Air-Gapped Wallets Guide
Overview
Air-gapped wallets never connect to the internet or any other device via cable, Bluetooth, or WiFi. Transactions are signed offline and transferred via QR code or microSD card. This eliminates all remote attack vectors — even if an attacker compromises your computer, they cannot reach the signing device. Keystone, Foundation Passport, and COLDCARD are the leading air-gapped hardware wallets.
Security Features
Zero wireless connectivity: no USB data, no Bluetooth, no WiFi, no NFC, QR code transaction signing: scan unsigned TX → sign on device → scan signed TX back, MicroSD for firmware updates (verified with cryptographic signatures), Tamper-evident packaging and enclosure, Open-source firmware (Keystone, Foundation Passport, COLDCARD), Secure element for key storage (varies by device), Self-destruct PIN option (COLDCARD)
Pros & Cons
Pros: maximum security — immune to all remote and cable-based attacks, open-source (most models), true air gap (not just marketing), QR-based flow is auditable. Cons: slower transaction flow, QR scanning can be fiddly, firmware updates via microSD are less convenient, fewer supported assets than Ledger/Trezor, higher learning curve, premium pricing.
Setup Steps
1. Purchase from manufacturer directly. 2. Verify tamper-evident seals. 3. Power on with included batteries or USB power-only cable. 4. Generate seed phrase on the device (fully offline). 5. Back up seed phrase on paper and/or metal. 6. Install companion app on phone (Keystone uses MetaMask/Rabby, Passport uses Envoy). 7. Pair via QR code (no data connection). 8. To transact: create unsigned TX on phone → scan QR on device → sign → scan signed QR back → broadcast.
Best For
Maximum security users, Bitcoin-only hodlers, cypherpunks, anyone who distrusts USB/Bluetooth connections, large holdings requiring paranoid-level security
Tips & Recommendations
Air-gapped wallets represent the highest security tier available to individuals. The QR-based signing flow may seem inconvenient, but it's auditable — you can read the data in the QR code to verify exactly what you're signing. COLDCARD is the gold standard for Bitcoin-only users; Keystone offers the best multi-chain air-gapped experience.
Related Wallet Guides
MPC Wallets Guide
Multi-Party Computation (MPC) wallets split your private key into multiple encrypted shares distributed across separate parties or devices. No single party ever holds the complete key. Unlike multisig (which requires multiple signatures on-chain), MPC operates off-chain — the key shares combine cryptographically to produce a single valid signature. This makes MPC wallets chain-agnostic and gas-efficient while eliminating single points of failure.
Account Abstraction Wallets
Account Abstraction (ERC-4337) transforms Ethereum wallets from simple key-pair accounts into programmable smart contract wallets. This enables features impossible with traditional wallets: gas sponsorship (someone else pays gas), session keys (approve a dApp for limited time/amount), social recovery, batched transactions, and arbitrary validation logic. It's the biggest UX upgrade in Ethereum's history.