The following table shows who typically uses each option, how easy it is to operate, the general security profile (assuming correct setup and operational hygiene), and representative examples. The list is not exhaustive and is intended as a quick orientation before diving into detailed guides.
| Category | Typical users | Ease | Security | Examples |
|---|---|---|---|---|
| On-chain / Web | Everyday use, newcomers | High | Medium | OISY, NNS dapp*, Stoic, NFID |
| Mobile | Frequent on-the-go | High | Medium | Plug, AstroX ME, AirGap, Trust Wallet, Klever, Bity |
| Browser extension / Desktop | DeFi users, desktop-first | High | Medium | Plug (ext), Bitfinity, MetaMask (MSQ), Trust Wallet, Primevault* |
| Hardware / Cold / Air-gapped | Long-term holders, security-focused | Low–Medium | High | Ledger hardware*, Quill*, AirGap, Tangem |
| Institutional custody | Funds, companies, treasuries | High | High (operational) | ARCHIP, BitGo, Ceffu, Cobo, Coinbase, Copper*, Cordial Systems, DFNS, Primevault*, Sygnum*, Taurus*, Zodia |
Options marked with (*) facilitate ICP token staking. Depending on the solution, staking may be non-custodial (you retain full control of neurons) or managed (the custodian operates neurons on your behalf). Security reflects the typical risk profile assuming correct usage. Hot wallets trade some security for convenience; cold and institutional solutions prioritize protection over ease of use. Examples may include wallets, interfaces, or custody providers depending on category.
Quick Chooser
Use this guide to select the custody option that suits you best.
Custody options with staking
Do you want to participate in ICP governance or stake via the NNS?
Yes: I want full control
- Use the NNS dapp (Web) — the canonical way to create/manage neurons, vote, and handle staking directly in your browser, or
- Advanced/offline:
- Ledger hardware + NNS dapp — sign on hardware and manage neurons in the NNS dapp.
- Quill (offline CLI) — create and manage neurons, vote, and perform ledger actions with fully offline signing workflows, then broadcast from an online machine.
- Seed + air-gapped machine — combine with Quill for end-to-end offline staking and governance operations.
Yes: I prefer managed operations
- Use an institutional custodian that supports ICP staking. Confirm availability and operating model (e.g., policy controls, approvals, reporting). Examples: BitGo, Copper, Primevault, Taurus, Sygnum.
Custody options without staking
Do you want to hold ICP tokens but don't plan to stake?
Yes: prefer someone else to hold the keys
- Choose institutional custody (audits, contractual safeguards, SLAs).
- If you instead want an exchange account (CEX) for trading convenience rather than long-term custody, see:
Yes: prefer self-custody with maximum ease
The most convenient path is a web/on-chain wallet. Popular choices are OISY (no install) and the NNS dapp.
- Fast setup; minimal maintenance.
- Good for everyday balances and newcomers.
- Check required features (e.g., SNS support, multisig, token standards) before committing.
Yes: prefer self-custody with maximum control
For tighter control and a smaller software attack surface, use hardware/cold workflows such as Ledger (with Ledger Wallet for management interface) or seed + air-gapped machines (with Quill to sign ledger transactions offline).
- Highest control; greatest responsibility for backups and recovery.
- Best for large/long-term holdings.
- Practice recovery and small test runs before moving significant funds.
Risk & best practices
- Backups: Store seeds/recovery materials across two or more physically separate, offline locations.
- Phishing hygiene: Bookmark official URLs (e.g., NNS dapp); verify certificates and domain spelling.
- Device health: Keep firmware up-to-date (hardware wallets) and maintain clean OS/app environments (hot wallets).
- Least privilege: Use hotkeys / separate accounts for daily use; keep cold storage isolated.
- Change control: For teams/treasuries, enforce multi-approver or MPC policies where available.
- Test first: Do small transfers and dry-runs of recovery before high-value actions.