Cold Storage: What It Is, How It Works, Theft Protection

What Is a Cold Wallet?

A cold wallet is used offline for storing bitcoins or other cryptocurrencies. With a cold wallet, also originally known as cold storage, the digital wallet is stored on a platform not connected to the internet, thereby protecting the wallet from unauthorized access, cyber hacks, and other vulnerabilities that a system connected to the internet is susceptible to.

Cold storage methods are useful for individual investors, but cryptocurrency exchanges and companies involved in the crypto space also make use of this type of wallet. Cold storage also can refer more broadly to other modes of operation for storing inactive data, such as data for regulatory compliance, video, photographs, and backup information.

Key Takeaways

  • Most cryptocurrency wallets are digital, but hackers can sometimes gain access to these storage tools in spite of security measures designed to prevent theft.
  • Cold wallets are a way of holding cryptocurrency tokens offline.
  • By using a cold wallet, cryptocurrency investors aim to prevent hackers from being able to access their holdings via traditional means.

Why Do You Need a Cold Wallet?

When a checking, savings, or credit card account with a traditional bank has been compromised, the bank is able to refund the lost or stolen money back to the account holder. However, if your cryptocurrency account or wallet has been compromised and your tokens have been stolen, the owner is unable to recover their coins. This is because most digital currencies are decentralized and do not have the backing of a central bank or government. So crypto investors must be cognizant of the security measures necessary to protect their tokens. Hence, there is a need for a safe and secure medium of storage for bitcoins and altcoins.

A bitcoin wallet is associated with the public and private keys of a bitcoin owner. All cryptocurrency storage methods involve the protection of these keys because they provide access to the tokens within the wallet. A cryptocurrency owner's private key is a unique string of alphanumeric characters required to access the user’s crypto holdings for spending purposes. The public key is akin to an account name or email address and helps to identify a destination for coins that are being sent to the wallet.

Two people making a transaction with a cryptocurrency like bitcoin, in which one is a seller and the other a buyer, will have to share their public keys with each other in order to complete the transaction. The buyer of the commodity or service sends the required number of bitcoins to the seller’s divulged address as payment and the blockchain verifies the validity of the transaction and confirms that the sender really has those funds to send. Once the payment has been delivered to the address, the receiver can only access the funds through their private key. It is, therefore, imperative for private keys to be kept secure because if stolen, the user’s bitcoins or altcoins could be unlocked and accessed from the address without authorization.

Cold vs. Hot Wallets: What's the Difference?

There are many ways of storing cryptocurrencies. Besides cold storage, one of the other most popular methods is known as "hot storage." Hot wallets are those that are always connected to the internet, including wallet apps and some wallets provided by cryptocurrency exchanges. What are the benefits of cold vs. hot storage for cryptocurrencies?

  • Cost: When it comes to cost, hot wallets generally win out. Most hot wallets are free. Cold wallet options range from free as well (in the case of a paper wallet, as described below) to up to $100 to $200 for various types of hardware wallets.
  • User experience: Because they are already connected to the internet, hot wallets tend to be the most convenient for users. There is no additional step of connecting the wallet online in order to facilitate a transfer of tokens.
  • Security: The primary way that cold wallets have an advantage over hot wallets is in security. Hot wallets are highly secure, thanks to various cryptographic protections. However, they cannot match the security of cold wallets overall.

To solve the dilemma of choosing a hot or cold wallet as a storage method, many crypto investors use both. It is common to hold a small portion of your cryptocurrency tokens in a hot wallet to facilitate easy transactions, and to keep the larger remainder of your holdings in a more-secure cold wallet.

How Do Cold Wallets Prevent Theft?

Private keys stored on a wallet connected to the internet are vulnerable to network-based theft. With a hot wallet, all the functions required to complete a transaction are made from a single online device. The wallet generates and stores private keys, digitally signs transactions using private keys, and broadcasts the signed transaction to the network.

The problem is that once the signed transactions have been broadcast online, an attacker crawling the networks may become privy to the private key used to sign the transaction.

How Does Cold Storage Work?

Cold storage resolves this issue by signing the transaction with the private keys in an offline environment. A cold storage method shouldn't have the ability to communicate with any other electronic device unless it is physically plugged into that device when you're accessing your keys.

Any transaction initiated online is temporarily transferred to an offline wallet kept on a device such as a USB drive, a compact disk (CD), hard drive, paper, or offline computer, where it is then digitally signed before it is transmitted to the online network. Because the private key does not come into contact with a server connected online during the signing process, even if an online hacker comes across the transaction, they would not be able to access the private key used for it. In exchange for this added security, the process of transferring to and from a cold wallet device is somewhat more burdensome than the process for a hot wallet.

As an example, if a crypto investor has tokens on a hardware wallet (see below for additional information), a cryptocurrency transaction to receive new tokens might look like this:

  1. The investor connects the hardware wallet to an internet-enabled computer.
  2. The investor selects the option to receive tokens. The device generates an address to facilitate the transaction.
  3. The sender initiates a transfer of tokens to the address generated above.
  4. The investor disconnects the hardware wallet, which contains the public and private keys, and the information remains offline.

