Overview

Fireblocks Cold Wallet allows you to meet your regulator or insurer's strictest policies by signing crypto transactions using keys that are always held offline in cold storage.

Fireblocks delivers the most secure cold storage solution in the industry:

• Secure MPC implementation prevents any device from being a single point of failure.
• Cold Wallet devices are air-gapped and completely disconnected from the internet and any other device. No operations require physical connections.

To ensure ease of use and speed of operations despite the device being offline, Fireblocks' solution consists of:

• A single round of communication between the Cold Wallet device and the other online co-signers using MPC-CMP implementation. The user submits a transaction on the Fireblocks Console, signs it with the Cold Wallet device, and sends the signed transaction back.
• Fireblocks Cold Wallet mobile app communicates with Fireblocks Console using a QR Animation.

Comparing hot and cold workspaces

Definitions of cold storage and hot storage can differ. Here are some Fireblocks-related terms to help differentiate between the types of storage available:

• Hot workspace usually refers to a workspace where transactions may be initiated and signed automatically using an online connection. For example, a retail workspace with an API user connected to an API Co-Signer machine where the end-user triggers a transaction that is signed automatically would be considered a hot workspace.
• Warm workspace usually refers to a workspace where the key shares are still online and transactions may be approved and signed manually by a user in your Fireblocks workspace with the Fireblocks mobile app. These are identified as warm workspaces throughout this article.
• Cold workspace usually refers to a workspace that holds most of the customer’s assets and has stricter security procedures, including a workspace-specific Transaction Authorization Policy (TAP). Transactions are signed using offline, air-gapped devices.

For the highest security and operational efficiency, Fireblocks recommends using multiple workspaces with a combination of hot and cold wallets. Some recommended best practices are:

• Maintain cold and hot workspaces where about 90% of all funds are held in Cold Wallet-managed vault accounts and the remaining 10% is held in hot wallet-managed vault accounts.
• Use online signing for day-to-day operations. Use Cold Wallet for operations that do not require frequent interaction such as investments and staking.
• Use Cold Wallet for operations that require careful review before approval, such as transfers above a specific amount or between specific counterparties.

How it works

1. The Fireblocks Console has a dedicated offline signing panel that shows pending transactions and other requests that require a Cold Wallet device. Selecting a pending transaction displays a QR animation with the relevant data encoded.
2. Use the Fireblocks Cold Wallet app on the Cold Wallet device to scan the QR animation.
3. Confirm transaction signing using the Fireblocks Cold Wallet app.
4. The Fireblocks Cold Wallet app creates a QR animation that includes the transaction and signature data.
5. Scan the Fireblocks Cold Wallet app QR animation using your computer to complete the signature.

For detailed steps, authorization policy information, and a demo video, see Signing Transactions Using Your Cold Wallet Device.

Workspaces

Workspaces are designated as either Cold Wallet or Hot Wallet before creating them. Customers only receive a Cold Wallet workspace if their contract specifically includes it.

If you choose to use a combination of workspaces, you can switch between your Hot and Cold Wallet workspaces on the Fireblocks Console without signing out by selecting Switch Workspace from the avatar menu.

The most efficient way to transfer assets between Hot and Cold Wallet workspaces is by using the Fireblocks Network.

Device requirements

Cold Wallet devices

All Cold Wallet transactions are signed using Cold Wallet devices. A Cold Wallet device is a dedicated iOS device (iPhone or iPad) running the Fireblocks Cold Wallet mobile app. Biometrics and a PIN code are used to verify every operation. The device is supervised and set to Single App Mode to ensure that Fireblocks Cold Wallet is the only app that can be accessed. This device is never connected to any network.

The requirements for new devices for the Fireblocks Cold Wallet app are:

• Any of the following devices running iOS or iPadOS 14.0 and later:
  • iPhone SE (3rd generation)
  • iPhone 13, 13 Pro, 13 Pro Max, 13 mini
  • iPhone 14, 14 Plus
  • iPhone 15, 15 Plus
  • iPhone 16, 16 Plus
  • iPad 10th generation
  • iPad Pro 6th generation
  • iPad Air 5th generation
  • iPad mini 6th generation
• The device must have biometrics (TouchID or FaceID) set up.
• Use a new, unopened, factory-unlocked device to ensure no third-party software exists on the device.
• Make sure that these new iOS devices are not purchased via Apple Device Enrollment Program (DEP) and are not pre-enrolled with any MDM program.

By comparison, the Fireblocks mobile app runs on iOS or Android devices and can be used for both Hot Wallet workspaces and approving Cold Wallet workspace changes such as Transaction Authorization Policy (TAP) updates, or new external connections. Only Non-Signing-Admin and Approver user roles require the standard Fireblocks mobile app in Cold Wallet workspaces. Learn more about Cold Wallet user roles.

Mobile device management (MDM) restrictions

The Fireblocks Cold Wallet mobile app cannot be installed on iOS devices that are managed by MDM software or bought using Apple’s device enrollment program (DEP). This is due to Apple’s implementation details of their Apple Configurator Mac application, which blocks devices from being configured as "supervised" when also connected to MDM software.

Mac provisioning devices

To provision Cold Wallet devices, a Mac provisioning device is required. Fireblocks recommends dedicating a Mac computer for the sole purpose of supervising the Cold Wallet devices. The Mac provisioning device must have Apple Configurator 2 installed. A Lightning cable is required to configure Cold Wallet devices. More than one Mac computer may be used, with each controlling a different group of Cold Wallet devices.

• Any Apple computer with macOS 10.15.6 or later
• Apple Configurator 2 or later installed
• A Lightning cable to connect the Cold Wallet devices 
• Internet connectivity

Fireblocks web console

The Fireblocks Console is required to provision signing devices and to scan pending Cold Wallet transactions. For Cold Wallet workspaces, the Fireblocks Console requires a Windows or MacOS computer with a webcam to scan QR animations from the Fireblocks Cold Wallet mobile app.

User Roles

To learn about the differences between user roles and their privileges, and which roles require a Cold Wallet device, see Cold Wallet - User Roles.

Recovery process

The backup and recovery process for workspace keys in a cold workspace differs in several ways from a warm workspace.

Soft recovery

There is no soft recovery process comparable to a warm workspace. However, provisioning redundant Cold Wallet signing devices and storing them in a safe and secure location separate from other Cold Wallet devices is recommended.

Hard recovery

Unlike in a warm wallet, once an Owner or Signer's Cold Wallet device is provisioned, the phone is locked and its passphrase cannot be reset. Therefore, you must make sure that during the initial device setup, you document the Owner and any Signer passphrases and keep them safe and secure for future recovery purposes.