Cold Storage: What It Is, How It Works, Theft Protection

What Is a Cold Wallet?

A "cold wallet" is a device or method for storing cryptocurrency private keys offline. Private keys are transferred from a device with an internet connection to a device without one. Businesses, governments, and individuals have used this data security technique for several decades to keep data inaccessible or save it for later use. In most cases, it is called cold storage, but cryptocurrency fans and users prefer to call a device that stores keys offline a cold wallet.

Cold storage methods are useful for individual investors and users, but some of the best cryptocurrency exchanges and companies involved in the crypto space also make use of this type of storage.

Why Do You Need a Cold Wallet?

When your checking, savings, or credit card account with a traditional bank has been compromised, the bank can refund the lost or stolen money back to you. Banks can find out where money has gone because the transactions are digital and can be tracked using account numbers and names. Money can be moved back into your account, and the thieves can be dealt with.

However, if your cryptocurrency wallet has been compromised and your tokens have been stolen, you're unable to recover your coins or otherwise be reimbursed. First, they are not insured or backed by a government or institution. Second, this is due to the way blockchains are designed. Wallet addresses are publicly available, but no names or personal information is stored or is publicly available—and because of the way information is chained on a blockchain, transactions cannot be reversed.

They Protect Your Keys

A cryptocurrency wallet is assigned a public key that serves as its address, much like an email address. This key does not need to be securely stored anywhere, but keeping it private ensures anonymity.

Private keys are the alphanumeric codes used to access cryptocurrency—this is what thieves are after. All cryptocurrency storage methods involve protecting these private keys because they provide access to the tokens. Private keys are similar to the password or PIN you use to access your bank account app—if someone steals that, they can wreak havoc on your finances.

How Does Cold Storage Work?

Private keys stored on a wallet connected to the internet are vulnerable to network-based theft. All the functions required to complete a transaction are made from a single online device—thus, connected wallets are one of the weak links in a network. This is because they are devices that use software which hackers can alter.

Cold storage reduces the chances of private key theft by removing them from an online environment. In most cases, transferring private keys to cold storage is not as complicated as it might seem.

Types of Cold Storage

There are many ways of storing cryptocurrencies, and many of the methods you read about on the internet have changed over time—so it's worth discussing storage types. As of May 2024, there are two general types of storage. One is where someone else holds your keys for you, called custodial storage. The other is where you hold your keys, called non-custodial storage.

The subtypes are the methods you might read about—paper, software, hardware, cold, and hot. So, you could give your keys to your exchange to hold for you in its enterprise security-level vault, which would be a custodial cold storage hardware method.

If you want to hold the keys yourself, you can place them on a USB device designed for crypto key storage. This would be a non-custodial storage method that would transition between hot and cold as you connected it to and disconnected it from your computer. You could also write or type your keys on a piece of paper, delete them from your wallet app, and place the paper in a safe—this is also non-custodial cold storage.

Paper Wallets

The most basic form of cold storage is a paper wallet. A paper wallet is simply a document that has public and private keys written on it. In the case of a bitcoin paper wallet, you can print the document with a wired printer. You can also use a quick response (QR) code generator and print it on the paper so that it can easily be scanned and signed to make a transaction. However, this requires exposing your keys to more software, which can increase the risk of theft.

Another drawback to this medium is that if the paper is lost, rendered illegible, or destroyed, you'll never be able to access your funds. If you choose this method, be sure to have a safe box or another secure storage method for the paper wallet itself and make backups.

Hardware Wallets

Another form of cold storage is a hardware wallet that uses an offline device or smart card to generate private keys offline. The Ledger USB Wallet is an example of a hardware wallet that uses a smart card to secure private keys. Two other popular hardware wallets are TREZOR and KeepKey. The device looks and functions like a USB drive; a computer and a Chrome-based app are required to store the private keys offline. You can use anything from a standard USB storage drive to an advanced device with a battery, Bluetooth, software, and other features. Like a paper wallet, it is essential to store this USB device and smart card in a safe place, as any damage or loss could terminate access to your cryptocurrency.

Air-gapped devices have no connection ability and are more secure than ones that can connect wirelessly. You can buy commercial hardware wallets from retailers and merchants; many are waterproof and virus-proof—some even support multi-signature ("multi-sig") transactions. Multi-sig is a cryptocurrency signature method that requires more than one user to approve a transaction using private keys.

Software Wallets

Software wallets are applications that run on a device, such as a smartphone, tablet, or personal computer. Because these devices are generally connected or can connect to the internet, they are usually hot wallets and should not be used to store private keys.

Users looking for cold storage options can also opt for offline software wallets, which are quite similar to hardware wallets but are a more complex process for less technical users. An offline software wallet splits a wallet into two accessible platforms—an offline wallet that contains the private keys and an online wallet that has the public keys stored.

The online wallet generates new, unsigned transactions and sends the user's address to the receiver or sender on the other end of the transaction. The unsigned transaction is moved to the offline wallet and signed with the private key. The signed transaction is then moved back to the online wallet, which broadcasts it to the network. Because the offline wallet never connects to the internet, its stored private keys remain secure. Electrum and Armory are often quoted as the best offline software wallets in the crypto economy.

Sound Wallets

Sound wallets are an obscure, expensive, and time-consuming way to store and access your keys, depending on your chosen medium. Sound wallets involve encrypting and recording your private keys in sound files on products such as CDs or removable USB drives. The code hidden in these audio files can be deciphered using a spectroscope application or high-resolution spectroscope.

Deep Cold Storage

Placing your hardware wallet in your safe is secure, but it isn't considered deep cold storage because it is easy for you to access. Deep cold storage is any method that is very inconvenient and requires time and effort to retrieve your keys. This could be anything from placing your hardware wallet in a waterproof container and burying it six feet down in your garden to using a third-party service that stores your cryptocurrency keys in a vault that requires multiple steps to access.

Burying your keys deep in the garden has several drawbacks, including lots of digging and remembering where you buried them, but so does the ultra-secure vault service. Vault services generally require your identity, proof of address, or other means of identification. Additionally, it can take hours or days to access your keys, depending on where they are physically stored, so if you prefer to be able to access your cryptocurrency quickly, this might not be an option.

The Bottom Line

Cold storage, called cold wallets by cryptocurrency users, is the most secure way to store your cryptocurrency's private keys. It involves transferring the keys to a device or medium that is not connected to the internet. There are various choices for the best wallet based on experience, security, and integration.

The comments, opinions, and analyses expressed on Investopedia are for informational purposes online. Read our warranty and liability disclaimer for more info.