Beginner’s Guide to Online Crypto Wallets

Online wallets, or “hot wallets,” are a secure and inexpensive way to store your crypto. Here is everything you need to know about them.

By
&
Tom Blackstone
Gabe TurnerChief Editor
Last Updated on Jul 11, 2022
By Tom Blackstone & Gabe Turner on Jul 11, 2022
The content on this page is provided for informational purposes only. Security.org does not offer financial or investment advice, nor does it advise or encourage anyone to buy, sell, or trade cryptocurrency. It is advised that you conduct your own investigation as to the accuracy of any information contained herein as such information is provided “as is” for informational purposes only. Further, Security.org shall not be liable for any informational error or for any action taken in reliance on information contained herein.

Storing your cryptocurrency in a wallet is a great way to keep it secure. You can choose to keep your crypto in an ultra-secure hardware wallet or a free online wallet. Either way, when used correctly, a wallet should be a safer place to store your crypto than an exchange.

In another article, I’ve gone over how to choose a hardware wallet. But if you’re just getting started with crypto investments, you may not want to fork over $49-$699 for a separate device just to store your crypto. So in this guide, I’m going to explain how online (software) wallets work.

To get started, you can download an online wallet from the developer’s website and set it up in no more than a few minutes. It will allow you to quickly generate a crypto address and withdraw your crypto from your exchange. This means that your crypto will be in an account controlled by your PC or phone.

Because hackers tend to target exchanges much more than they do individual users, moving your crypto into an online wallet is one of the most effective ways to protect your crypto from attack.

Did You Know: Online wallets are almost always completely free. So you can use them to secure your crypto without breaking your budget. Here’s my roundup of the best crypto wallets (hot and cold) available today. You’ll see that my top three picks are all online/software wallets.

In this guide, I’ll go over all of the basics you need to know about online wallets: what they are, how they work, how to choose the right online wallet, and how to stay safe while using one.

Let’s begin with a basic definition.

What Is an Online Wallet?

An online wallet or software wallet is a piece of software that allows you to directly send and receive crypto across a blockchain network.

When you store crypto in an exchange app, you can perform crypto transactions indirectly. Your crypto is held in a wallet under the exchange’s control, and if you instruct the exchange to send crypto to another person, the exchange will broadcast the transaction to the crypto network. But this is an indirect process.

If you own your own software wallet, you can bypass the exchange and send your transactions directly to the network. This gives you more freedom when you make payments. It also makes your crypto more secure because your personal wallet is held on your device, which is less of a target for hackers than your exchange is.

So that’s what an online wallet is. It’s a piece of software that allows you to send and receive crypto directly, without needing a third party to do it for you.

At this point, you may wonder exactly how an online wallet works. I’ll go over that in the next section.

Pro Tip: When trying to protect your crypto, there are a lot of things to keep in mind: choosing a legitimate exchange, protecting your account with 2FA, setting up your wallet correctly, defending against common crypto scams, etc. It can get confusing. But I’ve written a complete guide to buying crypto safely to help you sort it all out.

How an Online Wallet Works

In an online wallet, you don’t “log in” using a username or password. Instead, each time you submit a transaction, your wallet uses your private key to encrypt a message proving that you are the owner of the account.

This private key is stored on your PC or mobile device. It is never sent to the network, so there is no way for it to be intercepted by an attacker in transit. And the nodes that run the crypto network don’t have your private key, so an attacker can’t steal it off the servers the way he could a password in a traditional app.

The only way an attacker can steal your cryptocurrency from an online wallet is if she hacks your personal device, your PC or phone, and steals your private key off the device. To prevent even this from happening, your online wallet will encrypt your key with a password that you choose. As long as your password is strong, this should provide an extra layer of protection in case your device is hacked or stolen.

When you first set up a wallet, it will display a set of seed words to serve as a backup. If your device ever crashes, your key can be recovered with these words. This is another attack vector a hacker can exploit to steal your crypto. But as long as you keep your seed words off-line, in a secret place where no one can find them, it will generally be much harder for an attacker to steal them than it would be for the hacker to steal your password in an exchange.

FYI: This is a brief explanation of how a crypto wallet works. For a deeper dive, you can check out my basic guide to crypto wallets. In the guide, I cover things like how to install a wallet, its different types, how to choose the right one, and more.

So that’s how an online wallet works. In the next section, I’ll discuss the term “hot wallets,” which online wallets are sometimes called.

Hot Wallets vs. Cold Wallets

You may have heard there’s a difference between “hot wallets” and “cold wallets” and that online wallets are “hot.” Here is what these terms mean.

A “hot wallet” is a private key that is stored on an internet-connected device. Hot wallets can do transactions. But they aren’t as secure as cold wallets because they could potentially be hacked or the device could become infected with malware.

By contrast, a “cold wallet” is a private key that is stored on a device that doesn’t have internet access. A cold wallet can’t do transactions unless it becomes connected to a device that has internet access. Cold wallets aren’t very useful for day-to-day transactions. But they are useful for securely storing long-term crypto that isn’t going to be used.

That’s why software wallets are often called “hot wallets.” They are “hot” because they are connected to the internet and can do transactions.

Now you know what a hot wallet is and how it works. But you may wonder how to decide between the various software wallets on the market. In the next section, I’ll go over some factors you may want to consider when shopping for an online wallet.

How to Choose an Online Wallet

There are a lot of software wallets to choose from. It can be confusing to figure out which one is the best. But here are some factors to keep in mind while shopping.

Coin compatibility

Different online wallets are made for different networks. For example, Electrum is a great Bitcoin wallet, but it doesn’t work with Ethereum at all. So the first thing to figure out when looking at a wallet is which coins it will work with.

A wallet may have great features, but if it won’t work with the coins you want to store, it won’t do you much good.

FYI: If you’re looking for an exchange with lots of different coins, you might want to try Crypto.com. I’ve written a Crypto.com review that discusses all of the positives and negatives of using this ultra-popular crypto exchange.

Multi-network vs. single-network

Some wallets work with multiple networks, while others work with only one network. If most or all of your coins are on a single network, you may want to use a wallet that is dedicated to that single network. But if you own different coins across many different networks, you may want to go with a multi-network wallet.

For example, let’s say that you own some Cardano (ADA), as well as the Cardano tokens, Ergo (ERG), COTI, and API3. In this case, all of your coins are part of the Cardano network, so you may want to use a Cardano-specific wallet like Daedalus. But if you have Cardano, Ethereum (ETH), and Bitcoin (BTC), the convenience of using a multi-network wallet like Exodus may outweigh whatever features you would get from using three separate wallets.

Desktop vs. Mobile

Most software wallets are made exclusively for desktop, but some have mobile versions, and a few are exclusively made for mobile. If you plan to do a lot of mobile transactions, you may want to go with a wallet that has both a desktop and mobile version.

You could also just use a separate wallet for desktop and mobile. As long as the two pieces of software are made for the same network, they can access the same crypto account.

Compatible With Dapps

One of the biggest changes in the crypto market has been the rise of decentralized applications (Dapps). These are apps that run directly on the blockchain and use cryptocurrency in various ways.

Since Dapps have been produced, a lot of crypto users are no longer content to just hold crypto or use it to make payments. Nowadays, many users want to supply crypto to decentralized exchanges, use it as collateral to get loans, play video games with it, and do all kinds of other things with it.

Pro tip: Some of the most popular Dapps today are in the decentralized finance or “DeFi” niche. These Dapps can offer huge yields compared to traditional savings accounts, although there are some risks to using them as well. Learn all about them in my guide to decentralized finance.

But not all wallets will allow you to interact with Dapps. In order to use Dapps, you need a browser extension wallet like Metamask or Coinbase Wallet. A stand-alone piece of software like Exodus just won’t work.

So when you shop for a software wallet, keep in mind whether you’ll want to use Dapps or not.

Allows staking

Another issue to keep in mind is whether the wallet will allow staking. Most of the newer networks will allow you to stake your crypto to earn even more crypto over time. But you can’t necessarily stake your crypto with every wallet.

