In the real world, the wallets in our pocket hold physical cash and coins. In the crypto world, this isn’t exactly the case. Digital asset wallets don’t physically hold our cryptocurrencies or NFTs – they actually store the public and private keys needed to buy digital assets and provide digital signatures which authorize each transaction. Your assets are stored on public blockchain networks, and your private keys give you that access to those assets.
The way you choose to secure your private keys – the cryptographic hashes that give you access to your assets – is what determines the safety of your assets. For this reason, it’s extremely important to understand the different wallet types available, and which one may be most suitable for you or your client.
Wallets can have different temperatures – which measures the degree of accessibility to the wallet through the network/servers, and hence, the exposure to potential unauthorized access in the case of a breach in the infrastructure to which the wallet is connected. There are hot, cold, and warm wallets, each with varying levels of security and accessibility.
Hot wallets are connected to the Internet, and the private keys needed to authorize transactions are stored online via the respective application. Hot wallets can include web-based, mobile or desktop wallets. They are easy to use, and allow quick access to sign transactions using private keys, minimizing the latency to sign and broadcast transactions to the blockchain. So investors that require quick and frequent trading of their assets can look to hot wallets.
The biggest, and possibly the most important, downside of hot wallets is the security risk. Wallets connected to the Internet expose the investor and their assets to the hidden vulnerabilities of computer networks, and can be targeted by hackers or malware programs.
For investors holding large amounts of assets such as institutional investors, it is not considered best practice to utilize hot wallets.
Cold wallets are offline wallets, with private keys stored in devices not connected to the Internet. This can include paper or hardware (usually a USB/bluetooth device) wallets. They are usually hosted on “air-gapped” platforms or devices to minimize the risk of cyberattacks and unauthorized access. This means physical access to the wallet device itself would be required for the assets to be compromised.
While cold wallets maximize security, it comes with the cost of decreased convenience and accessibility. They often require an average 1-2 days to execute fund transfers, and aren’t the best option to support frequent trading of assets.
When evaluating the use of cold wallets, there are three key factors that should be considered:
Warm wallets offer the best of both worlds, combining the speed of hot wallets with the security of cold wallets. With warm wallets, private keys are still held online, but additional security measures such as whitelisting (only process transactions to whitelisted addresses), transaction policies (e.g. size/frequency of transactions), Hardware Security Modules (HSM) and multi-signature authentication are implemented.
Investors struggling to choose between hot and cold wallets can look to warm wallets as a viable solution to strike a balance between security and accessibility.
Hex Safe, our bank-grade platform dedicated to securing and managing clients’ digital assets, offers a multi-wallet architecture to ensure that our custody solutions are tailored to each clients’ unique organizational needs. Hex Safe currently offers Zerokey wallets and cold storage solutions.
Zerokey wallets are offered to clients looking for near-instant access to their assets while leveraging enhanced security. Hex Trust’s Zerokey wallets are all generated using a Hardware Security Module (HSM), with no keys stored on any server. Our HSMs have an integrated Key Management Server (KMS) which encrypts, wraps, and stores private keys in a safe and secure manner. Zerokey wallets are also protected by the use of Yubikeys, hardware security tokens used to authorize all transactions. This is based on an M/N consensus algorithm, where N is the number of authorized keys and M is the threshold number of keys required to sign each transaction. This allows organizations to distribute the responsibility of authorized signers to multiple individuals, preventing any one individual from being in full control of their funds.
For clients looking to maximize the security of their digital assets, Hex Trust offers offline cold storage solutions. Cold storage wallets are also generated on an HSM, and the wallet private keys then go through key sharding. Each shard is stored in a separate location to eliminate any single point of failure. Cold storage is also protected with Yubikeys, which enables the M/N consensus algorithm for additional security measures. Hex Trust’s in-house Operations team executes every clients’ transactions via a strict and robust procedure, with around 4 hours needed for clients to access their funds from cold storage.
Hex Trust is a fully-licensed digital asset custodian that provides solutions for protocols, foundations, financial institutions, and the Web3 ecosystem. We have offices in Singapore, Hong Kong, Dubai, Italy, and Vietnam.