Skip to Content

The CryptKi Academy

Types of wallets: hot, cold, multisig, custodial

Categories explain less than you think

Once you understand what a crypto wallet is, a follow-up question naturally surfaces: not all wallets work the same way.

Some are immediate and ready at a tap. Others are slower by design, more deliberate and more protected. Some live on a single device; others require coordination between people, systems, or physical objects kept apart.

These differences go deeper than convenience. They reflect a single underlying question: where do the keys live, and how is signing authority exercised?

Illustration of hot, cold, multisig and custodial wallets

Hot wallets

A hot wallet is connected to the internet. It runs on an online device: a phone, a laptop, or a browser extension.

That connectivity is precisely the point. Hot wallets are built for speed and ease, allowing quick interactions with applications, services, and blockchain networks without much friction.

The trade-off is exposure. An online device can be compromised. If it is, the keys it holds may be too. The blockchain keeps functioning perfectly well; it is the environment around the wallet that can fail.

For a deeper comparison of connectivity and security trade-offs, see Hot vs cold wallets.

Cold wallets

A cold wallet does the opposite: it keeps keys offline, isolated from anything connected to the internet.

In practice, a transaction is usually prepared on a connected device, but signing happens separately, in isolation. Only the signed instruction travels to the network. The keys themselves never touch an online system.

This reduces the attack surface considerably. Cold wallets trade convenience for protection, and they are typically used where that trade-off makes sense: long-term storage, larger holdings, or situations where the cost of compromise is high.

What "cold" actually means

The word "cold" refers to key exposure, not to any particular shape or device.

Hardware wallets are the most familiar implementation, but they are not the only one. A wallet is also considered cold if keys are generated and stored on a machine that has never been connected to the internet: an offline computer, a dedicated isolated environment, or a carefully managed air-gapped setup.

What all of these approaches share is the same defining property: private keys are never exposed to a connected system.

Hardware wallets exist because they make that isolation practical and consistent, especially for people who do not want to manage a fully offline setup themselves.

Multisignature wallets

A multisignature wallet requires more than one approval to authorise an action.

Instead of a single key controlling everything, several independent keys are involved. A transaction only becomes valid once a predefined number of those keys have signed it, for example two out of three, or three out of five.

That changes the security model entirely. Compromising one key is no longer enough to take action.

Multisignature setups are commonly used for shared custody, organisational funds, or any situation where distributing control matters more than speed. They remove the single point of failure that comes with holding everything in one place.

For a deeper exploration of these models, see Multisignature wallets.

Custodial wallets

A custodial wallet hands key control to a third party, typically an exchange or a platform. The provider manages the infrastructure, the security, and the access.

From the outside, it can feel reassuringly familiar: a password to remember, an account to recover, a support team to contact.

But underneath that familiarity, users are relying on the provider's internal policies and controls. The blockchain does not enforce those protections. They exist entirely outside the protocol, at the discretion of the company.

Understanding these trade-offs is closely related to the risks discussed in Centralized exchange risks.

How these types overlap

Wallet categories are not mutually exclusive, and real-world setups often combine them.

A wallet can be hot and custodial. It can be cold and non-custodial. It can be multisignature and partially custodial at the same time.

The label matters less than what it points to: who can act, under what conditions, and where the keys are exposed.

Understanding those details helps avoid false assumptions about safety and risk.

How different wallet types shift the same authority

Whatever the setup, all wallets interact with the blockchain in exactly the same basic way: they produce cryptographic proofs that authorise state changes. The protocol evaluates those proofs identically, without knowing or caring how they were created.

What changes between wallet types is not the validation, but the exposure. Hot wallets, cold wallets, multisignature setups, and custodial services each define when and how signing authority can be exercised.

In a hot wallet, authority is continuously accessible. In a cold wallet, it is isolated and activated deliberately. In a multisignature setup, authority is distributed across multiple holders. In a custodial wallet, it is delegated to someone else entirely.

The blockchain sees none of this. It only sees valid signatures.

Risk therefore lives entirely in the structure around signing. The protocol stays neutral. Wallet types determine where authority can fail, not how it is judged.

Illustration representing key takeaways and summary points

Key takeaways

  • Wallet types differ by connectivity and control structure.
  • Hot wallets prioritise convenience.
  • Cold wallets prioritise isolation.
  • Multisignature wallets distribute authorisation.
  • Custodial wallets delegate control to intermediaries.

Browse all articles:
Academy index 



Find out more

CryptKi Academy full index - Browse all articles


Some tools exist to help manage private keys.

If you want to see concrete examples, you can explore our shop.

Your Dynamic Snippet will be displayed here. This message is displayed because you did not provide enough options to retrieve its content.