Understanding how to store your crypto safely is one of the most important things you can learn. More people have lost money to avoidable wallet mistakes than to exchange hacks. This guide explains how wallets work, the different types available, and the practical steps to protect your holdings.
Custodial vs non-custodial wallets
The most fundamental distinction in crypto storage is who holds your private keys.
A custodial wallet is one managed by a third party, typically a centralised exchange like Coinbase or Binance. When you leave crypto on an exchange, you have an IOU; the exchange holds the actual keys. This is convenient, but it means your funds are at risk if the exchange is hacked, becomes insolvent, or freezes withdrawals.
A non-custodial wallet (also called self-custody) is one where you hold your own private keys. No third party can freeze, seize, or lose your funds. The trade-off is that you are fully responsible for security, if you lose your recovery phrase, nobody can help you.
“Not your keys, not your coins.” This is the oldest rule in crypto, and it has saved, and cost, fortunes.
Hot wallets vs cold wallets
Once you move to self-custody, you choose between hot and cold storage:
| Hot Wallet | Cold Wallet | |
|---|---|---|
| Connected to internet | Yes | No (offline) |
| Convenience | High | Lower |
| Risk of remote attack | Higher | Very low |
| Best for | Active use, small amounts | Long-term holdings |
Hot wallets are software applications on your phone or browser. They are connected to the internet and convenient for frequent transactions, but that connectivity means a determined attacker with access to your device could potentially steal funds.
Cold wallets store private keys offline, meaning they are never exposed to internet-based threats. Hardware wallets are the most popular form of cold storage.
Hardware wallets
Hardware wallets are dedicated physical devices, similar in size to a USB drive, that store your private keys in a secure chip and sign transactions offline. Even if your computer is compromised, a hardware wallet keeps your keys isolated.
The two most established manufacturers are:
- Ledger, the market leader, with a range of devices (Nano S Plus, Nano X, Flex, Stax). Supports thousands of coins and tokens. Note: Ledger experienced a data breach of customer shipping data in 2020 (no funds were lost), and in 2023 introduced a controversial optional recovery service; review these before buying.
- Trezor, produced by SatoshiLabs, fully open-source firmware. The Model T and Model One are popular options. Trezor does not offer a cloud recovery service, which some users prefer.
Both devices require you to confirm transactions on the physical device itself, a malicious website cannot approve a transfer without your physical button press.
Software wallets
Software wallets run on your phone or computer and are better suited for regular use or smaller amounts. Key options by ecosystem:
- MetaMask, the dominant browser extension wallet for Ethereum and EVM-compatible chains (BNB Chain, Polygon, Arbitrum, etc.). Available as a browser extension and mobile app.
- Phantom, the leading wallet for Solana, also supporting Ethereum and Bitcoin. Clean interface, widely used in Solana DeFi and NFTs.
- Trust Wallet, a mobile wallet supporting a broad range of chains; owned by Binance but non-custodial.
- Rabby, a browser extension wallet popular with Ethereum power users, with built-in transaction simulation to flag risky approvals.
Seed phrase security
Every non-custodial wallet generates a seed phrase (also called a recovery phrase or mnemonic): typically 12 or 24 words. This phrase is the master key to your wallet. Anyone who has it can access all associated funds from any device.
How to protect your seed phrase:
- Write it down on paper, never type it into a phone, computer, or cloud service.
- Store the paper copy somewhere physically secure (a fireproof safe, a bank safety deposit box).
- Consider making a second copy stored in a different physical location.
- Never photograph it or share it with anyone, including people claiming to be “support”.
- Never enter your seed phrase on any website or app, no matter how legitimate it looks.
Metal seed phrase storage products (e.g. Cryptosteel, Bilodal) are popular for fireproof and waterproof durability.
Common mistakes that lead to lost funds
- Storing the seed phrase digitally, screenshots, cloud notes, or email are all easily compromised.
- Falling for phishing sites, always verify the URL; bookmark official wallet sites rather than using search results.
- Approving unlimited token allowances, in DeFi, some contracts request unlimited spending authority. Use a tool like Revoke.cash periodically to audit and revoke stale approvals.
- Sending to the wrong network, sending ETH on the Arbitrum network to a wallet that only receives on Ethereum mainnet can result in inaccessible funds. Always confirm network.
- “Support” scams, no legitimate wallet or exchange support team will ever ask for your seed phrase. Anyone who does is a scammer.
Frequently asked questions
Do I need a hardware wallet if I only hold a small amount? For small amounts (money you would not be devastated to lose), a reputable software wallet is usually fine. As your holdings grow, a hardware wallet is worth the upfront cost, Ledger and Trezor devices typically cost between $50 and $200.
Can I recover my crypto if I lose my hardware wallet device? Yes, as long as you have your seed phrase. The device itself is not the wallet; it is just a tool for accessing keys derived from your seed phrase. Buy a new device, enter your seed phrase during setup, and your funds are restored.
What happens if I forget my PIN on a hardware wallet? After a set number of incorrect PIN attempts, most hardware wallets wipe themselves. You can then restore the wallet from your seed phrase. This is a security feature, not a disaster, as long as you have the phrase.
This article is for informational purposes only and is not financial advice. See our editorial policy.