// GLOSSARY -- BLOCKCHAIN & CRYPTO FUNDAMENTALS

What is a Hot Wallet?

1 min read Updated

A hot wallet is a cryptocurrency wallet whose private keys are stored on an internet-connected device, enabling instant transaction signing and execution but exposing the keys to online attack vectors.

WHY IT MATTERS

Every AI agent wallet is inherently a hot wallet. Agents need to sign and submit transactions programmatically, which requires the private key to be accessible to software running on internet-connected infrastructure. There's no 'cold' option for autonomous operations.

This creates a fundamental security challenge. Hot wallets are convenient but vulnerable — malware, server compromises, insider access, and API exploits can all expose keys. Exchanges and services have lost billions through hot wallet compromises.

The traditional mitigation is minimizing hot wallet balances — keeping most funds in cold storage and only loading what's needed for operations. For agents, this means funding wallets with just enough for planned operations rather than maintaining large balances.

HOW POLICYLAYER USES THIS

Agent wallets are hot by nature — PolicyLayer adds the control layer that hot wallets lack. Per-transaction limits, rolling budgets, and recipient whitelists ensure that even if a hot wallet key is compromised, the damage is bounded.

FREQUENTLY ASKED QUESTIONS

Are all agent wallets hot wallets?
Functionally, yes. Agents need to sign transactions without human intervention, which requires online key access. MPC and TEE solutions reduce the attack surface but the signing capability is still online.
How much should be kept in an agent's hot wallet?
Only what's needed for planned operations — ideally a small multiple of the daily spending limit. Larger reserves should stay in a separate, more secured wallet and fund the agent wallet as needed.
What's the difference between a hot wallet and a warm wallet?
A warm wallet is a middle ground — keys are online but require additional authorization (multisig, time delays) for transactions. Some agent architectures use warm wallet patterns with policy-based authorization.

FURTHER READING

Enforce policies on every tool call

Intercept is the open-source MCP proxy that enforces YAML policies on AI agent tool calls. No code changes needed.

npx -y @policylayer/intercept
github.com/policylayer/intercept →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.