FeedingTrends
Hardware crypto wallets — overview
a month ago
8 min read

Hardware crypto wallets — overview

What should we know about storing crypto on a hardware wallet?

Wallets in cryptocurrencies mean at the same time:

  1. A set of keys for accessing money
  2. Programs that manage these keys and allow you to conduct transactions on the cryptocurrency network.

To avoid confusion, when we talk about a set of keys, I will use the term “private key”. Although we all understand that in the key pair there is also a public one, as well as that there may be several pairs themselves.

We will talk about a wallet exactly as a way of managing, storing and conducting transactions. Without a wallet, you cannot receive, store or spend your bitcoins or funds in another cryptocurrency. A wallet is your personal interface to the cryptocurrency network, similar to a bank account for fiat currency.

So, let’s start with a definition of hardware wallets. Hardware wallets are physical devices designed to securely store cryptocurrency. Some software and online wallets support storing funds in hardware wallets. Before starting to compare specific models of hardware wallets, let’s see what most of these wallets can do, and dwell on the features of each of them in more detail.

So, any hardware wallet (of the considered):

  1. Generates and stores an unrecoverable wallet private key inside the device.
  2. All operations required for a transaction are performed inside the device. Only the result is issued from the device — the electronic signature of the transaction.
  3. Has a screen for displaying various information.
  4. Has one or more physical buttons for interacting with a device.
  5. When transferring funds from a wallet, it displays information about the transaction on the screen.
  6. Requires manual confirmation of operations using a physical button on the device.
  7. Allows you to create a backup copy of the keys in case the device breaks or is lost.
  8. Requires the installation of additional software from the manufacturer of the hardware wallet. Supported on all modern versions of Windows, Linux, MacOS. Supported on Android.
  9. Does not allow installing any additional software inside the wallet itself.
  10. To work requires knowledge of a special PIN-code (or even several PIN-codes).
  11. It costs money, unlike most other wallets.
  12. Not all possible cryptocurrencies are supported, but only the most popular ones.

The main differences

From Online Wallets

Since in the case of online wallets, your private keys are stored on remote servers, you inevitably expose yourself to the risk of losing funds in the following situations:

  1. The computer was hacked, which led to the theft of the password from the online wallet.
  2. The server on which the online wallet was deployed was hacked and the funds of all users of the wallet were stolen.
  3. The company that created the web wallet went bankrupt.
  4. The FBI confiscated the servers, and eventually the users’ funds.
  5. The owners of the online wallet developer company stole user funds and disappeared.
  6. A software error in the online wallet code resulted in a loss of funds.
  7. The attacker stole a mobile phone on which an online wallet session was opened, which led to the loss of funds.

From software wallets on a computer

  1. Hacking or infecting your computer with a virus will steal your wallet’s private key.
  2. A computer has 1000 times the attack surface of a hardware wallet.

From mobile wallets on a smartphone

  1. Such wallets for smartphones can be divided into 2 groups:
  2. Interfaces to online wallets. In this case, they are exposed to the same risks that online wallets are exposed to (see above).
  3. Complete mobile apps. In this case, the situation is very similar to software wallets on a computer. The ubiquity of smartphones and tablets has led to the rapid development of viruses for these devices. This means that your funds are no longer safe.

From USB stick

Flash drives were never created as a security tool, but not everyone understands this.

  1. Any software can read or copy private keys from a USB flash drive.
  2. Malicious software can spoof recipient addresses in a transaction.
  3. Theft or loss of such a flash drive can lead to a complete loss of funds.

By the way, you can protect yourself from theft or loss by using special flash drives that require a PIN code to gain access to data.

From an encrypted wallet

Even if you use a complex password to encrypt your wallet, you will not be able to protect your private keys from compromise. Virus software will simply try to get your password, and already using the password, gain access to the wallet. Or it will just wait until you enter the password yourself and unblock access to the private keys. Not to mention the ability to simply copy the wallet file and then iterate over the passphrase through dictionaries.

From keeping keys on paper

In fact, the correct storage of a private key on a piece of paper is quite safe. That’s just very uncomfortable. Plus, to work with such a wallet, you still have to enter your private key into one of the above wallets. And after that, you won’t be able to sleep well.

