How to deposit and withdraw crypto using the OKEx app
Hot and cold crypto wallets explained — balancing security and convenience when storing cryptocurrency
An introduction to the types of digital currency storage solutions available and the pros and cons of each
It is crucial for any newcomer to the crypto space to fully understand how digital assets are stored and protected. By design, cryptocurrencies allow you to have complete control over them, independent of any trusted third parties. However, this freedom comes with an additional layer of responsibility, and it requires a thorough understanding of digital wallets and the delicate balance between security and convenience.
In an earlier article, we provided an introduction to cryptographic keys and explained how crypto assets use them. If you haven't already read it, we recommend starting there if you are new to these concepts.
This article will expand on the knowledge in the previous article and focus on the distinction between different storage methods, namely hot and cold wallets. A discussion of the pros and cons of custodial and noncustodial wallets follows, with emphasis on the circumstances in which surrendering some financial freedom may be beneficial to certain users. Finally, we conclude with some advice on selecting a combination of storage methods that's right for your abilities and requirements.
Table of contents
- Hot and cold wallets explained
- Types of cryptocurrency wallets
- Custodial vs. noncustodial wallets
- How to choose a cryptocurrency wallet
Hot and cold wallets explained
As we learned in our introduction to cryptographic keys, a basic cryptocurrency wallet is little more than an astronomically large, random number from which a second, similarly big number is cryptographically derived. Known respectively as your private and public keys, these two details are all an advanced user needs to send, receive and securely store their cryptocurrency holdings. We also learned that the public key plus a mnemonic seed phrase represent exactly the same information. We largely referencer a private key here, but the points made are equally applicable to seed phrases.
Although this key pair is the wallet, most users aren't skilled enough at computer science to manually build their own transactions. Instead, they use hardware and software combinations to manage their key pair and to construct transactions on their behalf. Therefore, it's common in the crypto industry to refer to the program or device with which you generate your public and private keys as a wallet.
Given the convenience and security of the wallet solutions out there, few people manually interact with the blockchain in reality. Yet, it's an essential part of Bitcoin's design — and many subsequent cryptos — that the systems are fully functional without any supporting infrastructure.
However, when it comes to wallets, they all fall into one of two categories: hot or cold wallets. The key difference between the two is their accessibility to the internet.
Any wallet to which the private key has been previously entered or generated on an online device is considered a hot wallet. It is "hot" because these wallets are typically much more actively used due to internet connectivity. While they are convenient, access to the web also means that sophisticated malware such as a keylogger or possibly just the theft of the device could compromise the private key. As discussed in the previous article, in many cases, the only detail an attacker needs to empty your wallet is the private key.
By contrast, the key pair of a cold wallet is generated entirely offline, and as soon as you enter it into an online device, the wallet can no longer be considered cold. For these reasons, cold wallets — when created properly — offer a much higher degree of security than hot wallets. If the private key has never been on a device that's connected to the internet, it's safe from the kind of online attacks that threaten hot wallets.
That said, a cold wallet is generally less convenient for day-to-day spending than a hot wallet. Authorizing any transaction requires a digital signature constructed using the private key to be submitted to the network. Therefore, to remain cold, the wallet must have some secure environment — that is always offline — to sign transactions. Alternatively, to retain the security benefits of cold storage, the user must send the wallet's remaining contents to a new offline key pair after making their initial spend.
Importantly, any cold wallet can become a hot wallet by entering the private key into an online device. However, no hot wallet can ever become a cold wallet, as its private key has already been on an online device.
Now, having understood what cryptocurrency wallets are and how they can be considered hot or cold, we will go over some of the types of wallets commonly used.
Types of cryptocurrency wallets
There are several different types of wallet management solutions, and each has its own pros and cons.
Depending on your circumstances, you might use more than one of the following key management solutions. We recommend the first two types to users of all abilities — including absolute beginners.
Meanwhile, the second two types are incredibly useful in particular situations but do carry serious risks. Therefore, we present them here for educational purposes only and do not recommend attempting to store your crypto assets via either method unless absolutely necessary.
Software wallets are cryptographic key management programs that you can install on a mobile phone or computer. The software itself will generate a private and public key on your behalf, and you can start using them within minutes. Modern solutions will likely also generate multiple sending addresses from the public key for additional privacy.
Software wallets are either designed for a single cryptocurrency or multiple cryptocurrencies. Examples of the former include Electrum for BTC and MyMonero for the privacy coin XMR. Examples of the latter include Exodus and Jaxx. Multi-crypto software wallets usually provide one master seed phrase to restore access to the entire wallet should you lose the device on which you store it.
Because software wallets usually generate keys on an online device, they are almost always considered hot wallets. This means they are ill-suited for long-term storage of high-value cryptocurrencies. That said, a software wallet on your mobile phone or computer is much more convenient for making regular, smaller transactions than a completely cold storage solution.
With your private key already on an online device, you don't need to take any additional steps to sign a transaction. Just enter the amount you want to send and the receiving address, and then submit the transaction to the network. The software will take care of actually constructing and signing the transaction for you.
Software wallet pros:
- Often free
- Can be open-source and noncustodial — more on this later
- Convenient for day-to-day spending
- Easy to use
- Can support multiple crypto assets
Software wallet cons:
- Vulnerable to online threats
- Vulnerable to physical threats — if your wallet is not password- or passphrase-protected, loss or theft of a device can result in unrecoverable funds
- May involve trusting a third party if not open-source software
Offering much greater security than software wallets, hardware wallets are small devices that are optimized to protect private keys. They feature a secure offline environment in which private keys are generated and transactions are signed.
Most hardware wallets connect to a computer via a USB connection. However, more advanced products are entirely independent and feature their own display, internet connectivity and power supply.
Because using a hardware wallet means you never need to enter the private key on an online device, we recommend them to cryptocurrency users who want to protect a sizable investment as well as to long-term holders. Such devices provide user-friendly, secure cold storage and often support multiple crypto assets.
Although creating and signing a transaction with a hardware wallet is not quite as straightforward as a software wallet, they are still useful for regular, higher-value transactions.
Hardware wallets are highly secure from both online and physical attacks. If the average person were to get hold of your hardware wallet, you would almost certainly have enough time to transfer your funds to a new key pair before the thief worked out how to extract the private key from the device. Although some vulnerabilities do exist, exploiting them requires highly specialized knowledge and equipment.
There are several different types of hardware wallets on the market today. Popular examples include Trezor Model T, Trezor One, Ledger Nano S, Ledger Nano X, Coldcard and KeepKey.
Hardware wallet pros:
- Much more secure than a software wallet
- More convenient than other cold storage options
- Often support multiple cryptocurrencies
- Easier to set up safely than other cold storage options — Ledger and Trezor products are especially known for being beginner-friendly
- Can be used in conjunction with Web 3.0 wallets like MetaMask and MyEtherWallet to increase security when interacting with DeFi protocols or other decentralized applications
Hardware wallet cons:
- Not free — depending on the size of your holdings, the heightened security might not be worth the expense
- Some devices are still technically vulnerable to physical attacks should one of a tiny number of experts get hold of it
- Less convenient for day-to-day spending than a software wallet
- May involve trusting a company unless the product is fully open-source
- Could be tampered with in transit, particularly if bought from an online reseller
- Still require a backup that is vulnerable to the same risks as any other wallet backup
A paper wallet is a cryptographic key pair that is generated entirely offline and recorded non-digitally. Although the name suggests that you have to write the wallet details on paper, in practice, this is not the most secure option. Most users creating paper wallets will choose a more durable medium — such as a steel plate — to record their private key.
If created correctly, paper wallets provide the most robust security of any wallet. There is no physical device for an attacker to compromise, and the user can trust the key generation process because they have complete control over every aspect of it.
However, it's incredibly challenging to create a paper wallet securely — and making a mistake when doing so invites much greater risk than if you were to simply use a hardware wallet. For this reason, we do not recommend anyone but the most skilled experts attempt to create and use paper wallets.
For a truly cold storage paper wallet, you must generate your key pair on a device that you are absolutely sure is free from malware and has never been connected to the internet. Even brand-new devices could have been tampered with during the manufacturing process.
Inspecting every aspect of a new machine requires a lot more than a simple virus scanner and is a task that only highly skilled computer users should undertake. Additional risk comes from wireless printers that may save a copy of sensitive details to a memory cache when creating a backup. For this reason, paper wallets should not be a digital printout.
Alternatively, it's possible to create a key pair yourself with dice or another form of offline random number generation. Again, this is something only those with considerable experience in computer science should attempt. A small mistake during the process can result in loss of funds and, by the time you realize your error, you may have already had your holdings sent to an address for which you don't have the private key.
Paper wallet pros:
- The most secure storage method if created correctly
- No requirement to trust third parties
Paper wallet cons:
- Poorly generated paper wallets can introduce more-significant risks than most other wallet solutions
- Incredibly difficult to set up securely
- Spending from a paper wallet requires the user to transfer the remaining wallet contents to a new, completely offline key pair, as doing so will lose any cold storage security benefits
A "brainwallet" refers to a cryptocurrency user committing their wallet details to memory for some time. Since private keys can also be denoted as a list of 12 or 24 words, this isn't quite as daunting as it sounds. However, we strongly recommend that you don't try this method unless you absolutely need to.
The seed phrase of a brainwallet can be generated using hardware, software or even user-created randomness. The user may have a wallet backup safely secured in a different geographical location, or they may not. The former provides some recourse should their memory fail them when transferring the wallet's contents later.
The advantage and disadvantage of remembering your seed phrase is that there may be absolutely no physical evidence of it.
This could be extremely valuable against physical attacks, yet, it spells disaster if you forget part of the phrase and no other backup exists. To put this into perspective, if you forget four of the 12 words, there are more than 17 trillion potential solutions — and that's only if you remember the exact position of the other eight seed words.
- No physical evidence
- Incredibly powerful in the right circumstances
- Very risky if no backups of keys exist — do not attempt to create a brainwallet unless you really need to
Custodial vs. noncustodial wallets
So far, we've mostly focused on noncustodial wallets. By noncustodial, we mean that the user doesn't need to trust any central entity to keep their private key for them.
