Hardware wallets are, without a doubt, the most secure way to store your crypto. Yet, at first, they can be rather confusing and I have certainly seen a lot of misconceptions around them in some posts. This guide is structured as a FAQ so you can jump to the sections of interest. Please do let me know of any feedback or further questions in the comments and I will be happy to update the guide.
# What’s a crypto wallet anyway?
A crypto wallet is essentially just a set of keys which identify you on the blockchain. The blockchain holds the ledger of all the transactions (entered by the miners or validators) hence it has at all times a record of where all the coins are. Thus, your wallet never really stores any coin. The coins are stored by the blockchain and your wallet simply contains the keys that let you prove the ownership of these coins. The wallet stores two types of keys:
**Public key:** this is the address you use to receive your crypto, it is publicly available and can be shared safely.
**Private key:** this is the key you need to use to prove ownership of the coins i.e. to sign transactions when you move your coins around or withdraw them from your wallet. It is generated from the seed phrase (usually 12 word or 24-words).
It is important to stress that, essentially, **the seed phrase IS the wallet**. This is because the seed phrase generates the private key which is the only way to prove ownership of the coins. Whoever learns this seed phrase can claim ownership of your portfolio and, on the contrary, if you forget this seed phrase you might end up locked out of your wallet forever.
# What are the different types of wallet ?
**Mobile/Desktop wallet:** there are many desktop or mobile softwares that act as crypto wallets (e.g. Exodus, Atomic, Trust, Metamask,…). Those wallets are referred to as hot wallet because they are constantly connected to the internet. Whilst these are certainly the most convenient, their major drawback is that **they are the most vulnerable to security threats**. This is because your private key is stored on the computer or mobile phone which can be targeted by a malware, sim hack, key logger,…
**Paper wallet:** a paper wallet is simply a piece of paper where your keys have been printed, along with a QR code to scan to authenticate transactions. This is considered secure because it is removed from the internet. The only way to ‘hack’ it is to steal the sheet of paper.
**Hardware wallet:** a hardware wallet is a device, specifically designed to hold your private keys. It is another example of ‘cold storage’ meaning that it does not connect to the internet. You only have to plug it to confirm transactions, the private keys never leave the device. It is the most secure way to store your crypto but more on that later.
# Why not simply leave my coins on the exchange ?
Leaving your coins on the exchange where you just bought them is easy and convenient but not the safest practice. When you create an account with an exchange, it creates a wallet on your behalf. This means that, when you leave your coins at the exchange, you entrust them with your private keys and as the saying goes **“not your keys, not your coins”**. Many exchanges have been hacked (e.g. Altsbit, Upbit, Mt. Gox to name just a few and even Binance in May 2019) and in that case, it is almost impossible to recover the stolen funds. In some cases, there is also the risk that a government ban would freeze cryptocurrency transactions preventing you from accessing your coins.
Having said that, some reputable exchanges, such as Coinbase, do invest a lot in their security and you need to consider whether you trust your own security measures more than theirs. Additionally, if you decide to store your crypto in your own wallet, you need to be confident that you will not lose your keys. It is estimated that **more than 20% of all the bitcoins have been lost forever**, mostly as a result of lost or forgotten keys.
All this needs to be taken into account when assessing your personal decision but, it is generally considered that, for significant sums and/or for long term storage, a hardware wallet is the safest route.
[In 2014, around 850,000 bitcoins were stolen from the exchange Mt. Gox](https://preview.redd.it/y1xvhfg75px61.png?width=644&format=png&auto=webp&s=1ca3ecea7eb47b7983ff14fa340aa2b543b63526)
# How does a hardware wallet work ? Why is it safe ?
A hardware wallet is designed to perform only a very limited set of tasks: it holds the private key and can be asked to confirm transaction using that key. It cannot connect to the internet and cannot prepare the transactions by itself. For this reason, it needs to be connected to a computer running a software, called a bridge, in order to prepare the transactions for the hardware wallet to sign. It is the safest way to store your crypto for several reasons:
* The operating system that runs the hardware wallet is extremely specific, unlike the one on a computer or a mobile phone. For this reason, it is immune to malware.
* It does not connect to the internet so it cannot be targeted by an attack.
* The private keys never leave the wallet so they are never exposed to a potential thief even if your computer has been compromised.
* Some hardware wallets use extra layers of security such as pin code, passphrase to protect against specific risks. See the next sections for more details.
# What if my hardware wallet is lost or stolen?
If you lose your hardware wallet, simply use your seed phrase in any type of wallet (new hardware device or software wallet). Your private key will be re-generated and you will regain access to your funds. Then, because this private key is now probably compromised, you want to buy a new hardware wallet, obtain a brand new seed phrase and transfer your crypto to this new wallet.
# What if my hardware wallet is broken?
Same answer as above. As long as you have the seed phrase, you can always recover the wallet.
# What if the manufacturer of my hardware wallet goes out of business?
Same answer as above again except that you would buy a hardware wallet from a different brand. Most manufacturers will share the same seed phrase technology, thus the private key can be re-generated in a wallet from a different brand or even in a software wallet if need be.
# Can hardware wallets be hacked ?
**Physically stolen device**
It is possible for a hacker to extract the private keys from a hardware wallet but only if the wallet is physically stolen first. If your device does get lost or stolen, it is more likely that you will be able to restore the wallet in a different application using the seed phrase and transfer the funds to a brand new wallet before your device falls in the hands of a hacker skilled enough to extract the keys.
**5$ wrench attack**
Another type of possible theft is the less refined so-called 5$ wrench attack. This is the case where someone, possibly armed with a wrench, physically threatens you until you release your seed phrase. Obviously, the best way to protect yourself against this kind of threat is not to talk about your crypto portfolio but hardware wallet can also help. Some hardware wallet allow you to choose a **passphrase** which acts like an extra word that you choose to add to your seed phrase. This way, a single wallet can hold a default portfolio (the one with no passphrase) and multiple hidden portfolios (one for each passphrase you choose). If you are forced to reveal your seed phrase under duress, you could give access to a decoy portfolio which holds a small amount of crypto without having to reveal your other portfolio since there is no way to know how many hidden portfolio have been included in the wallet.
# Watch out for hardware wallet scams
When you decide to acquire a hardware wallet, you need to be very careful to buy a device that has not been compromised. Indeed, a widespread scam when it comes to hardware wallets consists in selling devices that have been previously tampered with. To avoid that, it is highly recommended to buy your device directly from the manufacturer website such as [https://trezor.io](https://trezor.io) or [https://www.ledger.com](https://www.ledger.com) instead of going through third-party sellers such as Ebay. When you do receive your device, you need to make sure it is genuine and has not been tampered with, you follow the steps described [here for Trezor](https://blog.trezor.io/psa-non-genuine-trezor-devices-979b64e359a7) and [here for Ledger](https://support.ledger.com/hc/en-us/articles/360002481534-Check-if-device-is-genuine).
A notable type of scam is the case where you receive a wallet that has already been preconfigured i.e. the seed phrase is already printed on a sheet or even a scratch card that you receive along with the device. This is a scam where the scammer already knows your private key and would have control over any fund you transfer into the wallet. **The seed phrase should always be generated for the first time when you perform the initial set up of the device yourself.**
[A hardware wallet received with a pre-configured seed phrase is always a scam](https://preview.redd.it/bssnpbhn0px61.png?width=296&format=png&auto=webp&s=65b57ba2a75ab4f201be2fca1e269843a380a637)
# Which wallet should I buy?
So, you’re convinced, you need a hardware wallet, but which one should you get? Below is a comparison table of the most common hardware wallets so you can make an informed decision. They all have their pros and cons but the most important is that you can’t go wrong with any of them.
[Comparison table of the leading hardware wallets](https://preview.redd.it/cii501fxwox61.png?width=502&format=png&auto=webp&s=60129c5f8ec224220aa48c423e5d6bee11c1b602)
***Passphrase**: this is the feature that lets you create hidden wallets within the device.
***Pin code**: upon entering multiple incorrect pins, the device wipes itself such that the private keys are erased and can only be restored using the seed phrase.
[Trezor One and Model T](https://preview.redd.it/6sa2vq9x1px61.png?width=559&format=png&auto=webp&s=7c51beb1af81f2f52f3297707d812d059ef62423)
# I heard Ledger was hacked, what’s up with that?
In 2020, Ledger company customers information were stolen. The actual ledger devices were not compromised and no coin were directly stolen. However, customer informations, including over a million email addresses as well as 270k home addresses and phone number, were made publicly available by hackers. This led to widespread phishing attempts whereby ledger customers were asked to download a fake version of Ledger live and input their seed phrase. Moreover, home addresses and phone numbers in the hands of hackers also led to personalised email threats as well as potential sim swap attack which could be used to overcome two-factor authentication.
Consequently, even when using a hardware wallet, it is important to **follow best practice in terms of security**: ignore email scams, be on the lookout for phishing attempt, use authenticator app as 2FA, keep your seed phrase secure ideally in a rented safety box, …
[Ledger Nano X and S](https://preview.redd.it/2zdks68y1px61.png?width=386&format=png&auto=webp&s=045fb513f098cad9004ad9c3a1a7d5f9c529d366)
# I want to stake my coins, can I still store them on a hardware wallet?
**Ledger Nano X:**
* Polkadot (DOT): Ledger Live
* Cosmos (ATOM): Ledger Live
* Tezos (XTZ): Ledger Live
* Tron (TRX): Ledger Live
* Algorand (ALGO): Ledger Live
* Cardano (ADA): Yoroi, Adalite
* Harmony (ONE): Harmony One wallet
**Trezor model T:**
* Cardano (ADA): Yoroi, Adalite.
* Tezos (XTZ): Trezor wallet
A step-by-step guide to staking ADA from a hardware wallet can be found [here](https://www.reddit.com/r/CryptoCurrency/comments/n1p1ae/cardano_step_by_step_guide_to_staking_ada/?utm_source=share&utm_medium=web2x&context=3).
# Do I need to plug my wallet each time I receive coins or staking rewards ?
No. The private keys is not required to receive coins. The coins are sent to your public address and this transaction is recorded in the blockchain ledger. You will only need to plug the hardware wallet to prove ownership of the coins if you decide to spend them.
# Any other best practice tip I should be aware of when setting up my hardware wallet ?
The first time you set up your hardware wallet, it is important to **practice disaster recovery.** After a few years using your device, it will likely be lost or fail and you need to be confident that you can recover your wallet. Thus, after the initial set up and after you have copied your seed phrase, send a very small amount of crypto to the wallet and wipe the device clean with a hard factory reset. Then, re-initialise the device using the seed phrase to recover the wallet. This makes sure you have correctly copied the seed phrase and gives you confidence you will be able to deal with the loss or failure of the device in the future.