Cryptocurrency Wallets: Weighing the Convenience and Security of Hot, Cold, Custodial and Non-Custodial Options
Crypto wallets are useful tools for securely storing your cryptocurrencies and for moving them around. While there are many different projects and companies that tout wallets, there are actually different types of wallets – and any given company may offer multiple types.
In this article, we'll break down the different kinds of wallets available, to help you understand which ones work in different circumstances. There are two main axes that we’re going to contrast wallets on: custodial vs non-custodial (or self-custody) wallets; and hot vs cold wallets.
In the process, we’ll also touch on hardware and paper wallets.
By the way, we’ll generally talk about “cryptocurrencies” and “funds” in this article – but, this could refer to any crypto token, cryptocurrency, NFT, etc.
Custodial vs Non-Custodial Wallets
When it comes to cryptocurrency wallets, there are two main types: custodial and non-custodial (or self-custody) wallets. Understanding the difference between the two is crucial for anyone looking to store their digital assets safely and securely.
With a custodial wallet, a third party (usually an exchange or wallet provider) is the custodian of the funds. This means that they are responsible for holding and managing your private keys, which are needed to access your funds. Examples of popular custodial wallets include Coinbase, Binance, and Kraken.
Advantages of custodial wallets include that they are often:
- Easier to use with friendlier user- interfaces
- They often have easier onramps and offramps to your bank, and they may offer linked debit and credit cards
- If you forget your password, there’s a reset that password
- There’s often a paid support staff if you have a question or a problem
- If you or a loved one dies, there’s usually a path for their heirs to be able to claim their crypto
- They often have excellent reporting, which can be very handy at tax time
There are, however, disadvantages as well:
- Many Defi and some NFT projects don’t work with custodial wallets
- Airdrops often don’t work with custodial wallets
- Since the custodian holds your private keys, you don't have complete control over your funds. The custodian can decide (or be told by their government) to suspend your ability to access your funds. In many cases they will also report tax information to your government.
- If the custodian's security is compromised, there's a risk that your funds could be stolen. While security practices today are generally far better than they were a decade ago, there have been countless exchange hacks, costing depositors billions in losses.
Non-custodial (or self-custody) wallets give users complete control over their funds. With a non-custodial wallet, you are the sole custodian of your private keys. Examples of non-custodial wallets include Bitcoin Core, Electrum, and hardware wallets such as those made by Ledger or Trezor.
Many of the advantages of self-custody wallets mirror the disadvantages of custodial wallets:
- Non-custodial wallets work with all Defi and NFT projects and with airdrops
- Self-custody wallets, carefully used, provide much more privacy than custodial wallets.
- A government can’t force your wallet provider to suspend access to your funds
As you might guess, though – many of the advantages provided by custodial wallets don’t exist with non-custodial:
- It’s harder to get your fiat cash into or out of crypto. You’ll need to use a crypto ATM, or strike a deal directly with an individual that wants to exchange cash for crypto.
- Although there are exceptions, most self-custody wallets don’t offer customer support staff.
- If you or a loved one dies, it’s much less likely that heirs will inherit their crypto.
- Most importantly, if you lose your password and the backup to your private keys, there is no one that can simply “reset” your password. (If you fall into this camp, this is what CryptoAssetRecovery.com does. Contact us).
When it comes to security, neither type of wallet is inherently more secure. The level of security depends on the custodian's security practices and which threat actors are targeting your wallet. The largest modern day exchanges have extremely sophisticated security practices to minimize the risk of theft. The most widely adopted open source self-custody wallets have had many eyes examine their source code to find security flaws.
Smaller exchanges and self-custody wallets with fewer code audits are likely less secure than their larger counterparts.
Best Security Practices for Non-Custodial Wallets
If you're using a non-custodial wallet, it's important to take the steps to secure your wallet. Here are some best practices to follow:
- Choose a strong password and store it securely in at least two places.
- Understand how your self-custody wallet backs up your private keys. For most wallets, this is through a 12- or 24-word seed phrase. Write down your seed and store it securely in at least two places.
- Never store your private keys online (such as by taking a screen shot on your phone, or sending them to yourself in an email).
