Open in app

Sign in

Write

Sign in

A one-click hardware wallet … is it safe?

Investor Bren
Coinmonks
9 min readJun 9, 2024

--

What to watch out for when buying a hardware wallet

If you are in crypto, having a hardware wallet is a no brainer and a must-have. However , a hardware wallet can be inconvenient and they are far from perfect.

In this article I’ll touch on what you can expect from a hardware wallet (and what not), how they might give a false sense of security and what to watch out for when buying one. As an example we’ll take a look at how the D’CENT Biometric Hardware Wallet stacks up against other players in the market.

Hardware vs hot wallet

First you need to understand what a wallet is. A wallet is software or hardware that holds your private and public keys. This is a big improvement to writing down your keys on a piece of paper and entering them manually every time you want to do something on the blockchain.

Wallets can be divided into 2 categories: hot wallets and hardware wallets. To understand why a hardware wallet is important, you need to understand the weakness of a hot wallet.

Hot wallet

A hot wallet comes in the form of a mobile app, a desktop executable or a browser plugin. This software will generate and store your public & private keys, interact with applications and calculate your balances so you don’t have to manually dive into the blockchain yourself.

Source: softshop.eu

The issue with a hot wallet is that the application stores your keys in a file on your computer. Of course the file is encrypted and it can only be unlocked with a password. But the problem is that all our devices are connected to the internet and therefore open to hacks.

Anyone who gets access to your device can get a hold of that encrypted file. All they have to do next is get the password. This can be done in 2 ways: a key logger or brute force cracking. Once they have both, they’ll have access to all the coins in all the addresses in that wallet.

Hardware wallet

A hardware wallet is different because the device isn’t connected to the internet and it generates the keys on the device itself with the promise that the keys will never leave the device.

Access to this device is therefore protected with “physical access” and a pin code or biometric scan. This means you have to physically get a hold of the device and guess the pincode. Most devices will lock your hardware wallet after several failed attempts, which prevents hackers from performing a brute force attack even when they get a hold of your device.

Major warning

Source: Tangem.com

Almost all hardware wallets require you to write down a backup code known as the “seed phrase”. This is your last resort in case you lose access to your device or forget your password. If you lose this, no one will ever be able to access the wallet ever again.

It also means that anyone who has that code, has access to all the addresses in that wallet. It doesn’t matter if it’s a hardware wallet or a hot wallet.

To make things more clear: if you decide to put the seed phrase of your hardware wallet in a text file on your cloud storage, then your hardware wallet becomes even LESS secure than your hot wallet. Anyone who gets that file will have full access to your wallet. No guessing, no cracking, simply copy paste the code and they are good to go.

Therefore, the best thing you can do is write it down and store it in a secure place like a bank vault. Don’t leave it for everyone to see, as anyone can take a picture of that code and gain full control.

Weakest link

As I mentioned in the introduction, a hardware wallet isn’t perfect either. When buying a hardware wallet you need to:

  1. Trust the hardware manufacturer truly made a secure device
  2. Trust your manufacturer didn’t store a copy of the pre-loaded keys on your device
  3. Trust the vendor selling the device isn’t selling a fake
  4. Trust the manufacturer doesn’t create a firmware update that can extract your private keys (e.g. like Ledger did in 2023)
  5. Trust the manufacturer’s firmware update server doesn’t get hacked
  6. Trust yourself to not do stupid shit

The biggest weakness in this list however is you. So remember that a hardware wallet can’t protect you from:

  1. Confirming that a scam website can spend 100% of your tokens
  2. Using the pincode 1111 on your hardware wallet and leaving it in the local Starbucks
  3. Storing your seed phrase in an unencrypted text file

D’cent Biometric

D’CENT Biometric Wallet Unboxing

With this core knowledge under your belt, it’s time to review this new hardware wallet I received from D’CENT, called the D’CENT Biometric Wallet.

When choosing a hardware wallet you’ll need to strike a balance between security and ease-of-use.

Security

The D’CENT Biometric comes with a Certified secure chip (EAL5+). EAL stands for “Evaluation Assurance Level” and is a grade assigned to an IT product or system based on the “Common Criteria” security evaluation. To learn more about this international standard check Wikipedia . For reference, most smart card devices such as an electronic ID have an EAL5+ chip. A higher certification requires more tests, which in turn runs up the price of the device.

Certified Secure Chip — Source:

Looking at other hardware devices in the market we see the certification range between EAL5+ and EAL7, with EAL5+ being the standard. I did notice that there was no device with Bluetooth support that got the EAL6+ certification, only devices that supported a wired connection. I think it’s safe to assume this is because testing the wireless connection at that certification level would make the device too expensive. Another way of interpreting this is that adding Bluetooth makes things more convenient, but also less secure as it adds another attack vector.

There even is one hardware wallet out there with the EAL7 certification: NGRAVE Zero. Unsurprisingly this device is also the most expensive one.

Long story short: the D’CENT Biometric is on par with the competition.

