What is cold storage in crypto?

Cold storage refers to keeping your cryptocurrency private keys entirely offline, disconnected from the internet. This makes it virtually impossible for remote hackers to access your funds. Cold storage methods include hardware wallets, paper wallets, and air-gapped computers. It is the most secure way to hold significant amounts of cryptocurrency long-term.

Why is cold storage safer than hot wallets?

Hot wallets are connected to the internet, which means they are exposed to phishing attacks, malware, exchange hacks, and browser vulnerabilities at all times. Cold storage eliminates this attack surface by keeping your private keys offline. Even if your computer is compromised, an attacker cannot steal funds secured in cold storage without physical access to your device.

What hardware wallets support cold storage?

The most widely used hardware wallets for cold storage include the Ledger Nano X and Ledger Nano S Plus. These devices generate and store your private keys offline, sign transactions internally, and never expose your keys to the connected computer. They are purpose-built for cold storage and are trusted by millions of users worldwide.

How do I set up a hardware wallet for cold storage?

Setting up a hardware wallet involves unboxing the device, downloading the official companion app from the manufacturer's website, initialising the device to generate a new seed phrase, writing down all 12 or 24 seed words in exact order, confirming the phrase on-device, and setting a PIN. Once complete, you can receive cryptocurrency to the wallet's addresses while keeping the device disconnected when not in use.

Can I still access my funds while in cold storage?

Yes, funds held in cold storage are always accessible as long as you have your hardware wallet and PIN, or your seed phrase as a backup. To send funds, you connect your hardware wallet, initiate the transaction through the companion app, and physically confirm it on the device screen. The private keys never leave the device, maintaining security throughout the process.

What is a paper wallet and is it a good cold storage option?

A paper wallet is a printed document containing your public address and private key, often as QR codes. While it keeps keys offline, paper wallets carry significant risks: paper can be damaged, lost, or destroyed by fire or water, and generating them safely requires a fully air-gapped computer. For most users, a hardware wallet is a far more practical and secure cold storage solution.

How do I safely store my cold storage seed phrase?

Your seed phrase should be written on paper using a pen, stored in a sealed envelope in a secure location such as a fireproof safe or bank safety deposit box. Never photograph it, type it into any device, or store it digitally. For high-value holdings, consider engraving the phrase on a metal backup plate designed to withstand fire, flooding, and physical damage.

How much crypto should I keep in cold storage vs hot wallets?

A common approach is to keep only the cryptocurrency you actively use for trading or transactions in a hot wallet, and move everything else into cold storage. If you are holding crypto as a long-term investment and do not need to access it frequently, cold storage is the safest place for it. As a general rule: if losing access to your hot wallet would hurt financially, move those funds to cold storage.

WALLETS & SECURITY

How to Set Up Cold Storage for Crypto

What Is Cold Storage and Why Does It Matter?

Cold storage refers to keeping cryptocurrency private keys in a device or medium that is not connected to the internet. By keeping the keys offline, you remove the primary attack surface exploited by the vast majority of crypto theft: remote access through malware, phishing, exchange hacks, and wallet draining attacks. If your private keys are never on an internet-connected device, they cannot be stolen remotely.

The cold wallet explained resource provides the conceptual foundation. This guide goes further: it walks you through actually implementing cold storage from scratch, covering every practical decision from choosing hardware to verifying your setup is working correctly.

The case for cold storage becomes stronger as your holdings grow. For a few hundred dollars of crypto you are actively trading, a software wallet or exchange account may be adequate. But for meaningful holdings you intend to keep for months or years, the permanent, irreversible nature of crypto transactions makes the small additional effort of cold storage well worth the protection it provides. Not your keys, not your crypto is not a slogan: it is a statement of how crypto custody actually works.

Choosing Your Cold Storage Device

The most practical and widely used cold storage solution is a dedicated hardware wallet: a purpose-built device that stores your private keys on secure hardware and requires physical confirmation for every transaction. Several reputable options exist, each with different features, supported assets, and price points.

Ledger

The Ledger wallet range includes the Nano X (Bluetooth-enabled, mobile-compatible), the Nano S Plus (USB-only, lower price), and the Stax (touchscreen). Ledger supports over 5,000 crypto assets and has the largest user base of any hardware wallet brand. Note: Ledger uses a proprietary secure element chip and has faced criticism for their optional recovery service. For most users, the standard setup without the recovery service is appropriate. The Ledger wallet setup guide covers the complete setup process.

