Crypto Security: Hardware Wallets 101
Let’s start with two nuggets of wisdom for those newer to cryptocurrency.
First off — if you’ve invested more than a few hundred dollars into cryptocurrency, you can afford a hardware wallet. All too often, I see people that have (more realistically had) tens of thousands of dollars in cryptocurrency, yet didn’t spend less than $100 for a hardware wallet. In any other asset class, or storing of valuables, it’s a norm to spend a percentile in security. Considering the higher risk of cryptocurrency-related crime, it’s mind-boggling that so many people continue to invest significant portions of their life savings into cryptocurrency without spending a mere fraction of that on secure storage for it.
Secondly, the 2017 hype train ushered in a wave of discussion with such intellectually stimulating topics of “when moon,” “when Lambo,” and “when Binance,” but rarely did I see “hey, I’m new — how do I securely store this stuff?” Many of the “get rich quick” crowd spent hours on end researching and discussing everything except how to securely store their cryptocurrency, and the fact many of them were breached is not surprising. Moral of the story? Spend a small percentile of the money and time you invest in crypto (even 2–3% is fine) on security. For most people, in context of time, this equates to perhaps a few hours per quarter.
In this article, we’ll discuss what a hardware wallet does and does not do, how to properly procure a hardware wallet, how to store the credentials for it, and best practice for use of it.
What a hardware wallet does:
- Securely stores private keys, rendering export of the private keys difficult. In order to restore your hardware wallet if lost or destroyed, you are provided a “recovery seed” — entering this on a newly acquired hardware wallet “restores” it to yours.
- Provides a level of immunity to malware that would steal from software wallets.
The CEOs of Trezor and Ledger, the top dogs of hardware wallet manufacturing, had some comments to share:
“Creating a truly safe environment and following the ideal security practices while using common computer requires is very cumbersome for most people. Specialized devices, such as Trezor, achieve expert-level security by packing the essential principles and features into an external piece of hardware. Hardware wallets keep the user’s data safely isolated away from computers and the internet and allow working with user’s private keys using a generally straightforward interface.”
— Marek ‘slush’ Palatinus, CEO of SatoshiLabs, makers of Trezor.
“Hardware wallets are convenient, affordable, portable and backed up by a paper wallet allowing easy recovery in case of loss. This is why hardware wallets are booming in popularity and becoming the new standard bearer for crypto security. Ledger is pioneering hardware wallet technology that provides unprecedented levels of security for crypto asset through a secure element — a chip designed specifically to resist highly skilled attackers and a custom OS designed specifically to protect crypto assets.”
— Eric Larcheveque, CEO of Ledger.
What a hardware wallet does not do:
- Protect against human error. If you lose or destroy your recovery seed, you won’t be able to restore your hardware wallet.
- Protect against human stupidity. If you store your recovery seed in a place someone can access it, they can access your funds. If you send funds to a scammer’s address, there is no difference sending from a hardware wallet or another type of wallet: transactions are immutable. If you fall for a phishing site, such as a lookalike MyEtherWallet site, a hardware wallet will not protect you. If you provide credentials such as private keys or seed phrases to someone claiming to be from “support” or running a (fake) airdrop, your hardware wallet will not save you from this misjudgment. In short: it is still the user’s responsibility to research prominent fraud tactics and be aware of them.
In short: a hardware wallet provides a secure mechanism to store assets and sign transactions. If the operator enables access to a fraudster or loses the recovery seed, or if the operator falls for a scam, it’s not the fault of the hardware wallet.
How to source a hardware wallet:
Official websites for hardware wallets or their authorized resellers.
How not to source a hardware wallet:
- A used hardware wallet. Ever. Unless you’d trust that person with your assets, you should not take the risk of using a wallet which may have been tampered with.
- A reseller that is not an authorized reseller, especially if this reseller is via eBay. See above reasoning or this tragic example.
Hardware wallets are cheap — don’t try to save $20 by buying one off eBay and end up losing multiples of that $20.
How to set up a hardware wallet:
- Use the included cable only — do not use any other cables, especially if they are sourced from others (especially at conferences, in public, etc)
- Store your seed phrase in a way that is offline, waterproof, and fireproof. If you’d like an easy and aesthetic solution, Cryptosteel has a solution that is relatively affordable.
- If you don’t want to spend $79+ for a Cryptosteel, you can spend under $25 and 15 minutes of time (which you can afford if you’re investing in cryptocurrency) you can pick up the following supplies from a hardware store or online: a piece of stainless steel, a metal stamp set, and a hammer.
How not to setup a hardware wallet:
- Store your seedphrase on any form of cloud storage — such as Google Drive, Dropbox, etc. Just don’t.
- Store your seedphrase on your computer. I’ve seen people store their seedphrase in a text file on their desktop. Just don’t.
- Take a photo of your seedphrase. I’ve seen people think that taking a photo of their credentials somehow equates to “offline” — your cellphone is, in a sense, a computer, and can be breached — not to mention many people upload their photos to iCloud or Google Photos. Just don’t do it — take the time and effort to do it the right way.
- Ideally, don’t print your seedphrase. This isn’t as big of a risk as storing it online or on your device, but it’s still a risk you can avoid. I won’t bore you with describing how data can be obtained from devices or with stale topics like “man in the middle” attacks, so just follow this advice.
How/when to use a hardware wallet:
- When you need to store any significant portion of your cryptocurrency. Many crypto users have a software wallet that they keep a small amount of assets in for daytrading/games/other purposes — an amount of which is one they would be less devastated if stolen relative to what they store on their hardware wallet. Think of this as “cold storage” (your hardware wallet) and “hot storage” (your software wallets, exchange accounts, etc.)
How not to use a hardware wallet:
- On anyone else’s computer besides your own
- Using anyone else’s cable but your own
- In a place anyone could see you enter your credentials
- On public wifi, especially without a VPN (a good VPN costs a few dollars per month, and is something you should have regardless of whether or not you’re into cryptocurrency.)
- Keeping your seed phrase colocated with the hardware wallet, unless you want someone to steal your cryptocurrency
The amount of time, money, and effort to procure, properly setup, and use a hardware wallet is negligible for almost everybody involved in cryptocurrency — whether a hobbyist or professional. An ounce of prevention is worth a pound of cure.