Crypto Wallets Explained: Hot vs Cold, Custodial vs Non-Custodial
A crypto wallet stores your private keys — the cryptographic proof that you control specific assets on a blockchain. The coins themselves live on the blockchain; the wallet just holds the keys that allow you to move them. Choosing the right wallet is one of the most consequential security decisions in crypto.
What a wallet actually does
Every blockchain account is a public-private key pair. The public key generates your wallet address — the string you share with others to receive funds. The private key is a secret number that lets you cryptographically sign transactions, proving you authorized them. Wallets manage these keys, construct transactions, and broadcast them to the network.
When you “send” crypto to someone, you are signing a message that says “transfer X units from my address to this address.” The network verifies your signature using your public key, confirms you have the funds, and updates its ledger. The wallet software handles this process for you so you never manipulate raw cryptographic data directly.
Hot wallets: connected and convenient
A hot wallet is any wallet where the private key lives on an internet-connected device. The most common forms:
- Browser extension wallets (MetaMask, Rabby) — integrated directly into your browser, essential for interacting with DeFi protocols and smart contracts
- Mobile wallets (Trust Wallet, Rainbow, Phantom) — convenient for everyday payments and quick trades
- Exchange accounts — technically custodial hot wallets; the exchange holds the keys on your behalf
The advantage of hot wallets is immediacy — you can sign and broadcast a transaction in seconds. The risk is that any malware, phishing attack, or browser extension compromise could expose your private key. Hot wallets are appropriate for working capital: funds you need ready access to. They are not appropriate for long-term storage of significant value.
Cold wallets: offline and secure
A cold wallet stores the private key on a device that is never (or rarely) connected to the internet. The two primary forms:
- Hardware wallets (Ledger, Trezor, Coldcard) — dedicated physical devices that generate and store keys in a secure chip. Transactions are signed on the device itself; the private key never leaves the hardware. You connect the device to sign transactions and disconnect afterward.
- Paper wallets — a printed document containing your private key or seed phrase, kept physically secure. Simple but fragile; a single copy is a single point of failure.
Hardware wallets are the standard recommendation for anyone holding crypto they do not intend to trade actively. The $50–$200 upfront cost is cheap insurance against remote-attack vectors.
Custodial vs non-custodial
This distinction cuts across the hot/cold divide and is arguably more important:
Custodial wallets (most exchanges: Coinbase, Kraken, Binance) hold your keys. You log in with a username and password; the platform manages the cryptographic keys. This is convenient and recoverable — you can reset a forgotten password. But you are trusting the platform with your assets. When FTX collapsed in 2022, users with funds on the exchange could not withdraw them for months; many suffered permanent losses.
Non-custodial wallets (MetaMask, Ledger, Trezor) put you in control. The phrase “not your keys, not your coins” reflects this directly. No platform intermediary can freeze or lose your funds. The cost is full personal responsibility: if you lose access and have not backed up your seed phrase, the funds are gone permanently. There is no password reset.
Seed phrases: your master backup
When you create a non-custodial wallet, the software generates a seed phrase — 12 or 24 words in a specific order (BIP-39 standard). This phrase encodes your wallet's master private key and can regenerate all addresses in the wallet on any compatible software.
Seed phrase security rules:
- Write it on paper — never type it into a phone or computer
- Store copies in at least two separate physical locations
- Never share it with anyone under any circumstances
- No legitimate support team will ever ask for it — any request for a seed phrase is a scam
- Consider a metal backup plate (fireproof, waterproof) for large holdings
Wallet compatibility with DeFi
To interact with DeFi protocols — lending, borrowing, token swaps on a DEX — you need a non-custodial wallet connected to the relevant blockchain. Most DeFi is built on Ethereum and EVM-compatible chains, where MetaMask or Rabby are the standard browser wallets. Hardware wallets integrate with these browser extensions, so you can use cold storage while still interacting with DeFi — the browser extension handles the interface, and the hardware wallet handles the signing.
Related reading on ChainClarity
- DeFi — decentralized finance protocols wallets connect to
- DEX — where you trade tokens directly from your wallet
- Smart contracts — the code your wallet interacts with on-chain
- Ethereum — the primary network for wallet-connected DeFi activity
- Solana — a fast Layer 1 with its own wallet ecosystem (Phantom, Backpack)
Frequently asked questions
What does a crypto wallet actually store?
A crypto wallet does not store coins. Your crypto lives on the blockchain. What a wallet stores is your private key — the cryptographic secret that proves you have the right to move those coins. Think of the blockchain as a public ledger that records who owns what, and the private key as your unforgeable signature. Without the private key, you cannot spend the funds; with it, you can from any device.
What is the difference between a hot wallet and a cold wallet?
A hot wallet is connected to the internet — a browser extension like MetaMask, a mobile wallet app, or an exchange account. Convenient for frequent transactions, but the private key exists on an internet-connected device, which is an attack surface. A cold wallet stores the private key offline: on a hardware device (Ledger, Trezor) or even a piece of paper. Signing a transaction requires physical access to the device, which eliminates most remote hacking vectors. Cold storage is the standard recommendation for any funds you are not actively trading.
What is the difference between custodial and non-custodial wallets?
With a custodial wallet (like an exchange account), the platform holds your private keys. You are trusting them to keep the funds safe and available. You do not need to manage a seed phrase, but if the exchange is hacked, frozen, or goes bankrupt — as several have — your funds may be inaccessible. With a non-custodial wallet, you hold the keys. No one else can move your funds without your authorization. The trade-off is personal responsibility: if you lose your seed phrase and your device, the funds are unrecoverable.
What is a seed phrase and how should I protect it?
A seed phrase (also called a recovery phrase or mnemonic) is a sequence of 12 or 24 words that encodes your wallet's master private key. Every address in your wallet can be regenerated from these words. Anyone with your seed phrase has complete control over all your funds. Store it on paper in at least two physically separate locations. Never photograph it, type it into a computer, or share it with anyone. No legitimate wallet, exchange, or support team will ever ask for it.
Do I need a different wallet for each blockchain?
It depends on the wallet software. Hardware wallets like Ledger and Trezor support dozens of blockchains from a single device. Browser extension wallets like MetaMask natively support Ethereum and EVM-compatible chains (Polygon, Arbitrum, Base) and can be configured for others. Solana uses a different key format, so Phantom is the common choice there. Some wallets (Exodus, Trust Wallet) are multi-chain by design. You do not need multiple physical devices, but you may need multiple software interfaces.