A hot wallet is any wallet whose private keys are stored on a device connected to the internet. MetaMask running in your browser is a hot wallet. The wallet built into the Coinbase mobile app is a hot wallet. The Trust Wallet app on your phone is a hot wallet. Anything where the signing keys live in software on a machine that has any kind of network access falls into this category, regardless of the specific product. The contrasting category is cold storage β hardware wallets, air-gapped signers, paper wallets β where the keys never touch an online device.
The tradeoff is convenience for security. Hot wallets are fast: you can open your browser, click “swap”, approve a transaction, and have it on-chain thirty seconds later. They are also relatively easy to use, with good mobile apps, browser extensions, and wallet-connect flows for interacting with dapps. The price is that they are exposed to every piece of malware, phishing site, malicious browser extension, and zero-day exploit that can reach your device. If your computer is compromised, your hot wallet is compromised, end of story.
What Actually Goes Wrong
The attack vectors are not theoretical. Clipboard-hijacking malware that swaps out a pasted crypto address for the attacker’s address has drained hundreds of wallets. Fake wallet extensions uploaded to the Chrome Web Store have harvested seed phrases from users who searched for MetaMask and installed the wrong one. Phishing sites that look identical to real DeFi frontends have tricked users into signing transactions that grant unlimited token approvals to an attacker contract. Seed phrases that users have accidentally saved to iCloud or Dropbox have been compromised when those accounts were breached. None of these require anybody to be particularly sophisticated; most just require the victim to be tired or distracted at the wrong moment.
A hardware wallet blocks most of these because the critical step β producing a signature with the private key β happens on a device that the attacker cannot reach and that displays the transaction details on its own screen for you to verify. A hot wallet has no such checkpoint. If the software on your phone is lying to you about what you are signing, there is nothing stopping the transaction from going through.
The Sensible Split
The most common setup for anyone with meaningful amounts of crypto is a split. A hot wallet holds whatever you are actively using β enough to pay gas, trade occasionally, interact with a handful of dapps. A hardware wallet holds the long-term savings, connected only when you need to move something, and otherwise kept in a drawer. The rule of thumb is that anything you would be genuinely upset to lose should not live in a hot wallet, and the threshold for “anything you’d be upset to lose” is different for everyone but usually involves fewer zeros than people expect.
The alternative framing: treat your hot wallet like a physical wallet and your cold storage like a bank account. You carry a bit of cash for daily use, accept that it is at some risk of being lost or stolen, and keep the bulk of your money somewhere less accessible but more secure. People who try to do everything from one hot wallet are essentially walking around with their entire net worth in their front pocket, and the failure rate for that approach is high enough that the crypto subreddits have a new horror story every week.