Imagine your best friend told you they had just sent a significant wire transfer to a complete stranger who will hold onto their money until they need it again.
Maybe they moved a truckload of valuable family heirlooms to a storage space in an unfamiliar part of town, but didn't put a lock on the unit.
Or perhaps, they just bought a really cool safe and engraved the lock combination on the front of it, so they wouldn't need to worry about the troublesome rigmarole of actually remembering the code.
As a good friend, it would be your duty to tell them why any one of the above is a bad, bad idea, each of which represents a fatal flaw in security principles:
These security principles don't change just because assets exist digitally rather than physically.
In fact, principles of individual sovereignty over funds led to the very creation of blockchain technology and cryptocurrency.
Whether it's used for digital cash or cutting-edge video game assets, one of the most compelling aspects of blockchain's value proposition is that it gives us direct personal custody over our assets, with no need to rely on third parties like banks.
In blockchain, you can be your own bank, just by maintaining control over your public and private keys.
Yet, many people choose to directly ignore or bypass this benefit, leaving control of their crypto funds and blockchain assets to third-party services and exchanges.
Sadly, hacks and thefts happen, costing users millions in stolen funds (see: Mt. Gox, over 850,000 BTC stolen; Coincheck, over 500M NEM stolen; and Quadriga CX, $190M in cash and crypto stolen from Canada's largest exchange—to name a few).
“Not your keys, not your coins.”
― ancient blockchain proverb
By maintaining control of your private keys, you can eliminate the risk of getting your funds stolen like the unlucky victims of the aforementioned hacks.
And if you want to keep your keys safe, there are few better ways to do it than with a hardware wallet.
So.... what are hardware wallets, how do they work, and what are the pros/cons of using them? We've put together a helpful guide to explain all of this and more.
If any of the terms in this article are confusing, here are some plain English translations. Click each definition to expand for a more detailed explanation.
Public Key: A long alphanumeric string that serves as your "address" on the blockchain where your crypto can be stored and sent from. Think of a Public Key like your bank account number.
Private Key: A very long alphanumeric string linked to your Public Key that acts like a password for your blockchain address and is required for transactions. Signing into your address and sending transactions from it will require your private key to confirm your ownership of the address. This "signing" action is usually confirmed on hardware or mobile wallets through use of a proxy action linked to your account (e.g., inputting a password or pressing down a specific button on your hardware wallet device). Think of a Private Key like the card and PIN code required interact with your bank account at an ATM.
BIP32/BIP39/BIP44: Different encryption standards (or derivation paths) that use a specific means of encrypting/converting your random alphanumeric public and private keys into a set of 12 or 24 "seed words."Also known as a "mnemonic phrase," the seeds are generated from a list of 2,048 or 4,096 common words—too many possible combinations to brute-force hack. Some derivation paths, like BIP39, can include the addition of an extra word to the seed phrase, acting as an additional password. This makes storing or remembering your private key safer, and importing your wallet into new devices or interfaces easier.
Hierarchical Deterministic/HD: If a wallet is Hierarchical Deterministic, then it has the ability to generate many different blockchain addresses (aka public keys) from a single private key/list of seed words. Some HD wallets will change your receiving address on every transaction (especially common for Bitcoin), but previous addresses will still work, and all funds will be accessed via the private key from the same wallet interface/device.
Hot Wallet/Hot Storage: A wallet or storage being "hot" means it is connected to the internet (including the private key required to sign transactions). This generally also means hot wallets are more convenient to interact with, since there are fewer intermediary steps, but they're not as safe as cold storage due to this exposure. When cryptocurrency exchanges get hacked, it's from hot wallets.
Cold Wallet/Cold Storage: Cold wallets/storage never expose the private keys to the internet, making it impossible for hackers to gain control of them. Thus, only the wallet's owner is able to transact from anything in cold storage. Hardware wallets are the most common example of cold storage.
Hardware wallets are physical devices designed to keep your private keys isolated and offline on the device itself. Remember, private keys essentially act as your address' password, allowing you to transact from it on the blockchain.
It's important to keep in mind that—as is the case whenever you hear the word "wallet" in a cryptocurrency context—a hardware wallet is not a wallet in the traditional physical sense.
Cryptocurrency wallets don't store your funds on the device or wallet app. Rather, they store the public and private keys related to your blockchain address and provide an interface for you to interact with the funds held there.
Instead of having to manually input the private keys at the heart of blockchain cryptography on every transaction, wallets help to automate that process.
Hardware wallets come in all shapes and sizes, with a variety of inputs ranging from USBs to Bluetooth and cameras. While some look like an innocent flash drive, others seem to scream "look at me, I'm a hardware wallet!"
Some hardware wallets allow storage of a broad range of cryptocurrencies and tokens, while others are limited to Big Daddy BTC.
In most cases, they need to interact with a separate device (e.g., laptop, PC, mobile phone, tablet) before any cryptocurrency can be sent, effectively acting as a two-factor authentication (2FA) device.
One common characteristic that all hardware wallets do share is that they're designed to provide ultimate security for your funds by keeping private keys safely hidden away in cold storage.
At their core, hardware wallets empower everyone, regardless of their technical knowledge, to benefit from blockchain technology's potential to give users control of their funds.
They do this by giving you control over your private keys and preventing them from being exposed to the internet during sign-ins or transactions.
This means that hackers can't spy them from inside your browser if you sign in to a service like MyEtherWallet to interact with your address, even if your computer is vulnerable or compromised.
