Hi,
so yesterday I stumbled over Kraken's Security Practices:
https://www.kraken.com/security/practicesThey claim:
All new deposits go directly to cold wallets that is, wallets that are completely isolated from any online system.
How do they do that? I would do it like this:
Generate a pool of cold wallets and store the private keys on a offline computer. Then generate all addresses and move them savely (via usb)
to the main backend. When a user now creates a deposit address it is one from the cold wallet generated addresses.
Is that correct?
A limited number of coins are stored in semi-cold wallets on protected machines with locked drives.
What is a semi-cold wallet?