Crypto Wallets Explained: Hot Wallets vs Cold Wallets & How to Stay Secure

Introduction

For the past 5 years, I've been a massive target for both scammers and hackers trying to steal my crypto. I get non-stop fishing emails, scam calls, and people reaching out to me pretending to be from big crypto companies. The only reason they haven't been able to steal my crypto is because a method I've been using since 2020 to keep it safe. And today, I'm going to show you that exact same method so you can keep your crypto safe, too.

Why Storage Matters

But before I show you the method I use to secure my crypto, first we need to understand how crypto is actually stored and the difference between storing it safely and storing it irresponsibly. This is what I wish someone had told me when I first got started. Unfortunately, that information just wasn't available. Most of the confusion around crypto security comes from not knowing where crypto actually exists, how you access it, and the one thing you need to protect it. Once you understand this, securing your crypto becomes extremely simple. So, just hang with me and we'll bring all this together in a bit and it'll make a lot more sense.

The Blockchain

For starters, there are a lot of places you can buy crypto. Apps like Robin Hood, exchanges like Coinbase, and crypto wallet apps like MetaMask. But here's the thing, none of these platforms actually hold any crypto. There are simply tools that you use to access the networks that crypto lives on called the blockchain. The blockchain is like a giant digital record book of transactions. Everything in crypto is permanently recorded there. Crypto does not exist outside of the blockchain. No blockchain, no crypto.

Accessing Crypto

Okay, now that we got that out of the way, let's talk about how you actually access and manage your crypto on the blockchain. Because knowing these fundamentals ultimately determines how secure your crypto is. The blockchain is made up of a bunch of different addresses. These addresses, also called public addresses, are where crypto is stored. You get your own public addresses when you set up a crypto wallet. The address itself lives on the blockchain, not inside your wallet. Your wallet or whatever platform you use is really just a remote control. It lets you see your portfolio balance. It lets you initiate transactions, and ultimately it's how you control your crypto.

Public and Private Keys

Also, on a side note, since the blockchain is a digital public record, anyone can look up your address. This means anyone can copy your address and send crypto to it. But to send crypto from your address, you need a key. Think of it like an email address. Anyone who knows your email can send you a message. But to send a message from your email account, they need your login information. On the blockchain, it's the same idea, but instead of a username, you get your own public address, also known as a receiving address. This is where your crypto is stored on the blockchain. And it's also the address you would give to someone if you want them to send you crypto. And instead of a password, your address is secured by a private key. This key is only known to you, and it gives you full control of your address and any crypto in it.

Master Keys and Seed Phrases

Every blockchain address has its own private key. For example, if you have a Bitcoin receiving address and an Ethereum receiving address, they both have their own key. But in order to get your own set of private key and receiving addresses, first you need a master key. The master key is what secures all of your private keys across all the different networks. Your wallet uses this one master key to create and recover all of your receiving addresses and private keys across all the different blockchain networks. Most master keys are either 128 bits or 256 bits. In plain English, it just means they're really long and impossible to guess, which also means they're impossible to remember. So, to make things easier for the key holders, the crypto wallet turns these keys into a human readable version called a seed phrase. A 128 bit key is turned into 12 random words and a 256-bit key is turned into 24 random words. These words are what gives you complete access to all of your crypto. And also, the 24word option is generally considered more secure since it's longer and more random.

Why Seed Phrase Matters

Now, imagine how much of a nightmare it would be if you had to write down all your private keys for all of your different crypto wallet addresses. That'd be dozens or maybe even hundreds. Fortunately, you never really see your private keys or directly interact with them. Instead, you really only ever see your seed phrase when you first set up your wallet. When the seed phrase is generated, and then if you ever need to recover access to your wallet, you import that seed phrase into a new wallet. So, the seed phrase is the one thing you need to protect and keep track of. That said, here's the scary part. Anyone who knows your seed phrase gains complete control and access to all of your crypto. They don't need your computer. They don't need your phone. They don't need your app. If they have your seed phrase, they can access your crypto.

Exchanges (Least Secure)

But let's start with the least secure wallet because that's where everyone starts and that's probably where a majority of people keep their crypto today. And that is a crypto exchange. Now, again, we all have to start on a crypto exchange. That's completely fine. What most people don't realize, though, is you don't actually own the crypto when you keep it on an exchange. Exchanges are what's known as custodial wallets. That means they own the keys that control your crypto. So, when you set up an account on an exchange, your crypto is actually stored on their blockchain addresses, secured by their private keys. So, you don't actually control or own your crypto. The exchange does. This is why you'll see so many complaints from users claiming that the exchange freezes their funds or lock their accounts. The only reason exchanges can do this is because they own the crypto and they control the keys. You're basically borrowing access to the exchanges wallets while also paying their high fees, which is how they make their money. This is why crypto exchanges are one of the worst ways to hold your crypto. Not only do you not own the keys, but you're relying on a third-party platform to protect your crypto. Also, crypto exchanges are constantly targeted by hackers. Now, that doesn't mean that we don't need crypto exchanges or that you should stop using them because we still rely on exchanges to turn fiat into crypto and crypto to fiat. But exchanges are not a safe place to store your crypto. So, I only use exchanges for what they were designed for, which is buying and selling crypto, but never for storing it. And that's a mistake most beginners make. They buy their crypto on an exchange and then they just leave it there trusting that it's safe, but it's not.

Software Wallets (Hot Wallets)

Okay. Next, we have software wallets, also called hot wallets. These are apps and browser extensions like MetaMask, Trust Wallet, and Exodus. When you set up a software wallet, it generates a completely new and random seed phrase for you. This is known as a self-custodial wallet. Any wallet that allows you to generate your own keys and secure it yourself is self-custodial. And this is the preferred way to store your crypto if you're serious about protecting it. But there's one big problem with software wallets and it's where your key is stored. When you generate a seed phrase using your software wallet, that seed phrase is actually stored in the software on your internet connected device like your phone or your computer. Now, this is secured by a password. However, that password only protects your seed phrase if the device that you're using the wallet on is secure. The password won't protect your seed phrase from malware or spyware, though. So, if you ever get a virus on your phone or computer, the hackers can use that to steal your keys and all of your crypto. And this kind of thing happens every single day. I've talked to tens of thousands of people on this channel, and a lot of them have shared their stories about losing their crypto because it was secured by a software wallet. That said, your crypto is really only as secure as a device that you store the key on. And in today's world, it is incredibly easy to accidentally download malware without knowing it. That could be clicking on a bad Google ad, opening a malicious email, or even visiting a sketchy website. Recently, there were even vulnerable versions of popular browsers like Chrome, Brave, Opera, and Edge that specifically targeted software wallets on users devices, which is why software wallets are often called hot wallets. I will say the good thing about hot wallets is they do give you full ownership of the keys that are used to access and manage your crypto. So, no one can lock your account or freeze your funds. So, you are in full control. They're also really easy to use since they run on devices that we're all familiar with, our phone and computers. Unfortunately, the way hot wallets handle our keys are a major deal breaker if your goal is to protect your crypto.

Hardware Wallets (Cold Wallets)

And that's where this next type of wallet comes in. It's the most secure option called a hardware wallet, also known as a cold wallet. Cold wallets are security devices built to do one main job, secure the keys to your crypto. and they use the same technology found in billions of bank cards around the world and even in some military applications. But one of the main reasons cold wallets are so secure and why they're called cold wallets is because they're not connected to the internet. So instead of your seed phrase being stored inside of the app on your internet connected device like your phone or computer, it's stored offline on your cold wallet in something called a secure element chip. This chip is designed specifically to be tamperproof and resistant to both remote and physical attacks. So, even if someone got their hands on your cold wallet, they still wouldn't be able to extract the seed phrase from your wallet. On top of that, any reputable cold wallet also has other security features like PIN protection, which prevents anyone from just picking up your wallet and using it.

Why Apps Don’t Break Cold Wallet Security

Now, you might be wondering, if a cold wallet is truly offline, then why do they rely on apps? Doesn't that connect them to the internet? Well, actually, the opposite is true. It's important to understand that the app does not hold or control the keys to your crypto. It's simply a middleman between the blockchain, where your crypto lives, and your cold wallet, where your keys are securely stored. Without the app, your coal wallet wouldn't have any way to interact with the blockchain. At no point in this process does your private key ever leave the secure environment of your coal wallet, and it never touches the internet. And I know this all sounds overwhelming, but I'm not telling you this to overwhelm you, and you don't necessarily need to know this to use a cold wallet. I'm simply telling you how this works on the back end so that you have an idea of how it works. But by no means do you need to remember this to use a cold wallet.

