WALLETS & SECURITY

What Is a Hot Wallet? The 2026 Guide to Connected Crypto Storage

Every cryptocurrency you own must be stored somewhere. That somewhere is a wallet, and the most fundamental distinction between wallet types is whether that wallet is connected to the internet or not. A hot wallet is connected to the internet. A cold wallet is not.

This single distinction carries enormous security implications. A wallet connected to the internet is accessible for transactions at any moment, which is convenient and necessary for active use. It is also exposed to any threat that operates over the internet: malware, phishing attacks, smart contract exploits, browser vulnerabilities, and remote access attacks. A wallet that is never connected to the internet cannot be attacked remotely, but it also cannot transact without being brought online.

Understanding what hot wallets are, when they are appropriate, what their specific risks are, and how to use them safely is one of the most practical pieces of security knowledge for any active crypto user.

What Makes a Wallet "Hot"

The term “hot” in hot wallet refers to the wallet’s connection to the internet, not to any physical characteristic. A hot wallet is any cryptocurrency wallet whose private keys are stored on a device that is connected to or regularly connects to the internet.

Private keys are the cryptographic credentials that prove ownership of cryptocurrency at a given address and authorise transactions from it. As covered in our private keys resource, whoever controls the private key controls the funds. A hot wallet stores the private key in software on an internet-connected device, whether a phone, a computer, or a browser extension. This means the private key is potentially reachable by any malicious software or actor that can compromise that device or application.

The contrast with cold storage is direct. A hardware wallet like a Ledger or Trezor stores the private key inside a physically isolated chip that never exposes the key to any connected device. Even when the hardware wallet is plugged in to sign a transaction, the private key never leaves the device. This is the foundational security advantage of cold storage over hot wallets.

Types of Hot Wallets

Hot wallets come in several forms, each with different use cases, interfaces, and specific risk profiles.

Mobile wallets. Mobile wallets are applications installed on a smartphone that store private keys on the device. They are the most convenient form of hot wallet for everyday use: accessible anywhere, easy to use for payments and DeFi interactions, and increasingly polished in their user experience. Popular mobile wallets include Trust Wallet, Exodus, and the mobile version of MetaMask. The security of a mobile wallet is directly tied to the security of the phone: a phone compromised by malware, a phone that is lost or stolen without adequate screen lock, or a phone backup that inadvertently exposes the seed phrase are the primary risk vectors.

Desktop wallets. Desktop wallets are applications installed on a computer that store private keys locally on the machine. Exodus, Electrum (for Bitcoin), and Atomic Wallet are examples. Desktop wallets offer more screen real estate and functionality than mobile wallets but are exposed to the wider threat surface of a desktop computer, including browser-based malware, keyloggers, and remote access trojans. As covered in our advanced crypto security resource, desktop environments are more frequently targeted by sophisticated malware than mobile environments given their greater processing capability and the larger amounts typically stored on them.

Browser extension wallets. Browser extension wallets are installed as extensions in web browsers and provide the primary interface for interacting with DeFi protocols, NFT marketplaces, and Web3 applications. MetaMask is the most widely used browser extension wallet, with others including Phantom (for Solana) and Rabby. Browser extension wallets are the most exposed category of hot wallet because they interact continuously with websites and smart contracts. A malicious website can request permissions from a browser extension wallet, a compromised extension can expose private keys, and phishing sites designed to mimic legitimate DeFi protocols can trick users into signing malicious transactions. As covered in our how to secure your MetaMask wallet resource, browser extension wallet security requires ongoing active management.

Web wallets (exchange wallets). Web wallets are the wallets maintained by centralised exchanges on behalf of their users. When you hold cryptocurrency on CoinSpot, Swyftx, Binance, or any other exchange, the exchange holds the private keys in hot and cold wallets it manages. You access your holdings through the exchange’s interface. This is the most common form of hot wallet exposure for most retail investors, and the risks are covered in detail in our risks of keeping crypto on an exchange resource.

When Hot Wallets Are Appropriate

Hot wallets are not inherently wrong or unsafe. They are tools with specific appropriate use cases that differ from cold storage.

Active trading. Investors who actively trade cryptocurrency on exchanges need funds accessible on those platforms. Keeping a trading allocation in an exchange wallet or a hot wallet connected to a DEX is appropriate for capital specifically designated for active trading.