In conclusion, whether you choose a custodial or non-custodial wallet, it's essential to understand the risks involved and take the necessary steps to secure your digital assets.
There’s no perfect advice for everyone. If you are trying to store and protect 1,000 Bitcoin, you should just dump it into the custodial exchange that your cousin recommends. If you’re buying your first $100 of Ethereum you don’t need a hardware wallet to manage it.
Our advice? If you’re new to crypto and the amount of crypto that you’re storing is small, keep it in a custodial account. As you learn more about the space, and as your needs develop, start using self-custody wallets as well.
“Hot” Wallets vs “Cold” Wallets
Yet another way that people compare crypto wallets is whether they are “hot” or “cold”. Hot wallets store their private keys online, while “cold” (also called “cold storage) wallets store their private keys offline, without an internet connection.
This is not a distinction between whether or not you access the wallet in your web browser: it’s about whether the device on which you store your private keys has an internet connection.
Any wallet that stores its private keys on a smartphone is a hot wallet. (I suppose technically you could remove the SIM card and the communications chip and the NFC chip – but, it would be pretty tricky to ensure that there is no hardware that allows an internet connection).
People do reconfigure laptops and desktop computers to remove all hardware that can generate an internet connection.
But, the most common “cold” wallets are hardware wallets (or paper wallets).
Hot wallets are intended for regular, everyday use. Cold wallets are intended for long-term storage of large balances.
Why is it so important that Cold Storage Wallets don’t have Internet Connections?
There are two large categories of risk when a wallet is connected to the internet:
- Theft by hacking
- Phishing attacks
Cold wallets don’t entirely eliminate theft as a risk (A thief could still break into your home and steal your hardware wallet). But, by far the most common attack vector for crypto thieves is to remotely access wallets over the internet. Removing your private keys from the internet removes this risk.
Phishing is a cyber attack where a hacker tries to trick a user into revealing or transferring their private keys. A common phishing attack is to send people to a website that impersonates an NFT or defi site. The site then encourages people to connect their wallet and grant extensive permissions. Once the connection is complete, the site simply steals their funds.
Again, cold wallets aren’t a perfect protection against phishing, but since you can’t simply “connect” a wallet online, the risk is dramatically lower. (Due to the fact that cold storage wallets are rarely accessed – and often involves going through several time-consuming steps – it gives the user time to realize that perhaps the request they’re responding to isn’t a valid one).
But, if cold wallets are so secure, why does anyone use a hot wallet at all? The answer is simple: security isn’t the only consideration. If you’re going to use crypto (as opposed to just HODLing), it’s also important that you be able to spend it without too much friction. So, let’s talk about some of the reasons to use a hot wallet.
Advantages of Hot Wallets
When Bitcoin was invented (and the Bitcoin white paper was published), it was envisioned as a form of digital cash. The idea was that you could buy a pizza (or a house) with Bitcoin, in the same way that you could use fiat cash.
The primary advantage of a hot wallet is that your funds are available to be spent, traded or moved at a moment’s notice. See a great buying opportunity? You can make a purchase in seconds. Need funds and worry that your favorite token is going to drop 20%? You can sell that token immediately.
Custodial wallets hosted by exchanges online are typically hot wallets. This is the easiest way to buy and sell (onramp and offramp) fiat money into crypto.
To make an analogy to fiat money, hot wallets are like the cash that you carry around in your purse or wallet. You know that there’s a risk that a pickpocket could grab your purse and run off. So, you don’t walk around with a bearer bond for all of your assets in your wallet. You just keep the money that you need in case you want to stop into a coffee shop and buy a drink.
Best Practices with Hot Wallets
There’s no shame in keeping money or tokens in a hot wallet – but, you should follow best practices:
- Know that the funds are at risk, and that criminals will try to phish your funds. Be skeptical, and don’t act impulsively.
- Maintain both a hot wallet and a cold wallet:
- Keep a small portion of your funds in a hot wallet.
- Keep the bulk of your funds in a cold wallet.
- Add a secure form of two-factor authentication (2FA) to your hot wallet. (Receiving a text message on your cell phone is not secure. There are many cases of thieves convincing cell carriers to move their target’s cell phone number to a thief’s phone).