Pages:
Author

Topic: [Crypto Wallets] Cold and Hot Wallets and their Approach (Read 385 times)

legendary
Activity: 2268
Merit: 18711
it is still an electronic device that may break down or be maliciously altered by firmware you didn't properly verify, and you will lose everything it contained.
That doesn't make it any less of a cold wallet, though. Paper wallets can similarly be damaged or destroyed resulting in total loss.

No matter how expensive it may be, it is unlikely to outlive and outperform in terms of security a piece of paper or metal plate, which can store information written or etched on them indefinitely.
I agree, but that's not really relevant to what is considered a cold wallet. My completely airgapped laptop, which does not even have a WiFi module, Bluetooth module, etc. because I ripped them all out, is very much cold storage.

All things being equal, non-electronic media for storing information is safer than electronic; it is going to be more difficult for hackers to access them remotely, let alone maliciously alter them.
All things are not equal, though. Yes, completely non-electronic means will be safer for storage, but at some point you will want to spend those coins, and the process of importing that seed phrase or private key introduces a number of risks which do not exist in my airgapped computer set up.

Don't get me wrong, I use both methods frequently, but I don't think it's right to say that only paper/metal back ups can really be considered cold wallets.
hero member
Activity: 1722
Merit: 801
There's a typo. He means to say that Trust Wallet is completely closed source, which is true. It is also owned and operated by Binance, which hardly fills me with confidence. I would avoid Trust Wallet at all costs.
I did not know Trust wallet is owned by Binance. I knew that Binance airdropped the token of Trust wallet TWT and months or weeks later made it lively tradeable. But you are right, I searched and found this announcement from Binance in 2018. Binance Acquires Trust Wallet - A Secure Mobile Crypto Wallet

However, being open source allows you to verify that the wallet is doing what you think it is doing. That is impossible with a closed source wallet. With closed source wallets you can only trust them. With open source wallets, you can verify them.
I know but for non technical people, they have to trust on others about quality of open source wallets. It is still better than close source wallets because if an open source wallet has serious suspicious code, tech gurus in community should detect it and inform the community.

Quote
Being open source is necessary, but not sufficient, for a good wallet.
I agree. People naively think all open source wallets are good or open source wallets are always better than close source wallets.
legendary
Activity: 2450
Merit: 4415
🔐BitcoinMessage.Tools🔑
In reality, the QR code contains information pertaining to signing of transaction and nothing more. Or can you prove how a malware can pass through a QR code to infect a cold wallet that is used with only QR code for transaction signing?

The problem with air-gapped devices and hardware wallets, including those communicating information via QR codes, is that they cannot be upgraded this way - in order to install a new version of firmware, you need to use either a USB cable or something like SD card, both of which imply direct injection of physical things into your secure hardware. Once you physically transferred the information onto your device, it stops being "truly" air-gapped since, like it or not, the interaction with the outside world has taken place. It is no different from connecting your cold storage to the Internet since the moment you connected, you can't be entirely sure your device remains safe. Of course, you may choose to never update your device and leave it potentially vulnerable to different attacks, but these attacks can also include remote connection to your air-gapped device, so not upgrading may do more harm than good. All things being equal, non-electronic media for storing information is safer than electronic; it is going to be more difficult for hackers to access them remotely, let alone maliciously alter them.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
I'd prefer to call hardware wallets (both air-gapped and those requiring physical communication) signing devices because this is what they actually do: sign messages. But in my view, "true" cold storage solutions shouldn't have signing capabilities at all because in order to sign secure storage must be paired with software to communicate.
It is not bad to be extra security conscious. You may not see hardware wallet signing transaction using QR code as cold wallet just for your security consciousness. But see this as to what could only lead to a debate or opinions that may be different from other experts.

In reality, the QR code contains information pertaining to signing of transaction and nothing more. Or can you prove how a malware can pass through a QR code to infect a cold wallet that is used with only QR code for transaction signing?

