Site icon Stratus Crypto

Hot vs. Cold Storage: A Beginner’s Guide to Crypto Wallets

stratus

Updated April 2024 – Crypto provides us with more control over financial assets than the banking system provides for traditional fiat currency.  

With crypto, we don’t have to trust a bank or brokerage to act as the custodian of our hard earned money.  

Corporate bankruptcy or fraud, government default, bank failures, theft and hacking can wreak havoc on the tradfi banking system.  Government over-regulation is also a major threat to crypto assets especially when you trust a third party company to hold your crypto in their custody.   

In 2023, we saw the Securities & Exchange Commission (SEC) Chairman and MIT Crypto Course Instructor, Garly Gensler  take a position against crypto stating that “We already have digital currency. It’s called the U.S. dollar.”  The SEC took two major legal actions against Binance and Coinbase.  Coinbase has been deemed non compliant in running an unregistered exchange selling securities and acting as a clearing house & broker.

Fast forward to 2024, and the SEC changed their stance and approved Bitcoin Spot ETFs. Wall Street’s blessing fueled a new wave of Bitcoin Adoption, All Time Highs, and BlackRock setting the record for fastest ETF to $10 Billion.

If you keep Bitcoin on an exchange (CEX), you accept the inevitable fear, uncertainty, and doubt (FUD) about your ability to access and withdraw our crypto.  

If your coins are on an exchange you DO NOT own the cryptocurrency.  The exchange, which is at the whim or big government’s regulations, acts as the custodian on your behalf. 

One of the fundamental principles of cryptocurrencies is the concept of self-custody, where crypto holders have complete control over their funds without the need for intermediaries, like banks, to act as a trusted custodian.  

While this decentralization empowers individuals, it also places the responsibility squarely on YOUR shoulders to protect YOUR assets. 

What is a crypto wallet?

Crypto wallets are software or physical devices that store your Bitcoin public and PRIVATE KEYS.  Your coins are stored on the blockchain and are accessible by the Private Key which is protected and stored by your wallet.  

Pro Tip – Never share your private keys with anyone.  EVER!  If someone had your private keys they could easily steal your crypto.

Your public keys act more like your bank account and routing number.  These are important for identifying your account but the fact that these numbers are printed on all of your physical checks, their secrecy isn’t that important.  

Public keys allow you to make transactions (buying or selling).  

Private keys actually ‘sign’ and authenticate the transaction on the backend.  

If you buy Bitcoin on Coinbase, the transaction occurs off-chain and nothing will be recorded on the Bitcoin Network. Your account is basically ‘credited’ with an IOU indicating your holdings.

They provide a receiving address for the transaction, but Coinbase manages the private keys controlling the Bitcoin until you transfer to an external non-custodial wallet.

Some crypto wallets can only send and receive specific coins or they may be compatible with one blockchain but not the other.  It’s common to have multiple wallets storing your keys to your coins.  

Here’s an example of how and when exchanges create wallets on your behalf:

Let’s say you’re new to crypto and decide to set up a Coinbase Exchange account.  Once you complete the KYC (Know Your Customer) authentication process, your next step will be to add funds to your account (usually direct deposit from your bank).  

These funds (ie- USD, Euro, CHF) are called ‘fiat’ and can be converted into crypto.  

Let’s say you transferred $500 from your bank to your Coinbase account.  You could make a one time ‘spot’ purchase of BTC and Coinbase would create a BUY order which would get filled automatically at the current market price.

Pro Tip: You can also set up a Dollar Cost Average bot on Coinbase with Stratus to create a Bitcoin recurring buy for the same $500 over a time period to take advantage of price movements. 

Back to the example with a tweak…

  1. You have $500 USD fiat sitting in a Coinbase account ready to invest.
  2. Use a crypto calculator to backtest your strategy.
  3. You create a Buy Order for $250 USD of BTC and Buy Order for $250 of ETH
  4. Coinbase will fill your orders with liquidity from people on the exchange selling BTC and ETH. 
  5. Coinbase will automatically create TWO (2) HOT CUSTODIAL WALLETS for you.  One wallet will store your keys for BTC and the other will store the keys for ETH.  BTC and ETH run on separate blockchains and require separate wallets to enable sending/receiving for each.  
  6. Coinbase acts as the Custodian of your private keys in this HOT wallet that is always connected to the internet (insert FUD*).