DeFi interactions. Interacting with DeFi protocols requires a wallet that can sign transactions and connect to Web3 applications. A browser extension wallet like MetaMask or Phantom is the standard tool for DeFi participation. While hardware wallets can be connected to browser extension wallets to sign transactions, keeping a smaller DeFi-specific allocation in a dedicated hot wallet is a common practice that limits the exposure of the signing key.

Small everyday amounts. Just as you would carry a modest amount of cash in a physical wallet for day-to-day expenses rather than keeping your entire net worth as cash in your pocket, a hot wallet is appropriate for the crypto equivalent of walking-around money: small amounts needed for regular transactions, payments, or DeFi interactions.

Receiving funds. A hot wallet address is appropriate for receiving cryptocurrency transfers that will subsequently be moved to cold storage. Many investors use a hot wallet as a receiving layer, moving funds to a hardware wallet once they exceed a defined threshold.

The appropriate sizing principle for hot wallet holdings is this: never keep more in a hot wallet than you can afford to lose entirely. Hot wallets carry real and ongoing security risk. The amount in them should reflect that risk by being sized accordingly.

The Security Risks of Hot Wallets in Detail

The security risks specific to hot wallets are worth understanding in detail because they are the most common cause of cryptocurrency loss among active users.

Malware and keyloggers. Malicious software installed on a computer or phone can extract private keys directly from hot wallet storage, log keystrokes to capture passwords and seed phrases, or take screenshots at intervals that capture displayed seed phrases during wallet setup. As covered in our advanced crypto security resource, keeping devices used for cryptocurrency management clean of unnecessary software, using reputable security tools, and avoiding pirated software and suspicious downloads are baseline protections.

Phishing attacks. Phishing sites that mimic legitimate wallets, exchanges, and DeFi protocols trick users into entering their seed phrase or private key on a site controlled by an attacker. A single seed phrase entry on a phishing site drains the entire wallet immediately. As covered in our phishing scams crypto and fake wallet apps and extensions resources, verifying URLs meticulously, using bookmarks rather than search results to navigate to wallet interfaces, and never entering a seed phrase anywhere other than the wallet’s own setup process are the primary protections.

Malicious smart contract approvals. Browser extension wallets prompt users to approve transactions and token spending permissions when interacting with DeFi protocols. A malicious or compromised protocol can request approval to spend unlimited amounts of a specific token, which the approval transaction grants. If the user signs an unlimited approval for a malicious contract, that contract can drain the approved token from the wallet at any future time. Reading approval requests carefully, using limited approvals rather than unlimited ones where possible, and regularly auditing and revoking unnecessary approvals as covered in our how to secure your MetaMask wallet resource are the appropriate countermeasures.

Clipboard hijacking. Malware that monitors and replaces clipboard content can substitute an attacker’s address for a legitimate address when a user copies and pastes a recipient address. A user who copies a withdrawal address, doesn’t verify it after pasting, and sends a large transaction discovers the funds have gone to an attacker’s address rather than the intended destination. Always verifying the pasted address, particularly the first and last several characters, before confirming any transaction protects against this attack.

Device loss or theft. A phone or computer containing a hot wallet that is lost or stolen gives the finder or thief potential access to the wallet if the device is not adequately protected. Strong device PINs, biometric authentication, full device encryption, and remote wipe capabilities are baseline device security measures for any device used for cryptocurrency management.

Seed phrase exposure. If the seed phrase backing a hot wallet is stored insecurely, such as in a screenshot on the device, in a cloud notes application, in an email, or written on paper in an unsecured location, it can be accessed by anyone who gains access to those storage locations. As covered in our seed phrase storage advanced techniques and crypto wallet backup guide resources, seed phrase storage security is the most important security responsibility for any self-custodied wallet.

Hot Wallet vs Cold Wallet: The Right Balance

The correct approach for most cryptocurrency investors is not a binary choice between hot and cold storage but a layered strategy that uses each for its appropriate purpose.

Long-term holdings, the Bitcoin and Ethereum positions held for months or years as the core of the portfolio, belong in cold storage on a hardware wallet. They don’t need to be accessible for frequent transactions, so the convenience of hot storage provides no benefit while the security risk provides no justification.

Active trading capital and DeFi allocations that require frequent transactions belong in hot wallets, sized according to the rule that hot wallet holdings should never exceed what you can afford to lose entirely. Using a dedicated hot wallet for DeFi rather than a wallet that also holds significant savings separates the risk: a DeFi exploit or malicious approval that drains the DeFi wallet doesn’t touch the cold storage holdings.

Some investors use a hardware wallet connected to a browser extension as a middle-ground approach for DeFi: the hardware wallet signs transactions while the private key remains in cold storage. This is more secure than a pure software hot wallet but adds friction to every transaction. As covered in our which cryptocurrency wallet is right for you resource, the right combination depends on your specific usage patterns, holdings size, and technical comfort level.

The general principle: keep the minimum amount necessary in hot wallets for current active needs. Everything else belongs in cold storage.

Setting Up a Hot Wallet Safely

If you are setting up a new hot wallet, several practices during setup significantly reduce your ongoing risk.

Download only from official sources. MetaMask should be downloaded from metamask.io directly. Phantom from phantom.app. Any mobile wallet from the official app store listing linked from the wallet’s official website. As covered in our fake wallet apps and extensions resource, fake wallet apps designed to steal seed phrases during setup exist in app stores and browser extension stores. Verifying the source before downloading is non-negotiable.

Record your seed phrase correctly and securely. Write your seed phrase on paper during setup. Verify it matches what the wallet software shows. Store it in a physically secure location away from the device. Never photograph it, type it into any application, or store it digitally. As covered in our seed phrase resource, the seed phrase is the master key to every address the wallet generates.

Use a dedicated device if practical. A device used exclusively for cryptocurrency management and DeFi interaction, with no other software installed and no general web browsing, significantly reduces the malware attack surface compared to using the same device for all computing activities.

Verify every transaction before signing. Before confirming any transaction from a hot wallet, verify the recipient address, the amount, the network, and the nature of any approval being granted. The few seconds of verification can prevent the permanent loss of funds.

Key Takeaways

A hot wallet is any cryptocurrency wallet whose private keys are stored on an internet-connected device, including mobile wallets, desktop wallets, browser extension wallets, and exchange wallets. Hot wallets are appropriate for active trading capital, DeFi interactions, and small everyday amounts, sized so that the hot wallet holdings never exceed what can be afforded to lose entirely. The security risks of hot wallets include malware, phishing attacks, malicious smart contract approvals, clipboard hijacking, device loss, and seed phrase exposure.

Long-term holdings belong in cold storage on a hardware wallet. Hot and cold storage are complementary rather than competing: the right balance uses each for its appropriate purpose while keeping total hot wallet exposure within the limits of acceptable risk.

For everyday investors who want to understand how to structure their wallet security properly and build habits that protect their holdings from the most common attack vectors, our Runite Tier Membership provides the education, frameworks, and community to develop that understanding. For serious investors who want personalised security guidance covering their complete crypto holdings and a bespoke framework for managing assets across hot and cold storage, our Black Emerald and Obsidian Tier Members receive direct specialist support.

Find out more at shepleycapital.com/membership.

What is the main difference between a hot wallet and a cold wallet?

The primary difference is connectivity; a hot wallet is always connected to the internet for frequent trading and ease of use, whereas a cold wallet is an offline hardware device designed for long-term secure storage. Learn more about the differences between hot and cold wallets here.

Are hot wallets safe for storing large amounts of cryptocurrency?

No, it is generally recommended to only keep small amounts of “working capital” in a hot wallet. For significant holdings or long-term investments, institutional-grade security like a cold storage hardware wallet is essential. Learn how to safely & securely use your crypto wallet here.

Can a hot wallet be hacked?

Yes, because hot wallets are software-based and connected to the internet, they are susceptible to malware, phishing attacks, and exchange-side security breaches if not properly managed.

What are some examples of popular hot wallets?

Common examples of hot wallets include mobile apps like Trust Wallet or MetaMask, browser extensions, and the “web wallets” provided by major exchanges like CoinJar or Binance. Visit our full breakdown of the best Australian crypto exchanges for 2026 here.

Is a hot wallet better than an exchange wallet?

A non-custodial hot wallet (like MetaMask) is generally safer than an exchange wallet because it gives you control over your private keys, though both are still considered “hot” due to their internet connectivity.

How can I increase the security of my hot wallet?

To maximize hot wallet security, you should always enable Two-Factor Authentication (2FA), use unique and complex passwords, and never share your 12 or 24-word recovery seed phrase with anyone.