Cold Wallets: Dividing Access Below Zero

By mid-2025, you are likely well aware of the differences between cold and hot wallets. However, a new comprehensive article by Web3 researcher Vladimir Menaskop might convince you otherwise, while also helping you truly protect your assets from unauthorized access.

From the Author

Hardware wallets are often confused with cold wallets, and cold wallets are frequently associated with certain brands.

Consider this example from Reddit: “I’ve been investing in Bitcoin for the past six months and am now thinking about buying a cold wallet. As I understand it, there are three main options: 1) Trezor; 2) Ledger; 3) Jade.”

Or this message from a DeFi chat sent to me by a subscriber: “Cold wallets don’t store coins; they store keys to access wallets across different networks — and that’s it.”

Even industry media often provide incorrect guidance, equating one with the other. Consider example one (listing hardware wallets in an article about cold wallets) and example two (where the distinction between cold and hardware is made, yet an error with multisig is present).

Moreover, even IT companies specializing in security manage to mix things up: “Hardware wallets, a subcategory of which are cold wallets, are physical, and since they exist offline and in the real world, they are much harder for attackers to target.”

It’s not just a matter of terminology: misunderstanding the functions of hardware and other wallets leads to constant breaches, even though they are designed to counteract them. Thus, in this article, I aim to clarify these distinctions.

Wallet Classification

Let me state upfront that my concern is practical, not academic, so the classification will be incomplete, but all criteria will be applied to solve specific problems:

• Basis #01. Custodial nature. A great article by ForkLog explains the essence, but I’ll quote the most important part here: “A custodial wallet is an application for storing and transferring cryptocurrencies, characterized by the fact that its operator (custodian) manages users’ addresses or has access to their private keys.” The most prominent examples of such solutions are wallets from CEX. Non-custodial solutions, accordingly, are those without such a custodian. MetaMask or Trustee are good examples.
• Basis #02. Signatures. Singlesig and multisig: the difference is that the former requires one signature, while the latter requires several (e.g., two out of three). Examples of multisigs: Safe, Electrum, Polkadot, and others.
• Basis #03. Currencies. Single-currency wallets store one coin (token). Bitcoin Core is a classic example, with analogs for Monero and other PoW. Yoroi was initially in this category. Multi-currency wallets store different tokens. The popular Trust, known in the CIS as Trustee, the ill-fated Atomic, and many others represent this subtype. Increasingly, multi-currency wallets are moving from specialization (EVM/non-EVM) to universal solutions: MetaMask introduced Snaps, then Solana, Phantom moved to Sui, EVM, and so on.
• Basis #04. Open source (OS). Many confuse paid and free programs with OS and non-OS (also called proprietary wallets). But they shouldn’t be mixed: open source can have monetized functionality, and there are plenty of proprietary free ones — like Trust or Blockchain.com. Open source concerns the source code — roughly speaking, the development, while payment concerns the end-user functionality: for instance, Trustee adheres to the OS paradigm, but that doesn’t mean standard withdrawals are free (they are paid because specialized exchanges are embedded in the wallet interface). And yes, open source is not a guarantee of 100% security, but such wallets are certainly better than others.
• Basis #05. Smartphone affiliation. Here, mobile and non-mobile wallets should be distinguished. The former are popular with those who are new to crypto, while the latter (browser, desktop, console versions) are for those more experienced.
• Basis #06. Cold and hot. This is where it all began. The main distinction today is minimizing online interaction. The less a wallet appears online, the colder it is. Many still write that these are entirely offline wallets, but that’s not quite true. Often, it’s not true at all. In summary: offline wallets can generally be cold, but cold wallets can be much more complex solutions.
• Basis #07. Other. Wallets can also have additional security layers or not; they can be universal or specialized by geography; oriented towards EVM or non-EVM, but this is less important within this article.

To understand how this applies in practice, let’s delve deeper into the concept of cold.

The Cold

Consider two simple scenarios.

First. You create a seed phrase manually (or at least semi-automatically), transfer it to a metal medium, and send the first test transaction to one of many wallets.

But what next?

Most will want to check the withdrawal: seeing is not the same as owning. Therefore, cold wallets rarely go without outgoing transactions in everyday life. (Although in some cases, verification can be done differently, but that’s a topic for another time).

Second scenario: multisig. Yes, you can create a multisig on Safe without paying a transaction fee (similarly, gasless payments are available from MetaMask or Rabby), and you can withdraw funds from there without paying. But is the multisig offline during this time? Essentially, it’s a set of smart contracts, so the answer is: “No.”

