Understanding the Security Model of Hardware Wallets
Vengeful ex's, supply chain attacks, lost seeds, clipboard hijacking, and other exploits you should know
If you're on the fence about moving your cryptocurrency to a hardware wallet or have already taken the plunge but want to deepen your understanding of safe usage, this is for you.
Understanding what hardware wallets protect against is the first step toward intuitive and safe usage. Ground rules like "never enter your seed into a computer" offer a baseline defense, but in the realm of crypto assets, where one slip-up in decades could cost your life savings, it's crucial to develop an intuitive sense of how cold storage and hardware wallets work.
This discussion is as non-technical as possible. However, just as a rudimentary knowledge of the stock market is essential for safeguarding your investments, a basic understanding of Bitcoin is necessary to protect your digital assets. My goal is for you to not only feel safe storing your Bitcoin on a hardware wallet, but also to feel comfortable using it and have an intuitive understanding of which operations are safe.
If you have a good understanding of why you need a hardware wallet and how they work, skip ahead to Part 3: Understanding the Security Model of Hardware Wallets
1. Why Are Hardware Wallets Necessary?
Different Ways to Store Cryptocurrency
Cryptocurrency, with its promise of financial self-sovereignty, offers various methods of storage, each with its own set of advantages and vulnerabilities. Understanding these options is crucial for safeguarding digital assets effectively:
1. Exchanges: Convenient, but Unsafe:
Cryptocurrency exchanges serve as online platforms where users can buy, sell, and trade digital assets. While exchanges offer convenience and liquidity, they inherently pose significant security risks. By storing assets on an exchange, users relinquish control of their private keys to a third party in exchange for an IOU. The exchange could be malicious, it could be hacked, go bankrupt, or it could be coerced by a government into confiscating your wealth. Many high-profile exchange hacks and bankruptcies in recent years have underscored the risks of trusting someone else to store your Bitcoin.
2. Software Wallets: Balancing Accessibility and Security
There are two kinds of software (also called hot, app, or mobile) wallets: custodial and non-custodial. A custodial wallet trusts someone else to store your keys — no different than an exchange. In a non-custodial wallet, you are responsible for storing your keys, backed up as a list of 12 or 24 seed words. Examples are Exodus, Trust Wallet, Metamask, and Electrum.
Software wallets store cryptocurrency keys on internet-connected devices such as computers, smartphones, or tablets. These wallets provide a balance between accessibility and security, allowing users to easily access their funds for transactions while still maintaining control over their private keys. However, they are susceptible to malware, phishing attacks, supply-chain exploits, and other online threats.
Software wallets are suitable for storing your change (like cash in a money clip), but they are not safe for storing significant amounts long-term.
3. Hardware Wallets: Enhancing Security Through Cold Storage
Hardware wallets also referred to as cold wallets, are dedicated physical devices designed specifically to store cryptocurrency keys offline. By keeping private keys isolated from internet-connected devices, hardware wallets offer unmatched security against online threats such as hacking and phishing. Users can securely store their assets for long-term holding without exposing them to the vulnerabilities associated with software wallets or exchanges. While hardware wallets require a small investment upfront, their robust security features make them an essential tool for anyone serious about protecting their cryptocurrency investments.
You can make your own hardware wallet from an old laptop, phone, or Raspberry Pi —but using a commercial product is much easier and safer.
Cold Storage is Essential For Large Bitcoin Savings
Exchanges are fine for buying and trading Bitcoin, and apps are fine for small balances.
However, to keep your assets safe long term, you need a cold storage solution. While the app you use may be safe now, can be be certain that in 10 or 30 years some hack or lapse in judgment won’t take everything? You can write your seed on paper, delete your apps, and keep your Bitcoin entirely offline, but you should feel safe using your Bitcoin when you need it. A hardware wallet provides the best balance between safety and usability.
2. How Do Hardware Wallets Work?
Understanding their operation, security features, and how they handle transactions can provide users with peace of mind and a deeper appreciation for these devices.
Basic Operation Of Hardware Wallets
Hardware wallets are dedicated electronic devices designed to securely store the private keys for your cryptocurrency wallet. Because they are exclusively used for signing transactions, they keep keys completely offline, except when performing transactions. They connect to computers or smartphones via USB, Bluetooth, or QR codes, enabling users to manage their assets without exposing their keys to potentially compromised devices. The fundamental principle behind their operation is: to keep the critical information—your private keys—out of reach from online attackers.
Key Security Features
Hardware wallets are equipped with several layers of security to protect users' assets:
Offline Storage: The cornerstone of a hardware wallet's security is its ability to store private keys offline, in a secure element, shielded from any malicious software on your devices. This "cold storage" method ensures that the keys are inaccessible to internet-based attacks.
