Bitcoin Cold Storage Guide

What Is Cold Storage?

Cold storage means keeping your Bitcoin private keys on a device that never connects to the internet. Because your keys are offline, remote attackers cannot reach them, even if they compromise your computer, your email, or the exchange where you bought bitcoin.

Anyone holding bitcoin they cannot afford to lose should use cold storage. The general rule: if your bitcoin is worth more than the cost of a hardware wallet, move it offline.

Hardware Wallets

A hardware wallet is a small dedicated device that stores your private keys and signs transactions offline. You connect it to a computer or phone only when you need to send bitcoin; the keys themselves never leave the device.

Hardware wallets are the most practical form of cold storage for most people. They handle key generation, backup, and transaction signing in a secure environment without requiring technical expertise.

Widely used hardware wallets include:

• Coldcard — Bitcoin-only, air-gapped (microSD or NFC), open-source firmware. Popular with security-focused users.
• Trezor — One of the original hardware wallets. Open-source hardware and firmware. Models include Trezor Safe 3 and Safe 5.
• Ledger — Supports many assets. Uses a secure element chip. Models include the Nano S Plus and Nano X.
• Blockstream Jade — Bitcoin and Liquid only. Fully open-source, air-gapped via camera, no secure element (uses a virtual secure element model instead).
• Foundation Passport — Bitcoin-only, air-gapped (microSD and camera), open-source. Designed for use with multisig.
• Bitkey — A 2-of-3 multisig device from Block (formerly Square). Pairs with a mobile app and Block's server key for recovery.

For a detailed comparison, see our wallet comparison page.

Multisig

Multisig (multi-signature) requires multiple private keys to authorize a transaction. A common setup is 2-of-3: you hold three keys in separate locations, and any two can sign a transaction. This eliminates single points of failure; losing one key or one device does not mean losing your bitcoin.

Multisig is the gold standard for securing large holdings. It protects against device failure, theft, and coercion, because no single location holds enough keys to move funds.

Software for coordinating multisig setups:

• Sparrow Wallet — Full-featured desktop wallet with multisig support, PSBT handling, and integration with most hardware wallets.
• Nunchuk — Mobile and desktop wallet built specifically for multisig. Supports collaborative custody and key management across devices.
• Caravan — Open-source web tool by Unchained for creating and managing multisig wallets with hardware devices.

Seed Phrase Backup

When you set up a hardware wallet, it generates a seed phrase (usually 12 or 24 words). This phrase is the master backup for all the keys on that device. If the device breaks, you can restore your bitcoin on a new device using the seed phrase.

Protecting the seed phrase is just as important as the hardware wallet itself.

• Write it down on paper at minimum. Never type it into a computer, phone, or cloud service.
• Use a metal backup for durability. Stamped or engraved steel plates survive fire and water damage that would destroy paper. Products like Cryptosteel, Billfodl, and Seedplate are designed for this.
• Store it in a secure location such as a home safe, safe deposit box, or with a trusted family member in a different location.
• Consider a passphrase (sometimes called the "25th word"). This adds a secondary password on top of the seed phrase. If someone finds your seed words, they still cannot access your bitcoin without the passphrase. The trade-off is that you must also back up and remember the passphrase; losing it means losing access.

Do not split a seed phrase into parts and store each part separately. If one part is compromised, the remaining entropy may not be enough to protect you. Use multisig instead if you want geographic distribution of your security.

Paper Wallets

Before hardware wallets existed, people generated key pairs on an offline computer and printed them as QR codes on paper. This was the original form of cold storage.

Paper wallets have largely been replaced by hardware wallets because they are difficult to create securely and easy to make mistakes with. Generating a truly random key on a clean offline computer, printing without saving to disk, and spending from a paper wallet without exposing the key all require significant technical care.

For most people, a hardware wallet is simpler and more secure than a paper wallet.

Common Mistakes

• Storing seed phrases digitally. Taking a photo of your seed words, saving them in a notes app, or emailing them to yourself defeats the purpose of cold storage. If it touches the internet, it is not cold.
• Single points of failure. One hardware wallet in one location with one seed backup in the same location means a single theft, fire, or flood can wipe out everything. Use multisig or distribute backups geographically.
• Never testing recovery. Before moving significant funds to cold storage, practice restoring from your seed phrase on a fresh device. Confirm that the same addresses and balances appear. Do this while the stakes are low.
• Leaving bitcoin on exchanges. Exchanges are not cold storage. They can be hacked, freeze withdrawals, or go bankrupt. History is full of examples. If you do not hold your own keys, you do not control your bitcoin.
• Overcomplicating the setup. Elaborate schemes with split seeds, encrypted USB drives, and multiple passphrases create more opportunities to lock yourself out than to protect against attackers. Simple and well-tested setups are more reliable.

Getting Started

1. Buy a hardware wallet directly from the manufacturer. Do not buy second-hand.
2. Set it up offline following the manufacturer's instructions. Write down the seed phrase on paper or stamp it into metal.
3. Test recovery. Reset the device, restore from the seed phrase, and verify that the same wallet appears.
4. Store the seed backup in a separate, secure location from the device itself.
5. Transfer a small amount first. Send a small test transaction, confirm it arrives, then move the rest.
6. For larger holdings, consider upgrading to a multisig setup with keys distributed across locations.