in

Hardware wallets explained

Hardware wallets are, without a doubt, the most secure way to store your crypto. Yet, at first, they can be rather confusing and I have certainly seen a lot of misconceptions around them in some posts. This guide is structured as a FAQ so you can jump to the sections of interest. Please do let me know of any feedback or further questions in the comments and I will be happy to update the guide.

# What’s a crypto wallet anyway?

A crypto wallet is essentially just a set of keys which identify you on the blockchain. The blockchain holds the ledger of all the transactions (entered by the miners or validators) hence it has at all times a record of where all the coins are. Thus, your wallet never really stores any coin. The coins are stored by the blockchain and your wallet simply contains the keys that let you prove the ownership of these coins. The wallet stores two types of keys:

**Public key:** this is the address you use to receive your crypto, it is publicly available and can be shared safely.

**Private key:** this is the key you need to use to prove ownership of the coins i.e. to sign transactions when you move your coins around or withdraw them from your wallet. It is generated from the seed phrase (usually 12 word or 24-words).

It is important to stress that, essentially, **the seed phrase IS the wallet**. This is because the seed phrase generates the private key which is the only way to prove ownership of the coins. Whoever learns this seed phrase can claim ownership of your portfolio and, on the contrary, if you forget this seed phrase you might end up locked out of your wallet forever.

​

https://preview.redd.it/cfd6b3hj3px61.png?width=326&format=png&auto=webp&s=c88211047277e47c1bed51e20908e47564209df0

# What are the different types of wallet ?

**Mobile/Desktop wallet:** there are many desktop or mobile softwares that act as crypto wallets (e.g. Exodus, Atomic, Trust, Metamask,…). Those wallets are referred to as hot wallet because they are constantly connected to the internet. Whilst these are certainly the most convenient, their major drawback is that **they are the most vulnerable to security threats**. This is because your private key is stored on the computer or mobile phone which can be targeted by a malware, sim hack, key logger,…

**Paper wallet:** a paper wallet is simply a piece of paper where your keys have been printed, along with a QR code to scan to authenticate transactions. This is considered secure because it is removed from the internet. The only way to ‘hack’ it is to steal the sheet of paper.

**Hardware wallet:** a hardware wallet is a device, specifically designed to hold your private keys. It is another example of ‘cold storage’ meaning that it does not connect to the internet. You only have to plug it to confirm transactions, the private keys never leave the device. It is the most secure way to store your crypto but more on that later.

# Why not simply leave my coins on the exchange ?

Leaving your coins on the exchange where you just bought them is easy and convenient but not the safest practice. When you create an account with an exchange, it creates a wallet on your behalf. This means that, when you leave your coins at the exchange, you entrust them with your private keys and as the saying goes **“not your keys, not your coins”**. Many exchanges have been hacked (e.g. Altsbit, Upbit, Mt. Gox to name just a few and even Binance in May 2019) and in that case, it is almost impossible to recover the stolen funds. In some cases, there is also the risk that a government ban would freeze cryptocurrency transactions preventing you from accessing your coins.

Having said that, some reputable exchanges, such as Coinbase, do invest a lot in their security and you need to consider whether you trust your own security measures more than theirs. Additionally, if you decide to store your crypto in your own wallet, you need to be confident that you will not lose your keys. It is estimated that **more than 20% of all the bitcoins have been lost forever**, mostly as a result of lost or forgotten keys.

All this needs to be taken into account when assessing your personal decision but, it is generally considered that, for significant sums and/or for long term storage, a hardware wallet is the safest route.

​

[In 2014, around 850,000 bitcoins were stolen from the exchange Mt. Gox](https://preview.redd.it/y1xvhfg75px61.png?width=644&format=png&auto=webp&s=1ca3ecea7eb47b7983ff14fa340aa2b543b63526)

# How does a hardware wallet work ? Why is it safe ?

A hardware wallet is designed to perform only a very limited set of tasks: it holds the private key and can be asked to confirm transaction using that key. It cannot connect to the internet and cannot prepare the transactions by itself. For this reason, it needs to be connected to a computer running a software, called a bridge, in order to prepare the transactions for the hardware wallet to sign. It is the safest way to store your crypto for several reasons:

* The operating system that runs the hardware wallet is extremely specific, unlike the one on a computer or a mobile phone. For this reason, it is immune to malware.
* It does not connect to the internet so it cannot be targeted by an attack.
* The private keys never leave the wallet so they are never exposed to a potential thief even if your computer has been compromised.
* Some hardware wallets use extra layers of security such as pin code, passphrase to protect against specific risks. See the next sections for more details.

# What if my hardware wallet is lost or stolen?

If you lose your hardware wallet, simply use your seed phrase in any type of wallet (new hardware device or software wallet). Your private key will be re-generated and you will regain access to your funds. Then, because this private key is now probably compromised, you want to buy a new hardware wallet, obtain a brand new seed phrase and transfer your crypto to this new wallet.

# What if my hardware wallet is broken?

Same answer as above. As long as you have the seed phrase, you can always recover the wallet.

# What if the manufacturer of my hardware wallet goes out of business?

Same answer as above again except that you would buy a hardware wallet from a different brand. Most manufacturers will share the same seed phrase technology, thus the private key can be re-generated in a wallet from a different brand or even in a software wallet if need be.

# Can hardware wallets be hacked ?

**Physically stolen device**

It is possible for a hacker to extract the private keys from a hardware wallet but only if the wallet is physically stolen first. If your device does get lost or stolen, it is more likely that you will be able to restore the wallet in a different application using the seed phrase and transfer the funds to a brand new wallet before your device falls in the hands of a hacker skilled enough to extract the keys.

**5$ wrench attack**

Another type of possible theft is the less refined so-called 5$ wrench attack. This is the case where someone, possibly armed with a wrench, physically threatens you until you release your seed phrase. Obviously, the best way to protect yourself against this kind of threat is not to talk about your crypto portfolio but hardware wallet can also help. Some hardware wallet allow you to choose a **passphrase** which acts like an extra word that you choose to add to your seed phrase. This way, a single wallet can hold a default portfolio (the one with no passphrase) and multiple hidden portfolios (one for each passphrase you choose). If you are forced to reveal your seed phrase under duress, you could give access to a decoy portfolio which holds a small amount of crypto without having to reveal your other portfolio since there is no way to know how many hidden portfolio have been included in the wallet.

​

https://preview.redd.it/rwnzyfyi0px61.png?width=454&format=png&auto=webp&s=f121f29b25cdefdb4779666002b4395faa6c21f9

# Watch out for hardware wallet scams

When you decide to acquire a hardware wallet, you need to be very careful to buy a device that has not been compromised. Indeed, a widespread scam when it comes to hardware wallets consists in selling devices that have been previously tampered with. To avoid that, it is highly recommended to buy your device directly from the manufacturer website such as [https://trezor.io](https://trezor.io) or [https://www.ledger.com](https://www.ledger.com) instead of going through third-party sellers such as Ebay. When you do receive your device, you need to make sure it is genuine and has not been tampered with, you follow the steps described [here for Trezor](https://blog.trezor.io/psa-non-genuine-trezor-devices-979b64e359a7) and [here for Ledger](https://support.ledger.com/hc/en-us/articles/360002481534-Check-if-device-is-genuine).

A notable type of scam is the case where you receive a wallet that has already been preconfigured i.e. the seed phrase is already printed on a sheet or even a scratch card that you receive along with the device. This is a scam where the scammer already knows your private key and would have control over any fund you transfer into the wallet. **The seed phrase should always be generated for the first time when you perform the initial set up of the device yourself.**

​

[A hardware wallet received with a pre-configured seed phrase is always a scam](https://preview.redd.it/bssnpbhn0px61.png?width=296&format=png&auto=webp&s=65b57ba2a75ab4f201be2fca1e269843a380a637)

# Which wallet should I buy?

So, you’re convinced, you need a hardware wallet, but which one should you get? Below is a comparison table of the most common hardware wallets so you can make an informed decision. They all have their pros and cons but the most important is that you can’t go wrong with any of them.

​

[Comparison table of the leading hardware wallets](https://preview.redd.it/cii501fxwox61.png?width=502&format=png&auto=webp&s=60129c5f8ec224220aa48c423e5d6bee11c1b602)

***Touchscreen:** this is an extra layer of security because it avoids having to type anything in the computer which is more vulnerable to security threats such as a key logger.

***Passphrase**: this is the feature that lets you create hidden wallets within the device.

***Pin code**: upon entering multiple incorrect pins, the device wipes itself such that the private keys are erased and can only be restored using the seed phrase.

​

[Trezor One and Model T](https://preview.redd.it/6sa2vq9x1px61.png?width=559&format=png&auto=webp&s=7c51beb1af81f2f52f3297707d812d059ef62423)

# I heard Ledger was hacked, what’s up with that?

In 2020, Ledger company customers information were stolen. The actual ledger devices were not compromised and no coin were directly stolen. However, customer informations, including over a million email addresses as well as 270k home addresses and phone number, were made publicly available by hackers. This led to widespread phishing attempts whereby ledger customers were asked to download a fake version of Ledger live and input their seed phrase. Moreover, home addresses and phone numbers in the hands of hackers also led to personalised email threats as well as potential sim swap attack which could be used to overcome two-factor authentication.

Consequently, even when using a hardware wallet, it is important to **follow best practice in terms of security**: ignore email scams, be on the lookout for phishing attempt, use authenticator app as 2FA, keep your seed phrase secure ideally in a rented safety box, …

​

[Ledger Nano X and S](https://preview.redd.it/2zdks68y1px61.png?width=386&format=png&auto=webp&s=045fb513f098cad9004ad9c3a1a7d5f9c529d366)

# I want to stake my coins, can I still store them on a hardware wallet?

Some coins can be staked directly from the hardware wallet allowing you to earn interest on your crypto in total security. This is the list at the time of writing so far as I am aware.

**Ledger Nano X:**

* Polkadot (DOT): Ledger Live
* Cosmos (ATOM): Ledger Live
* Tezos (XTZ): Ledger Live
* Tron (TRX): Ledger Live
* Algorand (ALGO): Ledger Live
* Cardano (ADA): Yoroi, Adalite
* Harmony (ONE): Harmony One wallet

**Trezor model T:**

* Cardano (ADA): Yoroi, Adalite.
* Tezos (XTZ): Trezor wallet

A step-by-step guide to staking ADA from a hardware wallet can be found [here](https://www.reddit.com/r/CryptoCurrency/comments/n1p1ae/cardano_step_by_step_guide_to_staking_ada/?utm_source=share&utm_medium=web2x&context=3).

# Do I need to plug my wallet each time I receive coins or staking rewards ?

No. The private keys is not required to receive coins. The coins are sent to your public address and this transaction is recorded in the blockchain ledger. You will only need to plug the hardware wallet to prove ownership of the coins if you decide to spend them.

# Any other best practice tip I should be aware of when setting up my hardware wallet ?

The first time you set up your hardware wallet, it is important to **practice disaster recovery.** After a few years using your device, it will likely be lost or fail and you need to be confident that you can recover your wallet. Thus, after the initial set up and after you have copied your seed phrase, send a very small amount of crypto to the wallet and wipe the device clean with a hard factory reset. Then, re-initialise the device using the seed phrase to recover the wallet. This makes sure you have correctly copied the seed phrase and gives you confidence you will be able to deal with the loss or failure of the device in the future.



View Reddit by brocko33View Source

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

32 Comments

  1. I read way too many posts of people buying off Amazon and then the wallet is missing or clearly tampered with or is just straight up fake. It’s too incredibly common and is extremely fucked up. Only buy straight from the Ledfer or Trezor websites and verify its the correct website and not a knockoff.

    Scammers are the scum of the earth

  2. This should be pinned somewhere for all the newcomers to see, it would help so many people out and contains everything they need to know to get started safely.

  3. Every time I see someone sharing something about hardware wallet, I’m inclined to remind everyone something they should do before using it at full capacity;

    Once you get the device, brand new or used-

    1. Reset the device.
    2. Get the seed phrases from the device, not from any papers you received it with.
    3. Write down the seed phrases.
    4. OK. It’s a working wallet. Transfer something small. 1XLM or something.
    5. **RESET** the device **AGAIN**.
    6. Now, enter the seed phrases you wrote to make sure it’s working.
    7. It works? Your 1XLM is there? OK. Great. That’s your seed phrases, and you can use your wallet at ease now.

  4. How does moving from an exchange into a hardware wallet effect the taxable status of the crypto in the US? Does it count as a taxable event and if I purchased it less than a year ago should I wait to move it so it moves into long-term status?

  5. That is fantastic piece of work.

    As a crypto support professional who writes this kind of thing regularly (and a former journalist) I can say the structure and layout is excellent.

    There is one minor inaccuracy that could stand correcting.

    *Mostly* exchanges use their own crypto accounts. The customer account on the exchange is an entirely separate thing.

    We had tickets all the time saying “I sent my crypto from the exchange five minutes ago. Where is it?”.

    When crypto is sent from an exchange to the user’s own account yet is actually just a request for the exchange to do the transaction on their behalf.

    The exchange just hasn’t gotten to that request yet.

    I’m sure there are exchanges who set up crypto accounts on the user’s behalf. I don’t know if any specifically.

    Great work again.

    I’ve always wanted to tackle an article on the succession issue. Would love to talk to you about that.

  6. So if I buy some Bitcoin on Coinbase for example, and then I transfer them to a hardware wallet, technically speaking the coins are still on the blockchain, but now on a different address that is linked to the keys? If I transfer them to another hardware wallet, then the blockchain address is also changed and to access that , I need a separate set of keys right?

  7. Great write up, thank you! I know you “can’t go wrong” with either the Ledger Nano X or the Trezor model T but me being the indecisive person I am, I’m not sure what to choose. Any suggestions or feedback on why you’d choose one over the other?

  8. paper wallets can be insecure if generated on a device with an internet connection, printed on a smart printer, or if the code was tampered to give private keys that the attacker keeps a copy of

    once the paper wallet has been scanned, or once its private keys were entered on an electronic device with an internet connection, the wallet is no longer considered offline, and the security does not get any better than a hot wallet

  9. Can you store every type of coin / tokens on hardware wallets? I have a lot of altcoins that are not listed on a CEX and is bought via Pancakeswap for example. Can you store them as well on a hardware wallet or only “established” coins?

  10. Great write up – been thinking about getting a hardware wallet (probably Ledger Nano S) soon but have a few questions over them really.

    * Lets say I buy the Nano S. It has limited space on it – and lets say I have different ERC20 coins/tokens. I can store several in the one wallet which shouldn’t take up too much space?
    * Will I still need to buy most coins/tokens on Binance/Coinbase/wherever or am I able to get the same selection on the Ledger Live app?
    * If I have to buy off a separate exchange still then transferring them over to a hardware wallet is only worth it if the fee is minimal? eg. It isn’t worth buying one to buy $100 and pay a fee of $20 to send the coin to the wallet. Would that be correct?

  11. What a great write-up, thank you. I asked a few weeks ago if crypto was still viewed as too “techy” for mainstream adoption, and even though I got blasted on here, I think this helps to illustrate what I mean.

    Even having read this, I still have a couple of questions (not to pile it on OP, feel free to jump in, anyone…)

    1) We say that the hardware wallet doesn’t ever connect to the internet, but the only way I can access what’s on it…is to get on the internet. I have to plug my wallet in and punch in a PIN to see my wallets or move my coins, all of which is (?) happening on the internet. So how is my stuff still not vulnerable when SOMEHOW there has to be some connection between my device and the internet.

    2) Regarding the seed phrases, I’m understanding now that your private key can be regenerated from your seed phrase (I guess it’s just a hash?), but is that specific to this type of device? If I have a Ledger, and I need to recover my stuff, can I only use that seed phrase on a new Ledger?

  12. I’m actually interested in how many people use hardware wallets, software wallets or just let their coins at the exchange. I mean with high-standard brokers like coinbase you should still be fine?

  13. Airgap.IT is an open source app that turns old phones into offline qr code based hardware wallets and you can even stake on it.

    I downloaded it because I can’t justify a ledger etc for the small amounts of crypto I hold and just wanted to see how a hardware wallet worked in practice.

    Initially I thought it was a budget option but now I see it as a different approach, that has some pros and cons, that just happens to be free but also has great customer service.

    I seem to have become a bit of a shill for it but for anyone thinking about a hardware wallet but on the fence about costs, data security etc it’s worth considering.

  14. Maybe I’m being petty, but if you’re going to make yet another post about hardware wallets at least try to get the facts right.

    – Public key != Address, it’s created using a one-way hashing function from the public key. In fact, the same public key can have different addresses, but you cannot get the public key from an address.
    – A very important part of hardware wallets is them having some hardware TRNG which is able generate as random numbers as any hardware possibly can. You can have all the air gapped wallets you want, but if your key is wack it’s easy to crack.
    – I wouldn’t say there’s any hardware that’s immune to hacks, but hardware wallets certainly are more specialized and secure than your average computer.

  15. Also when you buy a ledger be careful, if you get a scratch card with the seed phrase, throw it away as for hardware wallets seed phrases are generated when u first time open it.

Loading…

0

What do you think?

DogeCoin (DOGE) Enters the Top-5 Crypto List With New All-Time High of $0.42

Dogecoin Sets Another ATH and Looks Set to Flip BNB For the 3rd Spot

Polars DeFi announces Beta Release Testing Program

Polars DeFi announces Beta Release Testing Program