On this page
Hot-wallet staking on Solana means stake-account transactions are signed by a software wallet like Phantom or Solflare running on a connected device; cold-wallet staking means those transactions are signed by a hardware wallet like Ledger, with the private key never leaving the device. Both produce identical on-chain stake accounts — the difference is entirely in how the staker's private key is stored and how transactions are signed.
Rewards accrue identically in both cases because rewards are computed by the protocol and paid to the stake account itself, not to the signing wallet.
What signing actually does
A staker holds a Solana wallet keypair. That keypair owns SOL and authorizes stake operations: creating a stake account, delegating to a validator's vote account (see the vote vs. identity entry), deactivating the stake, and withdrawing SOL after deactivation.
Each of these operations is a transaction signed by the wallet's keypair. The protocol verifies the signature against the stake account's authorized staker (which is the wallet's pubkey, by default). Where the keypair lives — in a hot wallet's encrypted local storage or on a hardware device — determines who can sign.
Hot wallet (Phantom, Solflare, Backpack): the private key is stored encrypted on the device running the wallet (browser extension, mobile app). The wallet decrypts it in memory when signing. A device compromise (malware, browser exploit, remote access) can in principle extract the key, especially if the wallet is unlocked or the device is rooted.
Cold wallet (Ledger, Keystone, other hardware signers): the private key never leaves the hardware device. The wallet software constructs a transaction and sends the unsigned bytes to the hardware device; the device displays the transaction details on its screen, the user physically confirms with a button press, and the device returns a signature. The key cannot be extracted by software running on the host.
Rewards mechanics are identical
Staking rewards accrue to the stake account at the end of each epoch, regardless of wallet type. The rewards are added to the stake account's balance automatically by the protocol; no signing operation is required to "claim" them. A staker who delegates from a Ledger and then never connects the Ledger again still earns full rewards each epoch — the cold-wallet device is required only for state-changing transactions (delegate, deactivate, withdraw), not for reward accrual.
This is structurally different from networks like Ethereum (pre-pooled-staking) where reward claiming was a separate signed action. On Solana, the reward is the stake account's balance growing.
The rebalancing trade-off
The practical trade-off is custody strength versus friction on stake changes:
Cold-wallet staking is stronger custody. A device compromise on the host computer cannot move staked SOL — the attacker would need physical access to the hardware device and its PIN to sign a deactivation or withdrawal. For staking positions held over multi-month or multi-year horizons, this is the security model that the wallet vendors and most staking guides recommend.
Cold-wallet staking has higher friction on rebalancing. Changing the validator a stake account is delegated to requires a deactivation transaction, a ~2-day deactivation period (see the epoch entry), and then a re-delegation transaction — each requiring the hardware device. A staker who rebalances frequently (chasing skip-rate changes, commission changes, MEV economics) pays this friction every time.
For most stakers, the calculus is dominated by the security side: a multi-year delegation does not need frequent rebalancing, and the protection against device compromise is structural. For active stakers who do rebalance, hot-wallet convenience may be acceptable if the device is well-isolated and the position is sized appropriately.
Staking pool tokens are different
A staker holding an LST (see the LST entry) — mSOL, jitoSOL, or bSOL — is not in the same custody situation as native delegation. The LST is an SPL token in the staker's wallet; the staker's keypair authorizes any transfer of the LST. A compromised hot wallet can transfer LSTs as easily as any SPL token. There is no deactivation period to slow an attacker.
For LST holders, the hot-vs-cold question reduces to standard SPL-token wallet hygiene rather than a staking-specific consideration. Native stake accounts retain the 2-day deactivation period as a structural protection that LSTs do not have.
What the validator sees
From the validator's perspective, there is no observable difference between stake delegated from a hot wallet and stake delegated from a cold wallet. Both produce identical stake accounts; the wallet type is not recorded on-chain. A validator cannot distinguish these stakers, and validator operators have no role in the staker's custody choice.
Sources
- Ledger Solana staking guide — cold-wallet staking procedure
- Phantom staking documentation — hot-wallet staking procedure
- Solana stake program documentation — stake-account authority model
- Solflare hardware-wallet integration documentation — Ledger flow on Solflare
Custody model cited: protocol stake-account authority semantics, epoch 971, 2026-05-15. The model is protocol-level and stable; wallet vendor implementations evolve but do not change the underlying signing model.