Encrypted PINs: Access to the device itself is protected by a PIN code, which is encrypted within the wallet's hardware. This means that even if the device is lost or stolen, the contents remain secure and inaccessible without the PIN.
Recovery Phrases: In the event of device loss, damage, or failure, users can recover their assets using a recovery phrase, typically a series of 12 or 24 words generated during the initial setup. This phrase must be stored securely and offline, as anyone with access to it can regain access to the funds.
The process of signing a transaction with a hardware wallet is designed to maximize security. I will use Trezor as an example, which connects to a PC using USB, but the process is similar for Bluetooth or QR code devices:
PC wallet software requests a transaction, specifying the amount and destination.
The Trezor asks you to confirm the amount and destination address
Upon approval, Trezor signs the request and sends a signed transaction back to your PC
The wallet software broadcasts the transaction to a node for inclusion in the blockchain.
This process ensures that the private keys never leave the device. Physical confirmation on the device adds a layer of security, preventing unauthorized transactions even if the connected computer is compromised.
Hardware Wallet Creation Process (Getting Started)
While each hardware wallet works a little differently, the process to get started is similar:
1: Install firmware: Hardware wallets like Trezor and Ledger come without any firmware installed — like a computer without an operating system. The first step is to download and install the latest firmware. This ensures that you are getting the latest, cryptographically signed software on the device, and mitigates the risk that someone installed malicious software in transit to you.
2: Generate the list of seed words: This is the important part -- the secret master key that generates the private keys is created on the device itself. You can initialize a new wallet without any computer at all.
3: Write down the list of 12 or 24 words on paper: Preferably, you’ve etched your seed words into a steel backup.
4: Derive addresses: Now that the device has stored a master key, you can specify a list of cryptocurrencies you want to store on it. The hardware wallet uses the BIP39 standard to derive an infinite number of derivative keys from the root key represented by your seed words. Here is a tool you can use to play around with address derivation to understand how it works. Because BIP39 is a common standard, you can easily restore your seed on other wallets.
3. Understanding the Security Model of Hardware Wallets
There are three important concepts used by hardware wallets to protect your cryptocurrency: layered security, minimizing the surface area of attack, and physical security. These principles work in tandem to provide an impenetrable defense against both physical and digital threats. Let's delve into each concept to understand how hardware wallets protect your assets.
Layered Security (Defense in Depth)
Layered security, also known as defense in depth, is the practice of using multiple security controls to protect resources. Hardware wallets implement this concept by integrating several layers of security protocols that an attacker would need to circumvent to gain unauthorized access. Defense in depth is an old military concept, that was used in building concentric castles, where the inner walls are taller than the outer wallet. Every wall must be breached to reach the keep in the center, containing the king’s gold. Think of this analogy as we go through the layers – I will use a Trezor as an example, but this applies to all hardware wallets:
The outer layer is the software client on the PC, which is vulnerable to malware.
The second layer is the PIN code to unlock your Trezor – this protects against your wallet being stolen
The third layer is the secure element (if available) and the encrypted seed on the device, which protects against physical attacks.
The fourth layer is the display on the device, which protects against malware on the PC by visually confirming the transaction details match the one on the PC display.
By contrast, a software wallet on your PC (for example, Electrum) requires modifying a single line of Python code to redirect all your transactions to an address specified by an adversary.
Minimizing the Attack Surface
The concept of an attack surface refers to the total sum of points or "vectors" through which unauthorized users, including attackers, can access a system or software and potentially cause harm. For example, imagine you have a large castle with gold in a particular room. Your castle has many entrances a thief could take to steal your goal, and you must guard them all. What if you keep your gold in the central keep, with only one door? Now you can afford to post a pair of guards by that door at all times, and your two best guards at that. By minimizing the number of points through which an attacker can gain access to your assets, you simplify the job of securing your assets.
Hardware wallets achieve this by keeping the private keys—used for transaction signing— offline, never exposing them to internet-connected devices or networks. Transactions are signed within the device, and only the signed transaction, not the private keys themselves, is transmitted back to your PC. Instead of a door with guards, hardware wallets use a very basic protocol - over USB, Bluetooth, or QR codes to support a very limited set of operations.
Additionally, hardware wallets are very simple devices. They lack any hardware for Internet connectivity or support for mobile apps. This lack of features means there are a lot fewer vectors for vulnerabilities. They are also small, and sometimes transparent, so making physical alterations to spy on keys is more difficult. (This is why I don’t trust hardware wallets that are stripped-down versions of smartphones – they have big colorful displays and fancy apps, but also far more attack vectors.)
The physical security of hardware wallets is designed to protect against theft, loss, or tampering.
