Bitcoin Forum

Table of contents

Abstract
Introduction
Charactaristcs of Hardware wallets
Advantages of hardware wallets
Disadvantages of hardware wallets
How to protect hardware wallets
Examples of hardware wallets and recommendation
Conclusion


Abstract
Unlike online wallets, hardware wallets are safer. It has a random number generaror that are used to generate private key offline, this private key generation wallet address know as public key.
The hardware wallet can be expensive and not really convenient to use but it is still the  safst and more convenient way to store bitcoin and altcoins offline.
They are safe but can be hacked, lost or not accessable by the owner due to owers carelessness. So, certain precautions should be followed for the wallet and the coins on it to be safe.


Introduction
A crypto wallet is an application, a program or a device used for storing cryptocurrencies. There are two types which are hot wallets and cold wallet. The hot wallets are online wallets that can be a phone app, desktop app or a website version type. The second, which are cold wallets, they are of two types which are paper wallet and hardware wallets.
The cold wallet storage are the safest means of storing cryptocurrencies and here, I want to talk about the hardware wallets. Hardware wallets are devices that run app that is used to store cryptocurrencie.


Characteristics of a good hardware wallets
1. All hardware wallet have a random number generator, this is used to generate private key.
2.  They are non custodian wallets in which you have the full ownership of the wallet and a private key will be newly generated for you. The wallet must be new, highly not secure to buy the second hand one even from someone you trust, make sure it is new, if new, new private key will be generated for you which must be protected and not revealed to anyone.
3. The new hardware wallet will also generate a recovery or seed phrase. This are just words which can be easy to know of hand. Private key and seed phrase are very important to retrieve back cryptocurrencies  if the wallet lost or damaged.
4. The private key will be used to generate the public addresses. Public addresses are made of long mixture of alphabet and numbers. They are need to for transactions. You can transfer cryptocurrencies to another wallet through the public addresses of the person you are sending to. They are also called address codes.
5. A pin is necessary in case of theft. The theif will not be able to access the hardware wallet so that he will not get access to private key and seed phrase.


Advantages
They are a safest means of storing bitcoin and altcoins, just like paper wallet.
 Protected against viruses that can easily affect online wallets
The private key is generated offline and this makes it safer than the ones generated online
They are most of the time offline, unless you want to perform transactions. Hackers operate only when wallets are online.


Disadvantages
1. They are expensive, that is why people that store low amount of cryptocurrencies prefer to use online wallet. But storing coins worth more than 1000, hardware wallet is recommended.
2. They are not convenient to use like online wallets that you can easily access and trade.
3. A malware from hackers can erase the address code a donor is sending to while
sending high amount of bitcoin. The address will be replaced by the hacker's bitcoin address. This could happen to altcoin of high amount too depending on the malware.
4. The random number generator can be insecure and create a private key that can be known to hacker.

How to protect hardware wallets
1. The owner should be careful to make his computer used to access the hardware wallet to be free of malware that can change the inputed address to another one. When sending bitcoin or altcoin, it is very mandatory to check, double check and check again the address you are sending to.
2. Viruses that can affect online wallet may not affect offline wallet but the computer should still be free from viruses like trojan that can reveal factor authenticator to hackers.
3. Do not store your private key and seed phrase online using any cloud srorage. Do not reveal it to anybody but you. Do not also store it on phones or computer. The best is to store them on paper and protection the paper. Dublicate it or triplicate is advisable. Keep it in a place that will not be noticed. Do not keep it in a place that can be accessible by thieves.
4. Be careful of hackers manipulations, treat everything you see on screen with care. So that you can easily know if hackers are at work. For more about the safety, you can click on the last two links.


There are many hardware walkets. These are examples, Ledger Nano, Trezor, keepKey, BC Vault, SafePal S1, SecuX W20, Ellipal Titan, SecuX W10, Cobo Vault Wallet, D’CENT Hardware Wallet, BitLox Hardware Wallet, Ellipal, Keevo Wallet, XZEN Wallet, MIRKey by ellipticsecure. And, there are still many not yet mention. But, I can recommend you the best ones that I know. They are:
Ledger Nano X
Ledger Nano S
Trezor Model T
Trezor One and
KeepKey.

Conclusion
Hardware wallets are so safe to keep cryptocurrencies  but care most be taken because most hardware wallets that has been hacked or stolen of cryptocurrencies are mostly due to owners carelessness.