For example, Metamask is a great wallet for storing Binance Coin and even for using Dapps on Binance Smart Chain. But if you want to stake Binance Coin, you can’t do it with Metamask. You need either Trustwallet or Mathwallet for that.

As you’re shopping, you may want to keep in mind whether you are planning to stake your crypto and whether the wallet you are looking at supports that feature.

These are the basic factors to keep in mind when looking for a software wallet. But you may wonder if a software wallet is truly a safe place to store your crypto. Is an online wallet safe?

FYI: On most newer crypto networks, staking is used to enhance security and make sure that validators don’t commit fraud. In return for this service of helping to secure the network, a staker is rewarded with newly minted coins. You can find out more in my guide to crypto staking.

Is an Online Wallet Safe?

An online wallet is usually a much safer place to store your crypto than an exchange. When you use an online wallet, there is no hash of your password stored on a server anywhere. And there is no “forgot my password” feature in a wallet, which means an attacker can’t reset your wallet by taking control of your email address. Because of these reasons, online wallets are extremely secure compared to using a traditional app.

But software wallets are not impossible to hack or take control of. There are still a few ways that an attacker can steal your crypto from a hot wallet. In the next section, I’ll go over a few common pitfalls that online wallet users often fall into.

Software Wallet Threats to Avoid

Here are a few common pitfalls that online wallet users should try to avoid. Making these mistakes may cause you to lose all of your crypto.

Downloading a fake wallet

The easiest way to lose your crypto while using a software wallet is to download a fake version of the wallet.

For example, in February 2019, scammers released a fake version of the popular wallet Metamask. It was published to the Google Play store for Android devices.1

It looked exactly like a mobile version of the real Metamask. But unlike the real wallet, this version automatically replaced every address in the “send” field with the attacker’s own address at the moment each transaction was broadcast. As a result, if you used this wallet to send crypto to your exchange account, it instead went to the attacker’s wallet and was gone forever.

The easiest way to defend against this scam is to only download your wallet from the developer’s official website or from a link found on the developer’s site.

If you want to download the Android version of Metamask, for example, don’t search for it in the Google Play Store. Instead, go to the official Metamask website, and click the link to the store page from there. This helps to ensure that you are at the official store page for the app instead of an attacker’s page.

Pro Tip: When Robinhood first started offering crypto, it didn’t allow investors to withdraw their coins into their own wallets. But that has since changed. Users can now enable withdrawals through a function called the “Robinhood wallet.” You can read all about the benefits and disadvantages of using Robinhood in my Robinhood Crypto Review.

Forgetting to copy your seed words

Another common way that people lose their crypto with a hot wallet is by forgetting to copy their seed words. People are often very busy when they first create their wallets. They may not feel that they have time to copy down their seed words. Months may go by, and eventually, something happens to their PCs.

Coffee gets spilled on the PC, it gets knocked over and the hard drive is damaged, or it just wears out from old age. Now, the private key is corrupted and can’t be recovered. As a result, all of the crypto is lost.

To defend against this potential disaster, make sure you copy down your seed words at the moment they are first shown to you. Put them on a physical piece of paper that cannot “crash,” and store the piece of paper in a safe place where it won’t get wet, catch fire, or otherwise become unreadable.

Try not to store your backup seed words on any kind of electronic device. Not only can electronic devices easily lose data, they can also be accessed by hackers (more on that in the next section).

Exposing your seed words

Another common software wallet pitfall is exposing your seed words accidentally. There are many ways that this can happen. For example, maybe an attacker tricks you into visiting a phishing site that creates an authentic-looking wallet pop-up box. When the box appears, it tells you that your wallet has become corrupted and that you need to enter your seed words over again.

You enter your seed words, and the attacker uses them to steal all of your cryptocurrency.

Beware: Only enter your seed words when you first install or reinstall your wallet. If you’re browsing the web and see a pop-up box that tells you to enter your seed words, this is probably a scam (it’s normal for your wallet to ask for your password, but not for your seed words!).

