The Current Most Secure Crypto Wallet
Must-have features of a secure hardware wallet
updated on 03/22/2024
TLDR; This article evaluates the security architecture of popular hardware wallets. It outlines the necessary components and features of an ideal secure hardware wallet and identifies current architectural flaws in some popular models on the market.
The number of people investing in crypto assets is increasing, but many are not aware that crypto operates differently from traditional banking systems. Unlike traditional banking, crypto is a cash system where individuals or companies must manage their assets independently, without relying on banks. However, many people who invest in crypto use crypto exchanges as if they were banks, storing their assets on these platforms. This is called a “hot wallet” and poses a potential security risk, as many crypto exchanges are based overseas (like FTX that was incorporated in Antigua and Barbuda) and lack regulatory oversight. In addition, the crypto exchange industry is relatively new and lacks the security experience of traditional banking systems (like Mt. Gox that did not use any version control for its site’s source code). Some exchanges have also failed to implement proper security measures, leaving them vulnerable to hacks and breaches. Even well-regulated and secure exchanges like Coinbase have been targeted by hackers in the past.
Why Hardware Wallet?
One way to mitigate the risks associated with storing assets on crypto exchanges is to use personal wallets aka self-custody. This allowes individuals to store their private keys on their personal devices such as laptops, smartphones, or cold wallets, thus removing the need to rely on crypto exchanges to secure their assets. Personal wallets fall into two categories: software wallets (such as desktop or mobile apps) and hardware wallets. However, software wallets are less secure than hardware wallets, as they are just standard apps installed on a general-purpose computer, which makes them vulnerable to attacks such as malware. While some smartphones and laptops may have security features like TPM and TEE, these do not support cryptocurrency algorithms and protocols, and wallet apps still have to load the keys into user-space memory, which is vulnerable to standard app attacks. For example, the security team at Ledger (Donjon) has tested and attacked several software wallets and published their findings in a blog post.
Is Hardware Wallet Really Secure?
The most secure type of wallets is hardware wallets, which is a dedicated device designed to generate and store private keys and sign transactions securely. Hardware wallets typically take the form of a USB dongle, Bluetooth device, or card with specialized firmware for cryptography. Because a hardware wallet is not a general-purpose computer like a desktop, laptop, or smartphone, it is considered to be less vulnerable to malware attacks. However, since a hardware wallet is a specialized device with limited resources, it cannot directly connect to blockchain networks to fetch balances, show transaction history, or broadcast signed transactions. Instead, a hardware wallet relies on an intermediary device such as a smartphone or laptop to perform these operations.
Many products in the market claim to be hardware wallets but lack essential features of a true hardware wallet, and they rely on the security of the middle device (such as a smartphone or laptop). It is an ongoing battle between hackers and wallet providers, where vulnerabilities get found every few months and providers release updates to address them. However, some fundamental architectural flaws cannot be fixed through software or firmware updates, and they are often the root cause of various hacks. Instead of focusing solely on finding vulnerabilities and patches, it is important to address these architectural flaws to improve security. The ideal model of a secure hardware wallet should involve a secure element that drives all input/output, without any involvement of a non-secure middle chip or reliance on the security of a phone or computer.
With the increasing demand, numerous products have emerged on the market. While I can’t list them all here for comparison, I’ve attempted to categorize their potential architectural flaws. Please let me know if you think there’s a product that doesn’t fit into these categories or if there are additional flaws to consider in this model.
Necessary Feature 1: Trusted Screen
In order to securely display sensitive information such as transaction details, recipient’s address and the amount, a hardware wallet must have a trusted screen. If a hardware wallet does not have a trusted screen, it relies on the screen of the phone or computer which it is connected to. This can create a vulnerability to MITM attacks. For instance, a malicious code on the phone could change the recipient’s address and the hardware wallet would not be able to securely confirm the address with the user. Cold wallets like Arculus are an example of this problem. Although Arculus has multi-factor authentication and generates wallet seeds securely, it lacks a trusted screen and thus exposes users to vulnerabilities in mobile apps.
Bitkey is another product that combines the features of a software wallet with a hardware wallet. Users typically utilize the software wallet for regular transactions but switch to the hardware wallet for larger transfers. While this model is generally sound, a potential flaw is that the hardware wallet lacks a display to visually confirm the transactions the user approves.
Necessary Feature 2: Trusted Input (Buttons, Touch Screen)
A secure hardware wallet must have a reliable method of recording important user inputs, such as pressing a button to confirm a transaction. If the hardware wallet relies on the phone or computer to obtain passwords, PINs, or confirmations, it is at risk of being compromised by attacks on the phone app. Arculus also faces this issue.