Again, imagine you have a castle with a hoard of gold. If you keep the gold in random rooms, a rogue knight or design thief could break into one of them and run off with your loot. However, if you place all your gold in a strong central keep, your adversary’s job is much harder. Furthermore, you could incorporate a trap door, so that trying the wrong key unleashes a deadly hail of errors.
Hardware wallets incorporate both physical security and tamper-evidence designs to protect their secrets and can self-destruct in case of attack. First, they centralize key storage in a dedicated device, that must be physically breached. Second, they store the keys in a secure element (ideally) or encrypted chip to make physical attacks more difficult. Third, they are small sealed devices to make physical modifications more evident. Fourth, they self-erase after some number of incorrect PIN attempts, making brute forcing PINs difficult.
A lesser-known yet crucial feature of hardware wallets is firmware validation, which significantly mitigates concerns about supply-chain attacks. Imagine a gold vault guarded by sentinels who, upon shift change, must utter a secret passphrase authorized by the sovereign to prove their legitimacy.
Similarly, a hardware wallet is initially devoid of any software, or firmware. The initial action for the user is to download and install the firmware, during which the device verifies that the firmware has been officially signed by the wallet's manufacturer.
This verification process occurs every time the wallet is powered on, ensuring the firmware's authenticity and safeguarding against supply-chain attacks—wherein malicious software might be installed while the device is en route to you—and evil maid attacks, which involve someone tampering with the device when left unattended. (It is possible to install custom firmware on a Trezor, but it will prominently warn you that the current firmware is not to be trusted.)
For added security, devices like the Trezor allow the setting of a custom home screen. This feature acts as an additional safeguard, protecting against the scenario where the device itself is swapped out for a compromised one designed to steal your PIN.
While there remains a theoretical risk that the hardware wallet manufacturer could act with malice, the likelihood of encountering a compromised device, such as a Trezor, or having your device compromised via a software update, is generally low and not something that should overly concern users.
4. Best Practices for Using Hardware Wallets Safely
These practices are designed to protect against a wide range of threats, ensuring that your cryptocurrency remains safe:
Keep Your Seedphrase Offline, Only Enter It Directly Into A Hardware Wallet
The seed phrase, a series of words generated when setting up your hardware wallet, is the master key that generates all your Bitcoin addresses. This key is generated on the device, and can never leave it. (Except in Ledger’s new key backup service, but don’t get me started.)
The only time you would need to re-enter the seed is during very rare major firmware upgrades or when you buy a new hardware wallet. You should only do so when instructed by the device itself, and ideally only on the device itself (direct entry is not supported by all hardware wallets).
The key should never be entered into any digital device, even if just to print it out. Ideally, it should be stored on a fireproof steel plate.
What You Should Know About Firmware Updates
Manufacturers of hardware wallets routinely issue firmware updates to patch vulnerabilities and roll out new security enhancements. The accompanying PC wallet software is designed to alert you to these updates. There's no urgency to install updates immediately upon notification. It's a common misconception that updates are needed for continued safety. In reality, updates are only necessary before executing transactions.
Adopting a cautious approach, I delay firmware updates for a few weeks as a precaution against the possibility of the manufacturer's systems being compromised.
It's crucial to understand that the security of your keys is maintained exclusively by the device's firmware. This means that even if the desktop client software of the wallet were to be compromised, your keys remain secure. Given this, I don’t worry about updating the desktop application immediately (such as Trezor Suite or Ledger Live), and I don’t stress (too much) whether my computer is compromised.
Before confirming any transaction, it's essential to verify the details thoroughly. This step ensures that the transaction is going to the intended recipient and for the correct amount:
Double-check the address and amount on your hardware wallet's screen. Ensure it matches what you entered on your computer or smartphone.
Be wary of address-swapping malware, which can alter recipient addresses. This malware usually swaps the address in your clipboard, so the address you paste into the software is different from what you copied. The hardware wallet's display is immune to such tampering, making it a reliable source for verification.
Be aware of the “blind signing” vulnerability: smart contract transactions do not show details on most hardware wallet screens (a few do), so you don’t know the details of the transaction you are signing. You should review these details in Metamask - see this article for more.
5. How Hardware Wallet Users Lose Their Bitcoin
Drawing from my experience assisting thousands of customers through WalletRecovery.info, I've identified the most frequent scenarios under which individuals lose their crypto stored in hardware wallets. Here's a rundown of these scenarios, ranked by commonality:
Accidentally Backed Up Wrong Seed: A surprisingly common error where users initialize their wallet multiple times, writing down the first seed, but depositing their coins to the second. When they reset their wallet, the coins are lost forever. (This seems to be especially common with Ledger users.)
Lost Seed and Wiped Device: Users sometimes lose their seed phrase—the crucial backup key—and subsequently perform actions like resetting their device, permanently losing access to their funds.
Wrote down seed words incorrectly: it’s possible to incorrectly write down some of the words or in the wrong order. A wallet recovery service can find the correct words in nearly 100% of cases – but it will cost you, and you’ll have to trust a stranger with your Bitcoin.
Phishing Attacks: Falling victim to phishing schemes by entering their seed phrase into a malicious website, often masquerading as a security measure for their hardware wallet.
Fake Support Service: Scammers posing as customer support via Google ads deceive users into revealing their seed phrases under the guise of assistance.
Malicious And Incompetent Hardware Wallets Makers: Some hardware wallet brands (like John McAfee’s BitFi wallet below) should not be trusted -- if it's based on a mobile phone platform (touch screen, Internet connectivity, Android OS), I would stay away
Vengeful Ex and No PIN: Personal disputes leading to someone with access to the wallet (like a vengeful ex-partner) transferring funds when no PIN is set for additional security or the seed is stored out in the open.
Deceased + Lack of Estate Planning: The absence of arrangements for digital assets in estate planning can result in cryptocurrencies becoming inaccessible after the owner's death.
Supply Chain Attack: Rare instances where devices are intercepted and a pre-generated seed is provided with malicious instructions, before reaching the customer.
Clipboard Hijacking Attacks: Malware that monitors and replaces copied cryptocurrency addresses on a user's clipboard, diverting funds to the attacker's address instead.
Notably Absent Risks:
Some risks that users might expect to see are notably absent from this list, underscoring their rarity or the effectiveness of existing safeguards against them:
Hacked/Modified Supply-Chain Attack: I am not aware of any attacks compromising the supply chain of reputable hardware wallet manufacturers. Because the firmware is downloaded and verified when setting up a new device, this attack is very unlikely to succeed.
Wallet Desktop Client Hacked: Direct theft or hacking of the PC does not affect wallet security. Attacks successfully breaching the security of desktop clients for wallets do not affect the security of the device, so they can’t be used to steal funds.
Malicious Firmware: The threat of a device being compromised by malicious firmware updates remains low, given the stringent verification processes used by manufacturers.
Stolen Wallet: A stolen wallet is usually safe because it is protected by a PIN — if you follow the instructions to set one. However, because Trezor One and Model T do not use a secure element, I recommend using a passphrase to protect against especially sophisticated adversaries. (Ledger wallets and the Trezor Safe 3 do include a secure element.)
6. The Future of Hardware Wallets (My Wishlist)
Here are the features and advancements I would like to see in new generations of hardware wallets:
Open-Source Secure Element for Key Storage: This approach not only enhances transparency and trust but also allows for community-driven audits and improvements, ensuring robust protection against vulnerabilities.
Eliminating Blind Signing: Future hardware wallets must address the issue of blind signing, where users confirm smart contract transactions without full visibility of the details because the wallet does not have the full context of the transaction. (The Keystone wallet eliminates blind signing, but it comes with other compromises.)
Improved Usability for Novices: Simplifying the user interface and experience is essential to make hardware wallets more accessible to novices. This includes intuitive setup processes, straightforward transaction verification, and clear guidance on security practices.
Decentralized Peer-to-Peer Key Backup Service: The next generation of hardware wallets could incorporate decentralized key backup services. For example, platforms like Blockwallet.io are exploring cryptographically secure methods of delegating recovery to trusted individuals, moving away from reliance on centralized parties.
Native Multi-Asset Multisig Support: Built-in support for multi-signature setups across various cryptocurrencies will be a significant feature. While hardware wallets do support multi-signature custody now, this requires additional software.
Mobile Device Support: Seamless integration with mobile devices, ensuring that users can manage their assets on the go without compromising security.
NFC Support: Near Field Communication (NFC) support will enable easier and faster transactions by simply tapping the hardware wallet against a mobile device, streamlining the process without sacrificing security. (Supported by Coldcard, my second favorite wallet.)
Bitcoin-Only Firmware: Following the example set by Trezor, offering a Bitcoin-only firmware option can significantly reduce the attack surface, catering to users who prioritize Bitcoin and seek to minimize potential vulnerabilities associated with supporting multiple cryptocurrencies.
Coin Mixer Integration: Integrating coin mixers directly into hardware wallets (like Trezor does) can offer enhanced privacy for users, making it more difficult to trace transactions back to their origins.
Estate-Planning Features: Recognizing the need for innovative solutions in estate planning, future hardware wallets could include features that allow users to securely and seamlessly transfer access to their assets in the event of their passing, addressing a critical aspect of digital asset management.