Online wallets are also known as hot wallets. Hot wallets are wallets that run on internet-connected devices like computers, phones, or tablets. This can create vulnerability because these wallets generate the private keys to your coins on these internet-connected devices. While a hot wallet can be very convenient in the way you are able to access and make transactions with your assets quickly, storing your private key on an internet-connected device makes it more susceptible to a hack.
This may sound far-fetched, but people who are not using enough security when using these hot wallets can have their funds stolen. This is not an infrequent occurrence, and it can happen in a number of ways. For example, boasting on a public forum such as Reddit about how much bitcoin you hold while you are using little to no security and storing it in a hot wallet would not be wise. That said, these wallets can be made secure so long as precautions are taken. Strong passwords, two-factor authentication, and safe internet browsing should be considered minimum requirements.
These wallets are best used for small amounts of cryptocurrency or cryptocurrency that you are actively trading on an exchange. You could liken a hot wallet to a checking account. Conventional financial wisdom would say to hold only spending money in a checking account while the bulk of your money is in savings accounts or other investment accounts. The same could be said for hot wallets. Hot wallets encompass mobile, desktop, web, and exchange account custody wallets.
As mentioned previously, exchange wallets are custodial accounts provided by the exchange. The user of this wallet type is not the holder of the private key to the cryptocurrency that is held in this wallet. If an event were to occur wherein the exchange is hacked or your account becomes compromised, your funds would be lost. The phrase “not your key, not your coin” is heavily repeated within cryptocurrency forums and communities.