What is a Cold Wallet? Top Cold Wallets in 2025
| KEY TAKEAWAYS: |
| — A cold wallet is a crypto wallet that signs transactions offline and never signs any smart contract approvals. — Cold wallets are often confused with hardware wallets, but the terms are not synonymous. — Ledger devices offer a great option for cold storage due to their user-friendly interfaces and industry-leading security features. |
The world of cryptocurrencies can feel like the wild west. Markets can react to the slightest good or bad news, and new and innovative tech comes out every month. Transactions are immutable, stakes are high, and security threats are very real.
In all of this, one thing is constant: the importance of storing your digital assets properly and safely away from bad actors. It may seem a daunting task with a long list of common scams targeting crypto users. However, armed with the right knowledge and tools, you can keep your assets secure. Of course, the most important tool in crypto is the one you use to manage your assets and store your private keys – your wallet.
This is where cold wallets come in. To explain, cold wallets provide the ultimate level of wallet security for your digital assets by protecting you from online threats (and sometimes even your own mistakes!).
In this article, Ledger Academy will unpack what a cold wallet is and how setting one up can help protect your digital assets.
Let’s dive in.
Understanding Crypto Wallets
Although it’s commonly said that crypto wallets store cryptocurrency, that’s not actually the case because crypto lives on the blockchain. Instead, today’s crypto wallets serve two essential purposes: providing an interface to access and manage your digital assets, and storing your private keys.
Private keys are used to prove ownership of assets and authorize blockchain transactions. You can think of them like a unique password to your digital funds. Crucially, whoever has your private keys has full access to your assets, so keeping your private keys – and the wallet that stores them – secure is the first rule of security in crypto.
What is a Crypto Cold Wallet?
A cold wallet is a crypto wallet that does not connect to the internet or interact with any smart contract. Since cold wallets don’t connect to the internet, they are immune to online threats like malware or spyware. Plus, isolating these accounts from smart contracts also protects them from malicious approvals. In short, they are simply for sending and receiving assets.
Many use the terms ‘cold wallet’ and ‘hardware wallet’ interchangeably, but it’s important to note that this is not entirely accurate. Cold wallets can come in a variety of forms, and not all hardware wallets are cold wallets. To understand why, let’s first dive into what a cold wallet is for.
What is a Cold Wallet For? The Benefits of Cold Storage
A cold wallet is perfect for protecting high-value crypto assets long-term, primarily due to its security features. That is to say, it keeps your keys offline and protects you from on-chain threats. Let’s see how these features work.
Cold Wallets Allow for Self-Custody
In crypto, self-custody means that you are in control of your private keys. This is important because to truly own your crypto, you must be the only one with access to the keys that control it. When you store crypto on an exchange or other custodial service, you’re essentially trusting that third party with your assets, similar to how a bank holds your money.
By their nature, all cold wallets are noncustodial, which means that when you set up a cold wallet, you are responsible for securing your private keys and recovery phrases. This responsibility comes with both benefits and risks. While you maintain complete control over your assets, you also assume full responsibility for their safekeeping. If you lose access to your cold wallet or forget your recovery phrase, you lose access to the crypto tied to that account.
Cold Wallets Keep Your Private Keys Offline
As a reminder, your crypto is stored in an account on the blockchain, and your crypto wallet stores the private key that allows you to control that account. This is an important detail to understand, as the way your crypto wallet stores the private keys of your accounts affects their security.
For example, a software (hot) wallet stores your private keys on a device connected to the internet. When you sign transactions with these types of wallets, you risk revealing your private keys to hackers via your internet connection. To avoid these threats, cold wallets generate and store private keys offline. This means your account is protected from bad actors when signing transactions.
Cold Wallets Protect Your Assets From On-Chain Threats
Next, cold wallets protect your assets from malicious smart contract functions and apps. To explain, you need to sign approvals to use blockchain apps.
For example, let’s say you want to sell an NFT on an NFT marketplace. To execute this transaction in your absence, the NFT marketplace’s smart contract must have your permission to move a specific asset. This makes decentralized transactions easy, as the marketplace can move assets on your behalf.
