A cryptocurrency wallet that stores private keys offline, completely disconnected from the internet for maximum security.
A cold wallet (also called cold storage) is a cryptocurrency wallet that keeps private keys completely offline — never connected to the internet. This makes cold wallets virtually immune to remote hacking, phishing attacks, and malware. The most common cold wallets are hardware devices (Ledger Nano, Trezor) that store keys on a secure chip, but cold wallets can also be paper wallets (printed keys), metal seed phrase backups, or air-gapped computers. Cold wallets are the gold standard for securing large cryptocurrency holdings. The tradeoff is convenience — accessing funds requires physical interaction with the device, making cold wallets unsuitable for frequent trading or DeFi interactions. Best practice is using a hot wallet (MetaMask, Phantom) for daily activities with small amounts, and a cold wallet for long-term storage of significant holdings.
Cold wallets (hardware wallets like Ledger and Trezor) store cryptocurrency private keys on a dedicated device that never connects to the internet, providing the strongest protection against hacking, phishing, and malware. When you initiate a transaction, the cold wallet signs it internally without ever exposing the private key — even if the connected computer is compromised. This air-gapped security model makes cold wallets the gold standard for storing significant crypto holdings. The two main manufacturers, Ledger (using a secure element chip) and Trezor (using an open-source microcontroller), take different security approaches. Cold wallets aren't foolproof: physical theft, supply chain attacks (tampered devices), and user error (losing the seed phrase) remain risks. The seed phrase backup is actually the most critical component — whoever has your 12-24 word recovery phrase controls your funds, regardless of the hardware device.
Coinbase stores 98% of customer cryptocurrency in air-gapped cold storage vaults distributed across multiple geographic locations — the private keys have never touched the internet, making them resistant to any online attack vector.
The hardware device itself is extremely difficult to hack remotely since it never connects to the internet. Risks come from physical theft, phishing attacks that trick you into signing malicious transactions, and most importantly — compromised seed phrase backups. Your seed phrase is your true vulnerability, not the device itself.