In my opinion, I regard hardware wallet used in that way as a cold wallet. But if you are extra conscious about your security, it can give you the feeling of ease and help you in protecting your coins as you prefer a device that is completely airgapped and not used for transaction signing, but that does not mean that such devices or hardware wallets that are used for transaction signing through QR code not to be regarded as cold wallets.
legendary
Activity: 2450
Merit: 4415
🔐BitcoinMessage.Tools🔑
If I transfer an unsigned transaction to my airgapped cold storage via QR code, and transfer the signed transaction back again via QR code, then my cold wallet is still a cold wallet.
I'd prefer to call hardware wallets (both air-gapped and those requiring physical communication) signing devices because this is what they actually do: sign messages. But in my view, "true" cold storage solutions shouldn't have signing capabilities at all because in order to sign secure storage must be paired with software to communicate. Communication through QR codes is close to ideal because it is both secure enough and convenient, but here is the rub: even though an electronic device stores your keys securely, it is still an electronic device that may break down or be maliciously altered by firmware you didn't properly verify, and you will lose everything it contained. No matter how expensive it may be, it is unlikely to outlive and outperform in terms of security a piece of paper or metal plate, which can store information written or etched on them indefinitely. And given that you can't use paper or metal to sign transactions directly, it makes them a better solution for long-term custody, whereas, with a signing device, you are incentivized to spend and make transactions because why else would you buy a hardware wallet if not for making transactions?
legendary
Activity: 2268
Merit: 18711
It keeps all sensitive keys in an isolated offline environment, which is why many people consider it cold storage, but the necessity to interact with the online world makes it more vulnerable to attacks and is the main reason why it cannot be called a "true" cold storage.
It depends on the hardware wallet. Some, such as Ledger or Trezor, which require to be connected to a computer with internet access, can't be considered as true cold storage. Others, such as Passport, which only interacts via QR code and is never connected to an online device, I would call cold storage.

In the case of cold storage, you more often than not generate your seed offline, create several public keys and addresses, fund them and forget that you have a wallet. The moment you spend from one of these addresses, your cold storage loses its status and becomes rather "hot" since, upon transactional process, you had to somehow interact with the real world.
If you connect your cold wallet to the internet or to an internet enabled device, then sure, it is no longer a cold wallet, but this isn't how you are supposed to use cold wallets. If I transfer an unsigned transaction to my airgapped cold storage via QR code, and transfer the signed transaction back again via QR code, then my cold wallet is still a cold wallet.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
Of all the list of recommended wallets, electrum wallet and hardware wallets are the ones i can recommend for maximum safety and privacy, but just that they were bitcoin only supported wallets
It is true that electrum only supports bitcoin, but there are many (even more) hardware wallets thst support altcoins. For privacy, you would have to run your own node and not depending on SPV wallets.
legendary
Activity: 2450
Merit: 4415
🔐BitcoinMessage.Tools🔑
These are the highly secure personalized wallets used to store the crypto currencies preferred by the users as for storing the long term crypto investments. All hardware wallets are cold wallets as these wallets are offline wallets due to this feature these wallets are considered as most secure type of wallets.
The hardware wallet is nothing else but a convenient tool to interact with the transaction data, namely, it is primarily used for signing unsigned transactions and generating and storing cryptographic keys. It keeps all sensitive keys in an isolated offline environment, which is why many people consider it cold storage, but the necessity to interact with the online world makes it more vulnerable to attacks and is the main reason why it cannot be called a "true" cold storage. In the case of cold storage, you more often than not generate your seed offline, create several public keys and addresses, fund them and forget that you have a wallet. The moment you spend from one of these addresses, your cold storage loses its status and becomes rather "hot" since, upon transactional process, you had to somehow interact with the real world. Just create another cold storage, and you're fine. With hardware wallets, you continuously interact with the real world, exposing your transaction data to the Internet and implicitly associating this data with your hardware wallet via some type of communication. Basically, you make "hot" transactions in a very secure manner that unlikely is going to lead to key leakage. But still, you take an action, you touch your funds, and you risk losing your funds upon interaction.
hero member
Activity: 714
Merit: 521
Of all the list of recommended wallets, electrum wallet and hardware wallets are the ones i can recommend for maximum safety and privacy, but just that they were bitcoin only supported wallets and i like the fact that you have access in taking charge of your assets eith your keys in your hands, the one i will like to aleays avoid is in using hot wallet as storage, they are as simply risky as usual an online storage services like drop box, iCloud etc for securing your asset, which is taking risk in it highest order, pls let's try and avoid that.
legendary
Activity: 2268
Merit: 18711
I don't understand this.
There's a typo. He means to say that Trust Wallet is completely closed source, which is true. It is also owned and operated by Binance, which hardly fills me with confidence. I would avoid Trust Wallet at all costs.

Trust depends on each person and even close source or open source, that does not decide quality of that wallet (security, privacy, convenience ...).
Sure, but with open source wallets you don't need to trust them.

Being open source doesn't automatically make a wallet safe or even safer than a closed source wallet. However, being open source allows you to verify that the wallet is doing what you think it is doing. That is impossible with a closed source wallet. With closed source wallets you can only trust them. With open source wallets, you can verify them.

Being open source is necessary, but not sufficient, for a good wallet.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
People can trust or not trust any open or close source wallet and I am sure not all crypto users are developers so they don't know how to check codes from open source wallet. That means they can prioritize to choose open source wallet but most of them do it only because they simply trust open source wallet is better than close source. They depend on trust and review of others.
This should not be about what majority are using, but about the ones that are better to be used. Unfortunately, many people are going for convenience, but they do not know what is happening when they are making use of a wallet.

The use of a walket should not be about trust, you do not have to trust a developer that do not make the source code of the wallet they developed to be available to the public to see. Definitely some developers are available to view the code and check for vulnerabilities.

If close source wallet is having spyware, how are you going to know? How are other developers that have interest to review the code going to know if it has spyware and other malware included, no one would know.

Because a wallet is open source, that does not mean it is not vulnerable, only the ones I mentioned are recommended by people that have reviewed the code and the bitcoin community supporting them, not just that I recommend an open source wallet, use the one that the community also recommend.

But for close source, none should be gone for because you do not know what your wallet is doing internally because you can not check the code, other developers can not check the code, no one can check the code. Trust transparency, not close source, close source wallets have no transparency.
hero member
Activity: 1722
Merit: 801
For bitcoin hot/online wallets, I will recommend open source ones, Trustworthy is completely close source wallet, not worth going for, but some people that are having altcoins may not have much alternatives.
I don't understand this.

Trust depends on each person and even close source or open source, that does not decide quality of that wallet (security, privacy, convenience ...).

People can trust or not trust any open or close source wallet and I am sure not all crypto users are developers so they don't know how to check codes from open source wallet. That means they can prioritize to choose open source wallet but most of them do it only because they simply trust open source wallet is better than close source. They depend on trust and review of others.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
Maybe you could find this helpful: Lists of open source hardware wallet

Those are lists of recommended hardware wallets.

For privacy, I will advice people not to go for Ledger Nano, but if they do not care about privacy, it is not a bad wallet to go for.

For bitcoin hot/online wallets, I will recommend open source ones, Trustworthy is completely close source wallet, not worth going for, but some people that are having altcoins may not have much alternatives.

For bitcoin, you can go for Electrum wallet. Bluewallet is also worth going for.



Pooya87 has commented about this already, that bitcoin is not stored on wallet. Wallet generates the seed phrase, seed, keys (private keys and public keys) and addresses. Bitcoin is stored on the blockchain where all bitcoin transactions are stored.
legendary
Activity: 3472
Merit: 10611
Crypto wallets are the more advanced form of digital wallets where a device or protocol is used to store public and private keys for storing different types of cryptocurrencies.
Technically you don't store cryptocurrencies in your wallet or keys, they are stored on the blockchain and your key "unlocks" or spends them.