However, signing any smart contract approval can also pose a threat to your account. Not all smart contracts have your best interests at heart, and approving a malicious smart contract could mean agreeing to something much more sinister than selling an NFT.
Most crypto scammers will use this exact method to gain access to your funds. Believe it or not, over $2.7 billion was lost to malicious smart contract scams in 2022 alone. That being said, bling signing, when you sign a transaction you don’t fully understand, is a major cause of these kinds of losses. Using a wallet with Clear Signing, such as a Ledger device, can help prevent falling victim to a malicious smart contract.
Of course, a malicious smart contract can’t touch your assets unless you permit it, so another way to keep your assets safe is to avoid smart contracts entirely, which is another fundamental property of cold wallets.
Types of Cold Wallets
Not all cold wallets are equal. Each type of cold wallet can fulfill the primary purpose of keeping your private keys offline and avoiding smart contracts, but there are key differences in security, user-friendliness, and accessibility. Let’s see how:
Hardware Wallets
Hardware wallets generate and store your private keys offline in a secure physical device isolated from your internet connection. So, how do they send transactions to the blockchain?
Well, unlike paper or sound wallets, hardware wallets offer you an interface, usually in the form of a companion app that you install on your computer or smartphone. For Ledger devices, this companion app is Ledger Live. Using a companion app, hardware wallets can sign transactions offline and then transmit the signed transaction to an internet-connected device. Essentially, you can interact with the blockchain without compromising the security of your private keys.
Another reason hardware wallets are so popular is that they protect your private keys from loss and physical damage. Initiating a Ledger device will present you with a secret recovery phrase, a simple mnemonic that allows you to restore your accounts using any HD wallet provider. So even if you lose your physical wallet, you can regain access to your accounts by importing your secret recovery phrase into a new hardware wallet. Plus, even if the physical device falls into the wrong hands, hardware wallets typically protect your assets from physical access too.
Ledger devices use a PIN code, which guarantees that only the wallet’s owner can unlock the device. Plus, it also uses a cutting-edge computer chip, the Secure Element, to protect the device from physical hacks such as side-channel attacks and glitching.
Finally, hardware wallets are the best option for setting up cold wallets due to their capability to generate a near-infinite number of accounts, with each account controlled by a separate private key. This feature guarantees that signing an approval with one account will not affect the security of another. This allows you to create multiple accounts for different purposes.
For example, you can designate one account for interacting with smart contracts and another for vaulting your most valuable assets, otherwise known as your cold wallet. If you sign a malicious approval with the former, the assets in the latter will remain safe. These top-notch features mean hardware wallets are the preferred option for cold crypto storage.
Paper Wallets
Paper wallets are simply pieces of paper with private keys printed on them, typically in the form of a QR code. Users can then transact with the wallet by sending cryptocurrency to and from the paper wallet address. Paper wallets were one of the first crypto wallets to exist, and were popular around 2013 and 2014.
While this method keeps your keys offline, paper wallets are susceptible to physical damage or loss. Plus, there is no way to recover your keys since they don’t use secret recovery phrases.
Not only that, but transferring cryptocurrency from a paper wallet can also be challenging. Essentially, you will need to import your paper wallet into a software (hot) wallet using your internet connection. This invalidates its whole purpose since software wallets risk revealing your keys to bad actors via your internet connection. Worse even, if your paper wallet falls into the wrong hands, you can kiss your assets goodbye. The private keys are all they need to gain access to your account.
So while paper wallets were useful in the earlier days of crypto, they’re frankly impractical in today’s crypto ecosystem with all of the available cold wallet options.
Sound Wallets
Sound wallets are similar to paper wallets, apart that they store private keys as audio files rather than on paper. Storing private keys on a CD, flash drive, or even vinyl is much more robust than paper, however, they are still prone to physical damage. You wouldn’t want to lose access to your accounts simply because you scratched the CD storing your private keys.
Sound wallets can also be expensive to maintain: they typically require specific tools to decode private keys, such as a spectroscope application. This adds a layer of complexity that is inaccessible to beginners, much like their paper wallet counterparts. As such, this is not a commonly used method to store private keys or execute cold storage.
Difference between Cold Wallets and other types of Crypto Wallets
Cold Wallet vs Hardware Wallet: What’s the Difference?
While you can use a hardware wallet as a cold wallet, the terms are not synonymous. Each new account you create with your hardware wallet is technically a cold wallet. However, as soon as you connect an account to a smart contract or decentralized application (dApp), that specific account is no longer a cold wallet.
Cold vs. Hot Crypto Wallets: What’s the Difference?
Hot wallets, also known as software wallets, store private keys on your internet-connected device. Unfortunately, this method comes with the risk of hacking. Your internet-connected device could contain malware or spyware, which could either reveal your private keys to a bad actor or tamper with your screen to convince you to sign a malicious transaction.
Cold wallets, on the other hand, are immune to malware and spyware since they don’t connect to the internet. They are also protected from malicious smart contract approvals as they don’t interact with any blockchain apps or services. To put it simply, cold wallets are specifically for protecting assets long-term with the highest level of security. Hot wallets are much more suitable for making short-term purchases and should never contain significant funds due to their security vulnerabilities.
How Do Cold Wallets Work?
As mentioned above, the most important factor of cold wallets is that they never connect to the internet or interact with smart contracts. That being said, you can still send and receive crypto from your cold wallet without compromising its security.
Making a transaction with a cold wallet has two stages. First, the details of the transaction are prepared on an internet-connected device, then transferred to your cold wallet (typically via QR code or USB connection). Your cold wallet then signs the transaction with your private key in an offline environment before the signed transaction is sent back to be broadcast to the blockchain network.
How To Create a Cold Wallet
If you have a Ledger device, setting up a cold wallet is easy. All you need to do is create a new account on your device: Ledger’s security model ensures that your accounts stay separate from one another. In fact, it’s a great idea to designate different accounts for different tasks. The aim is to segregate your crypto assets, protecting accounts containing value from accounts signing potentially malicious approvals.
Let’s see what you need to do step-by-step.
- Connect your Ledger device to your computer and navigate to the Ledger Live app.
- Install the app of the coin you want to use. For example, if you want to protect ETH or Ethereum tokens, you need to install the Ethereum app. If you already have the Ethereum app installed, you can skip this step.
- Next, you must create a new account for that coin. Don’t worry, even if you already have an account for that network, you can install a new and completely separate account with no issues. Your Ledger device generates a new key pair for each account.
- Now your cold account is ready to use, and you can even name it in Ledger Live to avoid confusion with your other Ethereum accounts. The most important thing to remember is that you should never sign smart contract approvals with that specific account.
Creating a Cold Wallet Device
If you want an extra layer of security, you can also split your assets across multiple hardware wallets, leaving one device completely cold. This means that you don’t sign any approvals with any account on that entire device.
While separate accounts on your Ledger are completely safe from each other, separating your assets across multiple devices can be a great way to give you peace of mind when traveling, for example. That way, you can leave your cold wallet device, securing your most valuable assets at home, and take another device with you.
Top Cold Wallets for Storing Cryptocurrencies
Ledger Stax
Ledger Stax is a premium hardware wallet designed by the godfather of the iPod, Tony Fadell. It is a device of multiple firsts—the world’s first secure touchscreen, the first-ever curved E Ink touchscreen, and the first organic Thin-Film Transistor (TFT) screen brought to mass production.
The curved E Ink touchscreen of Ledger Stax lets you personalize the lock screen with any image you like, and it stays visible even in standby mode. The curved screen also allows you to name the spine for easy identification if you have multiple devices. Ledger Stax hardware wallets also feature embedded magnets, making them stackable.
Ledger Stax also supports Bluetooth and NFC, providing versatile connectivity options for both desktop and mobile platforms. Moreover, the Ledger Stax comes with wireless Qi charging.
Ledger Flex
Ledger Flex is the new entry point into Ledger’s next-generation secure touchscreen hardware wallets, offering secure self-custody with an improved user experience. It has a 2.8” customizable E Ink touchscreen, benefiting from the secure touchscreen technology introduced with Ledger Stax and allowing you to read transaction details clearly.
Like all Ledger hardware wallets, it’s powered by a Secure Element chip and runs on Ledger’s secure OS.
Ledger Flex also allows you to customize its E Ink touchscreen, with the choice to set the lock screen to whichever image, NFT, or digital art piece you like.
Ledger Nano S Plus
Ledger Nano S Plus is an entry-level Ledger with all the essential features you need to secure your digital assets. It doesn’t have the next-gen features of Ledger Stax and Ledger Flex, but it’s a great option for newcomers just trying crypto out.
It’s highly versatile, offering support for most major cryptocurrencies, including Bitcoin, Ethereum, Solana, Tezos, and Cosmos.
Ledger Nano X
Like the Nano S Plus, the Ledger Nano X supports multiple cryptocurrencies. At $149, the Ledger Nano X is a great hardware wallet for on-the-go use, thanks to its Bluetooth and iOS connectivity, plus a battery life of up to 5 hours.
Comparison Table of Cold Wallets
| EAL rating | Assets Supported | Devices Supported | Price | |
| Ledger Nano S Plus | EAL 6+ | Over 5,000 assets, including NFTs from multiple blockchain networks | Windows, macOS, Linux, and Android devices | $79 |
| Ledger Nano X | EAL +5 | Over 5,000 assets, including NFTs from multiple blockchain networks | Windows, macOS, Linux, and Android devices | $149 |
| Ledger Flex | EAL 6+ | Over 5,000 assets, including NFTs from multiple blockchain networks | Windows, macOS, Linux, and Android devices | $249 |
| Ledger Stax | EAL 6+ | Over 5,000 assets, including NFTs from multiple blockchain networks | Windows, macOS, Linux, and Android devices | $399 |
Ledger Devices: The Simplest Cold Storage Solution
Using your Ledger device for cold storage allows you to take advantage of Ledger’s security model. Ledger devices store your private keys offline on a Secure Element chip, an industry-grade computer chip resistant to physical hacks. Next, the secure element connects directly to the device’s secure screen, allowing you to verify transactions in confidence before you sign. Ledger devices also use a custom secure OS responsible for running your separate apps on the Secure Element.
To ensure these features keep your crypto safe, Ledger’s world-class team of white hat hackers, The Donjon, thoroughly tests each of these security elements. With Ledger, you can manage your assets via one easy-to-use interface, Ledger Live.
So what are you waiting for? Buy a Ledger device and set up your first cold wallet to start exploring Web3 with security. Because that’s what true self-custody is all about.
FAQs About Cold Wallets
Are cold wallets 100% safe?
While cold wallets are one of the safest ways to secure your digital assets, they cannot be considered 100% safe because they do not rule out the possibility of human error. Accidentally exposing your cold wallet to a smart contract ot dApp compromises its status, as does attempting to use a wallet whose private keys were ever exposed to the internet.
What are EAL ratings?
EAL ratings help evaluate and certify the security robustness of secure element chips based on the Common Criteria for Information Technology Security Evaluation – an international standard for computer security certification. EAL ratings range from EAL1 to EAL7, with each level representing a progressively higher degree of assurance.
What is the safest cold wallet?
The safety of your cold wallet depends on how it is set up and maintained. Ledger hardware wallet can make it possible to seamlessly switch between your wallet accounts, keeping your cold wallet segregated from your active wallets and keeping your valuable assets safe.
What is the best cold wallet for beginners?
While the best cold wallet for a beginner may vary person to person, many beginners may be looking to maximize security without having to invest too much if they’re just getting started with cold storage. In that case, a device such as the Ledger Nano S Plus might be a good option, as it provides everything you need for a cold storage solution at an entry level.