Why all this hype with Hardware Wallets when Bitcoin Core is all you need?

[TracaChang]

I am asking this question since whenever I see someone asking about how to store bitcoin, all the answers I read is buy a HW, but I rarely see someone advising to just use Bitcoin Core... the most reviewed and secure client? Those two arguments should be enough to convince people isn't it? When digging into bitcoin, we all know how important is to run a full node, and a big part of HW they may run Bitcoin Core as node, but not a lot use them as a wallet, and even worst, some they not even use their node, the one that auto connects with the HW.

I do understand that there is a lot of marketing involved and they want to sell it, but in reality what offers HW vs Bitcoin Core?

Hardware wallets generate the private keys offline, and allow to sign transactions with your keys offline in a friendly way.

So Bitcoin Core allows to do the same thing, most people have an old pc that they do not use, they can just install bitcoin core, generate a wallet, export descriptors to the online PC (the daily use PC), there you create a watch-only wallet, import descriptors and you will have a functional watch wallet (allowing to create new receiving addresses and create unsigned transactions) after a transaction is created you just copy the psbt file in a USB flash drive, bring to the offline PC, sign and bring back to the online PC to broadcast.

At the end what are we doing extra? Some air gaped wallets like coldcard we create the unsigned tx, copy to SD Card, sign with the device, and bring back to the online PC to broadcast. We are doing exactly the same thing or can be even more since if we don't use it directly with Bitcoin Core and instead we use electrum, we will need also need to have a server like electrs which makes the bridge between Bitcoin Core and electrum.

I am not against any HW (just mentioned that one as example since it offers an air gap setup similar as what would do with an offline PC) but comparing to any HW we have on the other side the "official" client, the most reviewed client, secure and free. Any company will review Bitcoin Core since they use it, but that won't be the other way, why would a programmer involved in an open source project such as bitcoin would review for free products of a private company? I am talking about the security of device, firmware updates, etc.

Let me know your thoughts.

Thank you.

Edit: Sorry, wanted to post in bitcoin and not bitcoin tehcnical support (since I do not think it is the correct place) but I can not delete it

[1715013245]

1715013245

[1715013245]

1715013245

[1715013245]

1715013245

[hosseinimr93]

1. If you want 100% security with bitcoin core or electrum, you need an air-gapped device for generating the wallet and signing the transactions. Not all people have an air-gapped device.
2. Exporting the unsigned transaction and signing it on a air-gapped device may be difficult for many people. Most of the people want to be able to make transactions easily.  
3. If you use bitcoin core, you need to download the blockchain. That's why many people prefer SPV wallets.
4. Many people want a multi-currency wallet for holding their altcoins.  
5. Most of the people don't know how running their own full node can be helpful to them.

[TracaChang]

1. If you want 100% security with bitcoin core or electrum, you need an air-gapped device for generating the wallet and signing the transactions. Not all people have an air-gapped device.
2. Exporting the unsigned transaction and signing it on a air-gapped device may be difficult for many people. Most of the people want to be able to make transactions easily.  
3. If you use bitcoin core, you need to download the blockchain. That's why many people prefer SPV wallets.
4. Many people want a multi-currency wallet for holding their altcoins.  
5. Most of the people don't know how running their own full node can be helpful to them.

1. I think most of people will have 1 on old computer which will do the job.
2. Yes valid point, that is why I've mentioned coldcard as example since it would be the exact same steps which may seem difficult, instead of using the SD CARD could be a USB Flash Drive, but for other HW like trezor, ledger you are right.
3. Valid point too, many people may prefer it at beginning... but as soon as they start to learn more, they will understand why it is absolutely important to run a full node (which leads to your 5th answer since running a node and not using does not makes too much sense).
4. Yes, if they are interested in altcoins sure.

[n0nce]

You're right; an airgapped laptop running Bitcoin core will offer similar security against a lot of attacks and it costs nothing if you already have a second computer that you can 'sacrifice' for this. I say 'sacrifice' because if I were to use such a setup, I'd rip out any wireless connectivity options permanently and also never run anything else on it ever again.

There's a few points against it, though. Firstly, if you do not have such a second device 'for free', purchasing a reliable laptop will be more expensive than purchasing a hardware wallet.
Old hardware also has the risk of breaking down more quickly, especially if that device still runs a HDD, which would mean a loss of funds or need to buy another device and restore the seed.
They also don't have secure storage chips unlike most good hardware wallets. This means a HW wallet can withstand a physical attack, when the attacker gets their hands on it, while a laptop in the hands of an attacker can quickly lead to compromised private keys.
In fact, a recent MacBook would be the best choice against a physical attacker, since it's much harder to access the solid state memory on them than on basically any other desktop computer. That would most definitely be more expensive than any hardware wallet, though.

Besides the hardware aspects, there's the issue of user error. What seems trivial to you and me, is going to be super hard for the majority of people out there. The risk of them skipping a step or doing something a bit differently because it seems to them just as secure, is very high. For instance, people are already taking pictures of seed words even though the software tells them not to - just one example. We saw already on this forum that they may believe disconnecting from the Wi-Fi is equivalent to desoldering an antenna (which sounds hilarious to us).

And finally, even if someone is able and has the laptop to spare, it's just more convenient to use a HW wallet with same or higher security. By spending a hundred bucks on a HW wallet, I don't have to modify a laptop, set it up, download the blockchain, go through all those security measures. I also simply may not want to have a huge device (compared to the hardware wallet) and its charger laying around (harder to conceal, takes more space, harder to carry while traveling / moving).

[HeRetiK]

There's just a world of difference when it comes to ease of use.

I tend to recommend people hardware wallets for securing their coins because there's simply a lot less that can go wrong during the setup process and while doing transactions. Sure, setting up an airgapped system is relatively straightforward if you're somewhat tech savvy, but a lot of folks aren't and I rather have a hardware wallet with nice instructions holding their hands than trying to pilot them through properly setting up cold storage. I also personally switched to a hardware wallet eventually because it's just much less of a hassle, especially when transacting somewhat regularly.

I am not against any HW (just mentioned that one as example since it offers an air gap setup similar as what would do with an offline PC) but comparing to any HW we have on the other side the "official" client, the most reviewed client, secure and free. Any company will review Bitcoin Core since they use it, but that won't be the other way, why would a programmer involved in an open source project such as bitcoin would review for free products of a private company? I am talking about the security of device, firmware updates, etc.

You'd be mistaken to believe that no one is reviewing the source code and components of hardware wallets just because those were developed by a private company. Security researchers love hacking away at hardware wallets. Especially the hardware parts of it. You'll find plenty of security research papers on Ledger, Trezor and some of the other common hardware wallets.

[TracaChang]

You're right; an airgapped laptop running Bitcoin core will offer similar security against a lot of attacks and it costs nothing if you already have a second computer that you can 'sacrifice' for this. I say 'sacrifice' because if I were to use such a setup, I'd rip out any wireless connectivity options permanently and also never run anything else on it ever again.

There's a few points against it, though. Firstly, if you do not have such a second device 'for free', purchasing a reliable laptop will be more expensive than purchasing a hardware wallet.
Old hardware also has the risk of breaking down more quickly, especially if that device still runs a HDD, which would mean a loss of funds or need to buy another device and restore the seed.
They also don't have secure storage chips unlike most good hardware wallets. This means a HW wallet can withstand a physical attack, when the attacker gets their hands on it, while a laptop in the hands of an attacker can quickly lead to compromised private keys.
In fact, a recent MacBook would be the best choice against a physical attacker, since it's much harder to access the solid state memory on them than on basically any other desktop computer. That would most definitely be more expensive than any hardware wallet, though.

Besides the hardware aspects, there's the issue of user error. What seems trivial to you and me, is going to be super hard for the majority of people out there. The risk of them skipping a step or doing something a bit differently because it seems to them just as secure, is very high. For instance, people are already taking pictures of seed words even though the software tells them not to - just one example. We saw already on this forum that they may believe disconnecting from the Wi-Fi is equivalent to desoldering an antenna (which sounds hilarious to us).

And finally, even if someone is able and has the laptop to spare, it's just more convenient to use a HW wallet with same or higher security. By spending a hundred bucks on a HW wallet, I don't have to modify a laptop, set it up, download the blockchain, go through all those security measures. I also simply may not want to have a huge device (compared to the hardware wallet) and its charger laying around (harder to conceal, takes more space, harder to carry while traveling / moving).

Yes buying a laptop will be more expensive, however when you see how much some hardware wallets cost + seed plates if they buy (it is the setup that I see most often people talking about) price does not go too far from a cheap laptop, also about storage causing lost of funds we may assume that several copies of wallet.dat will be stored, with a strong passphrase it would not be that easy or even possible to crack it in a reasonable time, allowing funds to be moved before they are able to crack. That can not be said if they find the seed or get the HW seeing how many of them can be hacked easily, even worse if firmware is not updated and still have vulnerabilities, and to not mention bugs that may even cause loose of funds, I can't imagine Bitcoin Core having bugs with change addresses to cause loose of funds as we ever seen with HW for example.

There are some complicated techniques to even hack SE of HW, I do assume that in future because of more HW adoption those techniques will be developed, being less far secure than we may think, like we see right now some forensic labs unlocking iphones, androids in matter of seconds but brute forcing a strong passphrase will be always more complicated I think.

About user error you are right, however someone taking the time to learn and do all the process will be less likely to commit error, we see some users loosing all funds from HW because they fall for pishing sites asking seed etc.

[RickDeckard]

2. Exporting the unsigned transaction and signing it on a air-gapped device may be difficult for many people. Most of the people want to be able to make transactions easily.  

Also, if you intend make daily transactions using BTC (for example), the burden of always having to carry a laptop with you may not be the most enjoyable experience. Besides all the good points mentioned by previous users, HW also provide portability where you can basically have control of your entire wallet in a pocket of your desire. One could argue, however, that a "main" laptop could be used as the holder of the original wallet and then one could make small transactions to devices that are more easy to carry (such as Passport, Trezor) but you'll still have to add the HW devices which you seem to be against/not supportive in the first place.

Plus, if you present an average person with the option to buy a HW wallet and follow a few steps vs. telling them about Bitcoin Core, that they should download the entire blockchain, set it up correctly to avoid configurations and keep the node updated (amongst other factors), I'm sure that most people would be inclined over to a HW device - hence creating the need for such a device to exist...

[n0nce]

I'm sorry, but you're actually talking out of your ass here.

Yes buying a laptop will be more expensive, however when you see how much some hardware wallets cost + seed plates if they buy (it is the setup that I see most often people talking about) price does not go too far from a cheap laptop

Why would you include the cost of seed plates when using a hardware wallet, but not when using a laptop? It makes no sense. Either you factor in the cost with both or with none. I prefer none, because I won't assume how someone secures their seed based on their wallet choice.

also about storage causing lost of funds we may assume that several copies of wallet.dat will be stored, with a strong passphrase it would not be that easy or even possible to crack it in a reasonable time, allowing funds to be moved before they are able to crack.

You'd advise to do backups; sure, you can do that. But reliability of laptop storage would mean you might be looking at replacing that crappy old laptop HDD short time after setting it up, so having to buy a new one (or upgrade to SSD) will again cost you time and money to install, set up and restore. Lots of hassle.

