Open in app

Sign in

Write

Sign in

Why air-gapped wallets are the most secure way to manage your crypto

Alexander Lechner
Coinmonks
5 min readNov 14, 2022

--

A short overview of different types of crypto wallets with a focus on potential risks

TLDR: air-gapped wallets offer the best security while still being easy to use. They keep your private keys on a separate device that is never connected to the internet. User-friendly solutions include the free AirGap solution or dedicated hardware like Ellipial Titan starting at $139.00.

What is a crypto wallet?

A cryptocurrency wallet stores your public and private key(s). The private key is required to sign transactions, but best imagine it as a master password to all your accounts. Whoever has access to your private key, can steal all your crypto. It is therefore extremely important to keep the private key a secret and secure.

Currently, a huge variety of crypto wallets exist, each wallet having different features, supporting different cryptocurrencies, and using a different approach to security. Because of this, picking the right wallet can be a daunting task.

Different types of wallets

Custodial wallet

Examples: Coinbase, Kraken, Binance

A custodial wallet is managed by a custodian (e.g. Coinbase) and is similar to a traditional bank account: like a bank is responsible to keep your money safe, the custodian is responsible to keep your crypto safe. The custodian holds the private key for you and has therefore full access to your crypto. In order to transfer crypto, you simply log on to a website with username and password. While this is a very user-friendly approach, it comes with major trust and security issues.

The main issue of custodial wallets is that the private key is not held by you, but by the custodian. Because of this, you are exposed to several risks:

Hot (software) wallet

Examples: Armory, Electrum, Metamask, Coinbase Wallet

A hot wallet keeps your private key on your own device. Therefore you alone have access to your crypto. But with great power comes great responsibility: you and you alone are responsible for keeping your device and your private key safe.

Hot wallets can be installed on your computer, on your mobile device, or can be run directly in your browser. The main problem with hot wallets is that they need internet access to transfer crypto. This exposes your private key to several risks:

Side note: some hot wallets offer you the possibility to sign transactions offline. This way you can keep the private key on a separate device, disconnected from the internet. While this is a more secure approach, not many wallets support this functionality, it’s not very user-friendly, and the transaction still needs to be transferred between the two devices (a potential security risk).

Cold wallet

Examples: paper wallet, hardware wallet (ledger, trezor etc.)

A cold wallet is a wallet that keeps your private key offline, on a device completely disconnected from the internet. Common examples are paper wallets (simply writing your private key on a piece of paper) and hardware wallets (e.g. usb sticks).

While cold wallets are more secure than hot wallets, there are still risks involved:

  • your paper/hardware wallet is ruined or lost. Always make sure you have a backup in place!
  • your hardware wallet is stolen (usually the hardware is password protected, so an attacker would also need the password to access your crypto)
  • the hardware wallet is fake, contains malicious code or is hacked
  • if you are using a hardware wallet and want to sign a transaction, you still need to connect it to an internet-enabled device (which might be infected with malware)
  • if you are using a paper wallet and want to sign a transaction you still need to import your private key into a hot software wallet. This comes with all the risks of using hot wallets

Air-gapped wallet

Examples: AirGap (free), Ellipial, Keystone

An air-gapped wallet uses 2 separate devices:

  • device A contains your private key and is completely disconnected from the internet. The private key never leaves this device. This device will never be connected to another device or to the internet
  • device B is used for creating and publishing transactions. In order to sign the transaction, device B needs to communicate with device A without using the internet — this can for instance be done by scanning QR codes

Because device A holds your private key and is never connected to the Internet, this approach is immune to most of the risks that come with other wallets. While more secure than the other wallet types, air-gapped wallets are not risk-free:

  • as with all cold wallets, the device containing your private key might be lost, damaged or stolen. Always keep a backup!
  • as with all other wallets, phishing is always a risk. Never share your private key or seed phrase
  • it’s possible to extract data even from offline devices, e.g. via noise, light, and magnets

Conclusion

Personally, I believe in the popular saying “not your keys, not your coins” and I want to have full ownership of my private key. I also don’t trust my internet-enabled devices, nor myself in keeping them free of malware. Therefore I’m opting for an air-gapped wallet solution, which combines the best of all worlds:

  • your private key is stored on an offline device and never leaves it
  • you are not dependent on any 3rd party service/custodian
  • using 2 devices that communicate via scanning QR codes is a user-friendly solution without too much overhead
  • using AirGap you can reuse an old mobile phone and don’t need to buy expensive hardware

If you’re interested to reuse an old device as an air-gapped wallet, check out this tutorial: Set up your own air-gapped wallet for free with AirGap.

New to trading? Try crypto trading bots or copy trading

Cryptocurrency
Crypto Wallet
Security
Blockchain

--

--

Alexander Lechner
Coinmonks

Written by Alexander Lechner

38 Followers
Writer for

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams