Bitcoin Forum

Is there any way to make sure that the device wallets are really deleting old wallet files, meaning there is no way to recover them after I click on the Restore button? Or do I need to destroy the device using a hammer or a microwove to make sure that no third party can recover the files in any way.

I am not talking about individuals 'wallets, but rather about billions of dollars' wallets or seized by government agencies.

I know Trezor actually overwrite the related sectors with random bits instead of just marking it as unused, which is acceptable. ColdCard, AFAIK has the seed encrypted in the secure element as well, ontop of the fact that it is prohibitively difficult to extract secrets out of it. Not sure about ColdCard's policy but it doesn't wipe the pin code.

Anyways, I'll really rather just microwave it rather than taking my chances when it comes to people with huge amount of resources at their disposal.

It depends what wallets you are using but if you want to be totally sure I would first delete everything from devices and than smash it with hammer or burn them in microwave.

Trezor have Wipe memory option and I think Legder have something similar, but there can always be some leftovers in memory or in secure elements so I would not take the risk of trusting microchips when some future exploit could extract all information.

This really depends on the actual hardware wallet and its used software/hardware.

I believe most of them do actually overwrite the data.
But to be absolutely sure, you could check how much memory is used when creating a new wallet and further check how much memory is available on the SE in total.
Then you'll be able to calculate how many times you need to generate a new seed is required to reach a given probability for the memory to be "overwritten enough".

The most secure way is, as mentioned already, to simply destroy the device.

Unfortunately this is not an accurate way to find out. A file marked as deleted will no longer show as used space, but with the right tools is can still be easily recovered.
I would go for:
1. Don't keep all the funds on the same HW, or only keep the spending funds on HW.
or
2. Physically destroy the device.

That's why i recommended to calculate how much data needs to be written to reach a given probability to actually overwrite that old sensitive data.
Since the SEs don't have too much space, there shouldn't be too much data needed to actually overwrite everything with a relatively high probability.

You are right. And as addition, one can always install other wallets too until he fills up the HW storage, to increase even more the probability for having it all overwritten.
Still, I think that the point is to not take (any) chances...

IMO it depends on the amount of coins.
The the amount justifies destroying a 70$-100$ device, sure. That's the best way.
If the amount however is not large enough, "trusting" in the security mechanisms of the manufacturer as well as overwriting the memory yourself is a very good alternative.
Especially since that is the same what is being done with hard drives which contain sensitive data. Whether this is as easy achievable with a HW is a different story tho. If so, there speaks nothing against doing so. If not, then destroying it would definitely be the better choice.

It is an interesting question though... do any of the hardware wallet manufacturers actually explicitly state that the memory/secure element is securely wiped when you reset it (or exceed PIN retries etc)? ???

I mean, if we're already trusting that they don't have backdoors etc in their hardware/firmware... if they state their devices do this, it's not that much more of a leap to trust that they are telling the truth.

Still... physical destruction of the device is indeed the "safest" option.