Trezor

Trezor offers the Trezor One (lower cost, USB, supports major assets) and the Trezor Model T (touchscreen, broader asset support) and the Trezor Safe 3 and Safe 5. Trezor is fully open-source, which means its firmware can be independently audited. This transparency is valued by security-focused users.

Coldcard

The Coldcard is a Bitcoin-only hardware wallet designed for maximum security. It supports air-gapped operation (never needs to connect directly to a computer) and is the preferred choice for serious Bitcoin holders. It has a steeper learning curve than Ledger or Trezor but offers features designed specifically for high-security Bitcoin custody.

Other Options

Other reputable hardware wallets include the BitBox, which is open-source and designed for simplicity, and the Tangem card format wallet. The guide to choosing the right hardware wallet provides a full comparison to help you select the best option for your specific needs.

Step-by-Step: Setting Up Your Hardware Wallet

The setup process varies slightly between hardware wallets, but the fundamental steps are the same. Follow these steps carefully, without shortcuts.

Step 1: Purchase Directly from the Manufacturer

Always buy your hardware wallet directly from the manufacturer’s official website or a verified authorised reseller. Never buy second-hand or from third-party marketplaces. A device that has been previously handled could have a compromised seed phrase or altered firmware. How to verify a hardware wallet is genuine explains what to check when your device arrives.

Step 2: Verify the Device’s Integrity

When your device arrives, check that the packaging seals are intact. For devices that support it, verify the device’s authenticity through the manufacturer’s verification process (Ledger provides a verification step in their setup app, Trezor has a similar process). Do not proceed if anything appears tampered with.

Step 3: Generate Your Seed Phrase

Follow the device’s setup wizard to generate a new seed phrase. The device generates the entropy and displays the words on its own secure screen. Write the words down carefully on paper as they are shown. Take your time: accuracy is essential. The device will quiz you on the words to confirm you have recorded them correctly.

Step 4: Back Up Your Seed Phrase Properly

Once you have your seed phrase recorded, store it securely. Paper backups should be stored in a physically secure location, away from potential water, fire, and theft exposure. For long-term resilience, consider a metal backup that is fire and water resistant. The seed phrase storage guide and advanced seed phrase storage techniques cover backup strategies in detail. Never photograph your seed phrase or store it digitally.

Step 5: Set a Strong PIN

Set a strong PIN on your device. This PIN is your first line of defence if the device is physically stolen. Most hardware wallets will wipe themselves after a set number of incorrect PIN attempts, protecting the keys even if the physical device is compromised. A PIN of 8 or more digits provides strong protection.

The Capital Nexus newsletter covers crypto security news, best practices, and how to stay protected in an evolving threat landscape: Capital Nexus Newsletter.

Transferring Crypto from an Exchange to Cold Storage

With your hardware wallet set up and your seed phrase securely backed up, the next step is moving your assets from an exchange or software wallet into cold storage. This step requires careful attention to avoid errors.

Open your hardware wallet’s companion app (Ledger Live, Trezor Suite, or equivalent) and navigate to your receive address for the relevant asset. Your hardware wallet will display this address on its screen: verify that the address shown in the app matches the address on the device screen exactly before using it. This verification step protects you against man-in-the-middle attacks or malware that could swap addresses in the software.

Before sending a large amount, always send a small test transaction first. Transfer a minimal amount, confirm it arrives successfully in your hardware wallet, then proceed with the remaining balance. This test transaction costs very little and eliminates the risk of a large transfer going wrong due to an address error. The complete guide to sending crypto from an exchange to a hardware wallet covers this process in detail for the most common exchanges.

For large transfers, consider breaking them into multiple transactions. A single large transfer is simpler, but multiple smaller transfers reduce the impact of any address error on the first attempt. Once you have confirmed the receiving address is correct with a small test, larger transfers can proceed with confidence.

After the transfer is confirmed on the blockchain, verify the balance in your hardware wallet application. For Bitcoin, wait for 3 to 6 confirmations before considering the transfer complete. For Ethereum, 12 to 30 confirmations provides sufficient finality for most purposes. Check your transaction on the relevant blockchain explorer if you want to verify the confirmation count independently.