Necessary Feature 3: Secure Element
In order to generate and store keys and secrets securely, hardware wallets rely on a special component known as the Secure Element (SE). This crypto chip is designed to perform cryptographic operations such as generating elliptic-curve keys and signing or encrypting messages/transactions. Secure elements are usually subjected to third-party security testing and verified by certification bodies like Common Criteria (CC) and/or NIST FIPS-140. If a hardware wallet lacks a secure element, it implies that it uses a non-secure general-purpose chip for cryptographic operations and is therefore vulnerable to that chip attack vectors. This issue is present in both Trezor Model One and Trezor Model T.
According to Trezor, they do not use a secure element in their hardware wallets (except new Trezor Safe 3) because they want their source code to be completely open-source. However, not using a secure element is a significant compromise in terms of security. Trezor instead uses STM32 chips, which are general-purpose chips and have known vulnerabilities. Kraken security lab and Ledger security team (Donjon) have already identified flaws in Trezor’s hardware wallet. Additionally, there are some technical experts who can recover the seed from a Trezor device without knowing the password, using power-source glitches or by dumping the entire memory to brute-force the encryption password. This type of attack was also performed on the KeepKey hardware wallet, which does not have a secure element, and was documented by Kraken security lab.
Another notable case involves products that claim to be hardware wallets but are essentially cold wallets designed to be kept offline and air-gapped, often lacking a secure element. One example is the OneKey Touch, which features a colorful touchscreen but functions as a cold wallet without a secure element.
If a hardware wallet utilizes a secure element, it should use it exclusively for the entire key/secret life cycle, and not store, load, or use any secret data outside of it. The strength of a system is only as strong as its weakest component. Therefore, if a hardware wallet stores sensitive information like master keys or seeds in plain-text outside of the secure element, it is no longer secure. This was the case with CoolWallet S, which Kraken Security Lab discovered and reported in a blog post. Despite its secure element having the highest certification rate, it was vulnerable to attacks since it stored its plain-text password and seed in the mobile app. The CoolWallet team has addressed this issue, but the user still enters the secure element PIN code on the phone, making it susceptible to mobile attacks.
Trezor has recently introduced their latest device, the Trezor Safe 3, featuring an upgraded secure element for enhanced security. However, while this new model represents a step forward, there’s still room for improvement in fully leveraging the capabilities of the secure element. According to their specifications, the device generates a secret key within the secure element to decrypt the seed, before transferring it to the non-secure general-purpose chip. While this process does add a layer of encryption to protect the seed at rest, there’s a potential vulnerability when the seed is loaded into the non-secure chip’s memory.
Another one is ColdCard Mk4 which is a hardware wallet equipped with two secure elements and a protocol that protects the seed between these elements and a non-secure general-purpose chip (STM32). While the seed is securely stored when at rest, it is loaded into the general-purpose chip to sign bitcoin transactions. If an attacker were to install malware on this chip, they could potentially access the plain seed stored in its memory.
ColdCard claims that the STM32 firmware is protected by a read-only bootloader. This bootloader hashes the firmware code and sends it to a secure element for verification. The device’s indicator light turns green only if the verification is successful. However, it’s important to note that the overall security is dependent on the read-only aspect of the general-purpose chip (STM32) rather than the secure elements.
ColdCard has also introduced the ColdCard Q, which uses the same security mechanism as the ColdCard Mk4.
Keystone 3 Pro is another product that adopts a similar approach, featuring multiple secure elements. However, like the previous example, it uses the secure elements for seed generation and storage but transfers the seed to a non-secure chip for transaction signing.
Another comparable product is Passport, which incorporates a secure element. However, it ultimately loads the seed into its non-secure general-purpose chip (STM32).
Necessary Feature 4: Connect Trusted Display/Input to Secure Element
To ensure the security of a hardware wallet with a secure element, it is important that the display, user input, and phone/computer connection are all connected directly to the secure element. However, this presents a difficult engineering challenge, as the secure element has limited resources and lacks the necessary pins to connect to input/output connectors. Even Ledger, a trusted brand, faces this problem. One solution is to add a middle chip, such as an MCU, which can act as a hub and drive the display and input while connecting them to the secure element. However, this introduces new vulnerabilities, as MCU chips are not as secure as the secure element. Manipulated MCU code can display misleading information on the display while sending something else to the security element, resulting in a supply-chain attack. As a result, hardware wallet providers recommend purchasing their wallets from legitimate stores to avoid this.
