A hardware wallet is a device specially designed to secure and protect the private keys of your cryptocurrencies. Its main security method is to store private keys on an isolated device , preventing third parties from being able to access it remotely. All of this makes it one of the most secure self-custodial storage methods today.

In this article, we will go through all these concepts that surround hardware wallets, going through how their security works, what types of vulnerabilities they can suffer, and some tips and recommendations when using this type of wallet.

At the end of the article we will leave you a list with what we consider the best hardware wallets of the moment .

What is a hardware wallet
A cryptocurrency wallet is made up, in its most basic expression, of a public and a private key or key .

USB size bitcoin types
From the first of these, from which the public address is derived – if the portfolio is deterministic, multiple addresses of the same key are generated – it is used to receive cryptocurrency. With regard to the private key, it is used to confirm outbound transactions and to mobilize funds. This makes private keys require special care or protection, since whoever has access to them can transfer the cryptocurrencies.

How to use a hardware wallet
We already mentioned that a hardware wallet stores the private keys, which are used to sign an outgoing transaction. Since it is a separate device, it is usually connected to the computer via USB, or in more current wallets, via Bluetooth.

cold wallet team btc
The way to use it, if you have already used cryptocurrency wallets before, there is nothing special. First of all, this is because the device only stores the private keys , and serves, in part, as a 2-factor authentication device. It is only based on connecting the device, entering the corresponding app , and from there, being able to manage your cryptocurrencies.

Regarding this last point, to manage cryptocurrencies (send and receive) each hardware wallet usually offers its own interface.

But, it is worth noting that wallets of this type do not depend solely on the interface that the manufacturer provides. Most of these are compatible with third-party wallets, such as MyEtherWallet , MetaMask , Exodus , among others. These allow to generate the wallets, but, storing the corresponding private keys within the compatible hardware wallet.

How is security in a hardware wallet
The main security of each hardware wallet consists of isolating, on a device that is not permanently connected to the internet, the private keys. In basic terms, a USB memory would fulfill the same function, but without protecting the data that you save there. So, a hardware wallet is much more than a storage device.

Each record within the memory of a hardware wallet is encrypted. This means that not everyone can connect a wallet of this type and read the information stored there.

Storage and encryption processes vary by manufacturer. Wallets like Ledger or Coolcard use a system called secure item . This consists of a microcontroller separate from the main controller, which is in charge of all operations related to security, including information storage.

cold cold security wallets
This type of secure element system prevents the information from being exposed, in the event that the main controller is compromised.

However, there are also wallets that use a single controller, such as Trezor or KeepKey. These manage and store information through the same microcontroller.

Another security aspect that hardware wallets use is through 2-factor authentication. This happens in cases like this example: when using a Trezor One it is necessary to enter a security code to unlock the wallet. The code is entered from the app with which you manage your wallet, although the number panel with the corresponding location will be displayed on the device.

buy btc panel wallet
Vulnerabilities that a hardware wallet can suffer
The main vulnerabilities or hacks that a hardware wallet can suffer occur physically, that is, they depend on the attacker having access to the device.

One of these sources of attack is voltage faults. These are based on modifying the voltage level that the microcontroller uses to affect its performance, making it possible to read information within the device in certain cases. Wallets such as KeepKey and Trezor have already presented this type of flaw, discovered by the Kraken Security Lab team, as reported by CriptoNoticias.

variable high voltage fault
Another vulnerability that these portfolios can suffer are those of the supply chain. It refers to a type of attack where attackers can gain access to devices in their distribution path, which makes them vulnerable to being maliciously modified. To mitigate this problem, wallets like Trezor, deliver devices without firmware , which is installed the moment you connect your wallet to the computer for the first time. If when connecting your Trezor for the first time it already has firmware installed, it may mean that it has been compromised.

On the other hand there are the fakes . Equipment that aesthetically retain the same appearance as the original, but do not offer the same security, and may be destined for the theft of your cryptocurrencies.

At the software level, vulnerabilities can be presented in the interface where you manage your portfolio. This can suffer keylogger type hacks , which are based on changing the destination address to which you want to send, by an attacker’s address .

Tips for using a hardware wallet
Avoid, as much as possible, letting other people know that you have a hardware wallet. Remember that the biggest vulnerabilities come from the attacker having access to the device.

When generating the recovery seed, do it offline (without internet) and alone. You should be the only one who knows and has access to the recovery seed. This, of course, if you are not using a shared portfolio with a family member or company.

Generate recovery seeds with BIP39 passphrase . This seed format is the 12 or 24 words, plus an additional word, which you define to your liking and encrypt the rest of the words, as a kind of password. This ensures that if they have access to the recovery seed, but are unaware of the passphrase , they cannot access the funds.

Needless to say, you shouldn’t store the seed and the passphrase in the same place.
Always buy in official stores. Avoid acquiring equipment through third parties. Go to the official website of the wallet you want to purchase and place your order.