If the first thing your wallet software or hardware does is prompt you to backup your private key or seed phrase, you're almost certainly using a noncustodial wallet. By contrast, if your storage solution never provides the private key, you're probably using a custodial wallet.
With noncustodial wallets, you assume all the responsibility for protecting your private key. The reward for taking on this admittedly high level of responsibility is the ability to use cryptocurrency without requiring anyone else's permission and a much lower chance of assets ever being seized or blocked.
Many die-hard cryptocurrency enthusiasts insist that noncustodial wallets are the only way anyone should hold their cryptocurrency. They often reason that pools of user funds stored with centralized custodians represent a target for hackers and compromise users' financial freedom. Additionally, the authorities could pressure a centralized entity to hand over all the digital assets they store on behalf of their users. Confiscation in this manner is much less straightforward when using noncustodial wallets.
To further minimize trust in any single entity, noncustodial wallets may use open-source software and sometimes hardware. Open-source simply means that all the code responsible for the functioning of the wallet is publicly available for anyone to inspect. Thus, there are no secrets about how an open-source wallet operates, and users can verify its functionalities themselves rather than trusting the service provider.
That said, there are multiple reasons why someone might prefer to trust a third party to look after their investments.
Most exchange platforms — like OKEx, for example — custody digital currencies on behalf of their users. By using a centralized order book system and ledger of account balances to facilitate crypto trading, exchanges avoid submitting large numbers of transactions to the blockchain networks themselves. As a result, unlike the case with decentralized exchanges, trading fees are often much lower, and there is no chance of being front-run by a user willing to pay a higher transaction fee.
In addition to centralized exchanges, designated digital asset custodial services also exist. For example, companies like Fidelity Digital Assets, Bank of New York Mellon and others offer to store clients' cryptocurrency for them. In many cases, regulatory compliance obligates high net worth and institutional investors to use third-party custodians rather than taking responsibility for holding their own assets.
Similar services also exist for smaller investors. Not everyone is ready to take complete control of their finances, and many people appreciate the comfort of knowing that a third party can help them recover their funds should they lose their account log-in details. In contrast, losing access to noncustodial wallet details usually means a complete loss of funds.
A cryptocurrency custodian's actual storage methods are usually a closely guarded secret. If attackers knew exactly which precautions a custodian has taken, they would know which areas to target.
That said, most cryptocurrency custodial services use some combination of hot and cold wallets to protect user funds. Only the crypto assets needed for day-to-day operations are kept in a hot wallet to minimize risk.
Custodial wallet pros:
- Great for regular traders
- Entrusts cryptocurrency security to a company that usually specializes in protecting digital assets
- Reduces the responsibility newcomers need to bear when using crypto for the first time
Custodial wallet cons:
- Users must trust the provider's solvency and security— can the company pay all users if they request it simultaneously and are its precautions against hackers adequate?
- Sacrifices the freedom to transact without first requiring permission from a third party
- Represents a large single target for online criminals
- Easier for law enforcement to target custodial services than individual holders
How to choose a cryptocurrency wallet
Now that you know all about the different wallet services available, you should be in a much better position to start choosing your own cryptocurrency storage setup. Each solution optimizes for different levels of convenience and security. As such, a combination of the methods presented here will probably serve you better than any single one.
It also makes sense to consider a layered approach to protecting your digital assets. In this regard, crypto and fiat storage share some overlap. For example, it's not a good idea to keep your life savings in the wallet in your pocket. Instead, you probably store most of your money in a location with higher security assurances — like a bank. Meanwhile, your physical wallet holds a few banknotes for day-to-day spending.
A similar example from the crypto world might be to keep your long-term holdings in cold storage and have a small percentage of funds in a hot wallet for any transactions you make more frequently. That way, if an attacker does manage to compromise the private key of your hot wallet, it's not the end of the world, as you only stand to lose a small percentage of your total holdings.
Similarly, those actively trading will often use the custodial wallet provided by a platform like OKEx. While some inherent risk is associated with this, traders may miss a favorable price if they have to transfer funds from self-custody to an exchange platform before buying or selling. Likewise, compliance issues or a lack of understanding of adequate storage may make custodial wallets the method preferred by beginners, high net worth individuals and institutions alike.
Finally, those who feel their assets are at considerable risk may find the prospect of a brainwallet very attractive. This method of storing digital assets should not be taken lightly, as mistakes can be costly, but it is incredibly powerful in desperate circumstances.
Given the nuances in user requirements, abilities and aspirations, there is no one single cryptocurrency wallet solution that is the best for everyone. For example, highly skilled individuals who value security over convenience might very well prefer a meticulously constructed paper wallet.
Meanwhile, an active trader might split their holdings between an exchange's custodial wallet and their own hardware wallet. Alternatively, an absolute beginner making their first few transactions might be best served by a simple software wallet, later upgrading their storage to a more secure option as their comfort with the technology grows.
Thinking of investing in cryptocurrency but don't know where to start? Join OKEx to buy BTC, ETH and other digital assets at a world-leading, secure trading venue. You'll also enjoy rewards in BTC and USDT for buying and selling crypto with us.