Cold Wallets: Demystifying Offline Access in 2025

By mid-2025, you likely already understand the distinctions between cold wallets and hot wallets. However, a substantial new article by Web3 researcher Vladimir Menaskop may very well convince you otherwise and ultimately assist you in genuinely safeguarding your assets from unauthorized access.

People often confuse hardware wallets with cold wallets, and certain brands are frequently categorically labeled as cold.

Take an example from Reddit: “I’ve been investing in Bitcoin for the last six months and I’m now considering purchasing a cold wallet. From what I gather, there are three main options: 1) Trezor; 2) Ledger; 3) Jade.”

Or consider a message from a DeFi chat that a subscriber recently shared with me: “Cold wallets don’t store coins; they just hold keys for accessing wallets across various networks — that’s all.”

The confusion isn’t limited to casual users; even specialized media outlets often mislead by conflating the two categories. For instance, one article lists hardware wallets when discussing cold wallets, while another acknowledges the differences yet stumbles in explaining the concept of multi-signature wallets.

Moreover, even IT security firms sometimes mix up basics: “Hardware wallets, which include cold wallets as a subclass, are physical devices, and because they exist offline in the tangible world, it’s significantly harder for attackers to target them.”

This issue transcends mere terminology; misunderstanding the functionalities of hardware and other types of wallets results in incessant hacks, despite the very purpose of these wallets being to defend against such breaches. Hence, this article aims to clarify this topic.

I want to emphasize a practical approach rather than an academic one, therefore my classification may not be exhaustive, but it will be focused on addressing specific issues:

To grasp the practical implications, let’s delve deeper into the concept of cold storage.

Imagine two straightforward scenarios.

In the first scenario, you manually or semi-manually create a seed phrase, transfer it onto a metal medium, and execute a test transaction to one of your many wallets.

But what happens next?

Most people would likely want to verify transactions; after all, seeing isn’t the same as owning. Consequently, cold wallets seldom remain devoid of outgoing transactions. (Of course, in some instances, verification can be conducted in alternative ways, but that discussion will come later.)

The second scenario involves multi-signature wallets. Yes, you can create a multi-sig using the same Safe without incurring transaction fees (similar offerings are available with gasless payments from MetaMask or Rabby), but is the multi-sig truly offline at that point? Essentially, it functions as a set of smart contracts, hence the answer is: “No.”

Certainly, if we dig deeper, we can see that access levels are distinctly defined — familiar to many Linux users — involving permissions for writing, editing, etc. In terms of transaction sending (editing), the multi-sig will often remain offline for an extended period.

So, where are the multi-sig keys stored? Unlike hardware wallets such as Trezor, Ledger, and SafePal, in this instance, there are no private keys.

To be precise, the private keys belong to signers, and there is a concatenation of public keys; in this way, we can say:

*“Multi-sig is a smart contract that performs an operation only if multiple previously bound private keys sign it. The number of required signatures is termed the threshold value.”*

Let’s list out points:

The last point is critically important, especially when we remember the hack incident at Bybit. They had set up input via hardware wallets, which were allowed multi-signatures in Safe, but this failed to prevent breaches as signers overlooked numerous glaring errors post the hack of Radiant, WazirX, and similar platforms. (If this isn’t convincing enough, there are two instances from Ledger’s experience when the infrastructure, not the device itself, was compromised: through traditional paper letters and cloning methods.)

Additionally, neutrality is essential in today’s world: MetaMask, for instance, has stated its commitment to comply with sanctions and related account restrictions, while Ledger has released anti-data measures for safeguarding seed phrases.

Now, let’s explore the idea of cold storage from another perspective: the synthetic one.

First, let’s enumerate specific implementations of cold storage (here we’re generalizing wallet and storage, which is another significant topic that warrants separate examination):

In essence, cold wallets can be classified into two types:

Here’s a range of examples:

Simple types are standard hardware, paper wallets, and similar items that are used sparingly. More complex types consist of multi-sig combined with hardware wallets or storage of a seed phrase split into three to five segments through Schamir’s method, each kept in very diverse formats. (Again, we consider «cold» in a mixed sense here.)