*If you’ve ever heard, ‘‘Not your keys, not your coins’ it means that if you don’t own (custody) your keys, then you don’t actually own your coins!  So the only way to own your keys is to transfer some/all of your crypto from your Hot Wallet on Coinbase into a secure Hardware Wallet that is stored OFFLINE.

What is the difference between Hot and Cold Wallets in Crypto?

The basic difference between hot and cold wallets is that Hot Wallets are hot because they are always connected to the internet and Cold Wallets are cold because they are never connected to the internet.  

Hot wallets and cold wallets are NOT mutually exclusive.  Most exchanges will create and host your (custodial) hot wallet to store crypto private keys and you should also set up (‘non-custodial’ aka – ‘self-custodial) cold wallets for offline storage of your keys.  

Pro tip: Hot and cold wallets serve the common purpose of storing your public and private keys.  Opt for a 100% open source Bitcoin-only wallet!

Different Types of Mobile, Desktop and Browser Hot Wallets:

I often get asked offline wallet questions. Which Bitcoin wallets are the best? What wallet do you use?

Using a combination of different wallets is a popular tactic. Cold Card + Sparrow or Electrum desktop + Blue Wallet ‘watch only’ is an example of an advanced cold storage strategy.

Pro Tip: Do NOT download or install phone or desktop software wallets from any source other than the wallet creator’s main website and verify the GPG signatures.

Examples of Secure Cold Wallets include:

Hardware Wallets are the most popular form of offline cold storage. These physical devices often resemble a USB drive and are designed to protect your private keys from being exposed online.

Pro Tip: Do your own research to find the wallet that best suits your security and usability preferences. Not all claims of being ‘open source’ are 100% accurate. If a wallet uses a secure chip, then is not 100% FOSS. A closed source chip must NOT have access to your private key or backup recovery seed.

What are hot wallets and are they safe?

Hot wallets, also called online wallets, are connected to the internet and used to store your crypto.  Most exchanges, like Coinbase, automatically provide hot wallets to their customers when you buy crypto.

The biggest risk of using a Hot Wallet is that your Public Keys AND Private Keys are stored on the internet.

Crypto Hot Wallet Risks:

Hot Wallet Benefits:

The debate between hot and cold wallets will never end.  There are pros and cons to deciding between hot wallets vs. cold wallets.  

Most crypto veterans will agree that cold wallets are better than hot wallets.  

Why are Cold Wallets better than Hot wallets?

A cold wallet = offline crypto storage and self custody of your keys.  

A cold wallet does not need to be connected to the internet to store your crypto and comes in three variations: 1) hardware wallets, 2) paper wallets and 3) sound wallets.  

Your hardware wallet is like your savings account for the bulk of your Bitcoin. You can send crypto from cold storage to a hot wallet which acts more like your checking account for transactions. Just make sure you have a strategy for UTXO management to protect your privacy.

Cold wallets come with an extra kicker of having the option to go DEEP storage where you further protect the cold wallet by adding an extra layer of protection like burying a safe with your metal seed phrase or storing half of your seed on separate continents requiring serious air travel to recovery your crypto if your hardware wallet is comprised or you forget your pin code. 

Enhanced Security: Winner: Cold Wallets 

Control and Ownership: Winner: Cold Wallets 

Tech Risk Isolation: Winner: Cold Wallets 

*When I was considering a cold wallet for the first time, this feature alone sealed the deal in making the switch to move almost all of my crypto from hot to cold wallets. 

Trading and HODLing: Winner: TIED 

Long-Term Storage: Winner: Cold Wallets 

Let’s assume for now that you already have a hot wallet that is created automatically by the exchange where you bought your first crypto.  

It’s not recommended that you keep all of your crypto online in your hot wallet.  

Even though each crypto investor’s use case is different, the general rule of thumb is to diversify your crypto holdings across multiple hot and cold wallets.  

Pro Tip: Only keep what you need to actively trade in a hot wallet.  Coins that you HODL should be moved from hot to cold storage on a regular basis.

Set up a schedule to regularly transfer your coins from hot wallets to offline cold wallet crypto storage.  An example strategy could be setting up a reminder to move crypto to cold storage once a month or whenever you hold more than a certain dollar amount of any single cryptocurrency.  

Three Main Types of Cold Wallets for Crypto

There are three different types of cold wallets to choose from: hardware wallets, paper wallets and sound wallets. Crypto cold storage hardware wallets, sound wallets and paper wallets store your keys offline which makes them a secure and decentralized option to self-custody your crypto.

Hardware Wallets: Hardware wallets, like the Ledger and Trezor, are easy to use devices that look like USB drives and are designed to safely store your private keys OFFLINE.   They can connect to your computer with USB or bluetooth and have built-in encryption features like PIN codes, seed phrases, and verification workflows.  Here’s how to set up a Ledger hardware wallet.

Paper Wallets: Paper wallets are the OG cold wallet.  You literally print out your private and public keys.  The public key can be used to receive crypto.  The private key must be kept secret but it doesn’t need to literally be written on a piece of paper.  

Other options like metal stamping fall into the category of paper wallets and are usually stored in fireproof and/or waterproof containers.  If you lose your keys you lose your crypto. 

Crypto Sound Wallets: Encrypting your private keys as audio files (mp3) then storing on CDs which can be decrypted via spectroscope is a cold wallet albeit less popular than Paper Wallets.

Hardware wallets: Explanation, features, and benefits

Hardware wallets are secure and easy to use options for crypto self custody.  

The Ledger looks like a regular USB drive, has an intuitive interface and supporting software applications to make managing and accessing your crypto easy and secure.  Here’s what it looks like….

All cryptographic functions to review, confirm and sign a transaction occur within the hardware wallet.  

Here’s a guide for setting up a cold crypto hardware wallet.  It’s pretty easy and only takes a few minutes to complete.   

After you set up your cold wallet, the most important next step is safely storing the Recovery Seed.  These 12-24 words act like a backup in case your cold wallet is ever lost or damaged.   

Hardware wallets provide extra security via dedicated device with cryptographic features to keep your private keys offline and safer than hot wallets (software wallets).  The device may require regular firmware updates and it’s always a good idea to have a backup.

Remember, the private keys never actually leave the device which, in my opinion, is the key feature protecting your crypto from attacks.  

No matter what cold wallet brand you use, your recovery seed phrase can be typed to restore ALL of your addresses (ie – public and private account numbers). 

Cold Wallet Backup and Hardware Device Recovery Plan

Having a backup and recovery plan can help you regain access to your crypto in case of physical damage, loss, or theft. Here are some key strategies to consider:

By implementing these backup and recovery strategies, you can enhance the security and peace of mind associated with your cold wallet storage. 

Tips for Storing your Hardware Wallet and Seed Phrases

Now that you have your cold wallet set up and maybe some extra encryption with passphrases, it’s time to figure out where to store your hardware device and cold wallet seed phrases. 

Protecting against physical damage, loss, and theft to your Cold Wallet

Being your own bank means that you need to step up your physical and operational security plan.  

Maintain Physical Security: If you need to transport your cold wallet, consider using discreet and secure methods, such as a concealed bag or a personal item that remains under your direct control.  

Maintain Operational Security: Stay alert and error on the side of caution especially NOT clicking links that look phishy and never providing your seed phrase or recovery seed to any person, app or company. 

Hardware Wallet Security Best Practices:

Regularly Updating Firmware and Software

Manufacturers of cold wallets often release updates that address vulnerabilities, new features, and enhance overall performance. Here are some key reasons why regularly updating firmware and software is important:

By staying up to date, you can maintain the highest level of security and functionality for your cold wallet, providing peace of mind when managing your crypto.

Advanced Cold Storage Examples: 

How to move your crypto to a cold storage wallet

It’s important to buy your cold storage wallet directly from the manufacturer.  Here’s a link to Ledger .  The last thing you’d want to do is end up with a device that has been set up with a known password, designed to defraud you.

  1. Plug your hardware wallet into your computer and follow the instructions to update firmware.  Here’s a step by step walkthrough for setting up your crypto cold hardware wallet. 
  2. Follow the instructions provided by the manufacturer to set your Pin code.  This is like the password to unlock the hardware device. 
  3. Follow the prompts to Write down your seed recovery phrase on a piece of paper then check out article about the best places to hide your hardware wallet and passphrase. If you lose your cold wallet, you can always purchase a new hardware device and restore your wallet with the backup seed phrase. 
  4. Create a new wallet on the hardware device for each cryptocurrency you will transfer to the wallet.  
  5. Confirm the pin on your device and select ‘receive’ which will display your cold wallet’s address or public key.  
  6. Log into your exchange account and select the hot wallet for the crypto you want to transfer to cold storage.  Select the option to ‘send’ or ‘withdraw’ then enter your public address for the cold wallet.  

Pro Tip: Send a small amount of crypto from your hot wallet to your cold wallet after setting up your cold storage device.  Verify then transfer the rest of your crypto.  #selfcustody #notyourkeys #hodl #coldstorage

The transaction may take up to 30 minutes for the blockchain validators to confirm.  Your transaction will appear as ‘Pending’, then switch to ‘Complete’.  

Verify that the small test transaction was posted correctly and the funds moved according to your plan.  Then, and only then, should you move everything else. 

Verifying transactions and addresses is an essential practice to maintain the integrity and security of your cryptocurrency transactions. By double-checking transaction details, using QR codes for address verification, cross-referencing multiple sources, validating address formats, utilizing blockchain explorers, and staying vigilant against phishing attacks, you can mitigate the risk of errors, fraud, or loss of funds. 

Best Practices for Sending Crypto from a Cold Wallet to an Exchange

Here are some key considerations to ensure the secure transfer of cryptocurrencies to minimize the risk of unauthorized access or loss of funds:

Now that you have your cold wallet setup and secured it’s time to transfer some crypto.  

The two primary actions you’ll take with a crypto hardware wallet are 1) moving crypto from a hot wallet to your cold wallet and 2) preparing/signing offline transactions which is a more advanced use case.

Here are some best practices for sending crypto to and from your hardware wallet:

Advancements in crypto wallet technology and security

Advancements in hardware wallet functionality, usability and security is critical for crypto mass adoption.

Here are a few examples of what researchers and developers are working on:

Government regulations impact on cold wallets

Regulatory frameworks globally are seeking to establish guidelines and standards for the use and storage of crypto.  

Here are some key points to consider regarding the evolving regulations and their impact on cold wallet usage:

Pro Tip: Ask yourself which is more likely to happen…losing your crypto to exchange bankruptcy or someone stealing or guessing your recovery seed?  #selfcustody

Predictions for the future of cryptocurrency storage

Cryptocurrency storage solutions will evolve over time.  Here are a few predictions for the future of crypto cold wallet storage: 

Final Thoughts on Cold Storage

Crypto firms holding customer deposits that are NOT in cold storage include:

If you have (or had) crypto at any of the firms listed above, you may not ever recover 100% of your assets as a result of bankruptcy or regulation.  

Imagine your dollar cost averaged a position over the last 2 years and managed to accumulate 1 Bitcoin ($BTC).  I’ll give you two scenarios to consider. 

Scenario 1:  You have 1 BTC in a Binance hot wallet.  The US SEC takes action against Binance preventing them from doing business in the US and freezing or seizing their US bank accounts.  Binance closes their Binance.us entity and because their assets are frozen, they decline to enable withdrawals.  In this scenario, you’re too late and lost your bitcoin. 

Scenario 2: You read this post and buy your first crypto hardware wallet from Ledger here. (link to ledger affiliate).  Before assets are seized or bank accounts frozen, you transfer 90% of your crypto from your exchange hot wallet into cold storage.  

The peace of mind that comes with adopting a crypto strategy where you regularly move your crypto from hot to cold wallet storage is, in my opinion, the most pressing and proactive step you can take to securing your digital assets.  

Companies like Ledger and Trezor are great examples of legitimate cold wallet manufacturing companies that offer excellent customer support and are known for their commitment to security.  Visit the official websites of these cold wallet providers to learn more about their offerings and compare the features that align with your security needs.

Make an informed decision and take control of your digital assets. Your future financial security is worth the investment of time and effort in securing your cryptocurrencies. 

Don’t wait until it’s too late. 

We’d love to hear from you especially if you read this crypto cold wallet guide and set up your cold storage. 

Note: Stratus does NOT provide investment, legal or tax advice.  All information in this article is for educational purposes and should not be interpreted as investment, legal or tax advice.  The opinions expressed are those of the author for informational purposes and neither Stratus nor the author are liable for any errors, inaccuracies or omissions.  Digital assets, such as cryptocurrencies or decentralized finance, present unique risks for investors.  For investment, legal, tax, or other financial guidance you should consult your own advisor.  

Exit mobile version