What Is Cold Storage in Crypto?

Cold storage is crypto custody where keys never touch an internet-connected device. Hardware wallets are the most common consumer cold storage; institutional cold storage uses air-gapped signing ceremonies with multiple authorized participants. The core property: an attacker remotely compromising your other systems can't reach cold- storage keys without physical access.

Also known as: cold wallet, offline wallet, air-gapped storage

Ask Stingray anything about Cold Storage

How cold storage works

The spectrum ranges from basic to institutional-grade:

  • Hardware wallet with USB signing — device plugs in briefly to sign, then disconnects. Mostly cold, briefly hot.
  • Air-gapped hardware wallet — device never connects to a computer. Transactions are transferred via QR codes (Keystone, Cobo) or microSD cards. Higher security, worse UX.
  • Offline signing on a dedicated laptop — a computer that never touches the internet, used only for signing. The unsigned transaction is transferred via USB drive; signed version returned the same way.
  • Institutional cold-vault ceremonies — multi-party signing at a physical secure location. Keys are sharded across M-of-N signers; no single device has the full key.

Most self-custody users use “warm” cold storage: a hardware wallet that’s mostly offline but connects briefly to sign. Strict air-gapping is mostly the domain of exchanges, funds, and very-large-balance individuals.

Cold storage operational patterns

  • Seed-phrase backup on metal — stamp or engrave the seed on stainless steel or titanium plates. Fire-proof, water-proof, durable. Products like Cryptosteel, Cold Card’s backup plates.
  • Geographic distribution — split backup copies across multiple physical locations so a single-location disaster doesn’t lose access. Bank safe deposit box + home safe + trusted family member.
  • Shamir secret sharing — mathematically split the seed into N shares where any M can reconstruct it. Trezor supports this natively; Shamir Backup standard (SLIP-0039) is the reference implementation.
  • Multisig as alternative — rather than split-sharing one seed, use a multisig wallet where each signer holds a distinct key on their own device. Safe (formerly Gnosis Safe) is the standard.

What cold storage protects against

  • Remote exploit + key extraction — software compromises of your main computer can’t reach keys on a device that’s offline.
  • Phishing drains — even if you’re tricked into signing a malicious transaction, cold storage’s physical confirmation step gives you a chance to notice the amount or destination before approving.
  • Operational mistakes on hot systems — errant swaps, wrong-address sends. Cold storage adds friction to every operation, which also means fewer accidental mistakes.

Risks and considerations

Cold storage fails in different ways than hot storage:

  • Loss — forgetting where you put a backup, damaging the only copy. Accounts for 20%+ of permanently lost BTC by most estimates.
  • Physical theft or coercion — someone with physical access and knowledge of what you hold is a real threat model. Passphrase wallets (a hidden wallet behind a 25th word) help here.
  • Recipient error — sending to the wrong address still goes through; cold storage doesn’t verify destinations. Always check.
  • Estate planning — if you don’t document the recovery procedure somewhere your heirs can access, your holdings die with you.

The practical compromise for most users: hardware wallet for 90%+ of balance, hot wallet for active use with a small operational balance, tested recovery procedure, and physical backups of the seed phrase in 2+ geographically-separated locations. For institutional balances, multisig with hardware-wallet signers at different locations is the norm.

Related terms

Hardware Wallet A hardware wallet is a dedicated physical device that stores crypto private keys and signs transactions in an isolated environment. Self Custody Self-custody means holding your own private keys and bearing full responsibility for their security. Hot Wallet A hot wallet is a crypto wallet whose keys are stored on an internet-connected device — typically a phone, a computer, or a browser extension. Seed Phrase A seed phrase is a 12 or 24-word sequence that deterministically generates every private key in a wallet.