New: Wallet recovery made easy with Ledger Recover, provided by Coincover

Get started

Up your Web3 game

Ledger Academy Quests

  • Test your knowledge
  • Earn POK NFTs
Play now See all quests

The Classroom

PATHWAY G) Wallet Knowledge (Leveling Up)

chapter 3/4

What Is a Cold Wallet?

Read 8 min
Grey closed belt on a purple background.
— A cold wallet is a crypto wallet that signs transactions offline and never signs any smart contract approvals.

— Cold wallets are often confused with hardware wallets, but the terms are not synonymous. 

— Ledger devices offer a great option for cold storage due to their user-friendly interfaces and industry-leading security features.

The world of cryptocurrencies can feel like the wild west. Markets can react to the slightest good or bad news and new and innovative tech comes by every month. Transactions are instant, stakes are high and security threats are very real.

In all of this, one thing is constant: the responsibility of storing your digital assets safely and away from bad actors. It may seem a daunting task with a long list of common scams targeting crypto users. However, most scams fall into one of two categories: hacks or malicious approvals. As such, there are now wallets designed specifically to protect you from these threats.

This is where cold wallets come in. To explain, cold wallets provide the ultimate level of wallet security for your digital assets, by protecting you from online threats (and sometimes even your own mistakes!)

In this article, Ledger Academy will unpack what a cold wallet is and how setting one up can help protect your digital assets.

Let’s dive in.

What is a Cold Wallet?

A cold wallet is a crypto wallet that does not connect to the internet or interact with any smart contract. Since cold wallets don’t connect to the internet, they are immune to online threats like malware or spyware. Plus, isolating these accounts from smart contracts also protects them from malicious approvals. In short, they are simply for sending and receiving assets.

Many use the terms ‘cold wallet’ and ‘hardware wallet’ interchangeably, but it’s important to note this is not entirely accurate. Cold wallets can come in a variety of forms, and not all hardware wallets are cold wallets. To understand why, let’s first dive into what a cold wallet is for.

What Is a Cold Wallet For?

A cold wallet is perfect for protecting high-value crypto assets long-term primarily due to its security features: it keeps your keys offline and protects you from on-chain threats. Let’s see how these features work.

Cold Wallets keep Your Private Keys Offline

Crypto wallets don’t store cryptocurrencies. Your crypto is stored in an account on the blockchain, and your crypto wallet stores the private key that allows you to control that account. This is an important detail to understand, as the way your crypto wallet stores the private keys of your accounts affects their security. 

For example, a software (hot) wallet, stores your private keys on a device connected to the internet. When you sign transactions with these types of wallets, you risk revealing your private keys to hackers via your internet connection. To avoid these threats, cold wallets store private keys offline. This means your account is protected from bad actors when signing transactions. 

Cold wallets Protect Your Assets From On-Chain Threats

Next, cold wallets protect your assets from malicious smart contract functions and apps. To explain, blockchain apps will require you to sign approvals to use their services. For example, let’s say you want to sell an NFT on an NFT marketplace. To execute this transaction in your absence, the NFT marketplace’s smart contract must have your permission to move a specific asset. This makes decentralized transactions easy as the marketplace can move assets on your behalf. 

However, signing any smart contract approval also poses a threat to your account. Not all smart contracts have your best interests at heart, and approving a malicious smart contract could mean agreeing to something much more sinister than selling an NFT. Most crypto scammers will use this exact method to gain access to your funds. Believe it or not, over $2.7 billion was lost to malicious smart contract scams in 2022 alone.

A malicious smart contract can’t touch your assets unless you permit it, so cold wallets do not connect to any smart contracts whatsoever to avoid this risk.

Types of Cold Wallet

Not all cold wallets are equal. Each type of cold wallet fulfills the primary purpose of keeping your private keys offline but there are key differences in security, user-friendliness, and accessibility.  Let’s see how:

Paper Wallets

Paper wallets are simply pieces of paper with private keys printed on them, typically in the form of a QR code. Users can then transact with the wallet by sending cryptocurrency to and from the paper wallet address. Paper wallets were one of the first crypto wallets to exist, and were popular around 2013 and 2014. 

While this method keeps your keys offline, paper wallets are susceptible to physical damage or loss. Plus there is no way to recover your keys since they don’t use secret recovery phrases. 

Not only that but transferring cryptocurrency from a paper wallet can also be challenging. Essentially you will need to import your paper wallet into a software (hot) wallet using your internet connection. This invalidates its whole purpose since software wallets risk revealing your keys to bad actors via your internet connection. Worse even, if your paper wallet falls into the wrong hands, you can kiss your assets goodbye. The private keys are all they need to gain access to your account.

So while paper wallets can be a cost-effective and secure way to protect your assets,  the technical knowledge needed to manage them effectively is best left to the experts. And today, there are plenty of cold wallet options with a better user experience.

Sound Wallets

Sound wallets are similar to paper wallets, apart from they store private keys as audio files rather than on paper. Storing private keys on a  CD, flash drive, or even vinyl is much more robust than paper, however, they are still prone to physical damage. You wouldn’t want to lose access to your accounts simply because you scratched the CD storing your private keys.

Sound wallets can also be expensive to maintain: they typically require specific tools to decode private keys, such as a spectroscope application. This adds a layer of complexity that is inaccessible to beginners, much like their paper wallet counterparts.

Hardware Wallets

Hardware wallets generate and store your private keys offline in a secure physical device isolated from your internet connection. So how do they send transactions to the blockchain?

Well unlike paper or sound wallets, hardware wallets also offer you an interface, usually in the form of a companion app that you install on your computer or smartphone. For Ledger devices, this companion app is Ledger Live. Using a companion app, hardware wallets can sign transactions offline and then transmit the signed transaction to an internet-connected device. Essentially, you can interact with the blockchain without compromising the security of your private keys. Plus, these types of wallets are much more intuitive and do not require technical knowledge to operate.

Another reason hardware wallets are so popular is that they protect your private keys from loss and physical damage. Initiating a Ledger device will present you with a secret recovery phrase, a simple mnemonic that allows you to restore your accounts using any HD wallet provider. So even if you lose your physical wallet, you can regain access to your accounts by importing your secret recovery phrase into a new hardware wallet. Plus, even if the physical device falls into the wrong hands, hardware wallets typically protect your assets from physical access too. Ledger devices use a PIN code which guarantees that only the wallet’s owner can unlock the device. Plus it also uses a cutting-edge computer chip to protect the device from physical hacks such as side-channel attacks and glitching.

Finally, hardware wallets are the best option for setting up cold wallets due to their capability to generate a near-infinite number of accounts, with each account controlled by a separate private key. This feature guarantees that signing an approval with one account will not affect the security of another. This allows you to create multiple accounts for different purposes. 

For example, you can designate one account for interacting with smart contracts and another for vaulting your most valuable assets, otherwise known as your cold wallet. If you sign a malicious approval with the former, the assets in the latter will remain safe. These top-notch features mean hardware wallets are the preferred option for cold crypto storage.

How To Create a Cold Wallet

If you have a Ledger device, setting up a cold wallet is easy. All you need to do is create a new account on your device: Ledger’s security model ensures that your accounts stay separate from one another. As mentioned, it’s a great idea to designate different accounts for different tasks. The aim is to segregate your crypto assets; protecting accounts containing value from accounts signing potentially malicious approvals.

 Let’s see what you need to do step-by-step.

  1. Connect your Ledger device to your computer and navigate to the Ledger Live app.
  2. Install the app of the coin you want to use. For example, if you want to protect ETH or Ethereum tokens, you need to install the Ethereum app. If you already have the Ethereum app installed you can skip this step.
  3. Next, you must create a new account for that coin. Don’t worry, even if you already have an account for that network, you can install a new and completely separate account with no issues. Your Ledger device generates a new key pair for each account.
  4. Now your cold account is ready to use, and you can even name it in Ledger Live to avoid confusion with your other Ethereum accounts. The most important thing to remember is that you should never sign smart contract approvals with that specific account. 

Creating a Cold Wallet Device

If you want an extra layer of security, you can also split your assets across multiple hardware wallets, leaving one device completely cold. This means that you don’t sign any approvals with any account on that entire device. While separate accounts on your Ledger are completely safe from each other, separating your assets across multiple devices can be a great way to give you peace of mind when traveling to crypto events. That way, you can leave your cold wallet at home, and take the device securing less valuable assets with you. 

Ledger Devices: The Simplest Cold Storage Solution

Using your Ledger device for cold storage allows you to take advantage of Ledger’s security model. Ledger devices store your private keys offline on a Secure Element chip, an industry-grade computer chip resistant to physical hacks. Next, the secure element connects directly to the device’s Trusted Display, allowing you to verify transactions in confidence before you sign. Ledger devices also use a custom OS named BOLOS, responsible for running your separate apps on the Secure Element.

 To ensure these features keep your crypto safe, Ledger’s world-class team of white hat hackers, The Donjon, thoroughly tests each of these security elements. With Ledger, you can manage our assets via one easy-to-use interface, Ledger Live. So what are you waiting for? Buy a Ledger device and set up your first cold wallet to start exploring web3 with security. Because that’s what true self-custody is all about.

Cold Wallet FAQs

Cold Wallet vs Hardware Wallet: What’s the Difference?

While you can use a hardware wallet as a cold wallet, the terms are not synonymous. Each new account you create with your hardware wallet is technically a cold wallet. However, as soon as you connect an account to a blockchain app, that specific account is no longer cold. Signing an approval with an account compromises its security.

Cold vs. Hot Crypto Wallets: What’s the Difference?

Hot wallets, also known as software wallets, store private keys on your internet-connected device. Unfortunately, this method comes with the risk of hacking. Your internet-connected device could contain malware or spyware, which could either reveal your private keys to a bad actor or tamper with your screen to convince you to sign a malicious transaction. 

Cold wallets, on the other hand, are immune to malware and spyware since they don’t connect to the internet. They are also protected from malicious smart contract approvals as they don’t interact with any blockchain apps or services. To put it simply, cold wallets are specifically for protecting assets long-term with the highest level of security.  Hot wallets are much more suitable for making short-term purchases and should never contain significant funds due to their security vulnerabilities.

Stay in touch

Announcements can be found in our blog. Press contact:
[email protected]

Subscribe to our

New coins supported, blog updates and exclusive offers directly in your inbox

Your email address will only be used to send you our newsletter, as well as updates and offers. You can unsubscribe at any time using the link included in the newsletter.

Learn more about how we manage your data and your rights.