Of course, if you dig deeper, access levels (rights) familiar to many Linux users are delineated here: writing, editing, and so on. In terms of editing (sending transactions), the multisig will remain offline for a long time.

And where are the multisig keys stored? Unlike hardware wallets like Trezor, Ledger, and SafePal, there will be no private keys in this case.

More precisely — there will be private keys of signatories and concatenation of public ones, so one could say that:

“A multisig is a smart contract that will execute an operation only if it is signed by several previously linked private keys. The number of required signatures is called the threshold value (threshold).”

So What Distinguishes the Cold?

Let me list:

1. Offline environment as a priority. Of course, the keys themselves are “embedded,” for example, in the hardware and created based on internal entropy. However, a wallet is not just keys but also how we use them.
2. Minimization of (outgoing) transactions. This point is missed by the vast majority, understanding cold as some abstraction and idyll, but ultimately one poisoned transaction can destroy all efforts of offline storage.
3. A more complex system of access to signing transactions. If it’s individual cold through hardware, then, for example: a) virtual PIN code; b) passphrase; c) additional restrictions (if applicable).
4. Financial (accounting) separation and special organization of XR-space.

The last point is extremely important if we recall the hack of Bybit. They had an input organized through hardware wallets, which were multisigners in Safe, but it didn’t help because all the signers missed many obvious mistakes, unacceptable after the hacks of Radiant, WazirX, and the like. (If that’s not enough, here are two examples from Ledger practice, where not the device itself was hacked, but the infrastructure around it: through classic, paper, letters and through cloning).

Moreover, in our time, neutrality is important: MetaMask, for instance, declared its commitment to sanctions and related blockades, while Ledger released an anti-database on seed phrase storage.

But let’s try to delve into cold storage from another angle: synthetic.

Types of Cold

First, I’ll list specific implementations of cold (here we generalize wallet and storage, as this is another big and important question, but one that requires separate research):

• hardware;
• paper;
• multisig;
• offline: passkey and wallet cards;
• hardware wallet;
• smartphone with special software;
• exotic solutions.

But in reality, cold wallets are divided into two types:

1. Simple.
2. Complex.

Some examples:

Simple — these are hardware, paper, and so on, which are used as intended and rarely. Complex — this is multisig plus hardware or storing a seed phrase divided by Shamir’s method into three to five parts, each stored in very different formats. (Again, here we understand cold in a mixed form).

Based on the above, it is crucial to understand one argument: when it comes to truly large projects, a cold wallet without adopting appropriate organizational, technical, economic, and legal norms makes no sense.

The cases of Bybit, Mt.Gox, various bridges, Radiant, and others are direct evidence of this. And yes, this is another reason why hardware wallets cannot be considered cold in 100% of cases. According to Euler diagrams, this is only a partial intersection, with unequal categories:

Let me now describe each subtype.

Subtype #01. Hardware. This refers to recorded private keys (less often) and seed phrases (more often) on metal (usually titanium plates: say — CryptoSteel):

• example one;
• example two.

This method is reliable for storage anywhere: even rust and fire are no threat. But it is dangerous if someone physically gains access to the plates. Therefore, they are often divided into parts, stored with depositories, including in bank vaults (and here arises an oxymoron: the most non-custodial crypto of all is stored there, against which it was initially created).

One can combine steganography with the above approach and try to embed the plate (after verification), for example, in a statue.

Subtype #02. Paper. Recording seed phrases and private keys on paper is classic. It’s better to write with different media (simple pencil, ink) on different media (cardboard, paper, notebook sheet) and in two to three copies. Hide them where you won’t even look.

Steganography is everything. Encrypt the phrase in books, children’s drawings; write with lemon and other revealing inks. Living in the UAE? Write in Chinese. Living in China — in Georgian. Any level of protection here will not be superfluous.

And yes, never write the phrase completely: leave a few words “in reserve.” This won’t protect against hacking: two or three words can be restored fairly quickly, but if you discover a theft — there will be time to make a withdrawal.

Subtype #03. Multisig. Much can be said about it, but nothing better than Safe has been made so far: the Bybit hack proved this too. But it also proved that Safe multisig is not enough: you also need steel nerves and a sound mind to not send $1.4 billion the same way as $1.4.

