the keys are held on hardware wallets, paper wallets, or air-gapped computers. When a transaction is needed, it is prepared online, signed offline, and then broadcast back through a connected device.
The separation removes the most common attack path for hackers. Cold storage acts like a digital safe, securing access to assets until movement is required.
It is also possible to store private keys offline with paper cold storage (literally a string of printed digits or phrases). This is not as common as it was, but it is still highly secure so long as you don’t lose the paper. You could also take a screenshot of the string and store it in a USB file and again, make sure to look after the file.
The separation removes the most common attack path for hackers. Cold storage acts like a digital safe, securing access to assets until movement is required.
It is also possible to store private keys offline with paper cold storage (literally a string of printed digits or phrases). This is not as common as it was, but it is still highly secure so long as you don’t lose the paper. You could also take a screenshot of the string and store it in a USB file and again, make sure to look after the file.
Why choose cold storage for your crypto assets?
Cold storage is often viewed as a more secure option than hot storage, primarily because it doesn’t connect to the internet. Online hackers have no means of access as they need the physical device and the pin to that device. With online storage, you are open to (potentially) all online hackers. With cold storage, you are only vulnerable to thieves in your immediate location.
Cold storage solutions become more relevant the more assets you have. If you have less than £200 of crypto, it is probably not worth paying £200 for a hardware USB. But you can still print a copy of your paper copy of your key, destroying the digital version if needed.
Cold storage solutions become more relevant the more assets you have. If you have less than £200 of crypto, it is probably not worth paying £200 for a hardware USB. But you can still print a copy of your paper copy of your key, destroying the digital version if needed.
The risks of hot wallets
When your keys are stored online, hackers can find ways to penetrate the network. Yet more common is social engineering. Fraudsters can entice individuals to give them the usernames and passwords online, pretending to be customer support or another trusted party.
Source: ChainalysisHackers then login into the site and withdraw funds for accounts that don’t have 2FA enabled (such as mobile or email authentication). 2FA has now become mandatory across financial (and often social accounts) because it adds another element of security beyond username and password.
Alternatively they can set up a fake website (phishing) that mimics the original one. Customers key in their usernames and passwords to the fake site, and hackers have access to their funds on the real site, again provided no 2FA is present.
These tricks are not possible with cold storage solutions, because the attacker has to have your physical wallet device. Storing funds offline makes it exponentially more difficult for hackers to steal from you.
Alternatively they can set up a fake website (phishing) that mimics the original one. Customers key in their usernames and passwords to the fake site, and hackers have access to their funds on the real site, again provided no 2FA is present.
These tricks are not possible with cold storage solutions, because the attacker has to have your physical wallet device. Storing funds offline makes it exponentially more difficult for hackers to steal from you.
The difference between cold and hot wallets
In terms of outright security, cold storage security is often regarded as the gold standard. But very secure storage can be a hindrance to regular crypto trading since funds have to be accessed and transferred.
Pros of cold wallets
- ✅ Keys are stored offline, making them far less vulnerable to hacking.
- ✅ Provide long term storage security for larger holdings.
- ✅ No reliance on third party platforms or constant internet access.
Cons of cold wallets
- ❌ Can be lost, damaged, or stolen like any physical object.
- ❌ Less convenient for frequent trading or quick access.
- ❌ Initial setup can feel technical for beginners.
Pros of hot wallets
- ✅ Easy to access for everyday transactions and trading.
- ✅ Usually free to set up and use through apps or exchanges.
- ✅ Simple interface makes them beginner-friendly.
Cons of hot wallets
- ❌ Always online, so exposed to potential cyberattacks.
- ❌ Dependent on exchange or app security measures.
- ❌ If login details are compromised, funds can be drained quickly.
Main wallet options for cold storage
Cold wallets vary by form and brand. Some are physical devices while others are simple offline methods. All of these cold storage wallets are useful as they perform the basic task of storing keys away from the internet. Most retail between £40 – £200, depending on what security features are provided. Some popular options for wallets include:
- Ledger Nano X and S Plus: hardware wallets with broad support for cryptocurrencies. They use secure chips and a companion app.
- Trezor Model T and One: hardware devices with touchscreen or button control, widely trusted for personal use.
- Coldcard: focused on Bitcoin, with a strong emphasis on air-gapped signing.
- Ellipal Titan: uses QR codes for transactions and has no USB or Bluetooth ports.
- Paper wallets: simple printouts of private and public keys (less common today).
- Air-gapped computers: old laptops kept permanently offline to run wallet software.
The tools differ in cost, features, and design. But all of them serve as a means of storage beyond online reach. This is what defines them as cold storage products.
Aside from both hot and cold wallets is the option of local wallets, like MetaMask or Exodus. With these wallets, private keys are locally stored on your device such as a PC or smartphone. The keys are not stored by the local wallet providers, though there does remain a risk that hackers could gain access to your local device and work from there.
Aside from both hot and cold wallets is the option of local wallets, like MetaMask or Exodus. With these wallets, private keys are locally stored on your device such as a PC or smartphone. The keys are not stored by the local wallet providers, though there does remain a risk that hackers could gain access to your local device and work from there.
Vulnerabilities and security concerns of online crypto storage
Online storage (i.e. hot wallets) is considered more convenient. For example, active crypto traders will need to keep their funds in an online wallet. But while connection to the internet brings convenience, it also brings risk. For serious investors, hot wallets are short-term tools.
Because they bring many additional security concerns. Some providers store your private keys on internal, online servers. Since the wallet is online, hackers can break in using a variety of techniques. And if a centralised provider goes down, you can lose all your funds.
The FTX scandal is a prominent example of the collapse of a centralised provider, occurring back in 2022. In early 2025, the Bybit exchange was hacked for $1.6 billion (~£1.2 billion). $300 million (~£230 million) of the funds are already estimated to be irrecoverable.
Because they bring many additional security concerns. Some providers store your private keys on internal, online servers. Since the wallet is online, hackers can break in using a variety of techniques. And if a centralised provider goes down, you can lose all your funds.
The FTX scandal is a prominent example of the collapse of a centralised provider, occurring back in 2022. In early 2025, the Bybit exchange was hacked for $1.6 billion (~£1.2 billion). $300 million (~£230 million) of the funds are already estimated to be irrecoverable.
Setup and management steps for a cold wallet
Creating a cold wallet is a clear process. It starts with device choice and ends with ongoing upkeep. The steps are straightforward, but each carries importance for long-term security.
- Choose the type: hardware wallet, paper wallet, or air-gapped computer.
- Initialise the wallet: power on the device or generate keys offline.
- Record the recovery phrase: write it on paper, never in digital files.
- Set up a PIN or password: this adds a barrier against misuse.
- Transfer funds: send assets from an exchange or hot wallet to the cold address.
- Confirm the transfer: verify on a blockchain explorer.
- Store the device and phrase separately: reduces the chance of loss.
- Check firmware updates: only apply when offline and from the official source.
There is little management in terms of the hardware wallet. Most of the time, the wallet remains unused, acting as a secure vault. Movement happens only when assets need to be sent, often months or years later. For many investors, this low-maintenance model is appealing, since it requires attention only at key moments.
Basic cold storage security features
Cold storage keeps digital assets offline, away from internet threats. The focus is on reducing attack points and creating barriers against suspicious access. Some of the core features include:
- Offline operation: transactions are signed without online exposure.
- Private key isolation: keys don't move from the cold storage device.
- Encryption: stored keys are encrypted.
- Tamper resistance: hardware wallets are built to show or prevent alterations.
By and large, these are the four key elements in cold storage security.
Those with larger holdings might want to look into more technical elements of crypto cold storage, such as multi-signature arrangements, institutional custody services, or air-gapped devices that provide extra safeguards.
Those with larger holdings might want to look into more technical elements of crypto cold storage, such as multi-signature arrangements, institutional custody services, or air-gapped devices that provide extra safeguards.
Security measures for experienced crypto investors
Investors with more funds to secure will typically add more layers of security. They can use advanced measures that go beyond the basics. Some of these additional elements might include:
- Multi-signature schemes: require several devices or people to approve transfers.
- Geographic distribution: store backup phrases or devices in multiple locations.
- Hardware redundancy : keep more than one hardware wallet set up with the same keys.
- Air-gapped signing: use devices that never connect to the internet, often with QR code workflows.