A hardware wallet also:
If we think of them as "offline private key storage," then hardware wallets have been around pretty much since the dawn of cryptocurrency.
However, this definition is a bit too liberal, as it ignores the primary benefit of hardware wallets: allowing you to transact whilst your private keys are kept safely offline.
Before hardware, paper wallets enabled us to keep private keys off the internet by writing them on a piece of paper.
While paper wallets can be great for safely storing cryptocurrency, as soon as you want to spend it, you have to enter your private key somewhere online—thereby compromising the security of the wallet.
Paper wallets can be considered the first conceptual ancestor of hardware wallets, but when it comes to the dedicated devices themselves (at least in mass market form), it all started with the Trezor One in 2014.
Trezor is a project of SatoshiLabs, founded by Market Palatinus (aka Slush), a key developer in Bitcoin's early history, and Pavol Rusnák (aka Stick), a fellow early Bitcoin and cryptography enthusiast.
An evolution of a hobby project of Slush and Stick, the Trezor One was based around creating "a small, single purpose computer for keeping private keys in an isolated environment."
This was particularly impressive foresight because it predated the notorious Mt. Gox hack—the first real wakeup call on controlling your own private keys—by several years.
Prominent hardware wallet manufacturer Ledger followed in December 2014 with the original Ledger Nano, followed by its low-cost, stripped-down alternative, the Ledger HW.1 in 2015.
Alongside Ledger and Trezor, who have since released updated versions of their flagship models (the Trezor Model T and Ledger Nano X), KeepKey has also stood the test of time, a player since 2015.
In 2019, Samsung made a big splash in the space, with cryptocurrency storage and transaction capabilities on their flagship Galaxy S10 smartphone, and private keys protected by Samsung Knox hardware and software.
This was the first time that a hardware wallet was really integrated into an existing device, rather than requiring interaction with another (online) device to be used.
Not only did this make hardware wallets more accessible, but it exposed blockchain and cryptocurrency to a mainstream audience.
Since the release of the Trezor One, hardware wallets have undergone iterative rather than revolutionary improvements:
The evolution of hardware wallets is mostly visible as a gradual series of small UX upgrades for users, but the core and purpose of their technological proposition remain the same: keeping your private keys isolated.
The particular technology employed by hardware wallets varies from device to device, with some shared principles (e.g., keeping your private key isolated within the device itself).
Creation and storage of private keys is generally achieved through—as the name suggests—dedicated hardware. For example:
Hardware wallets are mostly hierarchical deterministic (HD) wallets, providing you with a list of seed words, which—when combined together in the correct order—are decrypted using derivation paths like BIP32, BIP39, or BIP44 to generate your private key (and all the wallet addresses associated with it).
Generating seed words for you thusly means you'll be able to import and access your wallet across any wallet (whether hardware, browser, or mobile) that supports the relevant derivation paths.
Some element of physical input will be included as a means of securing the device from any remote attacks. This gives the transaction process 2FA security, proving your identity through 1.) something you have (the physical wallet) and 2.) something you know (e.g., a PIN).
Physical input can take various forms, such as the press of a button, PIN input , or another action that can only take place when one is in physical control of the device.
Whilst hardware wallets are great devices for signing in to your blockchain address and confirming transactions from it, they tend not to handle the finer details of interacting with the blockchain so well (e.g., finding an address to send to, specifying an amount to send, selecting a specific crypto or token to send, etc).
For this reason, they generally have to interact with their own proprietary apps or websites like MEW to let you actually access and do stuff with your crypto.
Not all wallets will be compatible with all operating systems or platforms. Some may be mobile-only, some may not be iOS compatible, etc.
As ever in the realm of blockchain, it's important to Do Your Own Research and make sure the wallet you choose is fully compatible with your technological infrastructure (which is just a fancy way of saying "make sure it works with all the stuff you own").
As well as perhaps being limited by platform, hardware wallets can be limited in currency support as well. While several support many, no wallet supports all crypto, because there is no such thing as universal tech shared by all cryptocurrencies.
There is no One Wallet to Rule Them All.
We've name-dropped both Ledger and Trezor here as the two most prominent and respected companies in the space, so it's no surprise they're featured atop our list of the five best hardware wallets available.
While there are many companies that produce hardware wallets across a variety of shapes, sizes, and price points, it's crucial that you feel fully comfortable and secure with your purchase choice, rather than just going for the cheapest option.
Here are some important criteria to consider when choosing the right one for you. Click each category to expand for more detail.
While this article has been fairly positive about hardware wallets, it's worth reviewing both the pros and cons of this particular tech.
In essence, all the pros boil down to hardware wallets being built for security.
Ultimately, the cons of hardware wallets predominantly revolve around various UX trade-offs caused by the security of the devices, which could make them slightly intimidating to blockchain newcomers.
Security, low cost, and convenient UX—when it comes to hardware wallets, you can generally choose two of the three. Trying to have them all? Well, that just might be a bit greedy.
If you're serious about getting involved in blockchain and the value of your cryptocurrency/blockchain assets is an amount you wouldn't be comfortable losing, then investing in a hardware wallet is well worth the cost involved.
Of course, it's important to take a few initial precautions before purchasing your hardware wallet to ensure that you understand how it all works—and that it works for the particular crypto storage needs that you have.
Hardware wallets aren't a magic fix; even though they keep your private keys safe, you still need to undertake basic security measures to ensure they function as intended.
So long as you take such precautions, you will find priceless peace of mind from having your funds safely secured—and being your own bank.
You’ll receive: