How and when to upgrade to a hardware wallet to keep the keys to your crypto offline, safe from remote attacks.
Hardware wallets may be seen as a luxury, especially for those just starting out in DeFi. Many people find it hard to justify the expense when it amounts to a large fraction of their investment. You will need a hardware wallet once your investment grows, or if you want to continue to invest.
As you’ll find out in this article, hardware wallets and DeFi go together like a fork through butter - they’ll get the job done but they’re not the best tool for the job. Crypto wallets in the form of browser extensions and mobile apps will offer a smoother experience for the bulk of your onchain activity, but you need a hardware wallet to secure your main investments, savings and NFTs, and occasionally interact directly with dApps.
There are dozens of crypto hardware wallet manufacturers available on the market but the majority of market share is divided between two brands: Trezor and Ledger. Both companies were founded around the same time, with the Trezor being first to market by only a few months.
As a security product, you will want a hardware wallet with a long track record that has been sufficiently battle-tested, and both these brands have sold millions of devices over the past decade.
When to buy a hardware wallet
Putting a dollar value on when to buy a hardware wallet is difficult, as crypto is global and everyone is in different financial situations. You should get a hardware wallet once you’ve invested enough that you can no longer bear the thought of losing it, or if you plan to hold your crypto for more than a few months, as its value may appreciate suddenly.
Although most web3 users are aware of hardware wallets and the security benefits they offer, it is all too common for even experienced users to delay their purchase until after something happens to their funds. If you plan to invest in crypto for the long term, you should seriously consider security from the outset.
How to safely buy a hardware wallet
The hardware wallet industry has grown to the point that you can now buy devices from dozens of different online stores, and some brands are even available in major electronics retailers like Best Buy.
As a security product, you should be cautious if you order from anywhere other than the official manufacturer or through an official reseller. Even then, you can take additional steps to protect yourself from attackers:
- Always check that the package you receive is sealed and shows no sign of tampering, before setting up and using the device. There have been cases where devices ordered from the internet have been modified in transit, altering the electronics to give attackers easy access to funds.
- Pay in crypto and use a drop off point for delivery. Providing personal details with your order could make you a target, should those details be leaked. On more than one occasion, physical addresses and credit card details of hardware wallet customers have been leaked and resulted in targeted attacks.
Differences between Trezor and Ledger wallets
Open source versus closed source
One of the key differences today is that Trezor remains committed to open-source principles, making both hardware and software that can be copied by anyone and shared freely. This comes with security benefits, as code and schematics are open to scrutiny, and should reduce the possibility of introducing backdoors into their product if they wanted to, which also aligns with the open-source ethos that drives crypto development.
Ledger, on the other hand, uses closed-source components in their devices and prefers top-shelf industry certifications as evidence of their security. A closed-source approach may help prevent attackers from identifying exploits, but the trade-off is that non-disclosure agreements (NDAs) also prevent manufacturers from sharing details about critical security flaws which may arise.
Neither manufacturer has reported loss of user funds due to device compromise. When choosing a wallet, you will want to consider other aspects such as usability and design, cryptocurrency network and token support, and company philosophy and business practices.
Usability and design
As a long-term storage device, hardware wallets have often sacrificed usability in favor of security, with manufacturers assuming that you will only need to access the device occasionally to manage funds, and can manage your everyday DeFi activity on a software wallet. In reality, no-one wants to lose money, and hardware wallets should be designed for regular everyday use.
Both major brands manage to just about keep up with DeFi, but each have their drawbacks. First, almost all hardware wallets need to be used with a third-party extension like Metamask to work with dApps. They still keep the seed offline and let you verify transactions on the device screen, but this increases complexity and introduces more frustration as they don’t always want to cooperate.
Next, as hardware wallets are electronic devices, there’s an inherent balance between the ideal physical design and the cost of manufacturing. Budget hardware wallets from both Ledger and Trezor use a two-button input which can be surprisingly intuitive but will still lead to mistakes. Trezor overcomes this with a touchscreen in its premium model, but some users find the screen too small to fully eliminate frustration. Ledger’s companion app is feature-complete on mobile, which may be more of a design upgrade than Trezor’s touchscreen.
In terms of device experience, Ledger uses an app-based architecture that helps you organize your networks on your device’s screen, but you need to install each network’s app individually and select the right app each time you want to perform an action, which you may get fed up with. Trezor manages this part of the experience using their software interface, which simplifies the flow a little. That said, when it comes to actually signing a transaction you will find that going through the confirmation process on a Ledger is a touch faster (as long as you have the correct app opened on your device).
Hardware wallets and DeFi
The fact is that one of the main reasons to use a hardware wallet is to verify the details of every transaction. And that takes time. But DeFi moves fast, and when swap quotes change every minute you’ll find yourself rushing through multiple screens without benefiting from the enhanced verification. But hey - at least your keys are offline, and that’s what matters, right?
Kinda. With your seed offline, there’s no way for an attacker to sweep your funds without your permission. But what if you gave them permission? A longstanding and as-yet unresolved issue that affects all crypto wallets is unlimited token approvals.
When you interact with a DEX you need to give permission to a smart contract to spend funds from your wallet. In the majority of cases, this defaults to an enormous number that might as well be infinite. If you approve this, the platform - or someone who hacks it - will be able to send your funds anywhere, hardware wallet or not.
No hardware wallet has yet designed a product with this in mind, so you will need to be diligent and manually edit approvals to only spend the amount you wish to trade.
Blockchain network support
Of the categories discussed here, support for different networks is where Ledger has a clear advantage over Trezor. Trezor has historically been a major proponent of Bitcoin and has limited support for other networks (though it does support major chains like Ethereum and Solana), and it has attributed this to the large amount of resources needed to manage multiple chains. Ledger’s development environment and app-based architecture makes it much easier for third-party developers to integrate their chains.
At the time of writing, Trezor supports Bitcoin, Ethereum, Solana, Cardano, Litecoin, Ethereum Classic, XRP, ZCash, Dogecoin and a few others in its Trezor Suite app, while networks such as Monero, Stellar, Tezos, and all other EVM networks are supported in firmware but require use of a third party app.
Ledger supports 71 networks, including most of those on Trezor yet lacking Monero. Notably the Ledger Live app supports most of these networks natively, giving a more comprehensive view of your portfolio.
Which hardware wallet to buy
This section will compare several popular hardware wallets including Trezor and Ledger as well as alternative offerings from less prominent brands supported by Metamask.
Budget hardware wallet options
Ledger Nano S+
Summary: This is a great starter option for web3. It supports a huge range of chains and the app-based architecture means you’ll find new chains are supported sooner than competitors. Signing a transaction in less than 30 seconds is possible but you will find yourself skipping the all-important verification more often than not. The Ledger Live app lets you connect on mobile or desktop and will show your NFTs on several chains, though not all.
Usability and design: Two-button interface, screen dimensions 128x64 pixels, app-based architecture, USB-C
Crypto support: 71 networks + EVM chains
Trezor Model One
Summary: The first hardware wallet ever sold. Many of the first batch of devices are still working 10 years on, but the hardware is a bit lacking in terms of memory so don’t expect Trezor to roll out support for any new chains. Signing a transaction in less than 30 seconds is a game of chance, so it’ll serve you well as cold storage but not an everyday workhorse. The Trezor Suite app is only available on desktop and NFTs are only shown as metadata so you’ll need a gallery app for your JPEGs.
Usability and design: Open source, two-button interface, screen dimensions 128x64 pixels, no network installation, MicroUSB
Crypto support: 15+ networks + EVM chains (no support for Cardano, Monero or Solana)
Trezor Safe 3
Summary: The low-end option from Trezor’s latest line, launched at the end of 2023. Includes a secure element for greater security, and the same chipset as the Model T, which should deliver a quicker signing experience than the Model One. The Trezor Suite app is only available on desktop and NFTs are only shown as metadata so you’ll need a gallery app for your JPEGs.
Usability and design: Open source, two-button interface, screen dimensions 128x64 pixels, no network installation, USB-C
Crypto support: 18 networks + EVM chains
Premium hardware wallets ($100+)
Ledger Nano X
Summary: The best balance of price and convenience, with bluetooth for easy on-the-go phone connectivity. Good chain support and the app-based architecture means you’ll find new chains are supported sooner than competitors. Signing a transaction in less than 30 seconds is possible but you will often skip data verification. The Ledger Live app lets you connect on mobile or desktop and will show your NFTs on several chains, though not all.
Usability and design: Two button interface, bluetooth, screen dimensions 128x64 pixels, app-based architecture, USB-C
Crypto support: 71 networks + EVM chains
Trezor Model T
Summary: Great ergonomic design and excellent user experience, the touchscreen is just big enough to make security processes feel slick. Still a top pick after 5 years on the market but its screen makes it a bit less robust than its predecessor. Quick enough to sign a transaction and skim the most important transaction data. Great for bitcoin, but other chains are a bit neglected. The Trezor Suite app is only available on desktop and NFTs are only shown as metadata so you’ll need a gallery app for your JPEGs.
Usability and design: Open source, touchscreen, 240x240 pixels
Crypto support:18 networks + EVM chains
Keystone 3 Pro
Summary: Familiar phone-like design, this wallet promotes itself as an air-gapped, offline storage solution. The 4-inch touchscreen and a rear-fitted camera for QR code scanning may be a selling point. Supported networks are lower than the options above, but it has some security extras such as fingerprint authentication and a self-destruct mechanism. No personal experience signing DEX transactions, so may be better as a savings account.
Usability and design: Open source, smartphone design, touchscreen, 4-inch display, camera for airgapped QR codes, micro-SD for PSBT, secure element.
Crypto support: 10 networks + EVM chains
Summary: This beast of a wallet will dominate your desktop but is far from portable. Its large touchscreen should make transaction verification convenient, but the SafeCard system could be a bit overkill compared to pen and paper. No personal experience signing DEX transactions, so may be better as a savings account.
Usability and design: Tabletop bulky design, touchscreen, smart card for storing private keys, 480x800 pixel display, WiFi and ethernet connectivity.
Crypto support: 7 networks + EVM chains
Make a choice that suits you
The hardware wallets above are all widely used and currently secure billions of dollars of assets combined. While each brand markets slightly different features, there is no perfect combination, and the right wallet will vary depending on your preferences, risk tolerance and threat model.
Some things to bear in mind before you make your purchase include:
- A basic model will provide practically the same security as a premium model, so do not feel pressured to stretch your budget.
- Buying open source products helps reduce the trust you put in the company you buy from.
- Choosing a solution that is too complex increases the chances of you losing access to your own funds.
Ultimately, using any physical device as a second factor of security - even those which do not have a screen to verify transaction details, such as NFC cards - will greatly increase the security of your funds. It is also always better to take precautions against online threats before an attack takes place.