Crypto
4 min read

Hot Wallet

A crypto wallet that is connected to the internet — mobile, desktop, or browser-extension wallets. More convenient than cold storage but more exposed to phishing, malware, and remote attacks.

What hot wallets do

A hot wallet stores private keys on an internet-connected device — desktop, mobile phone, or browser extension. Common types:

  • Browser extensions — MetaMask, Rabby, Phantom (Solana), Coinbase Wallet.
  • Mobile wallets — Trust Wallet, Coinbase Wallet, Phantom mobile, MetaMask mobile.
  • Desktop wallets — Electrum (Bitcoin), Atomic Wallet, Exodus.
  • Web wallets — keys held in browser local storage; convenient but exposed to web-app vulnerabilities.

The defining property: the private key is on a device that connects to the internet, making it accessible during transaction signing without external hardware.

Trade-off vs. cold storage

Hot wallets trade security for convenience:

  • Pros — fast transaction signing, easy access, full DeFi/NFT/dApp interaction.
  • Cons — exposed to malware, phishing, device compromise, browser extension vulnerabilities.

The general principle: keep on hot wallets only what you can afford to lose or are actively using. Long-term holdings should be on hardware wallets.

When hot wallets are appropriate

A few legitimate uses:

  • Active DeFi user — frequent on-chain transactions are awkward on hardware wallets.
  • Daily NFT trading — interacting with marketplaces benefits from speed.
  • Small balances for app interaction — gas-fee amounts, small DeFi positions.
  • Mobile payments — actually using crypto to pay needs to be fast.
  • Browser-extension dApp use — most dApps assume browser-extension wallet integration.

Common hot-wallet setups

Most active crypto users have several:

  • MetaMask in browser for Ethereum and EVM-chain dApps.
  • Phantom in browser for Solana.
  • Coinbase Wallet or Rabby as alternates with different feature sets.
  • Mobile wallet for on-the-go transactions.
  • Multiple separate hot wallets for different purposes (one for DeFi, one for NFTs, one for trading).

The separation strategy limits damage from any single wallet's compromise.

Major risks

Several common attack vectors:

  • Phishing. Fake websites that look like real dApps trick users into signing malicious transactions. Bookmarking real URLs and verifying contracts helps.
  • Malicious browser extensions. Some extensions can read what's typed or pasted, potentially capturing seed phrases.
  • Device malware. Keyloggers, clipboard hijackers, screen-recording malware — all can compromise hot wallets.
  • Token approvals. Granting unlimited spending allowance to contracts that later turn out malicious can drain wallets.
  • Drainer scams. Specifically designed to extract funds from connected wallets through deceptive transaction prompts.
  • Compromised devices. Lost or stolen phones can be exploited if not properly locked down.

Best practices

A few hygiene patterns:

  • Use a dedicated browser profile for crypto activity. Separate from email, banking, casual browsing.
  • Verify URLs carefully. Bookmark real dApp URLs; don't click links in Discord, Twitter, or emails.
  • Limit token approvals. Approve specific amounts rather than unlimited; use revoke.cash to remove old approvals.
  • Use multiple wallets — different ones for different risk levels.
  • Keep small amounts. Don't store significant balances in hot wallets when avoidable.
  • Update software — wallet extensions, browsers, operating systems.
  • Be cautious with emerging tokens. Most rug pulls target hot-wallet users.

Browser-extension wallets specifically

The dominant hot-wallet category for desktop users. Considerations:

  • MetaMask — by far the most-used; broadest dApp compatibility; large attack surface.
  • Rabby — newer; better simulation of transactions before signing; growing in popularity for power users.
  • Coinbase Wallet — backed by Coinbase brand; integrated with broader Coinbase product.
  • Frame — desktop app rather than extension; more security-conscious design.

The choice often comes down to specific feature preferences and trust in the maintainer. All major options have track records and active development.

Mobile vs. desktop

Each has trade-offs:

  • Mobile — phone-secured (face ID, etc.); biometrics add a factor; smaller browser ecosystem reduces some attack surfaces.
  • Desktop — more powerful browser-extension interactions; better visibility into transaction details; more vulnerable to malware.

Many users have both, with different roles. Mobile for on-the-go transactions; desktop for serious DeFi or NFT activity.

Connecting to dApps

Most dApps follow a standard "Connect Wallet" flow:

  1. Click "Connect Wallet" on the dApp.
  2. Browser extension prompts for connection approval.
  3. dApp can then read your address; transaction signing requires explicit approval each time.

The connection itself doesn't grant the dApp ability to sign transactions. Each transaction requires fresh approval. But "infinite approvals" given for token spending can be exploited later if the dApp is compromised.

Security frontier

A few emerging mitigations:

  • Account abstraction — smart-contract wallets with daily spending limits, social recovery, time delays.
  • Transaction simulation — preview what a transaction will do before signing.
  • Hardware-wallet integration — many hot wallets now support Ledger or Trezor for transaction signing while otherwise functioning as a hot wallet.
  • Multi-sig for higher-value operations — hot wallet for routine; multi-sig for larger.

Hot wallets are getting safer through these enhancements, though they remain meaningfully riskier than cold storage for material holdings.