Wallets — Hot vs Cold
A Bitcoin wallet doesn't hold coins. It holds keys — specifically a private key that proves you own UTXOs assigned to your addresses. Choosing the right wallet is choosing where those keys live and how exposed they are.
Hot wallets
Definition: Keys stored on an internet-connected device (phone, laptop, browser extension).
Examples: Phoenix, Muun, BlueWallet, Sparrow (with online node), Electrum.
Good for:
- Small amounts you spend regularly
- Quick everyday transactions
- Lightning Network usage
Bad for:
- Significant savings (one malware infection = total loss)
- Long-term storage
Cold wallets
Definition: Keys generated and stored offline, never touching an internet-connected device.
Hardware wallets (Trezor, Coldcard, Ledger): a dedicated device that signs transactions internally and only ever exports signed transactions, never private keys.
Air-gapped setups (Coldcard + SD card, Seedsigner): never connect via USB at all. Transactions flow via QR codes or SD cards.
Paper wallets (mostly deprecated): keys printed on paper. Hard to use safely; one bad print or one re-import handling = loss.
Multisig
M-of-N multisig: transactions require M signatures from a set of N keys. Common setups:
- 2-of-3: two of three keys needed. Lose one key → still recoverable. One key compromised → still safe.
- 3-of-5: for larger amounts. Distributed across geographies + custodians.
Multisig is the gold standard for serious self-custody. Setup is more complex but eliminates single-point-of-failure.
What every wallet has
Seed phrase (12 or 24 words): the entire wallet derives from this. Backup it physically (metal stamp or paper, kept offline). Anyone with the seed phrase controls the funds.
Addresses: generated deterministically from the seed. A modern wallet generates a fresh address for every receive.
XPUB: the public master key. Sharing it lets others watch your wallet but not spend from it. Useful for accounting; bad for privacy if leaked.
Common mistakes
Do
- +Back up seed on metal (stamped or punched), kept in two physical locations
- +Test recovery from backup before relying on the wallet
- +Use a passphrase ('25th word') for an additional security layer
- +Update wallet software regularly + verify signatures
Don't
- −Take a photo of your seed phrase
- −Type your seed into ANY website
- −Reuse seed across multiple wallets
- −Store seed in a password manager (single point of failure)