The actual distinction

"Cold wallet" and "hot wallet" are imprecise terms that hide what they actually mean. The real distinction is whether the private key has ever been connected to a device that has internet access. A cold wallet's key has not. A hot wallet's key has.

Everything else — hardware, software, mobile, desktop, paper — is implementation detail.

The three categories that matter

  • Hot wallet. Key generated and stored on an internet-connected device. MetaMask, Trust Wallet, Coinbase Wallet, Phantom — all hot. The convenience is total: sign a transaction in three seconds. The risk is also total: any malware on the device, any phishing site that gets the seed, any browser extension with too-broad permissions — and the key is gone.
  • Warm wallet (hardware wallet). Key generated and stored on a device that signs transactions in isolation. The signing device connects to a computer briefly to sign, but the key never leaves the device. Ledger, Trezor, Keystone, Coldcard. The convenience is good: sign in fifteen seconds. The risk is bounded: the key cannot be exfiltrated through the device's USB or Bluetooth connection in any documented attack on current models.
  • Cold wallet (air-gapped or paper). Key generated on a device that has never been connected to the internet, or written down on paper at generation time and the generating device wiped. Sparrow + an air-gapped laptop, or a Coldcard signing via microSD card. Convenience: low. Risk: lowest possible.

The allocation by holdings

For most US holders in 2026, the working ratio is: hot wallet for under $500 (gas, daily DeFi); warm wallet for the bulk of holdings; cold wallet for the long-term reserve you do not touch for 1+ years.

The percentages: 5% hot, 75% warm, 20% cold for a typical holder. For a holder with $5M+: 1% hot, 30% warm, 69% cold with multisig.

The migration when value crosses a threshold

The thresholds where most holders should upgrade their custody:

  • $500. Move out of exchange custody into a hot wallet you control.
  • $5,000. Buy a hardware wallet. Move the bulk to warm.
  • $50,000. Add a BIP-39 passphrase. Add a multisig setup or at least geographic separation of the recovery seed.
  • $500,000. Two-of-three multisig becomes the default. Add an estate-planning layer (executor, attorney, sealed instructions).
  • $5,000,000. Hire a security consultant. The threat model now includes physical attacks and targeted social engineering.

The myth of "100% cold storage"

Even Bitcoin maximalists who claim 100% cold storage have a hot footprint somewhere — the exchange account they used to buy the BTC, the Coinbase Pro/Kraken statement that shows transfer history, the wallet client that displays balances even if it cannot sign. The defensive goal is not zero hot exposure; it is minimal hot exposure relative to total holdings, with a clear plan for moving the funds you actually need to use without exposing the funds you do not.