That can not be said if they find the seed or get the HW seeing how many of them can be hacked easily, even worse if firmware is not updated and still have vulnerabilities, and to not mention bugs that may even cause loose of funds

Not 'many of them can be hacked easily'. The hacks that were possible, weren't too simple to perform (took multiple hours & good equipment + knowledge) and they were only on hardware wallets of the 'first generation' (without secure element) and on firmware versions that are ancient by 2022. I believe the Trezor hack utilized a 2016 firmware; that would be 6 years ago now. I also explicitly mentioned that I'd prefer a HW wallet with secure element over a laptop when it comes to physical attacks.

I can't imagine Bitcoin Core having bugs with change addresses to cause loose of funds as we ever seen with HW for example.

That doesn't require a bug in Bitcoin Core. Assuming the same attacker model (access to the device for a reasonable, but equal amount of time), he'll just need to pull the HDD out of the laptop, while he'd have to perform a pretty advanced low-level hardware attack on the hardware wallet and might not pull it off in time for the owner to notice the loss, restore the seed and move the funds.

There are some complicated techniques to even hack SE of HW

Source? And even if they did exist, as you say: it would be pretty complicated. Probably buying you enough time to move your funds.

I do assume that in future because of more HW adoption those techniques will be developed, being less far secure than we may think, like we see right now some forensic labs unlocking iphones, androids in matter of seconds but brute forcing a strong passphrase will be always more complicated I think.

Well first, you can put in a passphrase on a hardware wallet as well, so that's not an argument. And while you say more attacks will be developed, also better SE chips will be developed. It's a cat-and-mouse game and the attacker is always going to be a step behind. Until now, even the oldest of secure elements used in hardware wallets are secure, to the best of my knowledge.

About user error you are right, however someone taking the time to learn and do all the process will be less likely to commit error, we see some users loosing all funds from HW because they fall for pishing sites asking seed etc.

Again BS: falling for phishing sites and giving away your seed words isn't due to the wallet being a HW wallet. That can happen with literally any wallet. How can this seriously be considered an argument against hardware wallets?
Or is it more leaning into whataboutism such as: 'Well, attacks that a HW wallet can't protect you against, do exist, so they're useless'?

There are reasons against hardware wallets, but the ones you present are so weak, it's ridiculous.

[BitMaxz]

There is no problem with using both hardware wallet and bitcoin core there are still people being scammed with hardware wallets and cold-storage Bitcoin core or being hacked physically there are some USB tools out there that can leak or download your data or download your keyloggers.
 
So it depends on you on how you protect yourself from any attacks. If you don't have any budget buying a hardware wallet you can have cold storage as your best option you can either use Bitcoin Core or Electrum as an offline wallet.
You can also make an airgap wallet through a mobile phone just make sure you don't connect it to the internet forever and you have paper seed backup for future recovery.

There is no perfect wallet against hackers and scammers every day they are developing techniques to find a way to hack your wallet.

[HeRetiK]

also about storage causing lost of funds we may assume that several copies of wallet.dat will be stored

To store several copies of the wallet.dat you'll need several airgapped devices. If you store them all on the same device it's as good as having no backup at all.

with a strong passphrase it would not be that easy or even possible to crack it in a reasonable time, allowing funds to be moved before they are able to crack. That can not be said if they find the seed or get the HW seeing how many of them can be hacked easily

Given a strong enough passphrase even a fully known seed is useless to an attacker.

Given full physical access and sufficient expertise the seed can be extracted from certain Trezor models, but AFAIK no such attacks have been successfully mounted on Ledger devices. Feel free to bring me up to date in case there's been any successful seed extractions from Ledger devices recently.

even worse if firmware is not updated and still have vulnerabilities, and to not mention bugs that may even cause loose of funds, I can't imagine Bitcoin Core having bugs with change addresses to cause loose of funds as we ever seen with HW for example.

I guess you're referring to paper wallets? Since hardware wallets are commonly deterministic it's technically not possible to lose funds to unknown change addresses (though if you have any more info on that I'd love to hear it).

we see some users loosing all funds from HW because they fall for pishing sites asking seed etc.

Seeds are also used by Bitcoin Core and other software wallets so that doesn't make a difference. Except, a lot of phishing sites ask for private keys directly rather than the seed, which for a regular user is impossible to obtain from the hardware wallet directly.


Don't get me wrong, if you know what you're doing setting up cold storage using an airgapped device is fine, in some cases maybe even preferable. Just be aware of what the actual up and downsides are.

[larry_vw_1955]

That doesn't require a bug in Bitcoin Core. Assuming the same attacker model (access to the device for a reasonable, but equal amount of time), he'll just need to pull the HDD out of the laptop, while he'd have to perform a pretty advanced low-level hardware attack on the hardware wallet and might not pull it off in time for the owner to notice the loss, restore the seed and move the funds.

not if the hard drive is encrypted...

[odolvlobo]

One of the major benefits of a hardware wallet is that it is portable, and you can safely plug it into any computer.

[BlackHatCoiner]

I've taken the time to read the discussion. What's up with the continuing debriefing of the hardware wallets' disadvantages? It's clear that they are both needed; it's just that each satisfies the same needs, but for different people. (Except if they may also want altcoins etc.)

The reasons are portability, easiness on transferal and security simplified. I wouldn't buy a hardware wallet to avoid running my own full node; I'd rather give an extra buck to a Raspberry Pi and have my hardware wallet connected to my node. That way I could enjoy all the benefits.

If I didn't want to spare a single dollar to my Bitcoin node setup AND had an old dusty PC/laptop left over, I'd use it to run a node.

[NeuroticFish]

I am asking this question since whenever I see someone asking about how to store bitcoin, all the answers I read is buy a HW, but I rarely see someone advising to just use Bitcoin Core... the most reviewed and secure client?

* The average Joe will not save 400+GB on his HDD. He doesn't understand pruning, he doesn't want to wait days for the initial sync and doesn't understand why should he download such amount of data.
* The average Joe probably has Windows or mobile phone he wants to use Bitcoin with.
* The average Joe is not tech savvy and he would make mistakes if we would advise him use cold storage. I've seen case when one was claiming he has cold storage which he connects to the internet when he send transactions.
  (Yes, he got his money stolen by some malware/exploit).

Bitcoin core is great, but it's not for everybody.
Bitcoin core, if used as hot wallet, is as vulnerable as any hot wallet.

So what other option we have for newbies? At least from my side it's not marketing; it's genuine attempt to help users keep their coins safe.

wanted to post in bitcoin and not bitcoin tehcnical support (since I do not think it is the correct place) but I can not delete it

Then move it. See bottom-left link.

[LoyceV]

So Bitcoin Core allows to do the same thing, most people have an old pc that they do not use, they can just install bitcoin core, generate a wallet, export descriptors to the online PC (the daily use PC), there you create a watch-only wallet, import descriptors and you will have a functional watch wallet (allowing to create new receiving addresses and create unsigned transactions) after a transaction is created you just copy the psbt file in a USB flash drive, bring to the offline PC, sign and bring back to the online PC to broadcast.

You don't see the average PC user do this, right? The average user who gets confused when the internet icon has moved sure can't handle this. And even if they can do it, it's a lot of work for making a transaction. That's okay if you do it once a year, it's not okay for daily use.

For instance, people are already taking pictures of seed words even though the software tells them not to

I do that too, but only for (mobile) wallets which I'll use for a very small amount. For convenience, I'm willing to risk it.
People have also lost funds stored in a hardware wallet after they entered their seed words in a phishing site. Lack of common sense is a great way to lose your money

someone taking the time to learn and do all the process will be less likely to commit error, we see some users loosing all funds from HW because they fall for pishing sites asking seed etc.

In reality, most Bitcoin Core users run it on an online system, and most of them probably use Windows. That makes losing funds much more likely than it is when using a hardware wallet, even though human stupidity will always find a way.

My own preference: I use different wallets for different purposes. I know the shortcomings (and I'm aware I might not even know everything), but it's enough to reduce the risk to an acceptable level without being inconvenient.

[LoyceV]

Most people i know don't bother buy seed plate if they decide to use hardware wallet.

I consider ordering anything dedicated to crypto bad OPSEC.

[n0nce]

That doesn't require a bug in Bitcoin Core. Assuming the same attacker model (access to the device for a reasonable, but equal amount of time), he'll just need to pull the HDD out of the laptop, while he'd have to perform a pretty advanced low-level hardware attack on the hardware wallet and might not pull it off in time for the owner to notice the loss, restore the seed and move the funds.

not if the hard drive is encrypted...

That requires the laptop to be shut down when getting into attacker's hands. If it's on, you can just freeze the RAM and get the keys out.
I also don't know that everyone running core has full disk encryption turned on.

Since a laptop is a general-purpose device, it inherently has a larger attack surface. For example, older laptops and certain Linux distros (or both) may not support secure boot, allowing for other attack vectors that you don't have when a HW wallet boots up.
I'd argue it will be harder to crack a HDD password (offline attacks on an ISO of it etc.) than a hardware wallet's password (no way to extract the memory contents + limited amounts of tries before erasing itself.

I've taken the time to read the discussion. What's up with the continuing debriefing of the hardware wallets' disadvantages? It's clear that they are both needed; it's just that each satisfies the same needs, but for different people. (Except if they may also want altcoins etc.)

The reasons are portability, easiness on transferal and security simplified. I wouldn't buy a hardware wallet to avoid running my own full node; I'd rather give an extra buck to a Raspberry Pi and have my hardware wallet connected to my node. That way I could enjoy all the benefits.

If I didn't want to spare a single dollar to my Bitcoin node setup AND had an old dusty PC/laptop left over, I'd use it to run a node.

That's what I recommend. Core with electrs & connect a hardware wallet-compatible SPV wallet to it.

For instance, people are already taking pictures of seed words even though the software tells them not to

I do that too, but only for (mobile) wallets which I'll use for a very small amount. For convenience, I'm willing to risk it.

Shame!

My own preference: I use different wallets for different purposes. I know the shortcomings (and I'm aware I might not even know everything), but it's enough to reduce the risk to an acceptable level without being inconvenient.

This is a kind of diversification that definitely makes sense. People also talk about getting hardware wallets with secure chips from different manufacturers to minimize risk of backdoors. This again goes towards 'paranoia-level security' as we often do around here, but I support the idea.

[LoyceV]

you can just freeze the RAM and get the keys out.

Has that ever happened in a real life theft? That's some James Bond level burglary!
If you really worry about this:

the RAM can be safely moved to a different computer

Then glue the RAM into your computer. Good luck to any thief.

[n0nce]

you can just freeze the RAM and get the keys out.

Has that ever happened in a real life theft? That's some James Bond level burglary!
If you really worry about this:

the RAM can be safely moved to a different computer

Then glue the RAM into your computer. Good luck to any thief.

As far as I know, it's relatively commonly done in high-security level pentests and in critical practical attacks (mostly physical attacks against companies) as well. The technique has definitely attracted lots of research and it was proven to work quite well by lots of different folks.

[LoyceV]

As far as I know, it's relatively commonly done in high-security level pentests and in critical practical attacks (mostly physical attacks against companies) as well. The technique has definitely attracted lots of research and it was proven to work quite well by lots of different folks.

I read about an arrest in the Netherlands not so long ago, where the SWAT team entered through the windows to prevent the guy from turning off his computer.
Okay, here's another solution: add a dead man's switch to your chair. If you get up, it disconnects the power to your PC. That's going to be seriously annoying to use, but for the truely paranoid that's a small price to pay.