Hardware wallets go through a lot of love and hate in the Bitcoin and larger cryptocurrency world in general.
Some people love them and wouldn’t use anything else, and others think it’s a waste of money, time, and a hassle. Not to mention, if someone knows you carry one, they can just take your crypto and be done with it.
Is it really that simple? Keep reading to find out why a hardware wallet might be right for you.
What Do Hardware Wallets Store?
Contrary to conventional wisdom, cryptocurrency hardware wallets don’t store cryptocurrency on the wallet itself. Cryptocurrency is all on the blockchain network at all times but is inaccessible without a private key.
There are some distinct advantages that hardware wallets have, like:
- Private keys stored in a microcontroller
- Usually impossible to transfer keys in plaintext
- Immune to computer viruses
- Private keys never touch vulnerable software
- Usually open-source software
That private key is more valuable than anything else you “own” in the cryptocurrency world. There are more powerful reasons to consider a hardware wallet, but let’s not get ahead of ourselves.
If you lose it or the hardware wallet becomes damaged somehow, you’ll need bitcoin recovery services. It’s not always a sure bet, but it can work in a pinch — if you have enough information get it working.
All the features that make hardware wallets so appealing as a security feature for your crypto are also the features that make it difficult to manage in the event of loss or damage.
For that reason, take warning. It’s extremely secure but comes with its own set of drawbacks. More on that later.
What Is a Hardware Wallet and What Options Do You Have?
Hardware wallets have a good track record. It’s difficult to find any incidence of a hardware wallet being brute-force hacked. But that doesn’t mean it’s impossible for security to fail in some other way.
The recovery services we mentioned earlier often depend on knowledge of a seed phrase. A seed phrase is 12 words in a specific order from a bank of words, used as a backup key to access your private key.
They have two major flaws:
- If someone else knows or steals your seed phrase, you have lost exclusive access to your money
- If you forget the seed phrase, or it’s lost or destroyed, you have lost access to your money
Other access methods involve biometrics like fingerprints, multisig, and even a secondary blockchain. Most involve a kind of PIN and even an optional passphrase.
They have a wonderful array of useful features as well. Due to verifying through different means, you can use it to confirm transactions on a blockchain. In the future, you may even use them in informational blockchains as a kind of digital ID or certificate.
Regardless, today they protect your private keys and allow you to “sign” transactions. The general way hardware wallets function is:
- Plug the wallet into another device
- Unlock the wallet with a PIN
- Create a transaction
- Confirm the transaction on the wallet
Each wallet has a slightly different way of confirming and unlocking.
Crypto storage and crypto hardware wallets are just about as difficult a concept and subject as cryptocurrency itself. Before we get to different wallet makers and designs, though, let’s consider what a “hot wallet” and a “cold wallet” are.
Hot Wallets vs Cold Wallets
In its most basic form, hot wallets are wallets connected to the outside world — they’re online. Cold wallets, or wallets in “cold storage”, are wallets that are disconnected from the internet.
Hot wallets are considered more at-risk of hacking because someone can chip away at the security protocols layer by layer given time, access, and a lot of computational power. If they already have some information, like what your seed phrase is, it becomes a lot easier.
Cold wallets only interact at the time of transaction and most have the transaction go through inside the wallet, not the device they’re plugged into. That is, they are verified within the wallet itself.
Still, these cold wallets must at some point plug into another device or communicate somehow. At that point of contact they’re vulnerable.
Hot wallets are much easier and convenient devices to use, but lose the advantage of security since they’re almost always connected to the internet. These kinds of wallets are either apps or other software installed on your device.
Hot wallets often have the role of a wallet for day-to-day transactions. That said, there aren’t going to be substantial vaults of wealth on these kinds of wallets. The return on the investment of trying to hack a hot wallet just isn’t there.
A basic hot wallet stores the private key in one location.
A multisig wallet will have more than one person or device that has a private key. It then takes, generally, one other signer to confirm the transfer.
The multipart computation or MPC method of hot wallet distributes a private key between 2-5 participants. You need every person to add their part of a private key for it to work.
While the MPC-based hot wallet is indeed a stronger solution, it’s not completely immune to attacks.
No matter the solution, hot or cold, wallets are at risk. Most people tend to use cold wallets as a vault, and then transfer working money to a hot wallet. Some even go a step further.
There are also wallets which are cold storage wallets that never go “hot”. These kinds of wallets are said to be “air-gapped” wallets. Air-gapped devices are particularly difficult to crack into, but it still isn’t impossible.
Researcher and technowizard Dr. Mordechai Guri has been testing how to leak bitcoin private keys from all kinds of devices that are thought to be completely closed off. Even electromagnetic signals inside of a faraday cage have been received using his methods.
One particularly nasty method of exfiltration is using a device to create ultrasonic vibrations which a nearby phone will pick up and turn into usable data. That being your private key.
