Crypto Wallets Explained: Hot, Cold, Custodial

If you trade crypto, understanding wallets is fundamental to keeping your money safe. A wallet is where your crypto 'lives' — or more precisely, where the keys that control your crypto are stored. The famous phrase 'not your keys, not your coins' captures the core issue: whoever controls the private keys controls the crypto. This guide explains the wallet types (hot, cold, custodial), the security trade-offs, and how to think about wallets as a trader running bots.

Wallet choices are security choices. Getting this wrong — especially with bots that need access to funds — is how people lose everything to hacks. We'll connect it to safe bot practice.

TL;DR — The 30-second answer

• A wallet stores the private keys that control your crypto — not the coins themselves.
• Hot wallet: connected to the internet. Convenient, more exposed. For active use.
• Cold wallet: offline (hardware device). Safest, less convenient. For holding.
• Custodial: an exchange holds your keys. Easy, but 'not your keys.'
• 'Not your keys, not your coins': whoever controls the keys controls the crypto.
• For bots: use a dedicated hot wallet with limited funds — never your main holdings.

The wallet types

What a wallet actually is

A common misconception: a crypto wallet doesn't 'store' your coins the way a physical wallet stores cash. Your crypto exists on the blockchain. What the wallet stores is the private key — the secret cryptographic code that proves ownership and authorizes transactions. Whoever has the private key can move the crypto. So securing your crypto really means securing your private keys. This reframing is the key to understanding wallet security: you're protecting keys, not coins.

Hot wallets

A hot wallet is connected to the internet — software wallets on your phone or computer, browser extensions (like MetaMask), and exchange wallets. They're convenient: you can transact quickly, connect to apps, and trade actively. That convenience is also the risk — because they're online, they're exposed to hacking, malware, phishing, and compromise. If your device is infected or you're tricked into approving a malicious transaction, a hot wallet can be drained. Hot wallets are appropriate for funds you're actively using, not for storing large holdings long-term.

Cold wallets

A cold wallet keeps your private keys offline, beyond the reach of internet-based attacks. The most common form is a hardware wallet — a physical device (Ledger, Trezor) that stores keys and signs transactions without ever exposing the keys to your internet-connected computer. To move funds, you physically confirm on the device. Cold wallets are the gold standard for security — even if your computer is compromised, the keys never leave the device. The trade-off is convenience: they're less suited to frequent trading. Cold storage is for holdings you want to keep safe long-term, not for active trading capital.

Custodial wallets (exchanges)

When you hold crypto on an exchange (Binance, Coinbase, etc.), you're typically using a custodial wallet — the exchange controls the private keys on your behalf. You have an account balance, but the exchange holds the actual keys. This is the easiest option (no key management, easy trading) but embodies the 'not your keys, not your coins' risk: you're trusting the exchange. If the exchange is hacked, becomes insolvent, freezes withdrawals, or restricts your account, your crypto is at their mercy. History has painful examples (Mt. Gox, FTX) of custodial funds being lost. Convenient, but you've delegated control.

'Not your keys, not your coins'

This phrase is the security mantra of crypto. It means: if you don't control the private keys, you don't truly control the crypto — you're relying on whoever does. Custodial exchange holdings, by definition, fail this test. The principle pushes toward self-custody (hot or cold wallets you control) for meaningful holdings. The counterpoint: self-custody means you are fully responsible — lose your keys or seed phrase, and your crypto is gone forever, with no support line to call. Self-custody trades counterparty risk for personal-responsibility risk. Most people use a mix: exchange custody for active trading convenience, self-custody (ideally cold) for long-term holdings.

Wallets for bot traders

This is where it gets critical for our audience. A trading bot needs access to funds to trade — which means the bot (or its API keys) can move money. The safe approach mirrors our hot wallet hygiene guide:

• Use a dedicated hot wallet (or sub-account) for the bot, funded with only the capital that bot needs — never your main holdings. If compromised, the loss is contained.
• Keep the bulk of your crypto in cold storage, separate from anything a bot or its keys can touch.
• For exchange bots, use API keys with trade-only permissions — never enable withdrawal permissions on a bot's API key. A trade-only key can't drain your funds even if stolen.
• Top up the bot's hot wallet as needed rather than parking all your capital where the bot can reach it.

The principle: limit what the bot can lose. Given OpenClaw's security history (the ClawHavoc malicious-skills incident — see our skill audit guide), assume any bot could be compromised and structure your wallets so a compromise costs you a limited, survivable amount rather than everything.

The honest verdict

Wallets are where crypto security lives or dies. Understand that you're protecting keys, not coins; match the wallet to the purpose (cold for long-term holdings, hot for active use, custodial for trading convenience with counterparty risk); and respect 'not your keys, not your coins.' For bot traders especially, the rule is contain the risk: a dedicated hot wallet with limited funds, trade-only API keys, the bulk in cold storage. Crypto's promise is self-sovereignty over your money — but that sovereignty comes with the full responsibility of securing your keys. Treat that responsibility as seriously as the trading itself, because no stop-loss protects you from a drained wallet.

Frequently asked questions

What to read next

• Hot Wallet Hygiene for Bots
• Spot a Malicious Skill in 60 Seconds
• The 12-Point Hardening Checklist
• OpenClaw Binance Setup Guide