When it comes to crypto wallets security isn’t just a concern, it’s a necessity. In today’s world everything is digital and everything is connected to the internet, which means it’s hackable. Threats from cyber criminals loom around every corner so it’s critical that your digital assets are secured by the best cold storage wallet possible.
Contents
The Top 3 Cold Crypto Wallets Ranked
BitBox02: Best Cold Storage Wallet
The BitBox02 is made by BitBox (formally Shift Crypto) and comes in two versions, the BitBox02 Bitcoin-only edition and the BitBox02 Multi edition. While the hardware for each is identical, the Bitcoin only firmware is entirely dedicated to Bitcoin (with no support for other cryptocurrencies) with the Multi edition supporting other cryptocurrencies as well as Bitcoin.
It’s one of only two hardware wallets that scores perfect marks in all our tests and has support for a ton of great features. In fact, it has so many security features that we couldn’t cover them all in our review and its support for Multisig is unmatched.
Highlights
- Low key, incredibly small and stealthy design
- Aces all privacy & security test we could throw at it
- Great touch button interface and screen
- Unmatched support for Bitcoin Multisig wallets
- Simple and widely supported desktop and mobile app
BitBox have managed to put bleeding edge, advanced security into a totally noob friendly point and click package. Inside its deceptively simple and ordinary packaging, they’ve brought a world class Bitcoin hardware wallet experience to the table and it should be at the top of everyone’s list when it comes to storing your crypto assets.
Foundation Passport: Best Premium Cold Storage Wallet
The Foundation Passport is a hardware wallet made by Foundation Devices that scores top marks in all our tests. While it looks like an old Nokia phone (great for a bit of nostalgia!), it has a premium design and feel to it and can perform all functions while never being connected to a computer. It also has a companion envoy mobile app, but can be used without this for all functions if you prefer.
This is Foundation Devices second iteration (also called Batch 2) and has a number of upgrades over the original Founder’s Edition Passport such as a rechargeable battery, more refined design and a color screen.
This highly secure hardware wallet allows you to sign your transactions by scanning a QR code thanks to its rear camera. Its robust security model ensures your seed words are also securely generated and stored.
Highlights
- Super premium materials, design and feel
- Aces all privacy & security test we could throw at it
- 100% fully air gapped design, from seed generation to signing to firmware updates
- Beautiful design with a big buttons and a clear color screen
- Is so solid it can double as a brick to knock people out
The Passport is a top of the line hardware wallet with a serious Nokia complex. With no USB data connectivity or wireless communications of any kind it’s a Bitcoin only, fully air gapped wallet that only communicates via QR codes or microSD card.
The Passport is a unique, well designed and built hardware device. Whether you’re a beginner or expert user we’d absolutely recommend it. It’s fully open source, has excellent seed generation and storage security and works with a wide range of third party software wallets via it’s QR code and microSD port functionality.
Coinkite COLDCARD Mk4: Most Feature Rich Bitcoin Wallet
The COLDCARD Mk4 is one of the most popular, long standing and well known hardware wallets out there, and for good reason too. On its 4th generation Coinkite is tirelessly continuing its never ending quest for a more secure, more feature rich Bitcoin only wallet. From trick PINs to safety LEDs to literal parts of the hardware device that you can destroy to permanently turn off certain features, it’s got it all.
Custom built from the ground up for fully air gapped operation, it comes in a bunch of different colors, has a number of accessories and scores near perfect marks in our privacy and security tests. The only part they fall down on is that their software is publicly visible, but not fully open source.
Beyond that they have every feature under the sun and even go so far as to minimize third parties for things like packing and shipping to help ensure customer details are not leaked as much as possible. The COLDCARD Mk4 is also supported by the top third party wallets and pairs excellently with mobile wallets due to its NFC feature.
Highlights
- Unmatched feature set and third party wallet support
- Near top marks for privacy & security
- 100% fully air gapped design, from seed generation to signing to firmware updates
- Big buttons and incredibly well thought out hardware design
The COLDCARD Mk4 is yet another top contender in the hardware wallets category and while its screen might be a bit small for some, it more than makes up for this in features and support. Being Bitcoin only and with a focus on simplicity its software has a very small attack surface area which further contributes to its industry leading security.