Links used
https://99bitcoins.com/bitcoin-wallet/#
https://www.bankrate.com/glossary/c/cryptocurrency-wallet/
https://blockgeeks.com/guides/best-hardware-wallets-comparative-list-blockgeeks/
https://en.bitcoin.it/wiki/Hardware_wallet
https://coinfunda.com/best-cryptocurrency-hardware-wallets/
https://medium.com/ledger-on-security-and-blockchain/ledger-101-part-3-best-practices-when-using-a-hardware-wallet-198b60df2681
https://www.coolwallet.io/how-to-protect-crypto-hardware-wallet-private-keys-and-recovery-seed/

I just want to add that you can create your own de facto hardware wallet with a USB Flash Drive with these simple steps:

1. Install a persistent version of Linux on your flash drive. (Something like this (https://www.linuxuprising.com/2019/08/rufus-creating-persistent-storage-live.html))
2. Get Electrum on it, either from another flash drive while it's booted (if you never want it to touch the internet) or simply from electrum.org.
3. Turn off networking permanently; it's only a cold wallet if it's completely offline.
4. Create your wallet offline with Electrum.
5. Learn (https://electrum.readthedocs.io/en/latest/coldstorage.html) how to use your new cold wallet.

Edit:
6. As o_e_l_e_o points out (https://bitcointalk.org/index.php?topic=5231368.msg53994195#msg53994195), encrypting it would cover more bases.

It's a lot more inconvenient to spend from, but that has its advantages. You also don't need to worry about it being compromised in transit, having manufacturer-specific vulnerabilities, etc. Do note that I'm not saying that this is necessarily better than commercial hardware wallets; it's just another option you can look at.

The 'expensive' part needs to be explained further. I think most people don't think that $50 or so which is a price of a single Nano S (and there are other alternatives around that price point) is expensive.

And even if you can't buy that wallet, you can still use an open-source software wallet like Electrum for Bitcoin. I don't think people that store low amount of crypto would choose an online-based wallet compared to the better alternatives.

1. I agree with you. But, people have $200 worth of bitcoin and altcoin will find it difficult to go for HW wallets. This is what I meant
2. People find mobile wallet more convenient, not that hardware wallet is not convenient especially for professionals, but, mobile wallet is more convenient like web wallet in comparism to hardware wallets.
3, 4. I talked about the disvantage not comparing it. So, far malware can change address to hackers address, then we should talk about it as a disadvantage. Also the RNG can be insecure truly. In. I did not compare but talk about the disadvantage so that wallet owners will be careful.
All your points are right. But, try and get me right too.


This is a lot helpful. But you said, it is inconvenient. It is also can not be safe like the recommended HW wallets.

Hardware wallets are devices that have input app for storing cryptocurrencies. They are offline wallet like the paper wallet. These are the two offline wallets. And they are considered the safest. Cryptocurrencies  are stored offine, you only connect online if you want to perform atransactions. This make it less prone to hackers because hacker do their malicious activity when wallets want are online. So, hardware wallet and paper wallet are offline wallet/cold wallet.

The second are online wallets/hot wallets/software wallets that are always connected online. There is more to talk about here but just still know that online wallets are online as it implies. There are three types, web wallet, mobile wallet and desktop wallet.
Web wallet are the ones you access through your browser like Blockchain wallet
Mobile wallet are the mobile apps you use to access wallet like mycelium wallet
Desktop wallet are the ones you access through computer apps like bitcoin core and electrum wallets.

As you know more about wallets, you will understand more.
This link will be helpful
https://99bitcoins.com/bitcoin-wallet/#

One of the main advantages of hardware wallets, in addition to keeping your keys permanently offline, is that if they fall in to an attacker's hands your coins are still safe (or at least, safe for long enough for you to recover your backs ups and send them to a new wallet). Your set up misses out this important protection, unless you are also encrypting the USB drive.

In terms of the argument regarding convenience of hardware wallets versus mobile wallets, the two are not mutually exclusive. It is entirely reasonable to use both - hardware wallets for cold storage or for transporting large amounts of crypto around with you, and a mobile wallet for small amounts of crypto which you can afford to lose but it is convenient to carry around with you on a daily basis.

If the USB drive is a live OS and the private keys or seed are not saved in persistent storage, the solution can work.
If the user also makes sure this setup stays always offline, it can even work as cold storage.

No-no-no, I think that there may me a confusion here.
Paper wallet is great if you don't want to spend. And only if you don't want to spend. As soon as you start spending, you don't call that paper wallet anymore.

