Crypto Wallets Explained: Hot vs Cold, Custodial vs Non-Custodial
What a wallet actually stores, why some are riskier than others, and a simple way to decide where your coins should live.
What a wallet actually stores
A crypto wallet doesn't hold coins the way a leather wallet holds cash. Your coins never actually sit "inside" it. They exist as entries on the blockchain, the shared public ledger we cover in What Is Cryptocurrency?, and that ledger is the only place a balance really lives. A wallet is really more of a keychain than a vault: it manages access, not storage.
What a wallet stores instead is a pair of cryptographic keys: a private key that proves you own a given address, and a public key derived from it. The private key is what lets you sign a transaction, which is basically a digital signature saying "yes, I authorize this transfer." Without it, nobody can move the coins tied to your address, including you. We get into how those keys and their backup phrases actually work in Private Keys and Seed Phrases, since that's a big enough topic to deserve its own explainer.
Your wallet address
Every wallet also has a public address, a long string of letters and numbers that's derived from your public key. Think of it like a bank account number: you can hand it out freely so people can send you funds, and it doesn't expose your private key or let anyone spend your coins.
Because the address and every transaction tied to it are public, anyone can look up that address's history on the blockchain. That's actually the whole idea behind LabelYX: paste any public wallet address into LabelYX and you can see that wallet's trading history and PnL directly. No login, no wallet connection, and no private key involved at any point, since LabelYX never asks for one.
Hot wallets: fast, convenient, always online
A hot wallet is any wallet that stays connected to the internet. Browser extensions like MetaMask and mobile apps from exchanges are the most common examples. You can open one in seconds and sign a transaction with a couple of clicks, which makes them the natural choice for everyday use and active trading. Setting one up usually takes a few minutes: install the app, generate a new wallet, and back up the seed phrase it gives you.
That convenience comes at a cost. Because a hot wallet's keys live on an internet-connected device, they're exposed to malware, phishing sites, and malicious browser extensions in a way an offline device simply isn't. Most hot wallet losses trace back to a user approving something they shouldn't have, not a flaw in the wallet software itself, but the attack surface is still real.
Cold wallets: offline, slower, safer
A cold wallet keeps your private keys somewhere that never touches the internet. Hardware wallets like Ledger and Trezor are the most common form: small devices that generate and store your keys internally and only sign transactions when you physically confirm them on the device itself. A piece of paper with your keys written on it, stored somewhere safe, is a cruder version of the same idea.
Cold storage is far less convenient. You need the physical device on hand to send funds, which makes it a poor fit for frequent trading. But it removes remote attackers from the picture almost entirely, since there's no internet-connected software for them to exploit. That's why cold wallets are the standard recommendation for anything you're not touching regularly.
Custodial vs non-custodial: who actually holds the keys
Separate from hot and cold is a different question: who controls the private keys in the first place? With a custodial wallet, an exchange holds the keys on your behalf. This is the default setup when you buy crypto on Coinbase or most other exchanges and just leave it sitting in your account. It feels like a bank account: you log in, you see a balance, you don't think about keys at all.
With a non-custodial wallet, you hold your own keys, whether that's a hot wallet like MetaMask or a cold hardware wallet. Nobody else can freeze, move, or restrict access to your coins, but there's also no support line to call if you make a mistake. The responsibility sits entirely with you, which is exactly the trade-off you're accepting when you move away from a custodial setup.
This distinction is where the phrase "not your keys, not your coins" comes from. If an exchange holds your keys, you're trusting that exchange to stay solvent, stay honest, and stay secure. Crypto's history already includes exchanges that collapsed or got hacked, leaving customers unable to withdraw funds they thought were simply sitting in their account. A custodial balance is really a claim on the exchange, not direct ownership of the coins themselves.
A simple, practical way to think about it
You don't need to pick one setup and stick with it forever. A reasonable approach most people land on: keep a small amount in a hot, non-custodial wallet for active trading or day-to-day spending, and move anything you intend to hold for the long term into cold storage. That way, if a browser extension gets compromised or a device gets lost, the damage is capped at whatever you kept "in your pocket," not your entire portfolio.
A workable routine looks something like this: trade and spend out of the hot wallet, and every so often sweep whatever you're not actively using over to the hardware wallet. It's a bit of extra effort compared to leaving everything on an exchange, but it means a single phishing email or a single hacked app can't touch your long-term holdings.
However you split it up, the key point is the same one that runs through everything above: understand where your keys actually live, and who besides you can touch them, before you decide how much to keep there.
Keep learning the fundamentals
Free · No sign-up · Part of the LabelYX Learn series