To the untrained eye you might just think it’s a weird looking calculator, but this unique crypto wallet is fantastic for those who want to take their security to the next level.
New Cold Wallets Coming Soon
Trezor Safe 3
Just released and due to start shipping in the last quarter of 2023, the Trezor Safe 3 looks like it’ll be a top notch new hardware wallet. Trezor has been around for over 10 years now and were the ones who created the first hardware wallet. They have an amazing history of solid (and safe) cold wallets so it’s not surprising to see this new one hit all the right points.
While its screen isn’t as premium as the Model T, it’s a great deal cheaper and is the first hardware wallet they’ve designed that has a secure element chip inside it. While they’ve previously refused to use secure elements in the past, this new one allows them to publish potential vulnerabilities.
We’ve also managed to source the OPTIGATM Trust M (V3) chips from a producer that does not restrict us from freely publishing potential vulnerabilities, so we can stay true to our open source philosophy.
COLDCARD Q
Upping the ante somewhat this year Coinkite, makers of the COLDCARD Mk4 have now announced that a new COLDCARD Q. The Q is bigger and much more equipped than the Mk4 with dual microSD card slots, a full qwerty keyboard and a much bigger screen.
It also features a camera to scan QR codes, NFC like the Mk4 and is powered by replaceable AAA batteries. Given Coinkite’s fantastic track record in the hardware wallet industry we can’t wait to see what this beast of a unit can do!
Ledger Stax
Equipped with a curved e-ink touchscreen, the Stax is built not just for crypto storage but also for NFTs as well. As a hardware wallet doesn’t need a super high refresh screen, e-ink makes a lot of sense and with a battery, wireless charging and Bluetooth it should enable a great mobile wallet experience.
Unfortunately Ledger still insists on doing very questionable things when it comes to storing your private keys. Their latest Ledger Recover fiasco has highlighted major flaws in their closed source code design and has prompted them to open it up a bit more.
They still don’t allow for fully open and reproducible builds though, which is why we do not recommend using any Ledger products, including the Stax.
How Do Cold Storage Wallets Work?
Cold storage wallets are physical devices in meatspace that do one thing, generate, manage and secure your private keys. You never want your private keys touching that revolting, malware infested computer/phone of yours trust us.
Hardware wallets are cheap ($60+ USD) and easy to setup and use. They can take many different forms and there’s no universally agreed upon style just yet. Some look like calculators, others like a USB flash drive and some even look like old Nokia phones!
At their heart most have a secure element chip that is used to store your private keys offline and away from any device connected to the internet. By separating your private keys, it means that even if your computer is hacked, your funds are still kept safe. Cold wallets are the safest crypto wallet type and allow you to securely store your funds over long periods of time.
Hot Wallet Vs. Cold Wallet
Cold and Hot Wallets are crypto wallets that differ based on whether or not they’re connected to the internet.
A hot wallet is one that runs on any internet connected computer, phone, exchange or other program and has no hardware wallet protection. They can be custodial or non-custodial and most mobile wallets or desktop wallets out there are hot wallets. As the private keys are kept in the software, they are highly vulnerable to malware or hackers. It is recommended not to keep a large amount of funds in hot wallets.
A cold wallet is a type of wallet that runs on any computer, phone, exchange or other program and has a hardware wallet component to it that stores your private keys offline. They can be custodial or non-custodial, but the critical difference is that the private keys are kept physically separate from the internet connected software wallet component. They are highly resistant to malware and hackers.
