Cold Storage, Hot Wallets, and Custody: What They Mean in Practice

• Cold vs hot describes whether keys are kept offline or online.
• Custody describes who controls the private keys (user or platform), regardless of hot/cold storage.
• Crypto assets are not covered by deposit insurance, and CIPF coverage does not apply to crypto assets.

Key takeaways: Cold storage is primarily about keeping keys offline. Hot wallets are primarily about easy and always-on access. Custody is about key control and responsibility, not whether storage is hot or cold.

• Private key/recovery phrase: the information that controls access to crypto and authorises transactions.
• Hot wallet: a wallet connected to the internet.
• Cold storage: offline key storage designed to reduce online exposure.
• Custody: who controls the private keys (self-custody vs custodial storage).
• Multi-signature (multi-sig): a wallet setup that requires more than one approval to move funds.
• MPC: a wallet security method where signing authority is split across multiple components so no single entity holds the full key.

Cold storage refers to the practice of a user keeping their private keys used to authorise crypto transactions offline. In practice, this can include offline hardware devices, offline key storage processes, or specialised institutional custody systems designed to reduce online exposure.

For individuals, a common form of cold storage is using a hardware wallet to keep private keys offline. Cold storage is typically used for long-term holdings
 

A hot wallet is a wallet connected to the internet. It’s designed for convenience: checking balances, sending and receiving crypto, trading, or interacting with applications quickly. Because it’s online, a hot wallet is generally exposed to risks like phishing, malware, SIM swaps, and account takeovers.

Custody refers to who controls the private keys. If a user controls the private keys, it is considered self-custody, or non-custodial storage. If a platform controls the private keys, that is custodial storage. This is a separate concept from hot versus cold.

Some platforms describe custodial storage as a “custodial wallet” setup, meaning the platform controls the private keys on the user’s behalf.
 

Yes. A platform can custody user assets while storing most private keys offline in cold storage. This is a common practice: the user has an account balance, but the platform controls the keys and uses internal security processes to store and move assets.
 

Yes. A self-custody wallet app on a phone or a computer is typically “hot” because it’s connected to the internet. However, the user still controls the keys, typically via a recovery phrase.

The practical takeaway is: self-custody does not automatically mean “cold,” and “hot” does not automatically mean “custodial”.
 

Platforms use hot wallets to support day-to-day activity like withdrawals and internal operations. If everything were fully offline, routine transactions would be slower and harder to process.

Cold storage reduces exposure to remote attacks because keys are not continuously online. This matters for custody providers because online attacks can scale quickly if hot wallets hold large balances.

Many platforms describe a “hot for operations, cold for reserves” approach as part of their security model.
 

Multi-signature (multi-sig) means more than one approval or key is required to move funds. This is designed to limit single-person or single-key failure scenarios.

MPC (multi-party computation) is another approach where signing authority is divided across multiple components. This is so no single piece holds the full key in one place. In practice, both methods are used to reduce the impact of a single device compromise or a single employee/process failure.

Ndax uses multi-signature approvals and MPC as part of its security controls, as detailed on its Security page. Ndax’s public disclosures also describe an operational model where most assets are held offline, with a smaller portion kept online to support day-to-day withdrawals.

No. Custody can reduce certain key-management risks for beginners, such as losing a recovery phrase. Users still need to implement strong account security settings, including enabling 2FA and being cautious of phishing attempts.

Self-custody reduces reliance on a platform’s custody controls, but it increases personal responsibility. If a user loses their private keys or recovery phrase, there is a high likelihood of the crypto being lost forever.

Self-custody can also introduce practical risks like sending funds to the wrong address, using the wrong network, or falling for fake wallet apps and phishing sites.
 

No. Cold storage mostly reduces online attack risk. It cannot remove other risks like loss of backups, physical theft, user error, fraud, or sending funds to the wrong address or network.

No. Hot wallets are widely used because they are convenient for frequent activity. On a platform like Ndax, hot storage is typically limited to operational needs, while most assets are kept in cold storage. 

Ndax holds most assets in cold storage and uses hot wallets mainly for operational needs, which limits the amount exposed online at any given time. Ndax also uses layered controls such as multi-signature approvals, MPC-style wallet protection, and account-level safeguards like 2FA and withdrawal confirmations.

Crypto assets are not covered by deposit insurance, and CIPF coverage does not apply to crypto assets held by a member on a user’s behalf. Some platforms may carry private insurance for certain incidents, but that is separate from CIPF or deposit insurance.

Ndax holds USD 5 million in insurance for cold wallets covering fraud, internal theft, and malfunctions. Hot wallets are insured for USD 3 million per incident. Ndax also carries CAD 5 million in general business liability insurance. Insurance coverage does not protect against market losses, and coverage terms, limits, and exclusions apply.

Yes. Canadians can hold crypto in a personal wallet or through a platform account. Canadian regulators have cautioned that crypto assets are high-risk and recommend that Canadians understand a platform’s regulatory status before opening an account.

What is the safest way to store crypto in Canada?
A practical approach is to match storage to usage: long-term holdings may be kept more securely, while smaller “active-use” balances may be kept more accessible.

Is cold storage only for platforms?
No. Individuals can also use cold storage, for example offline key storage methods. Platforms may also use cold storage as part of custodial safeguarding.

Does cold storage mean crypto can’t be lost?
No. Cold storage reduces the likelihood of an online attack, but users can still lose access through user error, fraud, or lost backups.

Is hot storage safe?
Hot storage is commonly used for smaller, active-use balances when strong security habits are used.

Who controls the keys on a custodial platform?
On a custodial platform, the platform controls the private keys on the user’s behalf, and the user accesses crypto through account login and security steps.