Hot wallets vs. cold wallets: Which is most secure for bitcoin and ethereum?

by Team Casa a year ago 6 min read

As cryptocurrencies, bitcoin and ethereum exist in cyberspace, which can be hard to understand at first. Just like the internet, you can't really touch crypto, but we often lean on physical term and metaphors to describe this abstract concepts.

For instance, if you have paper money or coins, you typically store these in a wallet or purse. This isn't necessarily the case with BTC and ETH because these assets are stored on blockchains. In the world of crypto, wallets store the private keys necessary to spend those funds and sign transactions, and the term is used to refer to a variety of applications and devices.

There are a variety of ways to store private keys, and some are better than others. Let's have a look at some of the nuances of wallets.

Hot wallets vs. cold wallets?

What makes a wallet hot or cold? It actually has nothing to do with physical heat.

Wallets are more or less secure depending on if they're connected to the internet. If your key is on an internet-connected device, it can be theoretically be reached by a bad actor. Online wallets are called hot wallets.

Offline wallets are referred to as cold wallets, and they're considered cold until you connect them to the internet. These two wallet types further subdivide into custodial and non-custodial wallets.

Custodial and non-custodial wallets

A custodial wallet is a wallet where a third party holds your assets for you with their private keys. This is typically done by an online cryptocurrency exchange such as Coinbase.

With an online custodial wallet, all you need to do is log into the exchange, and then all on-chain transactions are signed by the custodian when you execute them. It can be a criminal offense for the custodian to mismanage your funds and steal your crypto, but there is always some risk with a custodial wallet because you're essentially handing the keys to your money to someone else.

Another major concern is if the exchange suffers a data breach, exposing your assets — which are stored at the exchange — to hackers.

Finally, custodial wallets mean you are at the mercy of a third party. If your account is sanctioned for any reason, you won't be able to execute any transactions because you don't have control over your own keys.

So while custodians have been known to use both hot and cold wallets, there's other risk to consider for your asset security because you're still relying on a third party.

Non-custodial wallets

In a non-custodial wallet, you are responsible for your own keys. These wallets can work either online or offline (hot or cold). These wallets are also called self-custodial wallets.

Non-custodial wallets can be software wallets or hardware wallets, and they provide you with maximum security, flexibility, and control over your wealth.

Casa is an example of a non-custodial wallet. We never have access to all of your keys, so your assets are always in your control.

Software non-custodial wallets

These wallets run on on your computer. They usually offer you a chance to import a key or generate a new one, and the key will be stored either locally or in the cloud.

If you create a new key, the program will prompt you with a series of human-recognizable words that can be used to generate your private key. These words are called a seed phrase. If you're just getting started with just one key, it's best to save these words somewhere offline where no one else can access it. That way, if you ever lose a key, you can type them in as needed to recreate your wallet elsewhere. This is especially important if you're securing assets with just one key.

Examples of software wallets include desktop applications like Electrum, mobile apps, and browser-based wallets. If you are running one of this applications on a device connected to the internet, it is a hot wallet.

Risks of software-based wallets

Unfortunately, software-based wallets are highly susceptible to phishing attacks, regardless of whether they are configured as hot or cold wallets.

A phishing attack is when someone contacts you and tricks you into disclosing information or login credentials. For example, a malicious actor could send you an email that directs you to a fraudulent website, prompts you to connect your wallet, and then paste in your seed phrase. The wallet then generates your private key and the fraudulent website steals it.

This type of attack is unfortunately all too common. In July, millions in crypto were stolen from Uniswap, a decentralized crypto exchange, as a result of a phishing attack targeting software wallets. The popular NFT marketplace OpenSea warned of an ongoing phishing attack in June. In May, popular crypto websites Etherscan and CoinGecko were victims of a phishing attack that showed users a malicious popup on their websites, prompting users to type in their wallet details so that their crypto could be stolen.

Phishing is the second-most common cybersecurity threat, according to Verizon's 2022 Data Breach Investigations Report,

Whether it is configured as a hot wallet or a cold wallet, software wallets constantly run the risk of falling prey to phishing attacks which can be quite sophisticated.

The below article discusses some of the risks of hot wallets in greater detail.

Hardware wallets

Hardware wallets (also known as cold storage devices or hardware keys) offer a high level of non-custodial security for ethereum and bitcoin. These wallets are dedicated devices for securing your private key.

Hardware wallets are considered cold because they are never constantly connected to the internet. The wallet itself keeps your private keys but provides the cryptographic proof needed to sign transactions.

These devices can also help you generate a seed phrase that you must store safely to be able to regenerate the key if you ever lose the wallet. Hardware wallet manufacturers usually recommend writing the seed phrase on a piece of paper and keeping it in a secure location.

Hardware wallets are incredibly secure and difficult to exploit without physical access to the device itself. So, hackers usually spend their time on the lower-hanging fruit — hot wallets, phishing attacks on software wallets, and trying to hack cryptocurrency exchanges directly.

What is the safest way to store your private keys?

Users of hardware wallets still run the risk of physically losing their wallet and its seed phrase, rendering their wealth completely inaccessible. Millions of BTC, ETH, and other assets have been lost in this way.

Also, the hardware wallet is only as secure as the location of your seed phrase. If hackers get ahold of this, they don't need the wallet to access your funds because having the seed phrase is like having the mold for the key itself. They can simply generate the private key manually and gain access to your funds that way.

Scenarios like this are why it’s essential to protect your crypto assets with multiple keys. A multiple-key solution (also known as multisig) is the best solution for storing bitcoin and ethereum because it prevents a single point of failure. You need more than one key to access your funds.

Casa helps you secure your funds with three and five keys. For the three-key solution, only two are required to access your funds. And for the five-key solution, only three keys are required.

That means that you can store three keys in three different locations and not worry about losing any single key because you will still have the other two keys to access your assets. And if hackers steal a seed phrase, they still won't be able to access your assets because that would only generate a single key.

The final word

For people who own high amounts of crypto, cold wallets are the recommended choice — especially hardware wallets. But losing the keys to an impenetrable safe would be just as bad as giving the keys to cybercriminals. So, combining cold hardware wallets with a multi-key solution like Casa is the most logical option.

Wanna see for yourself? Learn more about our plans here.