How To Choose The Best Cold Wallet
A few major considerations you should weigh up before just purchasing any random hardware device you find on the internet include:
- True Randomness Generation: It should uses two independent sources of randomness (or more) for your private key generation. One of the main purposes of hardware crypto wallets is to generate your private keys, this needs to be next level grade bullet proof! A poorly generated private key is a huge security hole
- Open Source: Its code should be 100% viewable for you or any other security researcher to review and interrogate. Open source code, vetted over many years is one of the top ways to ensure a secure environment
- Verifiable Software Binaries: It should have verifiable software binaries and PGP key signature checking with easy to follow instructions on their website. This allows you to verify that the software you’re downloading from their website hasn’t been maliciously altered or tampered with
- Uses Interoperable Standards: It should use common, industry standards such as BIP39 for its seed phrase words to allow for interoperable use in case there’s any reason to migrate away from that hardware vendor (eg they go bankrupt / get taken over / start acting stupid). To help with this, check out the major software wallets out there and see which devices they integrate with
- Reasonable Company History: The company itself should have been around for at least 5 years or more and the more revisions of the hardware they have, the better (eg. COLDCARD is up to “Mk4” while BitBox is up to “02” now). This hopefully ensures (but doesn’t guarantee) that hardware level issues have been resolved at the source and that the hardware and software have had most of their main kinks sorted out. You should also review their general practices like storage of customer data, history of how they handle security breaches and how they work with the security community in general
- Works With Standard Wallets: It should work with any industry standard third party Bitcoin wallet such as Sparrow Wallet. You should not be locked into using only their bundled software wallet program as this can be both a privacy risk and a problem if the company ever runs into troubles
- Full Bitcoin Node via Tor Support: It should fully support you connecting it to your own Full Bitcoin Node via Tor. This is vital for Advanced and Expert levels both for privacy and security and many hardware wallets “experts” recommend such as the Ledger don’t do this!
- Easy Import / Export: It should fully support importing and exporting of all required info (Including Coin / UTXO Labels) for easy backup and restore, especially across various third party wallets (eg exporting from their wallet app and importing into a third party wallet) and for Multisig wallets that require more detailed backup information than single signature ones
- Multisig Support: It should fully support Multisig Wallets as well as xPub / Watch Only wallets and this support should extend to the standardized third party wallets as well
- Labeling And Control Of Coins: It should fully support labeling of coins (UTXOs) and being able to control which coins you spend either through their own app or through a standardized third party wallet
- Purchase Only From The Supplier: It should come in a tamper evident bag directly from the supplier and no one else. Do NOT buy from other random online sellers, eBay, forums or any other source
- Consider Physical Size: When choosing a device many people prefer large screens to enable easier reading / interaction, but be aware that the larger the device is, the harder it is to store / hide. It will also likely be more expensive too
Pro Tip: Don’t buy a cold wallet with your real world identity
If the company gets hacked, your identity is forever linked to “this customer has so much crypto they needed to buy a cold wallet” = huge target. A recent example of this is how Ledger had all their customer data stolen. Now all those people are forever at physical risk with criminals knowing the names, addresses, emails and more. Not cool!
That company may also link your identity and funds to that hardware crypto wallet and monitor your device / addresses / balance / transactions via their software (eg. Ledger Live)… which they then pass on to governments, third parties etc.
Buying the crypto wallet without revealing your own real world identity is a one time, highly beneficial security enhancement that ensures knowledge of your stash is never revealed no matter how many times they get rekt.
Most crypto wallet manufacturers will accept Bitcoin too making this a relatively easy way to protect yourself. Make up a name, create a one time Proton.me email account via Tor Browser, pay via Bitcoin you obtained via a non-KYC source and you’re set!
Do I Need A Crypto Wallet?
Not your keys, not your coins
Yes. At a minimum you will need a software wallet to send and receive bitcoins. These wallets should also hold your private keys which you need to keep secure. If you’re holding anything more than pocket change we recommend buying one of the dedicated hardware wallets listed above or on our Crypto Wallets page.
This will ensure that your private keys are stored offline and not on anything that’s connected to the internet, increasing security. Many crypto users either leave their digital assets on exchanges or in a software only “hot wallet” and as a result, get hacked and lose their crypto.
Card Based Cold Storage Wallet
A popular type of hardware wallet that’s often used for cold storage are card based ones. This type of cold storage device is much safer than having your funds in a hot wallet, however we don’t usually recommend them as they usually don’t have a screen.
It’s critical that your crypto wallet has a screen in order to display your receiving address. If your computer or mobile device is compromised, then an attacker can simply show you their address and you’ll send your funds to them instead of yourself.
In order to prevent this, a hardware wallet should derive a new bitcoin address from your own private key each time you receive funds and be able to display it to you on a screen that’s separate from any device that’s connected to the internet. This way, you can compare what’s on your hardware devices screen to the address you’re sending the funds to and verify that they match.
