Hot wallet is any wallet whose private key sits on an internet-connected device. MetaMask in your browser, Phantom on your phone, the Coinbase Wallet app, Rabby — all hot. The label is descriptive, not pejorative: hot wallets are the right tool for daily on-chain activity, and the wrong tool for holdings you'd be devastated to lose.
What makes a wallet "hot"
The private key is decrypted and held in process memory whenever the wallet is unlocked. Even if the wallet encrypts the key at rest, the moment you enter the password and sign a transaction, the key is briefly in RAM on a device that can also browse Twitter, install apps, and run JavaScript. That window is the attack surface.
The three real threats
First, stealer malware. Lumma, RedLine, Atomic, and a dozen others. These are commodity tools sold on dark forums for $50–$200/month; the operator drops them into pirated software downloads, fake browser extensions, and "free trading bot" pitches. They scan for wallet files, browser-extension data, and clipboard contents. Once seeded into the system, they exfiltrate everything in seconds.
Second, malicious browser extensions. The Ledger Connect Kit December 2023 incident showed how an attacker compromising a popular library can inject drainer logic into hundreds of legitimate dApps overnight.
Third, phishing sites that don't need malware — they just need you to sign one bad transaction. Hot wallets sign transactions with one click and a password prompt; hardware wallets require an additional physical confirmation on a device that displays what's being signed.
When a hot wallet is the right call
Daily on-chain activity: DEX trading, NFT minting, DeFi interactions, gaming. The friction of a hardware wallet for every transaction is real, and few holders maintain that discipline beyond a month. A hot wallet on a phone or browser, used with a separate "trading float" balance, is the practical compromise.
The discipline: never let the hot wallet float exceed what you would actively spend in two weeks of normal use. If your DeFi positions push past that ceiling, take profits back to cold storage. The rule "don't keep more than $5K in any hot wallet" works for most US-resident retail holders; "don't keep more than 5% of total portfolio" works for everyone else.
Rabby vs MetaMask
Among hot wallets, Rabby (acquired by DeBank in 2022) has surfaced as the better safety story: it pre-simulates transactions, flags suspicious approvals, supports more EVM chains natively, and integrates with hardware wallets cleanly. MetaMask still leads in raw user count but lags on the safety-rail UX. For a US holder building a hot-wallet routine in 2026, Rabby is the better default.
Further reading: Cold vs hot wallet, Cold wallet, MetaMask security.