Dear already explained in the post that its an exchange based wallet main perpouse is trading consider as centralized wallet people use to store funds in it for trading perpouse.
Technically we don't consider those to be wallets, they are accounts since you have no control over your own money.
legendary
Activity: 2702
Merit: 3045
Top Crypto Casino
Cons of Cold Wallets:
..
These Wallets are expensive
This is true for hardware wallets but not for all types of cold wallets. For example, paper wallets are also cold wallets and you can have as many of them as you want for free.
Quote
Trust Wallet: Decentralized Self Custody Wallet. Used for Every Type of Cryptocurrency.
TrustWallet supports many coins and blockchains but not all of them. For example, it does not support monero (xmr).
Electrum can also be used as cold storage. Check this guide:  https://electrum.readthedocs.io/en/latest/coldstorage.html

I strongly suggest you remove binance from the list of hot wallets because it's an exchange not a wallet (as JeromeTash said) and it's never recommended to store coins on exchanges.
legendary
Activity: 2492
Merit: 1232
Cold Storage Wallets:

These are the highly secure personalized wallets used to store the crypto currencies preferred by the users as for storing the long term crypto investments. All hardware wallets are cold wallets as these wallets are offline wallets due to this feature these wallets are considered as most secure type of wallets.

Hardware Wallets are example of Cold storage
In addition, paper wallets and the fully air-gapped device could be a cold wallets too.
There's no secure wallet if you lack knowledge about storing your Bitcoin, you must have knowledge first before you called it secure while keeping them.

I believed the most secure hardware wallets were open-source wallets, check this Open Source Hardware Wallets or this for the [BIG LIST] Hardware wallets (80+).

Remember that isn't ideal to leave your coin on the exchange even though you think it's a hot wallet, use instead a noncustodial wallet as your hot wallet and Electrum is very suitable for this.  The golden rule of crypto must be followed "Not your keys, Not your coin".
legendary
Activity: 2380
Merit: 5213
No sir Alphanumeric means the address of the Wallet/ Public key is based on mixed characters i think i should edit it and use character on the behalf of Words. Thanks for mentioning anyway.
Simply a crypto wallet address/ public key is combination of alphanumeric characters from 27 to 37 ranges.
You are again wrong. A bitcoin address can have more than 37 characters.

Native segwit single-signature addresses include 42 characters.
Native segwit multi-signature addresses and taproot addresses include 62 characters.
legendary
Activity: 966
Merit: 1042
#SWGT CERTIK Audited
Binance: Centralized Hot Exchange Wallet. Support Coins listed for trading.  
My friend. Binance is not a wallet. Don't even think of it as a wallet, and it shouldn't even make it to this list, or else you are going to mislead newbies. Binance is just a crypto exchange or broker as some people refer to it.

Dear already explained in the post that its an exchange based wallet main perpouse is trading consider as centralized wallet people use to store funds in it for trading perpouse.

Simply a crypto wallet is combination of alphanumeric words from 27 to 37 ranges.
What do you mean by "combination of alphanumeric words"? Can you please elaborate more on this?
Do you mean seed phrase? If so, a seed phrase usually includes 12 or 24 words.

I think i made a few grammar mistakes but that one is fixed

No sir Alphanumeric means the address of the Wallet/ Public key is based on mixed characters i think i should edit it and use character on the behalf of Words. Thanks for mentioning anyway.
legendary
Activity: 2338
Merit: 1261
Heisenberg
Binance: Centralized Hot Exchange Wallet. Support Coins listed for trading. 
My friend. Binance is not a wallet. Don't even think of it as a wallet, and it shouldn't even make it to this list, or else you are going to mislead newbies. Binance is just a crypto exchange or broker as some people refer to it.
legendary
Activity: 2380
Merit: 5213
Simply a crypto wallet is combination of alphanumeric words from 27 to 37 ranges.
What do you mean by "combination of alphanumeric words"? Can you please elaborate more on this?
Do you mean seed phrase? If so, a seed phrase usually includes 12 or 24 words.
Pages:
Jump to: