Crypto hardware wallets
Updated: 14.8.2022
Hardware wallets (also called cold wallets) are devices that offer the most secure and user-friendly way to store digital assets.
Digital assets are cryptocurrencies, tokens and virtual collectibles or non- fungible tokens (NFTs).
Hardware wallets store the above mentioned assets by creating a "secret", a unique and random private key, independently from the operating systems of our computers, phones and never disclose this secret to any device they communicate with.
In the past, when wallets were just files on computers (e.g. wallet.dat), we have seen digital assets being lost and stolen. Hardware wallets have been developed in order to offer higher security with the same ease of use.
Hardware wallets are the material link between people and digital assets.
Why hardware wallets and not exchanges or mobile wallets?
Sovereign use of funds
Coins on exchanges are not secured (to a limited extend) as we know it in the banking world. There are many known cases of crypto exchanges collapsing and funds being stolen from exchanges and online wallets. The same as money in a bank account is not ours, but managed by the bank on our behalf, the coins on crypto exchanges or online wallets are not entirely ours as well.
In recent years, we have seen that even governments in developed and supposedly democratic countries (Canada, the US, EU countries, Russia) can seize or block funds on stock exchanges, banks or investment funds. Users are simply left without the possibility to have access to them.
Therefore, when managing digital assets, especially bitcoin, the saying "Not your keys, not your coins", should be understood as "The coins are yours as long as you control the keys to the coins.", should apply.
If we want to have our coins actually under our management, exchanges and crypto banks are not the answer.
Hardware wallets and a bit of know-how are the most convenient solution to sovereignly manage our own funds.
Online, mobile or "hot" wallets
Mobile wallets (or other online wallets) do not prevent the risk of hacking through operating systems or the bankruptcy of the wallet provider. Therefore, wallets (mobile or online) that display private keys on the screen of a phone or computer cannot be considered trustworthy.
Hardware wallets are dedicated devices that serve only one purpose - to isolate private digital keys from all other devices and operating systems, and are therefore much more secure than online wallets.
What do hardware wallets offer us?
Hardware wallets are devices that offer us two things:
The first is the secure creation and storage of private keys that give us access to cryptocurrencies.
The second is to securely sign transactions on the device's own, secure screen.
These tasks are simple, that is why these devices can be so minimalistic from a hardware and software point of view. Computers or phones that host large-scale operating systems and applications are much less secure because, despite all the possible protection, they are at higher risk of being hacked.
There are alternative ways of securing private keys but they are either too expensive, complex or not secure enough, and thus inappropriate for most users.
To make it easier to manage digital assets on a hardware wallet, we can use apps on a computer or phone, as long as these apps "talk" to the hardware wallet and use it to store private keys and to sign transactions. Such apps may be bundled with the hardware wallet by the manufacturer or may be independently developed and supported by hardware wallets.
What features should a hardware wallet have?
The main features are security and user-friendliness. The ideal is a user-friendly interface, where we always know what we are doing, and bulletproof security. We have not yet seen such a product, but there are some good models that are continuing to improve. The features listed below do not by themselves guarantee the ideal, but in their combination they come close:
-
Friendly interface
The programming interface needs to be simple and easy to understand, which is proving to be extremely difficult as there is still relatively little knowledge about bitcoin and other cryptocurrencies among general public. The more understandable the interface is to a less savvy user, the better.
-
Ease of use
"Complexity is the enemy of security." What we want is a wallet that is so easy to use that it makes it almost impossible to do anything that would lead to a loss of funds. This applies to software as well as physical design of the device. Language localisation will play an increasingly important role as eventually even users who are not so skilled and less proficient in a foreign language will start to use them.
-
Good display
The bigger it is, the better and clearer we can see what we are signing. Legibility is also related to the resolution and contrast of the screen. Wallets without screens are not addressed here and are strongly discouraged.
-
Open Source
Software code and/or the architecture of the hardware should be open source and thus verifiable by anyone. As the code on wallets is relatively minimal, it is usually subjected to multiple examinations, including attacks, and therefore more flaws are fixed sooner than in "closed-source" solutions. Open-source solution providers often offer a reward for fixing bugs, i.e. they encourage hackers to crack their code. It is expected that on such equipment there is less chance of the manufacturer using malicious software code that would allow it to seize users' assets. We would be less keen to use solutions that are certified, where we have to trust someone who, usually in return for money(!), tests the product and issues a certificate to the manufacturer.
-
Security features
A secure element can be a chip that is designed to protect data at the hardware level. It is not necessary, but in some cases it makes the device more secure. We want encrypted communication between the wallet and the computer, regardless of the type of connection (USB, Bluetooth, NFC, QR codes, etc.).
-
Privacy
We want the wallet to be simple to connect to our own node or to the node (full-node) of a provider we trust more than the manufacturer. A Bitcoin node is relatively easy to set up at home, but this is not the case for all alternative blockchains. It is preffered that the wallet supports connection via more secure networks such as Tor.
-
Mobility
We would like to be able to use it on multiple operating systems; on computers and on mobile phones.
-
Making a backup copy, including analogue
All hardware wallets are electronic devices. Even SD cards, on which some wallets make copies, are electronic devices or microcomputers with a limited lifetime. Therefore, we expect that hardware wallets will also be able to make analogue backup copies, which on a suitable medium (e.g. metal) can survive strong impacts, high heat, acids, liquids, etc.
-
Compatibility between different manufacturers
We expect that backup in the form of words, phrases, QR codes, etc., is compatible across multiple manufacturers. Some manufacturers of wallets, hardware, software or mobile, comply with certain recommendations (such as BIP or SLIP), others do not. Compatibility allows easy change of a wallet (and thus of a manufacturer) without loss of funds. We don't want to one day come across a wallet in a safe whose manufacturer has disappeared and we can no longer use it.
-
Different coins, platforms supported
This is often the most sought-after feature, although perhaps not so important in the rapidly evolving crypto asset ecosystem. Bitcoin? Altcoin? NFT? DeFi? Web3? What does supporting all possible standards and emerging forms of digital assets mean for the manufacturer, the security of the device and the user?
Is it more secure to have a device that protects one currency perfectly (preferably Bitcoin), or one that offers everything possible?
Time will tell, but let's see what is available on the market.
Market overview
The market for hardware wallets is on the rise. We have detected over 70 manufacturers and more than 110 models of hardware wallets that have made it to at least a prototype product. Far fewer are for sale and even fewer are vetted and used on a daily basis. The first HWWs were made in Europe and we still produce most of the recommended ones here.
Note: All models described here have been tested at our own expense, without payment, knowledge or support from the manufacturers.
Purchase: Is buying directly from the manufacturer really the safest?
Among "experts" and also by some manufacturers it is considered that buying HWW directly from the manufacturer is the safest option. This is done in order to prevent the possibility of intermediaries or dealers replacing the devices with counterfeits on the way from the factory to the user, or otherwise deceiving the user and subsequently stealing the funds.
Time has shown that this has been a very rare practice of selling through various adverts, online marketplaces (yes, even Amazon's) rather than through established dealers. We did not detect any counterfeiting or fraud during the survey, not even on social networks. Better wallets offer firmware authentication and the fear of replacing or changing hardware is unnecessary. We need to pay attention to the packaging and, above all, to the condition of the product. This also applies to the purchase of second-hand wallets, which is generally discouraged.
Unfortunately, we also have to recognise that Ledger, the French manufacturer, suffered the greatest mass loss of personal data when, in 2020, several hundred thousand names, addresses and telephone numbers of customers of its devices were stolen. There have been several reports on social networks of unwanted calls and even physical attacks on people on these lists.
With the professionalisation of retail chains and the emergence of hardware wallets in physical stores, we believe that the safest way to buy one is in person in a store without any registration or submission of personal data. In this way, we do not disclose our purchase and personal data to the manufacturer, the shipping companies and, for the most part, even to the retailer. At the same time, we receive an invoice and with it the manufacturer's full warranty and support.
Risks: Which risks the HWW cannot mitigate?
-
From oneself
If we don't keep our passwords and archive copies securely, or if we forget them or even share them online, there is no help. Most losses of digital assets from private hands are probably due to the loss of wallet passwords and/or archival copies.
-
Robbers, thieves
If we are physically attacked and someone confiscates all our data and hardware, the chances of them stealing everything are very high.
-
Inheritance
Inheritance is easy, but only if we properly hand over the hardware and all accessible data to the right people.
Same as goes in the Bitcoin world "don't trust, verify" or "don't believe, verify", the best things for hardware wallets are those that can be verified by the user or are independently verifiable. We therefore emphasise the open source features of each model and recommend that you choose in this way.