For another example, let’s say that you back up your seed words by taking a screenshot of them, and you store this file in your PC’s “pictures” folder with the filename “seed_words.” An attacker infects your computer with malware and searches your computer for any sensitive documents he can find. He runs across this file, opens it, and now has the complete list of your seed words, which he uses to steal all of your crypto.

The easiest way to defend against this type of attack is to make sure that there are no unencrypted copies of your seed words on your device, or on any device connected to the internet. Your wallet will have a copy of the words in a special file called the “keystore file.” But this file is encrypted and can only be unlocked with your password. It’s best to have this be the only copy of the seed words on your device.

Overall, minimizing the risk of exposing your seed words basically boils down to being aware of what they do. Your seed words can be used to mathematically derive all of your private keys. So if someone gets them, you’re probably toast. Try to treat these words like a giant pile of cash that you have to protect at all costs, because they are the key that unlocks all of your crypto.

So those are some common pitfalls to using online wallets. If you want more info about common mistakes that are easy to make with crypto, check out my guide to crypto pitfalls to avoid.

Now that we’ve gone over the basics of how online wallets work and how to stay safe with them, it’s time to talk about the popular hot wallets you have to choose from.

If you’ve made it this far into the article, you might be ready to choose a wallet. Here is a list of the most popular online crypto wallets.

  • Metamask: This is by far the most popular crypto wallet around. It was the first crypto wallet made specifically to work with Dapps. It was originally made for Ethereum. But today, it also works with Binance Smart Chain, Avalanche, Harmony, Fantom, and any other network that uses the Solidity programming language.
  • Coinbase wallet: This is a competitor to Metamask. But it has the added feature that it allows you to transfer crypto from your Coinbase account to your private wallet without cutting and pasting the address. If you use Coinbase for your exchange, this may be too good of a feature to pass up. It also allows you to back up an encrypted copy of your private key to your Google Cloud account if you want.
  • Exodus: This is a multi-currency wallet for the hardcore crypto collector. It works with 17 different crypto networks and allows staking for seven of them. Also has a great “portfolio” feature that makes it easy to track your crypto returns. However, the one big drawback to Exodus is that it doesn’t work with Dapps.
  • Guarda: Another multi-currency wallet, Guarda seeks to outdo Exodus by offering an integrated exchange that lets you buy crypto with fiat. However, it doesn’t have Exodus’ portfolio feature. Debates continue to rage over which multi-currency wallet is the best. Like Exodus, Guardia doesn’t work with Dapps.
  • Electrum: This very simple, no-frills Bitcoin wallet has been trusted by Bitcoin users all over the world since 2011.
  • Phantom: This most popular wallet for Solana users works with Dapps and allows staking on Solana.
  • Nami: Considered one of the top wallets for the Cardano network, Nami lets you use Dapps and stake your Cardano.

FYI: Coinbase is the largest crypto exchange by volume in North America and was the first to do an IPO on the New York Stock Exchange. It’s well known in the crypto community as a beginner-friendly place to buy cryptocurrency. But it has some flaws as well. You can read more about it in my full review of Coinbase.

Final Thoughts on Software Wallets

For long-term storage of large amounts of crypto, hardware wallets can’t be beat. But they can also be annoying when you have to attach a separate device to your PC every time you make a transaction.

So if you have a small account and do lots of transactions with it, a software wallet may be a more convenient option than a hardware one. Best of all, online wallets are free. They’re great for new crypto users that aren’t quite ready to fork over cash for a hardware wallet.

It can be confusing to distinguish between all of the different crypto storage options: exchanges, hot wallets, cold wallets, vaults, and others.

Traditional exchange apps like Coinbase, Robinhood, Crypto.com, etc., are familiar to us all. They use email and password logins like other apps we’re familiar with. However, online wallets can seem alien because they use private keys instead of passwords.

However, by following the tips we’ve provided in this guide, you should be able to get a software wallet up and running in no time.

Citations
  1. CoinDesk. (2019, Feb 11). Fake MetaMask App on Google Play Store Hosted Crypto Malware.
    coindesk.com/markets/2019/02/11/fake-metamask-app-on-google-play-store-hosted-crypto-malware/