For transactions the handiest is clearly hardware wallet. But if you have plenty of time, not too many spend transactions, and you don't want to spend money on a hardware wallet (and indeed 60$ is not that expensive), an USB stick with Tails OS (or similar) can help. (Tails OS already has Electrum on it. Some trust that setup, some don't. I do.)

I myself did some tests with Tails OS as cold storage and worked out nicely. One stick with the offline wallet, another stick for transporting the transaction for signing, and the main computer with a watch only wallet to see, make and broadcast the transactions. https://electrum.readthedocs.io/en/latest/coldstorage.html

If you make a similar Live OS and you trust it 100%, you can even use it as a hot wallet. But I am not good enough for that.

However, many may not like the fact they'd have to enter the seed every time and if you store the seed, as o_e_l_e_o said, you'll have to encrypt the stick. So we are back to the convenience of proper hardware wallets.

You are right, the ledger nano x is portable and can can be use with a mobile phone through bluetooth. Although, if you use the ledger live app, you are limited to 23 cryptocurrencies. But, I think that is good enough. For more, you have to access it through desktop wallet like electrum. But, for me, 23 cryptocurrencies is good enough to use ledger live.  You are right.


Yes, you are very right. If the hardware wallet is stolen, it will be difficult or not possible to get access to the private key and seed phrase by the pilferer . So, only what the owner will lose is the wallet. He can order for another new wallet from a trusted and reputed seller but ordering from the the company itself it advisable. So, after, he can retrieve back the cryptocurrencies.
 

Hardware wallets are expensive?

Expensive is to be hacked lol

Ledger nano s is extremely cheap imo. You can buy one with 50 bucks or even less.

This is nothing. Everyone should have one.

If the owner loses the hardware wallet, my advice would be to not wait until another one is ordered and received, which may take days.
From what I know (please let me know if I'm wrong) there were movies showing that it's not that difficult to "hack into" a hardware wallet if one has it physically.
And because of that I'd advise to use (asap!) another (temporary) setup and move out the funds to a new wallet the owner controls.



If you miss the promotions it's some 60$. Still cheap for what it does, clearly.

I wouldn't really call that a wallet though, that's just a client (such as Electrum). You would need some other method of storing your seed and transporting it around to have whenever you want to transfer some coins.

The Nano S can also be used with Android phones (but not Apple phones) via a USB cable. Further, you are limited only to 23 apps being installed at the same time. You can freely uninstall and reinstall apps without losing your coins, so you in reality you can store as many coins as the Ledger supports.

There have certainly been attacks proven to be possible against Trezor wallets. Even wallets which have no known attacks against them shouldn't be assumed to be 100% safe for ever more. As you say, if one of my hardware wallets was stolen, I'd be recovering from back ups and transferring to a new wallet within a few hours.

I appreciate how you explained this. I deleted the post before seeing this coming. But a lot helpful. You are not new in the field and also know better.

If hard drive works good for someone then it is fine but the user must also be careful. I get your point now, if someone don't want to spend much, hard drive wallet is an alternative.
You have claritfy this enough. It is informarive.

First of all, anyone who want to invest $25-$50 in hardware wallet has to wonder if he really needs it? Some start crypto trading, do it for a month, lose all their money and are no longer interested in crypto, they do not need such a device at all.

On the other hand, if there is a serious intention to make a long-term investment, I do not see how a $50 investment can be unnecessary or a bad move. Of course there are those who suggest some cheaper solutions (home made cold storage), and personally I do not mind, in the end, protection is the most important, no matter how it is realized.

For some people even $50 means a lot of money, so it should be understood that some still claim that hardware wallets are too expensive for them. But that will surely change in the future as the competition gets bigger, so anyone who wants to be able to secure their storage and transactions will be able to do so.

I would add that we currently have 2 manufacturers who definitely enjoy the highest reputation among users. In my opinion as Ledger user for years (Nano S&X) these devices are on the top on my list.


That is not entirely true, and it depends on the wallet and wallet setup. Vulnerability that is detected in Trezor hardware wallets enables one who comes into physical possession of such device to extract seed if user is not set passphrase (at least 37 characters).

Read more about this here : Trezor&Keepkey - Unfixable Seed Extraction - A practical and reliable attack! (https://bitcointalk.org/index.php?topic=5180137.0)
More good info about hardware wallets : Hardware wallets (https://bitcointalk.org/index.php?board=261.80)

The article is informative. That means, passphrase can futher protect your cryptocurrencies. Like the Trezor used as an example, if it is stolen, but you have already set up the passphrase, the theif will be unable to access your wallet unless he knows the phrase. Wallet owner is the only one that can reveal the passphrase.