Card based crypto wallets without a screen cannot perform this vital function and so should be avoided if you’re dealing with serious funds. They can be handy as an additional layer of security for small amounts, but we generally just advise readers to go with ones that have a screen.
What Cryptocurrencies Can You Store In Cold Wallets?
What cryptocurrencies you can store depends on what cold hardware wallet you purchase. Some like the Foundation Passport or COLDCARD Mk4 only store Bitcoin as this helps to reduce the amount of attack surface area and allows for a more secure device.
Most cold wallets do allow you to store other cryptocurrencies on them as well, such as the BitBox02 that supports over 1,500 different coins and tokens. That being said, we don’t recommend readers purchase or store any other digital assets besides Bitcoin as they are frequently involved in pump and dump schemes or other scams.
How Do I Deposit & Withdraw From A Cold Wallet?
Once you receive your cold wallet, it will have setup instructions that will walk you through how to send and receive your bitcoin. Most crypto wallets connect via a USB cable but there are also a number of other hardware wallets that are Airgapped and transmit data via QR codes or microSD cards.
Most allow you to connect it to a companion app that runs either on your mobile device or laptop and from there you can generate receive addresses to receive your digital assets as well as use your hardware wallet to sign and send them too.
FAQ
What Is The Most Secure Cold Crypto Wallet?
There’s dozens of crypto cold wallets out there, however the vast majority of them aren’t that secure. We make sure to test how each crypto cold wallet generates and stores your seed phrase as this is keeps your private keys safe. The winners are the ones that get top marks on our Crypto Wallets page.
What Is The Easiest Cold Storage Wallet To Use?
While there’s no universal industry standard when it comes to cold wallets, most follow a similar, simple setup and signing workflow with some stand outs being the BitBox02, Foundation Passport, COLDCARD Mk4, Jade and SeedSigner. All of them are extremely easy to use with extensive guides and support articles from the manufacturer.
Is A Cold Storage Wallet Worth It?
Yes. If you’re wanting to store your bitcoin with maximum security, we strongly recommend you use a cold wallet. They separates your private keys from the internet and store them in a dedicated, secure device that’s custom built to keep them safe.
What Is The Best Ledger To Store Crypto?
None. Ledger has had numerous issues in the past that demonstrate they are not a good way to securely and privately store your crypto. We don’t recommend readers use their products and instead suggest they use cold wallets that are rated the highest on our Crypto Wallets page.
Should I Keep My Crypto In A Cold Wallet?
Yes. When you store private keys in a cold wallet it isolates them from any internet connected devices and helps to greatly increase the security of your digital wallet. In contrast, an online wallet is highly susceptible to hacking and having your funds stolen or lost.
Is Coinbase Wallet A Good Cold Wallet?
No. While Coinbase Wallet is a cryptocurrency wallet, it’s not a cold wallet. A cold wallet requires you to hold your own private keys in offline storage. As Coinbase wallet is connected to the internet and a custodial service, it’s not recommended to use for storage of any amount of funds.
What Are The Disadvantages Of Cold Storage Wallets?
While cold storage wallets hugely increase the security of your digital assets, they can also make spending them slightly harder. This isn’t usually an issue as most people are happy to trade some friction for the added security. A crypto hardware wallet will also cost money and require some minor upkeep and added complexity such as remembering a PIN code.
Can Cold Wallets Be Hacked?
Yes. There have been many reports of bugs and hacking of cold wallets, however virtually all of them require the attacker to be in physical possession of the hardware wallet and also have expensive, highly technical equipment in order to crack it. As such, it’s recommended that you store your crypto wallet in a secure location such as a safe.
Where Do I Keep My Cold Wallet?
Cold wallets are best stored in highly secure locations such as a fire proof safe. While they are normally protected by a PIN code, giving attackers physical access to the device is a major security risk. The more security, cameras, alarms or even security guards you can get, the better.
Can You Lose Crypto In Cold Wallet?
Unfortunately, yes. This is usually a user error rather than the cold wallet as users can lose their device, forget their PIN code, not backup their seed phrase properly or many other common mistakes. We recommend you ensure your seed phrase is backed up on at least laminated paper in two separate, secure locations to prevent loss of funds.