Choosing the Right Hardware Wallet

Also, just so there's no confusion, the common phrase in crypto is to store your crypto in a cold wallet. But now, when you hear someone say that, and I say that a lot myself, you'll know that we're not actually talking about putting your crypto onto the co wallet device because that's not possible. We're talking about keeping the keys on the coal wallet, which ultimately secures your crypto. That said, to secure your crypto, you simply buy it on something like a crypto exchange and then you send it to your cold wallet address where your keys are secured by your cold wallet. And I'm going to touch on this a bit more in depth a little later.

Cold Wallet Adoption

Also, you officially know more about cryptoc 90% of people in the crypto space. And I'm being completely serious. According to a study done in 2023, only 10% of crypto investors use a cold wallet. If I had to guess, that's because most people either don't know about cold wallets or the more likely option, they haven't put in the time and effort to learn about cold wallets like you're doing right now. So, they're just being irresponsible and lazy about it.

Final Recommendation – Tangem Wallet

But now we run into the next issue. You know that a hardware wallet is the most secure way to hold your crypto or to hold the keys to your crypto, but you don't know which hardware wallet to choose. And with over 20 different hardware wallet brands on the market, all claiming to be the most secure, it's almost impossible to choose one, especially if you don't know what to look for. But I'm going to let you in on a little secret that I've learned after testing over 30 different hardware wallets over the past 5 years, and that is they all do the same thing. They all store your keys and sign crypto transactions. That's it. At their core, they're secure signing devices. What you need to look for is one that has a solid, secure reputation. And also equally important is simple to use. Because here's another thing that I've learned. A lot of wallet manufacturers will add a bunch of fancy features that try to make them stand out from the rest of the wallets on the market. But what it really does is not increase security and just adds complexity. So if this is your first cold wallet, you're more likely to make a mistake because a wallet you're using is more complex. So, while security should be the core of every hardware wallet, and I hope it is, simplicity should follow closely behind it. And in my experience, there are very few wallets that I recommend to a complete beginner because a lot of them are just too complex. Fortunately, there are options that are both secure and easy to use, even if you've never touched a co wallet before.

Tangem Wallet in Practice

And I'm going to show you exactly what wallet it is and the one that I've recommended to thousands of people here on the channel. But in case this specific wallet doesn't fit your needs or you just want to look at something else, I'm also going to drop a link to another one of my favorite cold wallets along with this user guide down in the description if you want to check it out. Before I show you this wallet though, the one last thing you need to check before choosing a harder wallet is coin support. Not all hardware wallets support the same cryptocurrencies. If you find that a harder wallet you're looking at doesn't support the crypto that you own, then you can eliminate that wallet from your list. It's not for you. And this is super easy to check. Any hardware wallet website that you go to is going to have a coin support section. You just go there and you can search for coins that you want to secure with this wallet or just scroll through the list and you'll instantly know if that's the wallet for you.

Conclusion

Okay. So, which wallet checks both boxes of being simple and secure? Well, after testing the 30 plus harder wallets that I own, one stands out above the rest and there's really no comparison, and that is Tandem. Tang is one of the only card-based wallets on the market that uses NFC to communicate with its app and it's super easy to use. And while other wallets like Ledger and Treasure and One Key are also solid choices depending on your needs, Tandem removes a lot of the complexity that usually trips people up. There's no cables, no batteries, and no confusing setup. And just like any secure wallet, your keys are stored offline on the Secure Element chip in each card. And the Tandem app acts as your control center. Using the app, you can buy, sell, swap, and even stake crypto, all while your keys never leave the card. It also supports thousands of cryptocurrencies and blockchain networks, which makes it a good option for most people starting out. And the setup only takes a few minutes. And this is why I've been recommending Tandem for the past two years on this channel and why I continue to recommend it to my personal friends and family who are just getting into crypto and really anyone who's looking to get started in self-custodial cold storage because nothing else compares to its security and simplicity. If you want to learn more about it, the link in the description will take you straight to their website and we'll apply a discount code at checkout if you end up getting it. And even if Tandem isn't the wallet for you, that's completely okay as long as you understand and walk away from this blog knowing that a hardware wallet is the most secure solution for keeping your crypto safe. But if you are interested in Tandem, now you're probably saying, "Okay, this sounds great, but how do I set it up and move my crypto from an exchange over to the wallet so that it can be secure?" Well, that's exactly what I show you how to do in my user guide blog. Watch that next. God bless and peace