It doesn't matter how old or new is somebody on the field. You have to cross check the information as good as you can, no matter who answers and what's his rank, because you don't know his intentions and also anybody can make mistakes. And we talk about money here.

So... take care. Always.

A hardware wallet isn't expensive. I understand that in some parts of the world $50 is considered a lot of money, but if you are planning to hold hundreds and thousands of dollars it simply isn't. 

I am going to go a bit off topic and explain why they are not expensive.
While I was in high school I wanted to go running with a friend who is a bit older than me and plays basketball. He is in great physical shape, I work out, so I though I could keep up. I didn't have proper running shoes so I figured there is no need to buy a new pair. They are 'expensive' and I am not going to use them that much. I went out running in a pair of old day-to-day sneakers.

While we were running I started experiencing intense pain in the area around my heels, but I wanted to push past it so I didn't stop and just continued until the point that I could no longer stay on my feet. I am not exaggerating.

The next morning, the pain was so intense I could barely walk. I went to the doctor who told me that the main cause for my injury was a combination of excessive exercising and bad foot wear.

Instead of buying proper foot wear because I though they were 'expensive' I had to pay for doctor appointments, injections, and pain killers, and spent 4-5 days lying around on the sofa.       

Passphrase can help as additional protection, but it is susceptible to brute force if not complex enough. In the case of Trezor or any other hardware wallet based on Trezor (all clones) someone has calculated that at least 37 characters are required for the protection to be adequate. Such an attack is currently not possible on Ledger HW, and one of the most important differences between Ledger and Trezor is in The Secure Element (https://www.ledger.com/academy/security/the-secure-element-whistanding-security-attacks) which is special chip built in Ledger hardware wallets.

It depends heavily on what you class as "adequate". Since we know the seed can be extracted from Trezor wallets if an attacker has physical access to it, 37 random characters was recommended by the Ledger Donjon Team because that is what is require to have at least as much entropy as the 24 word seed itself would have. So for the passphrase on its own to be as secure as the seed on its own, then 37 random characters are needed. However, that does not mean that anything less than 37 random characters is automatically inadequate. It depends heavily on your risk model, and how long it would take you to firstly realize that your hardware wallet has been stolen, and secondly to access your back ups and send all the coins to a new wallet.

If, for example, a hardware wallet could be missing for several weeks before you noticed (for example, if it was stored in a safe deposit box), or it would take you several weeks to be able to access your back ups and move your coins (because they are stored in a different city or country to you), then you would certainly want a very long and random passphrase to make brute forcing it unfeasible. If, however, you would know at most within a couple of hours if your hardware wallets were stolen, and could access your back ups in a further hour or two, then a much shorter passphrase would be "adequate". If an attacker only has 12 hours between stealing your wallet and you moving all the coins, then even checking 1 billion passphrases per second would only give them time to check 4.32*10¹³ possibilities. Even if your passphrase was only 10 random characters, then they would only have time to check 0.00007% of potential passphrases before you secured your coins.

I would always advocate for everyone to use a long and random passphrase with their hardware wallets, but I wouldn't call anything less than 37 characters necessarily "inadequate".

I can also say that it is way safer than online wallets, it is not that expensive yet it can prevent your funds to be hacked online. The only disadvantage I think is that when you lost it, that is why when you are using hardware wallet, you must still be careful and make sure that you placed it in a safe area that it will not be misplaced or be lost, there is also possibility that the device will be broken so make sure you are able to secure it and prevent from breaking so that your funds are also safe. It is also depending on the person what they really prefer to use because there are some people who are holding a lot of funds that are used to place their funds online without losing it, it is about knowledge and awareness.

Understanding the difference between a custodial and a non-custodial wallet is crucial for understanding a wallets security.

"A non-custodial wallet (also known as a light wallet) is simply a piece of software on your own computer or phone that puts you in full control of your cryptocurrency holdings. You hold your own private keys, which means no one else is able to make a transaction on your behalf." Meanwhile, if you use a custodial wallet your private key is stored by a third party.

If you are indeed using a hardware wallet than it is non-custodial/light wallet, which is certainly the most secure type of wallet.

