nuxttest-Moving Funds From A Hot To A Cold Wallet

27 Feb 2023

header-moving-funds-from-a-hot-to-a-cold-wallet-crypto-app-crypto-coins
logo-ngrave-perfect-key-hardware-wallet-cold-security2
nuxttest Nuxttest the first end-to-end security solution to manage your crypto.

nuxttest-Moving Funds From A Hot To A Cold Wallet

Having absorbed all the advice in the NGRAVE Academy, you decided to take the plunge and move your crypto from a hot wallet to cold storage. Your brand-new hardware wallet has landed on the welcome mat. Now what?

  • Article Quick Links:
  • A primer on Hot & Cold Wallets
  • Step 1 - Make sure your Cold Wallet hasn’t been tampered with
  • Step 2 - Device Set-Up & Storing Your Recovery Seed
  • Step 3 - Downloading the companion software
  • Step 4 - Organising your wallet ready to receive funds
  • Step 5 - Moving Your Funds From Hot to Cold

A primer on Hot & Cold Wallets

If you’re interested in knowing how to move your crypto funds from a hot to the safety of a cold wallet you should be clear on what those terms mean, and why it makes good sense, so we’re going to start with a quick primer. You can always jump to step 1 of the actual process if you feel this is overkill.

A wallet is a tool for managing your crypto but doesn’t actually store any digital funds, just as your banking App doesn’t store any money. 

It is an interface to public cryptocurrency blockchains; ledgers of addresses of spendable cryptocurrency. Think of an address like a bank account. A wallet will create new addresses for free, and display an associated balance of spendable crypto that has been sent to that address. 

What makes the funds spendable, is the control of a Private Key that is created for every address generated by the wallet. 

Given Private Keys give complete control over funds, they are encrypted by the wallet, but to make their management easier, are aggregated into one piece of information - like a master key/password - called a recovery Seed. This is normally in the form of a collection of 12-24 mnemonics - unique words. 

A recovery Seed is an ultimate fail-safe. It proves you have the right to spend the funds associated with all addresses created by a wallet; the wallet is just a medium for providing that access, so it doesn’t matter if you lose access to the wallet, so long as you have the recovery Seed.

Most new crypto users start their journey by purchasing crypto via exchanges using their desktop browser or a mobile app which features wallets that control those Private Keys on the user’s behalf - the term used in custody.

Crypto’s most important mantra is ‘not your keys, not your coins’ because of the risks of those custodial services losing control of Private Keys to hackers. There is, unfortunately, plenty of evidence of that happening.

So moving from a custodial wallet to one you control will give true ownership over your crypto, but it will also make it more secure, because you have to be online to access a custodial service, providing convenience at the expense of security. This is what the term Hot Wallet describes, a service that is online by default. 

Hot wallets are software-based and accessed through a mobile app or website, while a cold wallet is a small, physical piece of hardware. 

Hot wallets can be non-custodial, giving you control of your keys, but you are still online and therefore face constant threats.

The alternative is a Cold Wallet - also described as Cold Storage - which is offline by default, and therefore stores all Private Keys locally, so not only puts you in control but provides the security of being offline.

If you’re still not entirely clear on custody and the distinction between hot/cold wallets, take the time to read these articles first.

Though cold storage can theoretically include Paper Wallets, we’re going to assume that what we’re discussing here is a physical hardware device. Head over to this separate article if you want to hear a convincing argument against Paper Wallets.

We’d hope that you’ve chosen to invest in the NGRAVE ZERO, as we believe it is the most advanced and secure cold storage device on the market, but our advice can apply regardless of your preferred vendor. 

We will, however, highlight features that the ZERO offers that might not be available elsewhere, simply because we’ve followed what we believe is the best practice for offline storage in making it, and want to share our thinking.

Step 1 - Make sure your Cold Wallet hasn’t been tampered with

step-1-moving-funds-from-a-hot-to-a-cold-wallet-cold-wallet-with-a-verified-hardware-checkmark

The process of safely sending funds from a hot wallet to cold storage for the first time begins before you have even unboxed your new hardware device, by ensuring it hasn’t been tampered with.

This may seem like scaremongering, but not only are there cases of devices being tampered with, there are even examples of users being sent so-called ‘replacement’ devices, which have been doctored, in order to steal funds.

If you have purchased an NGRAVE ZERO there are three levels of tamper protection and a separate cryptographic attestation - a key, verified by NGRAVE, that must be entered by the user to prove the device’s authenticity:

  1. Tamper Proofing - The design of the device makes tampering practically impossible
  2. Tamper Evidence - If tampering is attempted it will become obvious
  3. Tamper Response - If someone tries to tamper the device will wipe itself

If you are interested in ZERO’s tamper protection, there is more detail in our article on how crypto hardware wallets work. It isn’t enough to check the seal hasn’t been broken on the package, as in some countries this can sometimes happen for legitimate reasons, depending on how postal security operates.

Step 2 - Device Set-Up & Storing Your Recovery Seed

step-2-moving-funds-from-a-hot-to-a-cold-wallet-cold-wallet-setup-with-fingerprint

It is natural with any new piece of technology to want to skim through the setup process, and just begin using it, with the vague intention of doing the full set-up, and a proper read of the instructions at a later date. 

The setup process for a crypto hardware wallet is so important that you cannot afford to do that.

When you use your hardware wallet for the first time the device will prompt you to set the appropriate language and set a standard access pin, similar to accessing your phone. 

Make sure to remember the pin, but avoid keeping a digital record of it (NGRAVE’s ZERO requires two-factor access and biometrics, which add extra security). Repeat failed attempts of your pinfall under the ‘emergency’ category for which you’ll need your recovery Seed, the critically important part of the set-up process that follows.

Should you lose your device, or it stops working safely, the recovery Seed is the fail-safe for accessing funds, so storing safely is of paramount importance. This is why the NGRAVE Academy dedicates a lot of attention to Seed Storage best practices

The most common approach is to write a Seed on a piece of paper, then find somewhere safe to store it, but as paper isn’t the most resilient material, the ZERO ships by default with a non-shreddable, water-resistant, Seed recovery sheet. 

This is still far from optimal, given how important your Seed is, so NGRAVE recommends using our GRAPHENE solution. It is a combination of two stainless steel plates and a punch pen, that will enable you to emboss what we call our Perfect Key, because of the additional efforts to ensure that it is randomly generated.

Whatever approach you decide to take to storing your recovery Seed, be aware that the security of any funds stored using the device will ultimately rely on how and where your Seed is stored.

Once you’ve established a safe way to store your recovery Seed it should only be needed in an emergency, or if you forget the standard access details required to access the device and companion software, which is the next step.

Step 3 - Downloading the companion software

step-3-moving-funds-from-a-hot-to-a-cold-wallet-a-security-shield-with-a-down-arrow-to-show-download-the-crypto-app-crypto-wallet-with-the-qr-code

A hardware wallet is purposely small and discrete, and not intended for extended online use as a dedicated interface/wallet dashboard. Though the ZERO features a large high pixel density colour LCD screen, it’s designed that way simply to make device set-up easier and to simply confirm transactions, which along with all-over wallet functions, take place via a connected companion software running on your mobile or computer.

You’ll need to download the appropriate companion software for your device now. Pay very close attention to downloading the genuine software, either by using the QR codes provided with the device for the Mobile App or for desktop by visiting the official website - double checking the URL and ensuring its security (look for the lock in the browser).

The companion software will allow personalisation, the most obvious being the language setting and fiat currency that you want your wallet balances to be displayed in.

Be aware that because using and updating your companion software requires you to be online, this may put your funds at risk. The NGRAVE ZERO has gone to great lengths to ensure Private Keys are never shared by using a companion software - LIQUID - that uses QR codes to share address details.

The ZERO is also manufactured to ensure that updates to the companion software cannot introduce malware to the device operating system. It is worth looking into how your device guards against infections during software updates.

Step 4 - Organising your wallet ready to receive funds

step-4-moving-funds-from-a-hot-to-a-cold-wallet-a-security-shield-with-a-down-arrow-to-show-download

Most crypto hardware wallets will support all popular coins as standard, you simply need to open the companion software and select the relevant coins you want to store on the device and confirm the addition. If your coin isn’t supported, you may need to follow manual steps.

Be careful to add the correct coin/network combination for the funds being sent, as many coins function across multiple distinct chains.

When you add coins, you may want to establish multiple accounts for certain coins, separating funds for trading, saving, family members or tax, depending on how active you are. 

We are going to assume this is the first time you are moving funds from an exchange, crypto banking provider or App, so will cover all steps from scratch. Depending on the service used, and their policy around withdrawals, this might take a little longer than expected. 

In order to move funds from your Hot Wallet to the safety of your Cold Storage device you need to find the destination address for the appropriate coin in your Cold Wallet - this is where funds are being sent.

If you are sending from a desktop Hot Wallet you’ll need to use the copy/paste function for the destination address (usually an icon next to it).

If you are sending from a mobile Hot Wallet you scan a QR code.

Once you’ve added the destination address to your Hot Wallet give it an appropriate label e.g NGRAVE hardware wallet.

If you are using the copy/paste approach take care, as it is easy to make an error. Never rely on manually typing the address. Given certain viruses try to target clipboard modules, run a full virus scan before making the transaction. 

Once you have added the destination address to your Hot Wallet, visually compare the first/last few characters to ensure it is correct, then save it.

This is the part that may take longer than expected because some Hot Wallet services enforce a 24-hour cooling-off period before a new withdrawal address can be used. It is a security feature, generally described as Whitelisting, ensuring that withdrawals only go to safe addresses, so plan ahead.

Subscribe To The NGRAVE Academy

Knowledge for all levels. Join our newsletter to receive the latest articles.

By signing up, you agree to receive our marketing offers following our Privacy Policy. You can unsubscribe at any time.

If/when you repeat the process of sending funds you should use a new address each time, as this is good security/privacy practice. Your Cold Wallet should create unique addresses automatically for you, and it won’t impact your account set-up because a wallet can generate an unlimited number of individual public addresses from something called an xPub key.

Those public addresses can be shared and considered as single-use destinations for funds, which will appear as one balance in your wallet, by reference to the xPub Key. 

Sharing your xPub key is inadvisable simply because it allows someone to know the value of all your funds, whereas a single address provides details of just one transaction. 

An xPub key is different to a Private Key, and cannot spend funds. It is available within your wallet settings and may be needed when, for example, you use an online service to calculate crypto taxes but otherwise should be rarely needed.

Step 5 - Moving Your Funds From Hot to Cold

step-5-moving-funds-from-a-hot-to-a-cold-wallet-a-security-shield-with-a-down-arrow-to-show-download

Once your withdrawal address is active you are ready to create a transaction to move funds from your Hot Wallet. Here are a few things to bear in mind when filling in the actual details of the transaction itself:

  • Make sure the address format is the same for the sending/destination address; Bitcoin has different formats for example related to Segwit.
  • Some coins such as XRP, XLM, EOS & Cosmos require a piece of information in addition to the address called a Tag or Memo. Make sure to copy this from your destination address.
  • Be aware of minimum withdrawal fees charged by the Hot Wallet as this determines the smallest amount that is economical to move.
  • If you are sending from a non-custodial wallet you’ll generally have three speed/cost options for Ethereum and Bitcoin. Make sure you have enough funds to cover the required transaction fee.

If you are moving a significant amount, and this is your first time moving off an exchange, it is good practice to make a small test transaction first. You will pay more in fees but it will at least reassure you that the funds aren’t being sent randomly into the ether.

Enter the required amount to withdraw, double-check all the details twice and then hit Send. You will likely be asked to confirm a further security step which may differ depending on how your Hot Wallet is set up, such as:

  • Input your password
  • Add a 2FA code
  • Click a link sent to the email address registered to your account

Once you have added the required security detail, your withdrawal will be in a pending state as the network validates the transaction. If this is your first time moving funds to Cold Storage you may feel a little nervous. The time it takes to reach the destination address will vary depending on various factors:

  • The Hot Wallet service
  • The coin being moved as block speeds vary, Bitcoin being the slowest
  • The level of fee you paid

If you want reassurance, there will be details available for the withdrawal which usually includes a link to a block explorer, which can show you how the blockchain is validating your transaction. 

If there isn’t a link, there should be a transaction ID which you can manually paste into a free block explorer, and visually confirm that your transaction is being confirmed.

Your destination Cold Wallet dashboard should also show you that a transaction is incoming, but pending full confirmation, at which point you can let out a sigh of relief. 

Once the transaction is fully confirmed, double check the amount is correct, accounting for the transaction fee, and then you can repeat the process or simply disconnect the device. 

Congratulations, you have successfully moved funds from your Hot Wallet to a Cold Wallet, and can now sit back and relax with the knowledge that they are safely offline and in your complete control.

logo-ngrave-perfect-key-hardware-wallet-cold-security2
Nuxttest the first end-to-end security solution to manage your crypto.
Nuxttest

nuxttest. Founded in 2018, NGRAVE is a digital asset security provider offering user-friendly maximum security solutions for blockchain and crypto use cases. Its flagship product — crypto hardware wallet “NGRAVE ZERO” — is the only financial product in the world that features the highest security certification: EAL7. NGRAVE is partnered with the world’s top tier in nano- and chip technology, cryptography and hardware security, and counts among its advisors several blockchain pioneers such as Jean-Jacques Quisquater, famous cryptography professor and second reference of the bitcoin paper.