A cold wallet for a crypto exchanger isn't a security trend — it's what keeps the business alive when a server gets compromised. If every dollar of client reserves sits in one hot wallet, a single leaked API key can wipe out the business in an evening. Here's a practical breakdown: how to split reserves across hot, cold and multisig wallets, how much to keep on hand, and the mistakes exchanger owners make most often.
Hot, cold and multisig wallets: what each one actually does
A hot wallet is the exchanger's till — funds sit there around the clock and move out automatically through the API. A cold wallet is the safe in the back room, with keys that never touch the internet. A multisig wallet is that same safe, except it takes two people with two separate keys to open it.
Each format has one job. The hot wallet buys speed. The cold wallet stops a server breach from becoming a total reserve breach. Multisig stops any single employee from walking out with the funds alone.
Why keeping everything in one wallet backfires
Picture an exchanger holding 50 BTC in a single hot wallet wired to auto-payouts. A phishing email, a cloned login page, and the operator types the keys straight into it. Forty minutes later the wallet is empty and the business is done.
Split the reserves and the story changes: an attacker only reaches whatever sat in the hot wallet at the moment of the breach. The rest stays in cold storage, out of reach without physical access and a second signature.
How much should sit in the hot wallet
There's no universal number, but exchanger practice points to a rough range: 5-15% of daily turnover in the hot wallet usually covers peak-hour payouts without delays. The rest can safely sit offline.
- Higher payout volume and speed requirements push that share up.
- Higher reputational or legal exposure from a theft pushes it down.
- Overnight and on weekends, when load is lower, part of the reserve can be moved into cold storage manually.
Multisig: when it pays off and when it's overkill
Multisig solves one specific problem — one person with full access. With two or three partners and a reserve in the hundreds of thousands, a 2-of-3 setup makes sense: no single partner can move funds alone.
For a solo operator running a few thousand dollars a day, multisig usually adds friction instead of value — every confirmation waits on a second key, and that second key sometimes sits with the same person on a different device. A hardware cold wallet with a clear access procedure solves the same problem more simply and more cheaply.
A pre-launch checklist for choosing a wallet
Before wiring a wallet into production, it's worth running down a short list — it saves far more time than it costs upfront.
- Does it support every network and token the exchanger actually needs, not just BTC and ETH.
- Is there an API for auto-payouts with configurable limits and confirmation rules.
- Does it work with hardware keys like Ledger or Trezor for the cold leg of the setup.
- Does it log transactions and alert on withdrawals above a set limit.
- Is there a clear seed-phrase recovery procedure if a device is lost.
What a wallet can't fix
Even the best wallet doesn't replace internal policy. Multisig won't help if both keys sit in the same safe. Cold storage won't help if the access procedure lives in one employee's head — an employee who eventually takes a vacation, or leaves.
A wallet is a tool. Discipline around using it matters just as much as the technology itself.
Conclusion
Splitting reserves across hot, cold and — where it makes sense — multisig storage isn't bureaucracy. It's insurance against one compromised key. For an exchanger planning to stay in business past one season, it's one of the cheapest investments in staying that way.
A ready-made way to launch and protect exchanger reserves is iEXWallet, a proprietary wallet with no middleman fee.



