Cold vs. Hot vs. Warm Wallets: Structuring Liquidity

Retail stores have a Cash Register (Hot), a Back Office Safe (Warm), and a Bank Vault (Cold). Crypto is no different. If you keep all funds in Cold, you are paralyzed. If Hot, you are vulnerable. Tiered Liquidity solves this.

Allocation: 80-90%. Defined by Air Gaps. Private keys never touch the internet. Provider: QC (Coinbase Prime) or Air-Gapped Multi-Sig. Policy: Whitelisting Mandatory. Only send to Warm Wallet.

Allocation: 5-10%. Connected to internet but requires Human Consensus (Multi-Sig). Provider: Safe. Policy: 2-of-3 signatures. Depth: 1.5x Monthly OpEx. Acts as a buffer against attackers.

Allocation: <1%. Keys are online (API). Provider: Scripted Wallet/Exchange. Policy: Treat as Burnable. Use for Gas Fees or Automated Payouts. Risk: Critical.

Liquidity flows like water: easy down, hard up. Downstream: Cold -> Warm -> Hot. Upstream: Auto-Sweep Hot to Warm. drill: Weekly Controller review.

Rule: Never connect Tier 1 to Tier 3 directly. Example: Sending from Cold to Exchange. Bad Path: Cold -> Exchange. Good Path: Cold -> Warm -> Exchange. Warm wallet verifies destination.

Common failure: Having USDT but no ETH for gas. Policy: Every wallet holds 50 tx worth of native tokens. Monitoring: Use Tenderly/Defender to alert on low gas.

If Hot Wallet is compromised: 1. Detect. 2. Isolate (Pause Warm Wallet funding). 3. Assess (Max loss 1%). 4. Recovery (Rotate keys). Tiering limits blast radius.

In Security, friction is good. It should be hard to move $10M. Hot = Zero Friction. Cold = High Friction. Don't bypass your own brakes.