A hardware wallet is a special type of crypto wallet which stores user’s private keys in a secure hardware device. Two major utilized cryptocurrency hardware wallets currently are Trezor and Ledger. Major advantages over standard wallets are:
- Private keys are stored in a protected area of a microcontroller, and cannot be transferred out of the device in plain text.
- Immune to computer viruses that steal from software wallets.
- Can be used securely and interactively, as opposed to a paper wallet which must be imported to software at some point.
- Much of the time, the software is open-source allowing a user to validate the entire operation of the device.
The main principle behind the hardware wallets is to provide the full isolation between the cryptographic secrets (private keys) and your easy to hack computer or smartphone. Vulnerabilities of modern PCs and smartphones are well known and if you keep your private keys there, it’s just a matter of time before you’ll get hacked and lose your bitcoins.
A paper wallet may be secure, but only until you want to use your funds, requiring importing your private keys on your computer. And if you think a password encrypting your keys is enough, a malware is smart enough to wait for the inevitable decryption before sweeping your funds.
Hardware wallets are convenient, affordable, portable and backed up by a paper wallet allowing easy recovery in case of loss. If you have any significant amount of bitcoins, using a hardware wallet should be a no brainer.
The recovery seed usually contains a sequence of 24 words uniquely and securely generated inside your hardware wallet, when you first set it up. It is of utmost importance to keep this backup sentence secret and safe. In case your wallet is lost you can recover your wallet with recovery seed.
Trezor is the hardware device that hosts the wallet. As in a normal wallet that we use on a daily basis there are pouches for different things like one for driving licence and other for money and further sections depending on the stuff you are carrying. Similarly wallet in Trezor, there are separate pouches for different currencies one for Bitcoin, one for Ethereum, also for your U2F identity, etc. Everything you need is in one wallet. Each seed generates only one wallet. Unlike a wallet, for which you only have one per seed, you can have many accounts (for every currency separately). Compare this to your bank accounts — you might have a Checking account and a Savings account. As they are separate accounts, they are completely independent, save from the fact that they are generated from the same seed. Account 1 does not see what is in Account 2, etc.
Ledger Nano S is a secure Bitcoin and Ethereum hardware wallet. It connects to any computer through USB and embeds a built-in OLED display to double check and confirm each transaction with a single tap on its side buttons.
To date there have been no verifiable incidents of Bitcoins stolen from hardware wallets. Hardware wallets are relatively new, but at least for the time being they have maintained a good track record, unlike the numerous incidents of Bitcoin theft from Internet-connected computers.
- Malware swaps recipient bitcoin address - During serial communication when recipient address in sent to hardware device for signing the transaction, malware can swap the actual address and the transaction would be signed for hacker’s bitcoin address.
- Insecure RNG (Random Number Generator) - hardware wallets rely on the security of an RNG, often embedded in hardware, to generate your wallet’s private keys securely. Unfortunately, it is notoriously difficult to verify the true randomness of the RNG. An insecure RNG may create wallet keys that can later be recreated by an attacker, by generating pseudo-randomness that would seem statistically indistinguishable from true randomness yet still be predictable to an advanced attacker.
- Compromised production process - even a perfect software and hardware implementation of a hardware wallet would be vulnerable to a corrupt production process that introduces intentional or unintentional holes into the final product. The introduction of hardware backdoors is a real concern for high risk financial and military applications.