Cold vs Hot Wallets
There are multiple wallet variants on the market, but each one of them typically boil down to being either:
A hot wallet - Your seed phrase/private key is stored somewhere, encrypted or in plain text but accessible. These are typically browser extension wallets and they provide the convenience of directly interacting with web3 protocols.
A multisig wallet - This is a wallet by proxy via a smart contract. The contract requires specific approvals from a preset quantity of signers on the contract and without them, transactions cannot be performed.
A cold wallet - The seed phrase/private key is stored on a device that is ideally airgapped but likely plugs in, encrypted and protecting it's accessibility. These are Ledgers, Keystones, or other hardware wallets.
The difference in regards to security is immense. Having one or the other can't prevent you from interacting with rogue contracts or connecting your wallet to a scam website, but it will reduce the exposure of your seed phrase and/or private keys - which is a serious issue in web3.
The few decisions to make to decide which route to go are:
Is security of the utmost importance?
Or alternatively put: Can you handle losing everything in the wallet and restart?
Will having to spend 20 seconds interacting with a physical device to submit a transaction be too much of a nuisance?
Can you wait until other parties provide approval of the transaction you're intending to make?
The stronger the security the less convenient using that wallet type is. Some cold wallets are better than others utilizing methods such as airgapping. An air gap is when there is no form of wireless communication nor wired communication, it relies solely on a qr code based system and a microSD card for firmware updates. Check out the list below:
Wallet Type
Strengths
Convenience Impact
Cold Wallet (Airgapped)
The seed phrase and private keys are virtually never exposed to an exploit.
Primitive method of communicating such as QR codes or physical hardware separation.
Cold Wallet
The seed phrase and private keys have minimal exposure to being exploited.
Plugs in for the duration of it's use, while secure, an access point.
Hot Wallet
It's the most convenient but the keys are stored in a frequently accessible location.
Is always connected and allows for 1 click transaction processing.
Multisig Wallet
Cannot perform transations without the consent/approval of other parties.
If the transaction being made is time sensitive or one of the other parties happens to lose the keys to their wallet that provides approval, this option can be detrimental.
There are ways to improve security for all wallet types, with of course inconveniences to offset while also offering a few more choices to take into consideration.
So which route is the best to go? Frankly, any of them. It depends entirely on the intended use of the generator/owner. Tolerance for inconvenience plays a role more than the security aspect in the decision making we've noticed amongst speaking to individuals across communities. The backseat logic is along the lines "It'll never happen to me" when the security aspects are weighed for the decision.
A multisig contract - A holding contract setup requiring approvals from multiple wallets to perform a transaction. Read more here
Wallet/address notifications - Whether it was you making the transactions and especially when not, receiving a notification of activity on your wallet or other watched addresses is important. Read more here
Last updated