Crypto 101: Hot, Cold, Or Hard: What's Your Wallet?

The recent and highly controversial update from Ledger has brought wallet security back into the limelight.

Ledger's new "Recovery" feature raises the possibility that it might be possible to access a wallet's private key within the secure enclave of the device's chip: Something users had understood was impossible. The fact that Ledger's firmware is closed source, so no one can check exactly what's happening, has not helped matters.

There are many different kinds of wallet, each providing different features. Choosing a wallet always involves making trade-offs, typically security vs convenience. So what options are there out there, and what pros and cons do they offer?

Hot Wallets

A "hot wallet" or online wallet is a crypto wallet that is connected to the internet. It may take the form of a mobile app, a web-based interface, or desktop software. Hot wallets are designed primarily for accessibility and convenience, since they offer immediate access to crypto funds, and are useful for making frequent transactions, trading, and other day-to-day activities.

However, the convenience of hot wallets comes at the expense of reduced security, since they are connected to the internet, making them potentially vulnerable to hacking or malware attacks. This makes them unsuitable for storing large amounts of funds, and means users should ensure they take appropriate security measures, such as using strong passwords and running regular malware checks.

Browser Wallets

Browser wallets are a particular form of hot wallet that take the form of a plugin or add-on that can be installed on a web browser like Chrome or Firefox. They are designed not just for making simple transfers and receiving/storing crypto, but for interacting with Web3 dApps.

Browser wallets (the best-known of which is MetaMask) are used to connect to Web3 services such as AMMs, lending protocols, P2E games, and more, and allow users to approve transactions in response to prompts from the dApp's UI.

MetaMask transaction approval screenshot — MetaMask is the default and most popular wallet for interacting with dApps.

Cold Wallets

Unlike hot wallets, which are connected to the internet, cold hold private keys completely offline, minimizing the risk of unauthorized access and hacking attempts.

One of the simplest types of cold wallet is a paper wallet. Private keys and addresses can be generated on an offline computer, then printed out as text or QR codes. Funds can be sent to the address without the private key ever being exposed to the web. When the user wants to access those funds, they can import the key into a regular wallet of one form or another.

Paper wallets and other forms of offline wallet (examples include Cryptosteel and Billfodl) are highly secure, but must be stored carefully to avoid theft, loss, or damage. They also lack the convenience of hot wallets, which are designed for instant access.

Image of Cryptosteel wallet. — Metal wallets like the Cryptosteel are fire, water, and shock-proof.

Hardware Wallets

A hardware wallet is a physical device used to securely store and manage private keys, and make transactions. Keys are (in theory) held completely offline, within a "secure enclave" or dedicated vault chip within the device. When a user wants to make a transaction, the transaction information is signed using the key, within the chip, and then the resulting signed transaction is broadcast to the crypto network, via an app on another device that is connected to the web. (The key cannot be extracted from the signed transaction.) The user must approve the transaction on the device before broadcast. Examples include Ledger, Trezor, and Keystone wallets.

Keystone uses QR codes to execute transactions from a separate device, ensuring private keys are 100% air-gapped.

Hardware wallets are extremely secure, since private keys are never exposed to the web. They are less convenient than hot wallets, due to the extra steps required to approve transactions, though they can be used together with browser wallets, meaning they can be used to interact with dApps.

Smart Wallets

Ethereum has two types of addresses:

Externally-owned addresses (EOA) are regular public accounts that are only accessible using the private key. Most wallets use EOA accounts.
Contract addresses are addresses that host smart contract code. Users, and other smart contracts, can interact with these in various ways, depending on what input data the smart contract requires.

Smart wallets hold funds in a smart contract, allowing a wide range of conditions and access controls to be applied. This makes them far more flexible than regular EOA wallets, offering functionality such as:

Multi-sig transactions
Transfers only to whitelisted (pre-approved) addresses
Daily transaction limits, unless further approval is given
Recovery of access to the account via trusted devices or addresses, in the event of lost keys

Which Wallet Is Right For You?

Which wallet you choose will depend on your circumstances, what you need the wallet for, how much crypto you need to store, and other factors. For example:

For relatively small amounts of crypto, a hot wallet will probably be most suitable
For interacting with dApps, you'll need a browser wallet or another Web3-enabled wallet
For storing large amounts of crypto, a suitable hardware wallet is recommended
If you want to store large amounts of crypto and don't intend to access it any time soon, a cold wallet like a paper wallet may be useful
If you need more complex functionality, then a smart wallet could be worth exploring

There are also custodial wallets, where your private keys are managed by a third party (like an exchange). However, you are necessarily giving up a degree of control, and trusting the honesty and security of these services. The popular maxim in the crypto space is: "Not your keys, not your coins."

Subscribe to our newsletter and follow us on Twitter.