Skip to content

Wallets — Hot vs Cold

A Bitcoin wallet doesn't hold coins. It holds keys — specifically a private key that proves you own UTXOs assigned to your addresses. Choosing the right wallet is choosing where those keys live and how exposed they are.

Hot wallets

Definition: Keys stored on an internet-connected device (phone, laptop, browser extension).

Examples: Phoenix, Muun, BlueWallet, Sparrow (with online node), Electrum.

Good for:

  • Small amounts you spend regularly
  • Quick everyday transactions
  • Lightning Network usage

Bad for:

  • Significant savings (one malware infection = total loss)
  • Long-term storage

Cold wallets

Definition: Keys generated and stored offline, never touching an internet-connected device.

Hardware wallets (Trezor, Coldcard, Ledger): a dedicated device that signs transactions internally and only ever exports signed transactions, never private keys.

Air-gapped setups (Coldcard + SD card, Seedsigner): never connect via USB at all. Transactions flow via QR codes or SD cards.

Paper wallets (mostly deprecated): keys printed on paper. Hard to use safely; one bad print or one re-import handling = loss.

Multisig

M-of-N multisig: transactions require M signatures from a set of N keys. Common setups:

  • 2-of-3: two of three keys needed. Lose one key → still recoverable. One key compromised → still safe.
  • 3-of-5: for larger amounts. Distributed across geographies + custodians.

Multisig is the gold standard for serious self-custody. Setup is more complex but eliminates single-point-of-failure.

What every wallet has

Seed phrase (12 or 24 words): the entire wallet derives from this. Backup it physically (metal stamp or paper, kept offline). Anyone with the seed phrase controls the funds.

Addresses: generated deterministically from the seed. A modern wallet generates a fresh address for every receive.

XPUB: the public master key. Sharing it lets others watch your wallet but not spend from it. Useful for accounting; bad for privacy if leaked.

Common mistakes

Do

  • +Back up seed on metal (stamped or punched), kept in two physical locations
  • +Test recovery from backup before relying on the wallet
  • +Use a passphrase ('25th word') for an additional security layer
  • +Update wallet software regularly + verify signatures

Don't

  • Take a photo of your seed phrase
  • Type your seed into ANY website
  • Reuse seed across multiple wallets
  • Store seed in a password manager (single point of failure)
Loading quiz…