However, most hardware wallets, especially air-gapped ones, are not a Raspberry-Pi and are made specifically to guard against all kinds of terrible attempts. Even if they were, the level of sophistication and coordination to crack an air-gapped device would necessitate a highly organized attack.
How the Wallets Work Together
Air-gapped devices are generally believed to be the highest level of storage system for funds. It’s also almost always the slowest, too. For this reason, air-gapped devices hold private keys to the largest store of funds.
Next, cold wallets are quicker for authorizing large transfers with the private key. Hot wallets are often only a working fund because of the on-demand nature and ease of it.
If you need a real-world analog, imagine a Cayman island or Swiss bank account that stores money secretly and is totally off the grid. This is similar to an air-gapped device. You wouldn’t use it to buy milk at the store, or anything for that matter.
Instead, you would send funds to another account you own, keeping the funds active for large purchases or investments. Still, you don’t want to expose this account to being drained by using the card at a gas station or ATM.
For this, you have an account for day-to-day purchases that you fill with money whenever necessary. Because it never has much in it, if it’s compromised you have nothing to worry about. You can simply ditch it and create another with minor inconvenience.
Notes About the Risks of Hardware Wallets
While the hardware wallets themselves are quite secure in almost every instance, buying a hardware wallet does open you up to privacy breaches, such as Ledger’s security breach in 2020. In the end, it may not have actually been Ledger’s fault, but rather Shopify, a vendor used in selling over 200,000 of the wallets.
The greatest danger, though, is an event where you share your secret PIN or phrase with someone who has your wallet. Why would you do such a thing?
As awful as it is, a hardware wallet is much like jewels or gold. It’s made to be portable, but shouldn’t be flashed around. Instead of trying to hack the device, there have been people who received a beating until they give up their passwords.
That said, the risk of this is less than 6% when compared with other forms of wallet attacks. Even with security breaches, all companies have learned from this breach and are now taking steps far beyond privacy laws like the GDPR.
To be quite fair, if you have enough money that someone would ransom you for your money, you should treat your hardware wallets like other valuable assets.
You should keep air-gapped large funds in a safe place like a safety-deposit box in a bank or private vault. If you keep enough in a cold-storage device on your person in the orders of tens of thousands or millions of dollars worth, you probably should hire a bodyguard.
Hot wallets are not as important if they’re used correctly. But you should still put biometric and other security protocols like two-factor identification (2FA) on your phone apps or other hot wallet devices, if possible.
The Wide World of Crypto Hardware Wallets
There are a variety of hardware wallet form factors, from a chip on a USB connector, a cell-phone-looking air-gapped device, or a credit-card-looking NFC device.
The different device connections that are common look something like this:
- SD card
- Dedicated air-gapped device with HSM (Hardware Security Module)
There are different methods for the last item, such as taking a picture of a QR code generated from an app. The device then creates a QR code of its own if the transaction is accepted. You then take a picture of that with your app.
If you’re thinking you could just use a phone as an air-gapped device or emergency cold-storage wallet, we don’t recommend it for a variety of reasons.
What do we recommend?
The Best Hardware Wallets Today
The wallet manufacturing and developing companies Trezor and Ledger are world leaders in hardware wallets right now. They aren’t alone, however, with others developing new hardware wallets every day.
The most credible and respected company, especially since the steps taken since last year’s breach, is Ledger.
They have two tried-and-true devices like Ledger Nano S, and Nano X. These are shaped like a normal USB drive but have a list of features a mile long. It’s no wonder that Ledger devices are widely considered the best.
For business solutions and institutional use, they even have introduced Ledger Vault.
Trezor is the original Bitcoin hardware wallet manufacturer with clout, legitimacy, and respect. They claim that even if a PC is infected with a virus, the Trezor device will remain clean. You can use the device with PCs and Android devices.
The PIN system is quite unique, with failure giving a time delay. Every time the PIN is attempted and failed, the time to wait before trying again is doubled. 30 wrong guesses equal about 17 years of waiting.
Like Ledger, Trezor has a 24-word seed phrase generation with a true hardware random number generator, unlike many algorithm-based hot wallets.
Trezor One is their most popular offering. They also have the Trezor Model T, which is an updated hardware model to the Trezor One.
Some other notable companies and devices to watch are:
- ELLIPAL Titan Cold Wallet
- Cobo Vault Air-Gapped
Each of these wallets is unique and some may be a cold wallet or air-gapped.
Your Complete Guide to Hardware Wallets
We’ve said it before and we’ll say it again: Hardware wallets are about as complex as the technology they are trying to keep secure. They are not fail-proof or unhackable, but they come pretty close.
The success of your hardware wallet depends on your strategy for keeping your private key safe, as well as your wallet.
Use common sense with storing bitcoin. Just because it’s offline doesn’t mean it isn’t accessible to a criminal. Make sure to keep the most important thing safe — yourself.
As always Future With Tech brings you the best ideas in technology, software and more. Did you learn something new? Just wait until you browse the rest of our articles!