- Shamir’s Secret Sharing: split recovery phrases into parts, which only together can restore a wallet.
- Access protocols: define who can move funds, under what conditions, and with what checks.
For most retail investors, however, these security protocols are over the top. After all, advanced security features are of little use to those who fail to secure their seed phrase. Many holders have lost access to their devices, losing tens of thousands of Bitcoin, worth millions of pounds.
The difference between custodial and non-custodial cold wallets: Who holds your crypto?
Cold wallets can be split into two groups, custodial and non-custodial. The key difference is who controls the private keys. With custodial cold wallets, a third party stores the private keys on behalf of the investor.
Large exchanges or specialised firms often provide this. They manage the hardware, backups, and procedures. Users gain convenience and integration with trading platforms.
With non-custodial cold wallets, the individual or institution holds the private keys directly. Hardware wallets, paper wallets, and air-gapped machines fall in this category. The owner takes full control and decides how the wallet is stored and accessed.
Custodial solutions suit investors who want outsourced handling. Non-custodial fits those who want personal control. Both have the same goal of removing keys from online access, but the management model changes the responsibility.
With non-custodial cold wallets, the individual or institution holds the private keys directly. Hardware wallets, paper wallets, and air-gapped machines fall in this category. The owner takes full control and decides how the wallet is stored and accessed.
Custodial solutions suit investors who want outsourced handling. Non-custodial fits those who want personal control. Both have the same goal of removing keys from online access, but the management model changes the responsibility.
Multi-signature wallets for enhanced security
Multi-signature wallets, often called multi-sig, require more than one private key to authorise a transaction. Instead of a single individual holding full control, several parties share access. This setup is common in businesses, funds, or joint accounts where shared oversight is needed. A wallet could be set so that three keys exist but two are required to move funds.
The main benefit is reduced single-point risk. If one key is lost, hacked, or stolen, it is not enough to transfer funds. Multi-sig also improves trust between partners, since no single user can act alone. This mechanism has been compared to corporate signing authorities where two signatures are needed on important documents.
Remember that losing multiple keys can lock the account permanently. Setup and recovery can also be more complex than standard wallets. Still, multi-sig remains a practical solution for groups who want stronger control of crypto assets without depending on one person’s device or password.
The main benefit is reduced single-point risk. If one key is lost, hacked, or stolen, it is not enough to transfer funds. Multi-sig also improves trust between partners, since no single user can act alone. This mechanism has been compared to corporate signing authorities where two signatures are needed on important documents.
Remember that losing multiple keys can lock the account permanently. Setup and recovery can also be more complex than standard wallets. Still, multi-sig remains a practical solution for groups who want stronger control of crypto assets without depending on one person’s device or password.
Integrating cold wallets with DeFi platforms
Integrating cold wallets with DeFi platforms allows investors to interact with decentralised applications while keeping private keys offline. The wallet connects through secure bridges or extensions, such as hardware wallets linked to browser interfaces. This setup means that even when signing DeFi transactions, the private keys never leave the device, keeping control in the user’s hands.
The main advantage is reducing risk from online exploits. Users can access lending, staking, or liquidity pools without exposing their keys to the internet. Transactions are authorised on the hardware wallet, adding a layer of physical confirmation and reducing the chance of unauthorised activity.
The process can feel slower compared to hot wallets, since each action requires approval through the device. It also involves more steps for first-time users.
The main advantage is reducing risk from online exploits. Users can access lending, staking, or liquidity pools without exposing their keys to the internet. Transactions are authorised on the hardware wallet, adding a layer of physical confirmation and reducing the chance of unauthorised activity.
The process can feel slower compared to hot wallets, since each action requires approval through the device. It also involves more steps for first-time users.
What is the meaning of deep cold storage?
DEFINITION
Deep cold storage is a stricter version of cold storage. In this method, private keys are generated and stored on devices that have never been connected to the internet. These devices remain isolated, often kept in secure vaults, safe deposit boxes, or other controlled locations.
The idea is simple: if a device has never touched the internet, the possibility of remote theft is virtually zero. Even when funds need to be moved, the transaction can be signed offline and then transferred through a separate channel. This eliminates direct exposure of the private keys to any network.