Cold Storage Best Practices and Maintenance

Setting up cold storage is not a one-time action. Maintaining the integrity of your cold storage system requires ongoing attention to several factors.

Keep Firmware Updated

Hardware wallet manufacturers periodically release firmware updates that address security vulnerabilities. Check for updates every few months. Before updating, verify that you have your seed phrase backup accessible and confirmed, as firmware updates can occasionally require a device reset. The guide to verifying your hardware wallet is genuine explains what to check before accepting updates.

Verify Your Seed Phrase Backup Regularly

On an annual basis, verify that your seed phrase backup is still legible and intact. Paper backups can fade or degrade. Confirm that you know exactly where all your backups are and that you can still read them clearly. If using a metal backup, confirm it has not corroded or suffered damage.

Keep Your Hardware Wallet’s Location Confidential

The existence and location of your hardware wallet is itself sensitive information. Do not disclose that you hold significant crypto, and do not share where your hardware wallet or seed phrase backup is stored. The not your keys, not your crypto principle extends to information security: revealing that you hold significant self-custodied crypto makes you a target for both digital and physical attacks.

Consider Multiple Backups in Different Locations

A single seed phrase backup in a single location is vulnerable to a single incident: fire, flood, theft, or accidental loss. For meaningful holdings, consider maintaining two or three physically separated backups. The combination of a hardware wallet, a metal seed backup at home, and a second backup in a secure off-site location (safe deposit box, trusted family member’s home) provides a robust protection profile. The full crypto wallet backup guide explains how to structure this.

Verifying Your Cold Storage Setup Actually Works

The most important step most people skip is a full recovery dry run before loading significant funds. This involves simulating the process of losing your hardware wallet and restoring access using only your seed phrase backup.

On a new or reset hardware wallet device, use the “restore wallet” option and enter your seed phrase word by word. Verify that the restored wallet shows the same addresses as your original wallet. For Bitcoin and Ethereum, the receive addresses should be identical to those you recorded during initial setup. If the addresses match, your backup is confirmed functional and your recovery process is verified.

This test should be performed before loading more than a nominal amount into cold storage, and then periodically thereafter. Many people discover backup issues only when they actually need to use them: a misspelled word, a missing word, or a changed derivation path setting that produces different addresses. Discovering these issues during a planned dry run is inconvenient but recoverable. Discovering them during an actual emergency is often catastrophic.

Common Cold Storage Mistakes to Avoid

Several mistakes are common enough among new cold storage users that they are worth explicitly addressing.

Photographing the seed phrase is the most dangerous common mistake. A photo on your phone is backed up to cloud storage, visible to anyone with access to your photo library, and potentially accessible to data breaches in the cloud service. Your seed phrase must never exist in digital form.

Using the same PIN or passphrase as another account. Your hardware wallet PIN and optional BIP39 passphrase should be unique, not reused from any other service. Reused passwords are a common attack vector across all digital security contexts.

Not testing the recovery process before loading significant funds. See the verification section above: this step is critical and should never be skipped.

Storing the hardware wallet and seed phrase backup together. If both are in the same location, a single physical incident loses both simultaneously. The wallet and the backup must be stored separately.

Buying a pre-configured or second-hand hardware wallet. A device whose seed phrase was generated by someone else means that someone else potentially knows your seed phrase. Always generate a fresh seed phrase on a new device you control.

Cold Storage: The Foundation of Long-Term Crypto Security

Cold storage is the baseline security standard for anyone holding crypto as a meaningful part of their financial life. The setup process takes an hour and the ongoing maintenance is minimal. The protection it provides, removing your private keys from any internet-connected attack surface, addresses the most dangerous category of crypto theft.

Build your cold storage setup step by step: choose the right hardware wallet, follow the setup guide for your specific device, back up your seed phrase securely, send a test transfer before moving significant holdings, and regularly check your wallet backup. Every step you take builds resilience. The complete self-custody guide ties all these elements together.

Shepley Capital’s Runite membership is designed for investors building their foundational security knowledge. From hardware wallet setup to long-term portfolio strategy, the platform provides the education you need: View Membership Options.

WRITTEN & REVIEWED BY Chris Shepley

UPDATED: MAY 2026