What are Hot and Cold Crypto Wallets, and How to Secure My Keys?

Key takeaways

• Cryptocurrency wallets are classified into custodial (third-party managed) and non-custodial (user-controlled), with non-custodial wallets offering enhanced security
• Hot wallets are internet-connected and convenient for transactions, while cold wallets are offline, providing better security for long-term storage
• Use multi-factor authentication, hardware wallets, and secure storage for private keys to protect your crypto assets from theft and loss
• Following the principle "Not Your Keys, Not Your Crypto," managing your own funds is crucial to avoid risks associated with third-party custodians

The 2022 crypto winter is still all too fresh in our memories, thanks to the spectacle of the FTX collapse.  The mishap underscored quite a few critical lessons about safeguarding your crypto and navigating finance in web3 with crypto wallets. Not Your Keys, Not Your Crypto is one of the key lessons learned, which basically means you and only you are responsible for your crypto assets, and no one else can be expected to give them safety and bring them back if lost. 

The concept of crypto wallets is crucial to understand if you want to give your crypto the maximum possible security. Let’s find out all about what a cryptocurrency wallet is, as well as the idea of hot and cold wallets. 

What are crypto wallets?

What’s important to know about crypto is that it has no physical existence, and so crypto wallets are not tangible things either. A cryptocurrency wallet is essentially an address that gives you a private and a public key - the private key as basically a password to put in when you want to store and access your crypto and initiate a transaction, and the public key as a public address to share with people when you want to receive cryptocurrencies in your wallet.

There are different types of crypto wallets - some centralised or overwatched by entities who take the responsibility to keep your crypto safe, and some decentralised, where you are responsible for keeping your crypto safe. 

The former can be understood through the example of a crypto exchange. Say you bought some crypto from a centralised crypto exchange and left your crypto with them; in this case, the exchange takes the responsibility to watch your crypto for you. You can log in and make transactions with this crypto. But do remember that in case the exchange gets compromised in any way, you stand to lose your crypto. 

Types of crypto wallets: hot and cold wallets

A cryptocurrency wallet can be one of two primary types out of hot and cold wallets. While both crypto wallets can store your crypto and allow you to transact, they differ in their levels of accessibility as well as security, and may suit different types of traders. 

What are hot wallets?

Out of hot and cold wallets, hot wallets are connected to the internet and can be accessed through your smartphone and desktop. Their internet connectivity and easy accessibility are what earn them the ‘hot’ title.

What are cold wallets?

On the other hand, cold wallets are offline, and store crypto away from the online world. They often have a tangible presence, though it is not in the way of your regular wallet that stores cash. 

Types of hot wallets:

Hot wallets can further be broken down into multiple categories, such as:

• Exchange-provided wallets: You don’t have to remember any public or private keys for such wallets- you can simply log into your exchange account and use your funds. One unique advantage of these wallets is that you can use them to receive airdrops and stake within the exchange itself with the greatest ease. Further, if you frequently move crypto to use dApps (decentralised apps) like decentralised exchanges, NFT marketplaces, and web3 games, you would want to use such a wallet that lets you make transactions quickly. However, do remember that such wallets are more vulnerable to the authorities locking you out of using your own assets in case of insolvency or bankruptcy. 

Example: When you open an account on any crypto exchange, you’re given such a wallet.

• Desktop Wallets: These hot wallets are software applications that you can install on a computer, as the name suggests. Here, you have more control over your assets than an exchange-based wallet, but remember that you have to still manage your private key by backing it up in secure digital lockers. However, there are malware attacks to consider, as well as a third-party getting access to your private keys. Further, if you lose access to your device, you stand to lose your crypto if a cloud backup of private keys and seed phrase is not made.

Example: Exodus and Bitcoin Core are well-known desktop wallets.

• Mobile Wallets: Like desktop wallets, these are crypto wallets made for your smartphone. Compared to desktop wallets, they bring more portability and convenience, but they also carry the same risks.

Example: Metamask and Trust Wallet are widely used options for mobile crypto wallets. 

Types of Cold Wallets:

Among hot and cold wallets, cold crypto wallets have two prominent types:

• Hardware wallets: These are physical devices that can store your private key offline. You can imagine how that makes hardware wallets secure- after all, being kept offline means there’s less chances of your private key being stolen. However, they still have to be connected to the internet when making transactions, which brings safety considerations.

Example: Popular hardware wallet brands include Ledger and Trezor.

• Paper wallets: These involve printing your private key on paper and storing it securely, whether as a whole or in multiple bits. There is certainly no risk of cyber attacks, but we all can guess how flimsy this method would be. You could simply misplace the paper and lose your crypto; and if you try a tactic like storing it in a bank locker, accessing it is too cumbersome.  

Differences between hot and cold wallets

To understand the concept better, here are the key characteristics and features of hot and cold wallets weighed against each other:

Overall, our opinion would be that you can try a combination of both hot and cold wallets according to your usage and security requirements. So maybe divide up your holdings between a mobile wallet and a hardware wallet, say, so you can both trade and hodl with ease.

Custodial vs. non-custodial wallets

Let’s explore the types of crypto wallets a bit further for decision-making on your part. A custodial wallet is a cryptocurrency wallet managed by a third party, so basically it’s when a crypto exchange or another entity manages your private keys on your behalf. The primary reason for choosing a custodial wallet for most is that managing private keys can be burdensome, and if you’re particularly absent-minded, you could just lose it and never get to access your funds again. Do consider, though, that when a third party manages your private keys, they are the ones with complete control over your funds. 

On the other hand, for a non-custodial wallet, of course you end up managing your private key. So you have full control over your crypto holdings, and you have 24/7 access to them without requiring a third party’s permission. Security increases too- you can definitely trust yourself more than a third party. 

Custodial wallets can be relied upon to recover your password in case you forget it. However, a liquidity crisis such as the one Vauld faced can put your hard earned money in harm’s way too. 

Non-custodial wallets sure dial up security on your part, but recovering your crypto in case you forget your private key may not be as difficult as it seems with them. You have something called a ‘seed phrase’ or a ‘recovery phrase’ generated by crypto wallets;  it’s a string of 12-24 random words (from a list of 2048 words) put together in a unique way just for your wallet. The BIP39 standard or the Bitcoin Improvement Proposal 39 is the standard most crypto wallets follow to give you these mnemonic sentences. When you set up your wallet, you can have a seed phrase generated, and note that down securely to recover your wallet in case of a mishap. 

So seed phrases make managing your own cryptocurrency wallet far easier. To ensure maximised safety for your crypto, non-custodial wallets are your best bet. 

Learn to secure your wallet keys

The bankruptcy of FTX and the pause in VauId's operations taught us some important lessons, further fueled by consequent hardships faced by Celsius and Blockfi. These include:

• Proof of reserves: Users are right in demanding proof of reserves from crypto exchanges, so the audits can validate a company’s claims about its holdings. This would prevent the misuse of customer funds as FTX had done by transferring them to SBF’s Alameda Research.
• Due diligence: On the part of users, these mishaps highlighted the importance of due diligence before considering investments.
• Self-custody: Despite the challenges and overwhelming responsibilities it brings, it’s best for users in the crypto sphere to manage their own funds, as we discussed above. ‘Not your keys, not your crypto’ is very wise advice, after all, in light of the litany of bankruptcies for crypto firms in 2022. 

Now, following the principles of self-custody, what are the best ways for you to secure your crypto holdings?

• MFA or multi-factor authentication: We have heard of 2FA, but this is a popular measure to ensure your hot wallet private keys are safe. Instead of just a password that is easily nabbed, MFA allows you to add several identifiers or factors that ensure only you can access your cryptocurrency wallet.
• Hardware wallets: We will reiterate: hardware wallets for offline storage of your crypto frees you from the possibility of cybersecurity threats to your crypto. However, you have to connect them to the internet during transfers, which is when you’re required to be particularly careful.
• Generate private key offline: For the more tech-savvy, it may be a good choice to generate your own private key offline and a public key to go along with it.
• Again, putting your private key and the seed phrase both on pieces of paper and Paper wallets: safeguarding them can be an option if you trust yourself to not lose them.
• Encrypt private key: You can find a strong encryption algorithm to encrypt your private keys, and then store it in a secure place.  

As for enterprises, putting the safety of crypto wallets into the hands of one single party isn't reasonable; imagine the BlackRock spot Bitcoin ETF (IBIT) stores its 269,300+ bitcoins in a blockchain wallet- one person obviously can not be trusted to sign all transactions this wallet carried out. So, such entities use a couple of methods instead. 

The goal is to divide the signing process between several stakeholders, so all or at least a majority need to agree on a transaction before it’s carried out. 

There’s MPC or Multi-Party Computation, which is currently one of the most popular technologies used to secure crypto assets. As the name suggests, multiple parties in this case can hold pieces of private data which need to be put together to initiate transactions and other management operations. Further, these parties can evaluate a computation all without actually revealing the data held by them, so one can not view the private data from the execution.

There are also multisig wallets; again involving multiple parties, this is basically a wallet that needs two or more private keys to be accessed, held by different parties. In an organisation, this divides up power and adds maximised security to crypto storage and management.

So, in both MPC and multisig wallets, a transaction must have a minimum number of signers for it to go through. However, while MPC is cryptographically managed by splitting a private key into several keys, a multisig wallet is managed by having a certain majority out of all the involved parties agree on a transaction. 

We hope we have been able to tell you all you need to know about crypto wallets, and safeguarding your crypto holdings. Stay tuned to India Crypto Research for more information on the world of crypto and blockchain!