Cryptocurrency is digital money, which makes it fast and convenient, but also exposes it to online threats. That means your crypto can be stolen from you without the thief needing to be in the same physical location, and you might not notice it’s gone until long after the fact. Hardware wallets keep your crypto keys offline, where only you can access them.

Billions of dollars of crypto are stolen through remote attacks each year. If you have any significant amount of money invested in cryptocurrency, you must secure it properly to avoid becoming a target. 

What is a hardware wallet?

A hardware wallet is a device that securely creates and stores cryptographic keys offline and can be used to verify and sign crypto transactions without worrying about clipboard attacks or other exploits. 

Since cryptocurrencies can be very valuable and transactions can not be reverted once confirmed, security requirements are higher than for traditional bank accounts. Hardware wallets were first created in 2013 as a convenient way to achieve the highest practical degree of security for bitcoin and other cryptocurrencies which followed, including Ethereum and stablecoins.

One important thing to remember is that your hardware wallet is not the most important part of your crypto security. Your recovery seed, which is the backup of your wallet and gives access to your funds, is the most important item you need to protect. 

There are three features a hardware wallet must have in order to properly secure assets. 

• A secure random number generator with on-device storage. This produces key pairs in a non-deterministic way so the chance of generating an existing key pair is infinitesimal.
• An onboard trusted display. Essential to allow you to verify that the data you sign has not been manipulated.
• A physical input such as buttons. Lets you confirm transactions on the device itself and use a PIN to secure the device from unatuhorized access.

Other features that can improve security and ease of use are present in some models of hardware wallet but are not considered essential.

• Passphrase encryption. A passphrase is used to create a new set of accounts using an existing seed. It is not stored on the device so funds remain protected if your recovery seed is stolen.  ‍
• Bluetooth connectivity. This may be considered a vector for remote attacks, but the same principle of isolated signing described below should protect user assets.‍
• Sharded backups. Using the Shamir Secret Sharing algorithm, multiple seeds are used for wallet recovery. Compromise of one or several shares does not make it easier to crack, as long as it is below the recovery threshold set by the user.‍
• Secure elements. These are chips designed to protect data from physical tampering. Though effective in most cases, they are not immune to attack and can also be exploited.

Why software wallets are not enough for long term storage

The crypto wallets you trade with on a daily basis, such as mobile apps and browser extensions, provide limited protection from remote attacks. Even if you take every precaution to use them safely, their direct connection to the internet is a constant threat vector that can be exploited.     

Mobile apps tend to be more secure than extensions, as they benefit from secure hardware and other technologies that phone manufacturers build into them, but the more valuable your crypto holdings become, the more effort a hacker can afford to put into stealing them.

Understanding cryptographic keys

Your crypto is only as secure as the keys that control it. Every onchain address you own is controlled by a public key and a private key. The public key is shareable and used to receive crypto, but the private key must never be shared, because it can be used to send your crypto anywhere. 

When you set up a wallet, you are told to write down a list of 12 words, called a recovery phrase or recovery seed. This phrase is converted to numbers, and used as the seed for calculating your public and private keys.

While it may not seem particularly safe, cracking a private key created in this manner would take around 2²⁵⁶ guesses. 

Written out in full, that’s 115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,007,913,129,639,936 guesses.

Private keys are uncrackable using today’s technology. Guessing your private key would be even more unlikely than guessing a specific atom hidden somewhere in the universe. But if that key is uploaded to the internet, it can be found instead of guessed. That’s why storing your private key on even the most secure smartphone leads to a huge drop in security.

How hardware wallets keep crypto secure

Now you know the difference between a private key that is accessible online and one that’s created and stored offline. Hardware wallets aim to preserve the highest standard of security by creating that private key offline, and keeping it there permanently. This is commonly referred to as cold storage, or airgapped security.

Creating a private key is not particularly difficult. It can even be done with a pen and paper, by tossing a coin and using the resulting heads-tails sequence as a string of binary that can be used as a key. Hardware wallets do the same thing, by using a circuit that acts as a random number generator with a little noise thrown in for good measure. 

Once the keys are generated, the hardware wallet will store the data in a dedicated storage module on the same circuit, and use it to sign any messages such as transactions that the user wants to send. This memory can be further hardened against extraction attacks by using a Secure Element, an electronic component built to resist fault injection which an attacker who has physical access to the device would use to try and extract the key. 

When signing a transaction using your hardware wallet, the interface will prepare all the required message data, then send it to your wallet. You will be prompted to check the details are correct on the screen of your device - this is essential, as the interface you use could be compromised, but your hardware wallet will only show the actual transaction being signed. You will verify the destination address, amount of crypto being sent, and any smart contract data involved. Once you confirm it, the device will use its keys to sign the message, and send it back to the interface to be broadcast to the network. 

Hardware wallets sign transactions without leaking your keys

Hardware wallets are often criticised for being ‘warm storage’ rather than cold, as they must be connected to a computer by USB or bluetooth in order to receive the transactions you want to sign. Surely that means an attacker can compromise them via the internet, right? Not really.

Messages can be sent to the hardware wallet, but signing happens on the device itself. By design, there is no route for the keys to leave the device, only signed or unsigned message data.

Hardware wallets have been compromised in the past, but not through a process as simple as sending the keys out of the device. These exploits use advanced techniques where the device has a current applied to it while connected to lab-grade equipment. Small fluctuations in the electronic signal revealed patterns that could be translated into a key signature. In such cases, the compromised devices did not have their keys encrypted by a passphrase, as recommended by the manufacturer, and were not built to include a secure element.

How to choose a hardware wallet

With dozens of manufacturers on the market, it can be difficult to understand the real benefits of each individual device. We're putting together a guide to buying a hardware wallet, covering the pros and cons of the most popular models, as well as how to stay safe when making your purchase. Remember, as long as the device you buy creates and stores your keys offline, and you can verify transaction details on the device itself, almost any hardware wallet will be a major improvement over just using a browser extension or mobile app.