Air-Gapped Wallet
A wallet on a device that physically has no network interfaces — no Wi-Fi, Bluetooth, USB data lanes. Transactions are signed via QR codes or SD cards, so the private key never reaches an online machine.
Aliases: air gap, offline signer, qr-signer
An air-gapped wallet lives on a device fully cut off from any network — no Wi-Fi, Bluetooth, NFC, USB data exchange. A transaction is built on the online device, transferred to the air-gapped one via QR code or SD card, signed there, and shuttled back for broadcast.
Why an air gap
A standard hardware wallet (Ledger/Trezor) talks over USB. If the host USB stack or the wallet firmware has an RCE bug, in theory it can be exploited. An air gap closes that vector: a QR code is read visually and cannot execute anything malicious.
Implementations
- Keystone (formerly Cobo Vault) — flagship air-gapped device using QR.
- AirGap Vault — open-source app on an old phone with SIM/Wi-Fi disabled.
- Coldcard — Bitcoin-only, exchanges PSBTs via SD card.
- DIY — a dedicated laptop with no NIC running an offline TON signer.
TON workflow
- The online wallet (Tonkeeper, MyTonWallet) builds an unsigned transaction and encodes it as a QR.
- The air-gapped device scans the QR, displays the details, asks for confirmation.
- After confirmation it signs and displays the signed QR.
- The online device captures the signed QR and broadcasts.
Pros and cons
| Aspect | Air-gapped | Standard hardware |
|---|---|---|
| RCE protection | yes | partial |
| USB-boundary bug protection | yes | no |
| Signing speed | slower (QR/SD) | faster (USB) |
| Price | higher | mid |
Related terms
- cold-storage
- hardware-wallet
- multisig-threshold — air-gapped + multisig is the gold standard for treasury custody