Paper Wallets

The most basic form of cold storage is a paper wallet. A paper wallet is simply a document that has public and private keys written on it. In the case of a bitcoin paper wallet, a bitcoin holder can print the document from the bitcoin paper-wallet tool online with an offline printer. The paper wallet or document usually has a quick response (QR) code embedded on it so that it can easily be scanned and signed to make a transaction.

The drawback to this medium is that if the paper is lost, rendered illegible, or destroyed, the user will never be able to access the address where their funds are. If you choose this method, be sure to have a safe box or another secure storage method for the paper wallet itself.

Hardware Wallets

Another form of cold storage is a hardware wallet that uses an offline device or smartcard to generate private keys offline. The Ledger USB Wallet is an example of a hardware wallet that uses a smartcard to secure private keys. Two other popular hardware wallets are TREZOR and KeepKey. The device looks and functions like a USB drive; a computer and a Chrome-based app are required to store the private keys offline. You can use anything from a standard USB storage drive to an advanced device with a battery, Bluetooth, software, and other features. Like a paper wallet, it is essential to store this USB device and smartcard in a safe place, as any damage or loss could terminate access to the user’s bitcoins.

Air-gapped devices have no connection ability and are more secure than ones that can connect wirelessly. You can buy commercial hardware wallets from retailers and merchants; many are waterproof and virus-proof—some even support multi-signature ("multi-sig") transactions. Multi-sig is a cryptocurrency signature method that requires more than one user to approve a transaction using private keys.

Sound Wallets

Sound wallets are an obscure and expensive way to store your keys, depending on your chosen medium. Sound wallets involve encrypting and recording your private keys in sound files on products such as CDs or vinyl disks (records). The code hidden in these audio files can be deciphered using a spectroscope application or high-resolution spectroscope.

Deep Cold Storage

Placing your hardware wallet in your safe is secure but it isn't considered deep cold storage because it is easy for you to access. Deep cold storage is any method that is very inconvenient and requires time and effort to retrieve your keys. This could be anything from placing your hardware wallet in a waterproof container and burying it six feet down in your garden to using a third-party service that stores your cryptocurrency keys in a vault that requires multiple steps to access.

Burying your keys deep in the garden has several drawbacks, including lots of digging and remembering where you buried then, but so does the ultra-secure vault service. Vault services generally require your identity, proof of address, or other means of identification. Additionally, it can take hours or days to access your keys, depending on where they are physically stored.

Cryptocurrency funds held in deep cold storage are not readily accessible for transactions.

Offline Software Wallets

Finally, users looking for cold storage options can also opt for offline software wallets, which are quite similar to hardware wallets but are a more complex process for less-technical users. An offline software wallet splits a wallet into two accessible platforms—an offline wallet that contains the private keys and an online wallet that has the public keys stored. The online wallet generates new, unsigned transactions and sends the address of the user to the receiver or sender on the other end of the transaction. The unsigned transaction is moved to the offline wallet and signed with the private key. The signed transaction is then moved back to the online wallet, which broadcasts it to the network. Because the offline wallet never gets connected to the internet, its stored private keys remain secure. Electrum and Armory are often quoted as the best offline software wallets in the crypto economy.

Cryptocurrency users should ensure that the wallet of their choice is compatible with the coins they transact with or trade in, as not all wallets support all cryptocurrencies.

Is Cold Storage Best for Cryptocurrency?

Cold storage removes your private keys from your wallet, so it is currently the best method for storing your cryptocurrency private keys because it denies anyone access to them.

What Happens When You Put Cryptocurrency in Cold Storage?

When you place your keys in cold storage, they are removed from your wallet. You still see your cryptocurrency in your wallet because ownership is stored on the blockchain but you cannot use them until you move the keys you want to use back to your wallet.

Is Coinbase's Wallet Cold Storage?

The wallet provided by the exchange Coinbase is not cold storage. However, Coinbase offers a vault to all customers, which takes private keys and stores them offline. For institutions, the exchange provides cold storage through Coinbase Custody, a third-party fiduciary with offline storage.

Why Do We Need Cold Wallets?

Cold wallets are a way of holding cryptocurrency tokens offline to try to prevent hackers from being able to access the owner's holdings via traditional internet-hacking means.

How Does a Hot Wallet Compare to a Cold Wallet?

Hot wallets are usually free, so they cost less than cold wallets, but they offer less protection against theft or unauthorized use than cold wallets do. Because they are already connected to the internet, hot wallets tend to be the most convenient for users, as there is no additional step of connecting the wallet online to transfer tokens.

Article Sources
Investopedia requires writers to use primary sources to support their work. These include white papers, government data, original reporting, and interviews with industry experts. We also reference original research from other reputable publishers where appropriate. You can learn more about the standards we follow in producing accurate, unbiased content in our editorial policy.
  1. TechTarget. "What Is Cold Storage?"

  2. Gemini. "Hot Wallets vs. Cold Wallets."

  3. Coinbase. "How Do I Set Up a Vault?"

  4. Coinbase. "Coinbase Custody."

Take the Next Step to Invest
The offers that appear in this table are from partnerships from which Investopedia receives compensation. This compensation may impact how and where listings appear. Investopedia does not include all offers available in the marketplace.
Take the Next Step to Invest
The offers that appear in this table are from partnerships from which Investopedia receives compensation. This compensation may impact how and where listings appear. Investopedia does not include all offers available in the marketplace.