Based on the above insights, it’s crucial to grasp one argument: when dealing with genuinely large-scale projects, a cold wallet holds no value without the implementation of appropriate organizational, technical, economic, and legal norms.

The incidents at Bybit, Mt.Gox, various cross-chain bridges, Radiant, and others serve as direct evidence. And indeed, this is another reason why hardware wallets cannot be classified as cold in every scenario. According to Venn diagrams, these are merely partially intersecting, unequal categories:

Now, let’s attempt to describe each subtype.

**Subtype #01: Hardware**. This refers to recording private keys (less frequently) and seed phrases (more commonly) onto metal (usually titanium plates, such as CryptoSteel).

This method is reliable for storage anywhere; even rust and fire can’t harm it. However, it poses a risk if someone physically gains access to the plates. Thus, they are often split into parts stored in custodial services or bank vaults (this creates an oxymoron: the most non-custodial crypto options may be stored here contrary to their original intent).

Steganography can be combined with the described approach, allowing for the concealment of the plate in a statue, for instance, after validation.

**Subtype #02: Paper**. Writing down seed phrases and private keys on paper is a classic method. It’s best to use various writing instruments (simple pencils, ink) on different materials (cardboard, standard paper, notebook pages) and make two or three copies. Hide it in places where you wouldn’t yourself look.

Steganography is key here. Obscure the phrase within books, children’s drawings; write with lemon juice or other disappearing inks. Residing in the UAE? Write in Chinese. In China — in Georgian. Any level of protection is useful here.

And remember, never write the phrase in full; leave out a few words «for backup.» This won’t prevent hacking: 2-3 words can be fairly quickly restored, but if you notice a theft, you’ll have time to act accordingly.

**Subtype #03: Multi-sig**. It’s a lengthy topic, but for now, nothing beats Safe; the Bybit hack has proven this too. However, it also demonstrated that a Safe multi-signature isn’t sufficient; one needs strong nerves and clear reasoning to avoid mishandling $1.4 billion just like $1.4.

Once again, even the combination of “hardware wallet plus multi-sig” may not qualify as cold storage. The following safe transfer rules must be adhered to:

**Subtype #04: Backup Cards**. This solution resembles a subtype of hardware/offline wallets, but functionalities and usage can differ.

**Subtype #05: Hardware Wallets**. There are many available, yet each has exhibited some vulnerability: offline hacking incidents with Trezor (various models), phishing attacks on Ledger, and so on.

**Subtype #06: Special Smart with Unique Software**: This may be any smartphone operating on Linux or Android with disabled (or removable) communication modules, including Wi-Fi, Bluetooth, etc. There are also dedicated solutions, such as Purism.

**Subtype #07: Exotic**. I’ll expand on this a bit more.

Yes, such instances exist. Here are a few examples to clarify the subject, especially since these are not strictly cold wallets, but rather perilous storage methods (although claiming that they are offline isn’t always accurate).

**Steganography**
This can take various forms, but here are some examples for clarity:

Technically, it still involves paper, metal, or digital formats, but organizationally, these are far more secure methods than simply having an obvious phrase.

**Tempography**
It’d be remiss of me not to mention it. Here are several straightforward examples:

Certainly, this isn’t exhaustive, but it’s enough for an initial discussion. Now, let’s address two key questions.

*A portion of the data is stored in encrypted form on the blockchain, while another is engraved on metal plates hidden physically. Additionally, Dutch Bitcoin enthusiast Didi Taihuttu applied personal encryption by substituting some words in the phrase. […] «Even if a gun is put to my head, I wouldn’t be able to give out more than what’s in the wallet on my phone, and that’s little,” declared Taihuttu.*

**Cold and Security**
If you’ve already addressed the previous question, I suggest improving your own security, which comprises the following elements:

The technical aspects have been outlined above. If that’s insufficient, consult additional resources for safe storage of private keys.

Economic security encompasses portfolio management and risk management. Legal involves operating within specific jurisdictions and understanding their regulations. Organizational pertains to all aspects beyond the first three: your work time, response to phishing attempts (including customization), and other social engineering attacks, discussions with people, and so forth.

While I won’t list everything, I’ll cover the basics.

**Functionality vs Security**

When it comes to cold storage, prioritize wallets for their reliability over their functionality: a hot or test wallet can afford flexibility.

A cold wallet must be:

**Phishing**
Regardless of the cold wallet you choose, as a living being, you will always be the weakest link. Thus, always adhere to the advice depicted in Greg Jordan’s movie «Unthinkable»: if everyone believes you’ve planted three “bombs,” in reality, you should have four or even five.

**Rule Zero**
It’s quite straightforward: anyone can be hacked anytime and anywhere. The concern lies in attention, resources, and effort expended. If it involves prolonged effort, is costly, and yields lesser profit, the hack is unlikely to be executed.

Truthfully, destructive-type attacks will always exist, but your personal security is aimed at deterring them. You are the last bastion; you are part of your cold storage.

First and foremost, there’s a technical distinction highlighted on the Ledger website:
*“Is a cold wallet the same as a hardware wallet? In reality, these are two distinct categories with different usage scenarios and levels of protection. And the intriguing part? Both types can coexist within a single wallet.”*

But that’s just their take; as previously stated, there are other scenarios where hardware and cold wallets diverge.

Simply put, you can establish a combination of “MetaMask plus Trezor” and use it as a daily hot wallet while ensuring your keys remain secure and you’re safeguarded against attacks, especially if your MetaMask password gets compromised online, granting access to your private keys and resulting in fund withdrawals. Yet you’re not entirely shielded from:

However, you can configure that same Trezor as a cold wallet with a passphrase and find some peace, at least regarding part of your assets.

By 2025, offline access often falls short for proper cold storage, making a hardware wallet merely a component (and even that is conditional) for cold storage.

Moreover, cold storage can be further divided into cold wallets and cold storage systems. We can discuss storage on another occasion, but for now, remember that hardware wallets, at best, represent basic cold storage devoid of additional safeguarding methods.

They may, but do not inherently do so.

Drawing from practice, a hardware wallet cannot be classified as cold if:

Many might view this approach as excessive or even unrealistic, but everything discussed above and below supports the opposite perspective (at least for me). Therefore, Trezor, Ledger, and others are excellent hardware wallets that can become cold under specific conditions but are not inherently cold by default.

So, when newcomers are told, “I purchased a hardware wallet — now I can relax,” that sense of calm is illusory. Finding an encrypted seed phrase whose wallets never “originated” online is one matter; attacking hardware wallets, even the most sophisticated, is another. And yes, I’ll repeat for the third time: the Bybit hack stands as the best evidence. Study it.

Judge for yourself. It’s essential to focus on selecting a non-custodial, open-source wallet based on specialized devices with security elements and other protective measures that participate as signers in multi-signatures.

In practice, hot wallets are most frequently found in the following types:

However, custodial wallets should not be cold-stored: you can, but really shouldn’t. In fact, proprietary ones shouldn’t either.

Cold storage is usually found in two subtypes:

This leads us to conclude:

Surely, this is just the first level of assessment, but it remains critically important and aids in navigating a rapidly changing landscape.

The goal of this piece wasn’t to provide an academic overview of the variety of cold wallets or to promote particular solutions, but to describe the methodology that aids in practically organizing cold storage and sharpens the understanding of what cold wallets truly are. This is a case where it’s better to over-prepare than to presume that merely purchasing any hardware solution suffices.

I believe I have accomplished this task. For those seeking more, there are two brief sections below.

**List:**

As you may have guessed, this is about charity: supporting social assistance funds, non-profit Web3 startups, NFT artists, and more. In the overwhelming majority of cases, your contributions will be well spent. However, that’s a completely different story altogether.