Besides the secure chip, we see that you are required to install an app on your phone and interact over Bluetooth with the D’CENT. This can be both good and bad. Using Bluetooth comes with its own risks and so does using your phone. We use our phones for everything and carry them with us everywhere which increases the exposure to malware, phishing and theft.

However, you can use this setup to your advantage: use a separate smartphone which you only use to interact with your hardware wallet and e.g. as your 2FA device. Also make sure you only use this device in a secure environment (e.g. your home and not the airport). Don’t install anything else on the device, keep it up to date and don’t store it together with the hardware wallet. This will reduce your risk significantly.

The biometric sensor can be seen as both a strength and a weakness: most biometric scanners can easily be fooled when the attacker gets a hold of a good set of prints. At the same time it isn’t that hard to record someone entering a pin code. Regardless of the option: be aware of the pros and cons and act accordingly.

Lastly the device will also check on a hardware level if the firmware is genuine. This prevents you from installing malicious firmware. Of course this only holds up as long as the manufacturer themselves don’t get hacked. Therefore it’s always a good idea to wait 2–3 weeks before installing a firmware update.

Ease-of-use

Ease-of-use can be evaluated on different levels. Hardware wallets come with their own interface as well as software to manage the device. Lastly we need to look at third party support.

The one thing that you notice right away is that D’CENT tried to improve ease-of-use by allowing you to bypass the pin-code with a biometric scanner. Just as on your phone, you’ll be able to quickly & easily sign transactions with the touch of your thumb opposed to entering your pin code.

D’CENT Biometric Interface

Setting up the wallet is pretty straight forward:

  1. Click create a wallet
  2. Enter & confirm your pin (I propose to take 6 or 8 digits)
  3. Scan your finger from different angles
  4. Write down your seed phrase
  5. Confirm the seed phrase
  6. Install the app
  7. Pair device

By default the device will use the fingerprint, after 5 failed attempts it’ll switch to the pin code. And if you fail that one 10 times, the device will lock and you’ll have to enter your seed phrase. Also nice to know is that you can register up to 2 finger prints.

Besides the fingerprint the D’CENT has a big display, which makes it easy to read the details of the transactions you are signing and it is big enough to share QR codes, which makes it easy to share your public address with someone.

Ecosystem support

The last thing you have to keep in mind is how well the hardware device supports different networks and how well projects support the hardware device.

Looking at the D’CENT website we see that the D’CENT Biometric Wallet supports over 3,000 tokens across 59 blockchain networks and you can even fill in a form to request the addition of news coins.

D’CENTsupports over 3,000 tokens across 59 blockchain

Because it’s unlikely that every hardware manufacturer creates partnerships with every dApp out there, it’s critical that the hardware wallet is supported by the major wallets such as MetaMask, Phantom and Rabby Wallet.

In the case of D’CENT, the built-in browser gives you access to over 25+ apps. This will not cut it for more advanced users and you certainly don’t only want to access dApp on your phone. Luckily D’CENT is supported in the following browser wallets:

  1. MetaMask
  2. HashPack
  3. Blade
  4. Kaikas
  5. Nifty

Personally I would like to see that expanded to:

  • MagicEden
  • Xverse
  • Phantom
  • Rabby
D’CENT has QR-code MetaMask support

As MetaMask is the market leader, I do want to note that the integration is based on the QR-code system. This means that when you want to sign a transaction you have to scan the QR-code using your phone and then sign it on the hardware wallet. This is an extra step not needed with some of the competitors.

An extra step before signing can both be a good thing and a bad. Good because you can’t accidentally sign a transaction as it requires 3 steps, but bad because it’s yet another step, which reduces ease-of-use.

Conclusion

The D’CENT Biometric wallet comes in at $159, but seems to be on discount most of the time for $119 . This makes it either on par or cheaper compared to its direct competitor, the Ledger Nano X, which has similar encryption and bluetooth support.

However the Ledger Nano X has a direct integration with MetaMask, full desktop integration for both Windows and Mac and supports a wider range of tokens. The D’CENT Biometric wallet compensates for this with a larger screen and the biometric fingerprint. The convenience of instant approval with just one fingerprint scan makes the entire experience that much smoother as it eliminates the need for entering codes or remembering passwords.

If you are not a power user and you are a mobile first user, then the D’CENT Biometric is an excellent choice. Also people who dread connecting their wallets to their main PC can consider the D’CENT Biometric using the “dedicated smartphone” setup that I described earlier, making things even more secure.

If D’CENT continues to integrate with popular browser wallets and offer proper desktop support e.g. through a better MetaMask integration, they’ll become a great choice for both regular users and power users.

If you are excited to buy the D’CENT Biometric after reading my review, be sure to use my referral link and receive an additional discount, bringing the price down to $109.

If you enjoyed this article, be sure to give it a clap and post a comment.

See you in the next one

Bren

Hardware Wallet
Ledger
Dcent Wallet
Crypto Wallet
Crypto

--

--

Investor Bren
Coinmonks

Written by Investor Bren

310 Followers

NFT, Defi and allround crypto enthousiast who likes to share his research & thoughts on the matter with the rest of the world.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams