Back to Wallet Guides
Advanced Technology

Air-Gapped Wallets Guide

Overview

Air-gapped wallets never connect to the internet or any other device via cable, Bluetooth, or WiFi. Transactions are signed offline and transferred via QR code or microSD card. This eliminates all remote attack vectors — even if an attacker compromises your computer, they cannot reach the signing device. Keystone, Foundation Passport, and COLDCARD are the leading air-gapped hardware wallets.

Security Features

Zero wireless connectivity: no USB data, no Bluetooth, no WiFi, no NFC, QR code transaction signing: scan unsigned TX → sign on device → scan signed TX back, MicroSD for firmware updates (verified with cryptographic signatures), Tamper-evident packaging and enclosure, Open-source firmware (Keystone, Foundation Passport, COLDCARD), Secure element for key storage (varies by device), Self-destruct PIN option (COLDCARD)

Pros & Cons

Pros: maximum security — immune to all remote and cable-based attacks, open-source (most models), true air gap (not just marketing), QR-based flow is auditable. Cons: slower transaction flow, QR scanning can be fiddly, firmware updates via microSD are less convenient, fewer supported assets than Ledger/Trezor, higher learning curve, premium pricing.

Setup Steps

1. Purchase from manufacturer directly. 2. Verify tamper-evident seals. 3. Power on with included batteries or USB power-only cable. 4. Generate seed phrase on the device (fully offline). 5. Back up seed phrase on paper and/or metal. 6. Install companion app on phone (Keystone uses MetaMask/Rabby, Passport uses Envoy). 7. Pair via QR code (no data connection). 8. To transact: create unsigned TX on phone → scan QR on device → sign → scan signed QR back → broadcast.

Best For

Maximum security users, Bitcoin-only hodlers, cypherpunks, anyone who distrusts USB/Bluetooth connections, large holdings requiring paranoid-level security

Tips & Recommendations

Air-gapped wallets represent the highest security tier available to individuals. The QR-based signing flow may seem inconvenient, but it's auditable — you can read the data in the QR code to verify exactly what you're signing. COLDCARD is the gold standard for Bitcoin-only users; Keystone offers the best multi-chain air-gapped experience.

Related Wallet Guides

MPC Wallets Guide

Multi-Party Computation (MPC) wallets split your private key into multiple encrypted shares distributed across separate parties or devices. No single party ever holds the complete key. Unlike multisig (which requires multiple signatures on-chain), MPC operates off-chain — the key shares combine cryptographically to produce a single valid signature. This makes MPC wallets chain-agnostic and gas-efficient while eliminating single points of failure.

Account Abstraction Wallets

Account Abstraction (ERC-4337) transforms Ethereum wallets from simple key-pair accounts into programmable smart contract wallets. This enables features impossible with traditional wallets: gas sponsorship (someone else pays gas), session keys (approve a dApp for limited time/amount), social recovery, batched transactions, and arbitrary validation logic. It's the biggest UX upgrade in Ethereum's history.