Sources:
https://atomicwallet.io/custodial-non-custodial-wallets-comparison (https://atomicwallet.io/custodial-non-custodial-wallets-comparison)
https://www.cryptovantage.com/guides/custodial-vs-non-custodial-wallets/ (https://www.cryptovantage.com/guides/custodial-vs-non-custodial-wallets/)
https://medium.com/guarda/%EF%B8%8Fcustodial-vs-non-custodial-wallet-s-%EF%B8%8F-benefits-of-light-wallets-87cf701054d1 (https://medium.com/guarda/%EF%B8%8Fcustodial-vs-non-custodial-wallet-s-%EF%B8%8F-benefits-of-light-wallets-87cf701054d1)

If your only intention is to keep your private keys offline, I would argue that it could be just as safe, since it does exactly the same thing.


Strong wallet passwords could also help, so it's not entirely vulnerable in the hands of a potential attacker. I mean, we've all heard about people getting locked out of their Electrum wallets, so you can possibly make this work in your favor. Hardware wallets are definitely better in this area though.

One advantage it has though, is the attacker won't necessarily know the flash drive is holding coins (you could just be using it as an OS installer after all, like majority of the populace) unlike hardware wallets, so they could be less prone to thievery.

Even if an attacker is able to distinguish a USB flash drive from a hardware wallet, it will not be easy to use it. Let's say the attacker took possession of my hardware wallet (Ledger Nano S), which has an eight-digit password.  In the case of three wrong combinations, the hardware wallet resets all settings to the initial state and the attacker simply can not get my coins.

Device will reset if wrong PIN is entered 3 times in a row, but smart hacker will not try to obtain your PIN in that way. They will try to hack it with brute force, and 8 digit PIN is very limited in number of combination. I'm not sure what kind of equipment is needed and whether Ledger has some protection to prevent such hacking attempts (in case your wallet is stolen).

But let's say a PIN of 8-10 digits is small joke for any supercomputer or botnet :


Because of facts above, using of passphrase on hardware wallet is very desirable. Of course, only if the user knows what he is doing.

https://support.ledger.com/hc/en-us/articles/115005214529-Advanced-passphrase-security

This is true, but I still wouldn't rely on the thief not discovering the coins for their safety. If you are storing coins on a plain USB drive, you should be encrypting it.

There has been no demonstrated successful physical attack against Ledger products, but that is not to say one doesn't exist. With an electron microscope and enough time and expertise, then it is like that even the secure element will be crackable and the seed able to be extracted, but we are now probably talking about in the order of weeks at a cost of several hundred thousand dollars. This differs obviously from Trezor wallets which can have the seed extracted for less than a hundred dollars in the space of a few minutes. Any hardware wallet shouldn't be viewed as infallible, but rather as a mechanism to buy you (hopefully plenty of) time to move your coins to new addresses.

Oh definitely, in the same way that a USB drive with coins in it wouldn't necessarily be easy to break into. I was just saying that if a random thief with the capability to steal your coins gets into your home, he's more likely to take your hardware wallet than a random USB drive (if not both lmao).


No arguments here; if a precaution can make storing your coins safer, you should definitely avail of it. I'll edit my post and credit you. I was just pointing out that an attacker getting his hands on it wouldn't necessarily mean he'd be able to steal what's in it.

Those who have been following the development of hardware wallets for a long time know about the case of Side channel attack which is released back in 2018. This attack demonstrated the possibility of a remote hack of user PIN, and it was successful (Ledger Blue). But PIN is of no use without physically accessing the device, so this vulnerability was declared "less dramatic" and I think it was fixed in next firmware.

Thanks for information! Right now I'm looking for hardware wallet

This is a good reference for newbies that is curious about hardware wallets. Aside from some articles in the web that also talks about hardware wallets. I might make a topic in the future and refer this topic as a point of info. Also having a hardware wallet is a must if you are into crypto for security purposes also in longevity.

That is why I prefer the ledger nano products, although I prefer two, he ledger nano x and s. Trezor is good too but I have read about some people saying cloning trezor is more common than cloning ledger nano.

In addition to the wallets listed above, I have come across other hardware wallets like Coldcard and Archos Safe-T Mini.

Coldcard is the cheapest bitcoin hardware wallet. Coldcard lets you store and submit your transactions by revealing your private keys like other cryptocurrencies. You’ll need to confirm all your transactions on this external device physically.

Archos Safe-T Mini is a hardware altcoin wallet that is portable. It also has an offline private key storage using an encrypted chipset memory. It has a very easy setup and also multiple cryptocurrency support.

Read here (https://coinswitch.co/news/hardware-wallet) to know more about these hardware wallets. I am sharing it as I came across that even these hardware wallets can be used which are not heard of much.