The term "cold storage" implies that the keys to your cryptocurrency are completely isolated from the internet. But when you plug a USB hardware wallet into an internet-connected computer to make a transaction, is it still "cold"?
Yes, but with nuances.
Standard hardware wallets (like the Ledger Nano S Plus or Trezor Safe 3) are technically "warm" while plugged in. The secure chip inside the device acts as a firewall. The computer sends the transaction details in, the device mathematically signs it using the offline keys, and sends the signed approval back out. The private key never travels across the wire.
For 99% of users, this USB-firewall architecture is incredibly secure and effectively acts as cold storage.
True Air-Gapped Cold Storage For users requiring absolute paranoia-level security, true "air-gapped" wallets exist. These devices (like the NGRAVE ZERO, Keystone, or Ellipal) have no USB port for data transfer, no Bluetooth, and no WiFi.
To make a transaction, the companion app on your phone generates a QR code containing the transaction data. You scan that code with the hardware wallet's camera. The wallet signs the transaction offline and generates a new QR code. You then scan that code with your phone to broadcast it.
Data transfers visually via light, meaning it is mathematically impossible for malware to jump from the internet to the device.