What Is an Air-Gapped Wallet?
Somewhere between a hardware wallet plugged into a laptop and a piece of paper locked in a drawer sits the air-gapped wallet — a device deliberately built to never touch a network at all.
The short answer
An air-gapped wallet is a device that generates and stores private keys without ever connecting to the internet, Bluetooth, or any other network — including the computer used to build or view a transaction. Instead of transmitting data over a connection, it moves information in and out using offline methods, most commonly by displaying and scanning QR codes, so the keys themselves never touch a networked device.
Why “air gap” is the right word
The term comes from physical security: an air gap is literally the empty space between a device and any network. A wallet is air-gapped when there is no possible data pathway — wired or wireless — between the device holding the private keys and any machine connected to the internet. This is a stricter standard than most self-custody wallets meet by default, since many hardware wallets do connect briefly, over USB or Bluetooth, to a computer or phone during a transaction.
How a transaction gets signed without a connection
The typical workflow uses two devices working together:
- An online device (a phone or computer) builds an unsigned transaction — specifying the amount and destination — but has no access to the private keys.
- The air-gapped device receives that unsigned transaction, usually via a QR code shown on the online device’s screen, or through a removable storage card.
- Signing happens offline, entirely on the air-gapped device, which never exposes the private key.
- The signed transaction is passed back to the online device, again via QR code or storage card, and only the online device broadcasts it to the network.
At no point do the private keys leave the offline device or touch anything with network access.
What this protects against
Air-gapping is specifically designed to defend against remote attacks: malware, keyloggers, and other software-based methods that rely on some network connection to reach a device’s keys. Because the signing device has no network hardware active — or in some designs, no network hardware at all — these attack methods simply have no path in. This is a meaningful upgrade over storing keys on an internet-connected computer, though it does nothing to protect against physical theft, loss of the device, or a compromised operator making an error while entering transaction details.
Where it fits among cold storage options
Air-gapped wallets are one form of cold storage, the broader category of key storage that stays offline by default. Other cold storage methods, like a hardware wallet that connects briefly during signing, offer more convenience but a slightly larger attack surface during that connection window. An air-gapped setup trades some of that convenience for the strongest practical separation between keys and any network, similar in spirit to keeping a public address and private key pair as far from any online system as possible.
What to weigh
Air-gapped wallets solve a specific problem — remote, network-based attacks on private keys — extremely well, but they don’t solve every problem in crypto security. Physical damage, loss, theft, and simple user error remain risks regardless of how a wallet is set up, which is why understanding what air-gapping does and doesn’t protect against matters more than treating it as a complete security solution on its own.