Mcap -- BTC -- ETH -- SOL -- BNB -- XRP -- F&G -- View Market
Loading prices…

Cold Storage

Keeping crypto in a wallet that has never been connected to the internet. The highest-security way to hold a meaningful amount of Bitcoin.

Security 3 min read

Cold storage means holding crypto in a wallet whose private keys have never touched an internet-connected device. The classic setup is a hardware wallet (Ledger, Trezor, Coldcard) that you initialise offline, sign transactions on a dedicated device, and store physically. The logic is simple: a key that has never been online cannot be stolen by a remote attacker, and a key that lives in an encrypted chip cannot be read even if someone steals the device.

The term “cold” is in contrast with “hot” β€” a hot wallet is any software wallet on a phone or computer that is connected to the internet for everyday spending. Hot wallets are convenient and fine for small balances. Cold wallets are inconvenient and correct for anything you would be upset to lose.

How Cold Actually Works

There are degrees. A hardware wallet is cold in the sense that the key never leaves the device, but the device does periodically talk to a computer to sign transactions. A more paranoid setup is air-gapped signing, where the hardware wallet communicates with the online computer only via QR codes or SD cards β€” never directly β€” so there is no possible electrical path between the private key and the network. Coldcard and some Trezor setups support this.

The most extreme form is a paper wallet or steel backup: the seed phrase written on paper or stamped into metal, stored in a safe, and never touched except to recover funds. There is no device to compromise because there is no device. The trade-off is that actually using paper wallets is clunky and error-prone, and there is no error correction if you misread a word.

Most people who hold serious crypto use something in the middle: a hardware wallet they manage directly, plus a steel backup of the seed phrase in a geographically separated location, plus some operational discipline around how they transfer funds in and out.

The Threat Model

Cold storage protects you from remote attackers: malware, phishing sites, compromised computers, exchange hacks. It does not protect you from physical theft of the device plus knowledge of the PIN, from extortion (the “$5 wrench attack”), from losing the seed phrase, or from your own mistakes in writing it down. Multi-signature setups and Shamir backups are the standard defences against the remaining risks, and they matter more the larger the balance you are trying to protect. For small amounts, a hardware wallet in a drawer is probably enough. For larger amounts, you need to think about the whole threat model, not just “my computer has a virus”.

Hardware Wallet A physical device that stores crypto private keys offline and signs transactions internally so the keys never touch an internet-connected computer. Read definition Hot Wallet A crypto wallet whose private keys are held on an internet-connected device. Convenient, but exposed to software-based attack in ways cold storage isn't. Read definition Seed Phrase A list of 12 or 24 English words that encodes your wallet's master secret. Losing it means losing your crypto; leaking it means someone else gets it. Read definition Private Key The secret number that lets you sign transactions from a crypto address. The one thing standing between you and anyone else spending your coins. Read definition Rug Pull A scam where a project's creators suddenly drain all the liquidity or funds and disappear. One of the most common exit-scam patterns in DeFi. Read definition Sybil Attack An attack where one person creates many fake identities to gain disproportionate influence in a network. The problem proof-of-work and proof-of-stake exist to solve. Read definition