When it comes to cryptocurrency, good storage is of paramount importance. The crypto world is dangerous – malicious actors are everywhere, and they have an abundance of strategies to steal users’ funds. Establishing a strategy for protecting your coins should be your utmost priority.
You have a range of storage options available to you, each with its own security and usability trade-offs. Most likely, newcomers will stick to exchanges. These platforms provide many with their first exposure to cryptocurrency and allow users to store their funds in an online wallet. But the user is not technically in control of their coins. If the exchange is hacked or taken offline, they may not be able to recover their funds.
Users might not see a need to move their cryptocurrency off of the exchange. They may lack the skills to do so, or even view custodial solutions as more secure. After all, self-custody can result in loss of funds if the user makes a mistake.
The thought of taking control of your cryptocurrency yourself may be daunting. But from a security perspective, hardware wallets are unmatched. In this article, we’ll explain what they are, how they work, and why you should be using one.
Your private key is your passport to a cryptocurrency’s ecosystem. In many ways, it’s just like a real-life key – with this information you can unlock your funds to spend them. If someone else gets their hands on it, they can steal your cryptocurrency. If you lose the key, you lose access to your coins – there is no forgot password button in a decentralized environment. Nor is there a bank that you can call to reverse fraudulent transactions.
The bottom line is that private keys must be kept secret and secure. They’re incredibly valuable to cryptocurrency users. Unsurprisingly, hackers and scammers are constantly trying to steal them – making use of phishing techniques or malware to part users with their coins.
Storing your keys is straightforward – they’re just strings of numbers and letters. They can be written down on paper and stored in a safe. To use the keys to move funds, however, they need to be on a device that creates proof that you can spend your coins.
Hardware wallets are devices specially designed to securely store private keys. They’re considered safer than desktop or smartphone wallets, mainly because they don’t connect to the Internet at any point. These properties significantly reduce the attack vectors available to malicious parties, as it means that they can’t tamper with the device remotely.
A good hardware wallet ensures that private keys never leave the device. They’re normally held in a special place in the device that doesn’t allow them to be removed.
Since hardware wallets are offline at all times, they must be used alongside another machine. Because of the way they’re built, they can be plugged into infected PCs or smartphones without any risk of the private key leaking. From there, they interact with software that allows the user to view their balance or make a transaction.
Once the user creates a transaction, they send it to the hardware wallet (1 in the diagram below). Note that the transaction is still incomplete: it needs to be signed by the private key in the device. Users confirm that the amount and address are correct when prompted on the hardware device. At that point, it is signed and sent back to the software (2), which broadcasts it to the cryptocurrency’s network (3).
Wallets that store private keys on internet-connected computers or smartphones leave users’ funds vulnerable to a wide range of attacks. Malware can detect crypto-related activity on these devices and drain the users’ funds.
A hardware wallet is like an impenetrable vault with a small slot. When the user wants to create a transaction that the network will accept, they push it through the slot. Imagine that, on the other side of the slot, an elf performs some cryptographic magic that signs the transaction. The elf will never leave the vault – there’s no door, and it can’t fit through the slot. All it can do is receive the transactions, and push them back out.
Even if someone manages to get ahold of your hardware wallet, you’ll have additional protection in the form of a PIN code. Devices will often reset if the incorrect combination is entered a certain amount of times.
Funds that aren’t actively being used – those that aren’t being spent, staked, lent, or traded – should be kept in cold storage. A hardware wallet provides a convenient means of achieving this for users, even those with limited technical knowledge.
Hardware wallets must be backed up in case of loss, theft, or destruction. When initializing, the user will often be prompted to record their seed phrase – a list of words that can be used to recover funds on a new device. This gives anyone the ability to spend their coins, so it should be treated as any valuable would. It’s recommended that users write these down on paper (or etch them into metal) and keep them in a private and safe location.
Hardware wallets, like other forms of storage, come with their own trade-offs. While they’re one of the most secure mediums for holding coins, there are still some limitations. They strike a balance between security and usability. Smartphone/software wallets are convenient, whereas hardware wallets can be cumbersome to operate (given that two devices must be used to actually send funds).
Still, hardware wallets are not entirely foolproof. A physical threat against a user might compel them to unlock a wallet for the attacker, but there are also other vectors. Skilled malicious parties may be able to exploit the device if they gain physical access to it.
To date, though, no successful hack has retrieved the private keys from a hardware device in a real-world scenario. When vulnerabilities are reported, manufacturers are generally quick to patch them. That's not to say they're impossible – researchers have demonstrated attacks against even the most popular wallets.
Supply chain attacks can also be effective in undermining the security of a hardware wallet device. These occur when the bad actor acquires a wallet before it’s delivered to the user. From there, they can tamper with it to weaken security and steal funds after the user has deposited coins.
Another limitation is that hardware wallets involve taking custody into your own hands. Many consider this an advantage as no third party is responsible for managing your funds. But this also means that if anything goes wrong, there is no recourse.
The limitations of hardware wallets don’t outweigh their advantages. As storage solutions go, it's difficult to match the security of hardware wallets with other methods. There's simply no substitute for cold storage, which eliminates a great deal of risk from the self-custody of funds.
When seeking out a hardware wallet, users should educate themselves on the range of options available to them. There are a number of devices on the market, each with its own features, supported cryptocurrencies, and learning curve.