Institutions and large investors often prefer deep cold storage for long term holdings. It protects against both online and physical threats when combined with strong custody measures.
For most retail users, it may feel excessive, but it represents the highest level of digital asset security available today. The tradeoff is accessibility, as moving assets requires more time and careful procedures.
Institutions and large investors often prefer deep cold storage for long term holdings. It protects against both online and physical threats when combined with strong custody measures.
For most retail users, it may feel excessive, but it represents the highest level of digital asset security available today. The tradeoff is accessibility, as moving assets requires more time and careful procedures.
Current trends in cold storage technology
1. Hardware wallets with biometric security
Some newer hardware wallets are adding biometric authentication, such as fingerprint readers. This adds another barrier on top of PIN codes. Even if the device is stolen, the attacker would need the user’s biometric data to unlock it.
2. Air-gapped devices
A growing trend is the use of air-gapped devices. These wallets never connect to the internet or even Bluetooth. Instead, they transfer signed transactions through QR codes or microSD cards, which minimises exposure to hacking attempts.
3. Institutional grade custody
Larger players are demanding cold storage solutions that meet strict compliance standards. Providers are now offering custody services with insurance, layered access controls, and professional storage facilities. This reflects the increasing institutional adoption of crypto assets.
Common mistakes to avoid with cold wallets
1. Losing backup phrases
Many users fail to properly back up their seed phrase. If the hardware device is damaged or lost and the phrase is missing, funds can't be recovered. Secure offline backups are essential. People have lost millions of pounds by failing to secure their seed phrase. This is the single most important element of crypto security.
2. Overcomplicating storage
Some investors spread backups across too many locations or formats. While the intention is good, it often creates confusion. Simpler, well-documented systems reduce the chance of losing access later. Retail investors have little need for the sophistication of multi level cold storage options.
3. Forgetting about firmware updates
Cold wallets will still need periodic firmware updates to stay secure. Ignoring updates can leave devices vulnerable. Updates usually fix bugs or patch risks, so staying current ensures long-term reliability.
Recap
All cold wallet options are effective. To steal your funds, a hacker needs to steal your physical device and also force you to hand over the wallet key or pin.
Even if they stole the hardware wallet, a thief would be unlikely to decrypt it before you transferred the funds, using the saved private key.
And that is the beauty of crypto cold storage. As long as you remember to store your private key/passphrase securely, it is almost impossible to fall prey to online attacks involving private key theft.
Even if they stole the hardware wallet, a thief would be unlikely to decrypt it before you transferred the funds, using the saved private key.
And that is the beauty of crypto cold storage. As long as you remember to store your private key/passphrase securely, it is almost impossible to fall prey to online attacks involving private key theft.
FAQ
Q: Are cold wallets traceable?
Cold wallets themselves are not linked to names or IDs, but their public addresses are visible on the blockchain. Any transfer to or from them can be tracked. The trail is open, but it doesn’t show who owns the wallet unless matched by other data.
Q: Does crypto grow in a cold wallet?
Crypto stored in a cold wallet doesn’t increase by itself. The wallet is only a storage tool, not a yield generator. Growth can only come from price movements on the market or by moving assets into services that pay rewards or staking returns.
Q: Can I store NFTs in a cold wallet?
Yes, many hardware wallets support NFTs. They store the private keys needed to prove ownership of the token. The NFT itself lives on the blockchain, while the cold wallet simply protects the key that gives access to it. Support depends on the wallet’s software.
Q: What is the opposite of a cold wallet?
In contrast to the cold wallet, its opposite (the hot wallet) requires continual online connection. A hot wallet stays connected to the internet and allows fast transactions. It is usually in the form of an exchange wallet, mobile app, or browser extension. The key point is constant online access.
Q: What is actually stored on a cold wallet?
A cold wallet stores your private keys or seed phrase, not the cryptocurrency itself. These keys prove ownership and allow access to your coins on the blockchain. Without them, you can't send, move, or recover your crypto, even if you still hold the device.
Q: Can you sell crypto directly from a cold wallet?
A cold wallet can't sell directly. To trade or sell, assets need to be transferred from the cold wallet to an exchange or platform that supports selling. The cold wallet’s role ends once the transfer is signed and confirmed on the blockchain.
