What is a crypto wallet? Hot vs. cold wallets explained

Mar 066 min read

What is a crypto wallet? Hot vs. cold wallets explained

This is the first thing most people get wrong about crypto wallets — and it matters.

When you own Bitcoin or Ethereum, the coins themselves don't live inside a wallet. They live on the blockchain — a public ledger that records every transaction ever made. What a crypto wallet actually stores is something more fundamental: your private key.

Think of the blockchain as a giant safety deposit box room. Everyone can see the boxes exist, and every box is labelled with a public address. But only the person holding the right key can open a specific box and move what's inside. Your private key is that key. Your wallet is whatever holds it.

This distinction — between storing a key and storing coins — shapes everything about how wallets work, why some are safer than others, and what can go wrong.

What is a private key — and why does it matter so much?

Every crypto wallet has two keys: a public key and a private key.

Your public key (or public address) is like your email address — you share it with anyone who wants to send you crypto. It's visible on the blockchain and safe to share.

Your private key is the master credential that proves you own the assets at that address and authorises every transaction. It's a long string of characters that should never be shared with anyone, stored in a photo on your phone, typed into a website, or written on a piece of paper you could lose.

This is where the phrase "not your keys, not your coins" comes from. If someone else controls your private key — because you left your crypto on an exchange that holds the keys on your behalf, or because a hacker stole it — they control your crypto. Full stop.

Most wallets also give you a seed phrase (sometimes called a recovery phrase) — a sequence of 12 or 24 random words that can regenerate your private key if your wallet is lost or damaged. This is the backup to your backup. Lose your seed phrase and lose your device, and your crypto is likely gone forever.

The two fundamental types: hot wallets vs. cold wallets

Every crypto wallet falls into one of two categories, defined by a single question: Is it connected to the internet?

Hot wallets

A hot wallet is any wallet connected to the internet. This includes:

  • Mobile wallets — apps on your phone like Trust Wallet or Phantom

  • Desktop wallets — software installed on a computer, like Exodus

  • Browser extension wallets — MetaMask is the most widely used, living in your browser and connecting to DeFi applications

  • Exchange wallets — the wallet associated with your account on a trading platform

Hot wallets are fast and convenient. You can send crypto in seconds, connect to DeFi applications, trade, and manage your portfolio without any additional hardware. They're free or very cheap to set up.

Because a hot wallet is connected to the internet, it may be exposed to online threats: phishing attacks, malware, fake browser extensions, compromised websites, and exchange hacks. The private key, stored on an internet-connected device, is reachable by attackers — in theory at least.

Cold wallets

A cold wallet stores your private key entirely offline — completely disconnected from the internet. With no internet connection, there's no remote attack surface. A hacker cannot reach your private key through phishing or malware because it never touches an online system.

The most common form of cold storage is a hardware wallet — a dedicated physical device, roughly the size of a USB drive or a credit card, that generates and stores private keys in a secure offline chip. When you want to make a transaction, you plug it in, confirm the transaction on the device itself, and then disconnect it again.

Leading hardware wallet brands include Ledger, Trezor, and Tangem. They typically cost between $70 and $250, and use the same military-grade Secure Element chips found in passports and bank cards.

The trade-off with cold wallets is convenience. Sending crypto requires a physical device. If you lose both the device and your seed phrase backup, access to your funds is gone permanently.

How each wallet type fits different situations

There's no single best wallet. The right choice depends on what you're trying to do.

A practical approach many experienced crypto holders use: a cold wallet for long-term holdings, and a hot wallet for active DeFi use with smaller amounts.

The risks that wallets can't protect you from

Understanding what wallets actually protect you against is important — because wallets don't protect against everything.

What cold wallets protect against: Phishing attacks, malware, and remote hacking. A private key stored in an offline chip cannot be accessed by anyone without physical possession of the device and its PIN.

What no wallet protects against:

  • Social engineering — being tricked into revealing your seed phrase or signing a malicious transaction. No hardware is immune to this.

  • Physical theft — if someone steals your hardware wallet and your seed phrase backup, they can access your funds.

  • Smart contract exploits — approving a malicious smart contract can drain your wallet even from a hardware device. This is called blind signing, and it's responsible for billions in losses.

  • Your own mistakes — losing a seed phrase, sending to the wrong address, or buying a wallet from an unauthorised reseller (supply chain attacks) are all human risks, not technical ones.

Frequently asked questions

1. What is a crypto wallet?

A crypto wallet is a tool that stores your private key — the master credential that proves ownership of your digital assets and authorises transactions. Your crypto itself lives on the blockchain; the wallet holds the key that controls it.

2. What is the difference between a hot wallet and a cold wallet?

A hot wallet is connected to the internet, making it convenient but exposed to online threats. A cold wallet stores private keys offline, making it far more secure against remote attacks but less convenient for frequent transactions.

3. What is a seed phrase?

A seed phrase is a sequence of 12 or 24 random words that can regenerate your private key if your wallet is lost or damaged. It's the most important backup in crypto. Anyone who has your seed phrase has full access to your funds — treat it like cash.

4. Is it safe to keep crypto on an exchange?

It depends entirely on the exchange. Reputable, regulated platforms with institutional-grade custody, proper reserves, and consumer protections are meaningfully safer than unregulated or poorly-run ones. 

5. Do I need a hardware wallet for my crypto?

If you hold a significant amount of crypto that you don't plan to actively trade, a hardware wallet significantly reduces your exposure to online threats. For smaller amounts or active trading, a reputable hot wallet or custodial platform with strong security practices may be sufficient.

6. What happens if I lose my hardware wallet?

If you have your seed phrase backed up securely, you can recover full access to your funds on any compatible wallet. If you lose both the device and the seed phrase, access is likely gone permanently.

7. What is MPC (Multi-Party Computation)?

MPC is an advanced key management approach where a private key is split into multiple encrypted pieces held separately — often across different devices or parties. No single piece is sufficient to access funds on its own, eliminating single points of failure. It's widely used in institutional custody and increasingly in consumer wallets.

These materials are accessible globally, and the availability of this information does not constitute access to the services described, which services may not be available in certain jurisdictions. These materials are for general information purposes only and not intended as financial, legal, tax, or investment advice, offer, solicitation, recommendation, or endorsement to use any of the Nexo Services and are not personalized, or in any way tailored to reflect particular investment objectives, financial situation or needs. Digital assets are subject to a high degree of risk, including but not limited to volatile market price dynamics, regulatory changes, and technological advancements. The past performance of digital assets is not a reliable indicator of future results. Digital assets are not money or legal tender, are not backed by the government or by a central bank, and most do not have any underlying assets, revenue stream, or other source of value. Independent judgment based on personal circumstances should be exercised, and consultation with a qualified professional is recommended before making any decision.