Hot vs. Cold Wallets
Hot wallets are always internet-connected, enabling instant transfers but exposing a wide attack surface. Cold wallets are offline, making direct remote access physically impossible, but sending funds requires manual interaction - connecting a device, signing a transaction. Exchanges typically hold the majority of customer assets (generally 90-95%) in cold storage, keeping only the minimum required for daily withdrawal processing in hot wallets.
Hardware Wallet Architecture
Hardware wallets such as Ledger and Trezor generate, store, and sign transactions entirely within a dedicated secure chip. Private keys never leave the device, so even malware on the connected computer cannot exfiltrate them. Signing requests are displayed on the device screen and confirmed via physical buttons. However, if recovery phrases (seed phrases) are mismanaged, assets remain vulnerable to physical theft or social engineering.
Combining with Multi-Signature
For large holdings, cold storage is combined with multi-signature (multi-sig) schemes. A 3-of-5 multi-sig requires three out of five keys to authorize a transaction, with keys stored in physically separate locations to eliminate single points of failure. The 2019 QuadrigaCX incident - where the founder's death rendered cold wallet access impossible - illustrates the risk of key concentration in a single individual, which multi-sig mitigates.
Practical Decisions for Active Traders
Keeping all capital in cold storage creates liquidity constraints for active traders. In practice: (1) limit exchange balances to a fixed percentage of total capital allocated for trading, (2) periodically sweep realized profits to cold storage, (3) regularly verify exchange Proof of Reserves, and (4) diversify across multiple exchanges to avoid single-venue concentration. The FTX collapse (November 2022), which froze customer assets, reinforced the importance of minimizing exchange-held balances.