Ledger Nano S is an example for this. Although the Ledger company claims their Ledger Nano devices have never been hacked, this is not entirely true. The Ledger Nano S uses a ST31 secure element and STM32 MCU, and Thomas Roth demonstrated the ability to overwrite the Ledger Nano S MCU and load a game onto it at a CCC event.
Necessary Feature 5: Do not use MCU at all
Ledger has improved the security of its hardware wallets with the Ledger Nano S Plus and the Ledger Nano X. These newer models use a more advanced secure element chip called ST33, which has more input/output pins. To further enhance security, Ledger has embedded the display driver and button codes into the secure element, which makes it difficult for attackers to manipulate displayed data or simulate a button press. However, the devices still have an MCU that manages Bluetooth and USB connections with a phone or computer. In the past, there was a vulnerability in their MCU that allowed attackers to overwrite the code before the device was shipped to a user. Kraken security lab identified this vulnerability and reported it. When the user connects the device to a computer for the first time, a malicious code runs on the computer that can turn off the display and mislead the user to press buttons, while stealing their assets. This vulnerability made the devices susceptible to supply-chain attacks. Ledger has updated its firmware to address this vulnerability and claimed to have disabled the JTAG access on newer devices, but the website still shows it as open. Despite the improvements, the MCU remains a weak component of the device. No new implemented attacks have been reported yet, but the MCU remains a target for potential attacks.
I am curious about the Ledger Stax, which reportedly addresses the issue of user experience. However, there are limited technical resources available to examine its underlying architecture. Based on the information that is currently available, it appears that the Ledger Stax shares the same architecture as the Ledger Nano X, and likely features an MCU to facilitate USB and Bluetooth connections.
The Winner
In general, using a hardware wallet is safer than using a software wallet, but not all hardware wallets are created equal in terms of security. Among the current crypto wallets available, Ledger Nano S+ and Ledger Nano X are considered the most secure from a security architecture standpoint. The main difference between the two is that Nano X has Bluetooth connectivity and is more compatible with smartphones. Although there are some risks associated with supply-chain attacks, these devices are still much more secure than others. To reduce your risk, it’s recommended that you order them directly from the Ledger website and hope that nobody tampered with them during transit.
What Can Ledger Do Better
To begin with, the most important task is for them to complete their outstanding work and transfer the USB and bluetooth code to the secure element, which would eliminate the need for an MCU. While this is a difficult task, it is feasible.
USB on Secure Element
The ICCD (Integrated Circuit Card Devices) protocol, which is a USB code specifically developed for secure elements, already exists. Some smart cards support this protocol, enabling them to connect directly to computers. In this protocol, the USB code is executed directly on the secure element, without the need for an intermediary chip like an MCU.
NFC on Secure Element
To connect hardware wallets to smartphones, Bluetooth is commonly used. However, Near-field communication (NFC) is an alternative that is gaining attention. NFC is supported by many secure elements, and some hardware wallets already use it. Unlike Bluetooth, NFC does not require a battery on the wallet device. It is more secure than Bluetooth and is supported by both iPhone and Android phones. NFC is currently used for payments within secure elements of credit and debit cards. Ledger’s secure element, ST33, already has NFC capability.
Open-Source Secure Element
Ledger defends its closed-source secure element firmware by citing their non-disclosure agreement (NDA) with their provider. While I commend their creation of the BOLOS (Blockchain Open Ledger Operating System) ecosystem, the fact that the critical component of the system resides in the secure element and is not open-source makes it difficult for researchers. Reverse-engineering is a time-consuming and challenging task, and many researchers lack the motivation and resources to undertake it. Therefore, they are unable to scrutinize the firmware code for potential vulnerabilities and report them to Ledger. However, an attacker with sufficient motivation and resources can conduct the reverse-engineering and exploit the vulnerabilities to steal users’ assets, damaging Ledger’s reputation and the entire cryptocurrency industry. While I don’t have sufficient information about the BOLOS closed-source section to offer a solution, software engineering principles suggest that Ledger should at least separate the low-level software modules that interact directly with the secure element (ST33) and make the high-level modules open-source. This approach would reduce the attack surface, at least to the closed-source code’s lower-level sections.
I came across several posts and videos comparing hardware wallets, but I found them lacking in accuracy and neglectful of security comparisons. As a result, I attempted to perform a more technical assessment of cryptocurrency hardware wallets, though I did not delve too deeply into the specifics. My aim was to compare them based on security architecture and develop a standard architecture against which all wallets could be evaluated.
