In 2018, when the price of bitcoin dropped from an all-time high of around $20,000 to less than $6,000, a lot of people thought cryptocurrencies are dead. But today, the cryptocurrency market is on another massive bull run, with the price of bitcoin hovering above $50,000 and other cryptocurrencies standing at historic records.
Naturally, with the growing price of bitcoin comes a wave of new enthusiasts who don’t want to miss the opportunity of the next spike in the value of cryptocurrencies. Unfortunately, many of these people dive headlong into the market without knowing all the sensitivities involved in handling cryptocurrency wallets. Many of them fall victim to preying hackers or their own mistakes and lose hold of their cryptocurrency savings.
In the early days of bitcoin, there was a clear trade-off between wallet security and convenience. You had to choose between online wallets that were easy to use but not very secure and hardware wallets that were secure but not easy to use. But today, the market for bitcoin hardware wallets has matured, and you have many options that provide security, ownership, and ease of use at the same time.
If you’re new to bitcoin, here’s what you need to know about how hardware wallets work and why you should consider getting one.
How does bitcoin work?
One of the main appeals of cryptocurrencies is that they are decentralized money. You own your bitcoins, just as you own the cash in your wallet. There is no central authority like a bank or other financial institution that can control your money.
To do away with central authorities, cryptocurrencies use blockchains to record their transactions. A blockchain is a ledger that is simultaneously stored and updated on thousands of independent computers across the globe. While validation mechanisms vary between different cryptocurrencies and blockchains, they all use cryptography to make sure every transaction is legit (hence the name crypto-currency) and hasn’t been tampered with. While I will use bitcoin as an example in this post, a lot of the concepts discussed here apply to other cryptocurrencies.
When people want to send you bitcoins, they will use your bitcoin address, a unique string of alphanumeric characters. Each approved payment is added to the blockchain and contains the addresses of the sender and the receiver of the transaction.
How can you prove bitcoins stored on an address belong to you? Every bitcoin address is associated with a pair of public and private cryptographic keys. Public/private cryptography is an old encryption mechanism that is used in many applications we use every day, including HTTPS websites and PGP-secured emails. Data encrypted with a public key can only be decrypted with the private key. People usually publish their public key to allow others to encrypt and send them confidential information. They keep the private key to themselves and use it to decipher data encrypted with their public key.
The reverse is also true: Data encrypted with a private key can only be decrypted with the public key. This mechanism is used for “digital signatures.” To prove that I’m the legitimate sender of a piece of information, I add a piece of information encrypted with my private key. Since my public key is already known, anyone can validate my signature by trying to decrypt it with my public key.
Back to bitcoin transactions. Before I can send bitcoins from an address, I have to prove that I own them. To do this, I need to sign the transaction with the private key of the sender’s address. Once that is verified, the computers maintaining the bitcoin blockchain will approve and register my transaction.
What is a bitcoin wallet?
This brings us to the key point about bitcoin ownership: Whoever holds the private key of an address owns the bitcoins stored at that address. And this is what the bitcoin wallet does.
A bitcoin wallet simply stores the address and the public and private keys to one or more bitcoin addresses.
There are basically four types of wallets:
- Online wallets: An online bitcoin wallet is a website or app that stores your bitcoin keys on a server.
- Software wallets: Software wallets are applications you install on your computer or smartphone. They store your bitcoin keys on your local device or a flash drive.
- Hardware wallets: Hardware wallets store your bitcoin keys on a piece of hardware that has been specially designed for bitcoin transactions.
- Paper wallets: Paper wallets are physically printed versions of your private and public keys. Paper wallets usually also contain QR codes of the keys to make it easy to use them.
How you store your private keys will determine the security of your bitcoin funds. And each type of bitcoin wallet has its benefits and tradeoffs.
The benefits and tradeoffs of different bitcoin wallets
There’s usually a tradeoff between security and ease of use in different types of bitcoin wallets. For instance, online wallets are easier to use than other types of wallets. You can access them from a browser on any device as long as you can remember your username and password. And they have plenty of good features such as quickly buying, selling, and trading cryptocurrencies. However, they store your private keys on a central server, which makes them a bit like banks. They hold the keys to your bitcoin and, in a way, you’re giving up your privacy and the ownership of your bitcoins. Also, if you fall victim to a phishing attack, an attacker will be able to access your wallet and steal your bitcoins because your private key is stored online. Online wallet companies usually do a good job of keeping user accounts secure, but they occasionally get hit by data breaches, where hackers steal all the private keys and cryptocurrencies of their users.
Software wallets can be installed on any kind of device. You get to keep your private keys and privacy. Without having your keys stored in the cloud, hackers can’t trick you into giving away your username and password (but they can still trick you into making payments to their bitcoin address). The tradeoff is that you don’t have the flexibility of online wallets and can access your funds on the specific devices where you’ve installed your wallet application. The security of software wallets is also complicated. If your device gets hacked with file-stealing malware, an attacker might be able to steal your private key. And if your device gets destroyed or lost, you will lose your bitcoins.
Hardware wallets have an associated web, mobile, or desktop application that enables you to monitor your bitcoin addresses and spend bitcoins. Private keys are stored in the hardware wallet and never leave the device. When you want to confirm a payment, the transaction is signed inside the hardware wallet and the output is sent to the app. Hardware wallets are more secure than the other alternatives because they’re very hard to hack. But they don’t have the flexibility of online wallets because you need to have your device with you for every transaction. They also require you to make a small upfront investment to buy the device. And like software wallets, if you lose your device, forget your PIN code, or forget your recovery seed, your bitcoins are gone.
Paper wallets are completely offline, which makes them the most digitally secure type of wallet. But paper wallets are very hard to use. Before you can spend your bitcoins, you need to import your private key into a software or online wallet. And if your paper wallet gets burned or destroyed, your bitcoins are toast.
Why I prefer hardware wallets
When it comes to choosing bitcoin wallets, there’s no perfect solution, and no matter which kind of wallet you choose, if you don’t understand the basics of bitcoin security, you can still become the target of malicious actors.
I like hardware wallets because they minimize the risks that I can’t control such as major data breaches at cryptocurrency exchanges or malware that exploits zero-day vulnerabilities in mobile and desktop operating systems. To be clear, hardware wallets are not perfectly secure. For instance, in a recent security incident, hackers broke into the servers of hardware wallet manufacturer Ledger and possibly pushed out malicious firmware updates for Ledger wallets. But these types of supply chain attacks are much harder to pull than phishing scams.
Also, in the past few years, the landscape has evolved much and hardware wallets have become much easier to use, giving you a nice combination of security and convenience.
There are a few things I verify when evaluating a hardware wallet:
- Company history: I prefer to stake my bitcoins on a wallet from a company that has been in business for several years.
- Security: No company is perfect. But companies that have a history of delivering secure products, and more importantly, a robust process to respond to vulnerabilities are more reliable.
- Wallet integration and support: How many platforms support the device and how many kinds of coins does the wallet support?
- Interface and ease of use: How easy is it to use the wallet’s user interface? How easy is it to update the firmware? Is the reset and recovery process painful or easy?
Trezor Model T
I’ve reviewed several hardware wallets before, and though there are a few good options, my personal favorite is the Trezor Model T.
Satoshi Labs, the manufacturer of Model T, has been around since 2013 and has since been delivering secure products, first the Trezor Model One, and more recently the Model T. This gives me the confidence I need that the company will not suddenly disappear or fail to respond to a possible security flaw in its wallets.
The Model T is a small cryptocurrency wallet that connects to your computer or mobile device with a USB cable. It has a small touch-screen display, which you use to enter your PIN code, confirm or reject transactions, and reset your device. The display is one of the main advantages of the Model T. Most hardware wallets don’t have a rich user interface and require a combination of interactions on the wallet and your computer. The Model T, however, brings the entire experience on the hardware wallet, which makes it more pleasant and less prone to security mishaps. The touchscreen does become a bit hard to work with sometimes, especially when you want to enter the firmware update mode. But for the most part, it is solid and easy to use.
One of the main benefits of the Model T is the support it has among other wallets. Satoshi Labs has its own dedicated web and desktop application to manage your cryptocurrency portfolio (I’ll get to that in a bit). But the Trezor wallets (both Model One and Model T) are supported by many online wallets. For instance, My Ether Wallet (MEW) and MyCrypto, two popular online portals that enable users to create wallets for their ether and ERC20 tokens, support the Trezor wallet. Several software wallets such as Electrum and Exodus also support Trezor. The solid integration support makes it easy to make Trezor part of your existing cryptocurrency solutions.
The Trezor also comes with its own dedicated online wallet application, the Trezor Wallet, which supports several cryptocurrencies. More recently, the company added the Trezor Suite, a web and desktop application that makes it very easy to manage your cryptocurrency portfolio and the Trezor hardware. The Suite support several different cryptocurrencies and provides you with a one-stop shop to update your Trezor’s firmware, recover your keys, and change the PIN code. One of the advantages of the Trezor Suite is the option to monitor your accounts even when your Trezor is not connected. You’ll only need to connect the hardware wallet when you want to make payments.
Trezor Model T is not the only good bitcoin hardware wallet. The Ledger is also a solid wallet (except for the recent security incident). Ellipal also has an interesting working model. But I have found the Trezor Model T to have the right balance of security, convenience, and support.
Regardless of which hardware wallet you choose, there are few things that you should keep in mind:
- Keep your recovery seed safe: Every wallet has a recovery seed, which you can use to restore your keys if you wipe your device or if you lose it and get a new one. You should keep a safe copy of this recovery seed someplace safe, preferably not in your cloud or disk drive.
- Always check addresses before confirming transactions: Even though malicious actors can’t remotely hack the hardware wallets that sign bitcoin transactions, they can still use other methods to trick you out of your bitcoins. For instance, some cryptocurrency malware modify the bitcoin addresses you copy into your clipboard. So, while you think you are copying the bitcoin address of a friend into your wallet, you might end up with an unknown address that belongs to a hacker. First, make sure the source of the address is legitimate. Also, always double- and triple-check the address before confirming any transaction. You don’t need to check every single character in the address, but comparing the first and last four letters in the site you got the address from (ecommerce website, email, etc.), your software wallet, and your hardware wallet display (if it has one), should be enough.
Fortunately, the hardware wallet landscape has matured a lot, and having a convenient experience no longer comes at the expense of security.