And again: even the “hardware wallet plus multisig” bundle is not enough for cold. The following safe transfer rules must be observed:

• by time. Do not make transactions before 08:00, for example, and after 20:00. Do not transfer funds on weekends, especially not urgently, except for protocol allowances. Otherwise, the cold wallet will suffer from a hot (overheated) head.
• by place. Do not make transfers from public spaces and through unsecured networks.
• by circumstances. Do not make without a special computer and with other applications running; do not make from a computer where malware easily runs (no firewall, say, or on Windows);
• by access. The last signature and execute should not be with the most important (CEO), but with the most experienced (CTO).

Subtype #04. Example of a solution — backup cards. Essentially it resembles a hardware/offline wallet subtype, but the functionality and usage directions may differ.

Subtype #05. Hardware wallets. There are quite a few, but so far each has had some kind of breach: offline hack on Trezor (a number of models), phishing attacks on Ledger, and so on.

Subtype #06. Special smartphone with special software: this can be any smartphone on Linux or Android with disabled (or removable) communication modules, including Wi-Fi, Bluetooth, and so on. There are also special solutions, such as Purism.

Subtype #07. Exotic. I’ll write a bit more about it.

Exotic Cold

Yes, this happens too. I’ll give a few examples to clarify what it’s about, especially since these are not quite cold wallets, but rather cold storage (while saying it’s offline is not always possible or necessary).

Steganography

It can take various forms, but here are examples for understanding:

1. Sound recording. You can encrypt both the private key and the seed phrase in various ways: for everyone else, it will be just another mp3 file, but for you — something more.
2. Complex guitar chords. They can be used not only for creating passwords but also for storing something more. However, here you will have to memorize the melody and keep a musical record, but it will significantly complicate the search for your phrase.
3. NTFS streams, like any other alternative data streams. Another place where you can store a bundle: say, a VeraCrypt storage, inside which is an encrypted file.
4. Spy-style books. For everyone else, it will be one of many books (this is an important condition), but for you — a sequentially described seed phrase.

Of course, technically, these are still paper, metal, digital, but organizationally — much more secure methods than just a set of obvious words.

Tempography

It would be strange if I didn’t mention it. Here are a few simple examples:

1. Sending in the Bitcoin network. They have existed for quite some time and have a number of vulnerabilities. With proper configuration, you won’t save your seed phrase or private key, but you can hide the very fact of having BTC from prying eyes. It’s better to read about this by studying tempography, and we’ll move on.
2. wNFT freezing and smart wallet. There you can also set up functionality not just by private key, but by PIN code, block time, and other parameters.
3. Safe custodians, which may appear after some time, are another case in the collection.

Of course, this is not all, but it’s certainly enough to start. Only two key questions remain to be answered.

How Important Is All This?

In 2025, the mass problem became abductions of cryptocurrency owners. They occur because, firstly, criminals think everything in cryptocurrency is anonymous, and secondly, because crypto holders themselves do not always care about their own security. And recently, ForkLog published an excellent example of “how it should be done”:

“Part of the data is stored encrypted on the blockchain, another part is engraved on metal plates in physical caches. Additionally, [Dutch Bitcoin enthusiast Didi] Taihuttu applied personal encryption, replacing some words in the phrase. […] ‘Even if someone puts a gun to my head, I can’t give away more than what’s on the wallet on my phone. And that’s not much,’ Taihuttu stated.”

Cold and Security

If you’ve already answered the previous question, I recommend improving your own security, which consists of the following elements:

• technical;
• economic;
• legal;
• organizational.

The technical aspect is described above. If it’s not enough — refer to additional guidance.

The economic aspect involves portfolio management and risk management. The legal aspect involves working in specific jurisdictions and understanding their laws. The organizational aspect includes everything outside the first three: your working hours, response to phishing (including customization), and other social attacks, conversations with people, and so on.

Mistakes

I won’t list them all, but I’ll cover the basics.

Functionality vs Security

In cold storage, it’s important to choose wallets not for functionality but solely for reliability: a functional wallet can be a test and/or hot wallet.

A cold wallet should be:

• reliable;
• secure;
• with minimal online presence.

Phishing

No matter what cold you choose, as a living person, you will always be the weakest link. Therefore, always follow the practice from Greg Jordan’s film “Unthinkable”: if everyone thinks you’ve planted three “bombs,” there should be four, or even five.

Rule Number Zero

It sounds simple: anyone can be hacked, anytime, anywhere. It’s a matter of attention, money, and effort. If it’s long, expensive, and the profit will be less than expected, the hack is unlikely to happen.

However, destructive-type attacks always remain, but your personal security is directed against them. You are the last bastion; you are part of your cold.

So Why Can’t Hardware and Cold Wallets Be Confused?

Firstly, there is a purely technical distinction, as noted on the Ledger website:

“A cold wallet and a hardware wallet — aren’t they the same thing? In fact, they are two different things with different use cases and levels of protection. And you know what’s most interesting? Both of these wallets can exist within a single wallet.”

But that’s in their case: other scenarios are described above, where hardware and cold are distinct from each other.

Simply put, you can create a “MetaMask plus Trezor” bundle and use it as an everyday, hot wallet, knowing that the keys are safe and you are insured against an attack when, for example, for one reason or another, your MetaMask password is stolen and the private key is obtained online, and funds are withdrawn. But you are not insured against:

• phishing;
• malicious smarts;
• other similar attacks, especially vector ones.

However, you can make the same Trezor cold, but with a passphrase, and be calmer: at least for part of your funds.

In 2025, offline access is often insufficient for proper cold, and therefore a hardware wallet is only part (and even then — a possible one) for cold storage.

At the same time, cold storage itself can be divided into a cold wallet and cold storage. We’ll talk about storage next time, but here and now it’s important to remember that a hardware wallet at best is a simple cold outside of additional storage.

It can be, but is not by default.

Based on practice, a hardware wallet cannot be cold if:

1. You use it often.
2. You don’t apply additional security layers: virtual keyboard, passphrase, etc.
3. You don’t have a clear regulation and algorithm for storing crypto assets.
4. You don’t treat it as cold.

For most, this approach may seem excessive and even contrived, but everything described above and below proves (to me) the opposite. Therefore (again — for me) Trezor, Ledger, and others are good hardware wallets that can become cold under certain conditions, but are not inherently so.

Therefore, when newcomers are told: “Bought a hardware wallet — and relaxed,” that calmness is unnatural, artificial. Finding an encrypted seed phrase, wallets from which never “appeared” online is one thing, and attacking hardware wallets, even the most advanced, is another. And yes, I’ll repeat for the third time: the Bybit hack is the best proof of this. Study it.

How Does Classification Help in Practice?

Judge for yourself. The focus should be on choosing a non-custodial, open-source wallet based on a special device with security elements and other protective means, which participates as a signer in a multisig.

In practice, hot wallets are most often:

• browser wallets without additional bundles: MetaMask, Phantom, Rabby.
• mobile wallets: Trust, Yoroi, Trustee, ioPay;.
• desktop wallets without additional bundles: Atomic, Kaspium.

At the same time, custodial wallets definitely should not be made cold: they can be, but shouldn’t. Proprietary ones too.

Cold wallets are most often found in two subtypes:

• deep cold: paper, metal;
• standard cold: hardware wallets, less often — offline smartphone with software, increasingly — multisigs and other solutions.

In the end, we get:

• Trust — non-custodial, proprietary, mobile. Can it be cold? Yes, but better not. Even on a secure smartphone. Never;
• Trustee — non-custodial, open source, mobile. Can be cold. But only on a secure phone without connection;
• MetaMask — non-custodial, browser, open source.

Of course, this is just the first level of assessment, but nevertheless, it is extremely important and helps find a guide in a world where everything changes quite quickly.

Conclusions

My task was not to academically cover the entire diversity of cold wallets and not to promote specific solutions, but to describe a methodology that helps in practice to organize cold storage and details the perception of cold wallets specifically. This is a case where it’s better to overthink and overdo it than to assume the job is done after purchasing any hardware solution.

I believe I have accomplished this task. For those who want more, there are two small sections below.

Additional Materials for Full Immersion

List:

• Seed Phrase: from simple to complex;
• xPUB & Seed: an important thesis for understanding how cold wallets work;
• Non-custodial wallets: definition and examples;
• Non-custodial wallets: security;
• Multisig example: Electrum;
• MetaMask for Advanced Users: Part I;
• MetaMask for Advanced Users: Part II;
• Trezor & Metamask Bundle;
• Bybit Hack from the perspective of cold storage;
• Bitcoin Wallets and storage basics.

P.S. The Most Correct Way of Storage

As you might have guessed, it’s charity: supporting social aid funds, non-profit Web3 startups, NFT artists, and so on. Your money, in the vast majority of cases, will not be wasted. However, that’s, as they say, a completely different story.