Risks and potential vulnerabilities of hardware wallets

To date, there has not been a single confirmed case of cryptocurrency theft from a hardware wallet. Despite the fact that they appeared not so long ago, they have already proven themselves excellent. However, it should be understood that hardware wallets are not a silver bullet to protect your cryptocurrency funds. There are several security risks that all or some wallets are exposed to.

These risks need to be considered when deciding which hardware wallet to purchase and how much cryptocurrency you can store on it.

Spoofing the recipient’s address in a transaction. A hardware wallet will not protect you from sending your cryptocurrency to a fake address. For example, malware on your computer can monitor transactions with a large amount of cryptocurrency and then replace the recipient’s address with the wallet address that belongs to the attacker. If the stakes are high, then you need to use multi-factor confirmation of the recipient’s address — for example, by phone.

Bad RNG. Hardware wallets rely on the security of a RNG that resides inside the device and is used to securely generate your private key. Unfortunately, checking the key for randomness is not an easy task. A vulnerable RNG can create wallet keys that can be recreated by an attacker, generating a pseudo-random number that looks like a random one. Implementation errors. The safety of all computer systems, both software and hardware, is based on the quality of their implementation. Hardware wallets are no exception.

Errors in software, firmware, or hardware can allow an attacker to gain access to the internal structures of a hardware wallet and then your secrets. Even if the device was originally designed correctly, it is very difficult to prove the safety of the implementation in a particular device.

Compromised manufacturing process. Even ideal software and hardware implementations are vulnerable to intentional or unintentional introduction into the manufacturing process. Various bookmarks can be introduced into the device either accidentally or under pressure from various special services.

Compromised delivery process. It is even easier to break into the delivery process and remove or modify some of the device’s security in such a way that it is invisible to the user. It is known that various government programs include interception and modification of various hardware in order to implement backdoors.

Let’s summarize

While hardware wallets will not protect you from every possible threat, choosing a hardware wallet from a trusted, technically competent and reputable vendor will protect you from far more threats than using software wallets.

An ideal long-term storage solution would be an open source solution that uses a shared hardware platform (such as a raspberry pi) and a trusted source of entropy (such as a regular cube).

However, hardware wallet manufacturers are aware of these risks and potential vulnerabilities and are trying to offer various solutions. I decided to make a small overview of the most popular and interesting hardware wallets so that you yourself can draw conclusions about their security.

Trezor — $99

  1. Currently it supports Bitcoin, Ethereum (+ all ERC-20 tokens), Ethereum Classic, ZCash, Litecoin, Namecoin, Dogecoin, Dash and Bitcoin Testnet.
  2. During the manufacture of the device, after its packaging, the box in which it is placed is sealed with a holographic security tape. Its presence confirms that the device is original. And also partially protects you from opening and substitution or modification of the device during its delivery.
  3. It also offers a Password Manager for the browser (no master passwords — each password is encrypted on its own key, to enter, you just need to press a button on the device, if you lose your device, your passwords are not lost, it works through the browser extension mechanism).
  4. Supports U2F (Universal Second Factor).
  5. SSH / GPG agent.
  6. Supported by a large list of software wallets and online services (see the full list here — https://doc.satoshilabs.com/trezor-apps/index.html).
  7. Every time you connect your device to a computer or mobile device, you need to enter a PIN. After that, the device goes into an unlocked state and will allow you to carry out operations. After disconnection, the device returns to the locked state.

Ledger Nano S — $65

  1. Supports Ark, Bitcoin, Bitcoin Cash, Dash, Dogecoin, Ethereum, Ethereum Classic, Komodo, Litecoin, PoSW, Ripple, Stratis, Zcash, and all ERC20 tokens.
  2. Supports U2F, GPG and SSH.
  3. It uses 2 microcontrollers inside itself: ST31H320 (protected) + STM32F042.

KEEPKEY — $129

  1. Supports Bitcoin, Litecoin, Dogecoin, Namecoin, Testnet, Ethereum, and Dash.
  2. The main feature is a 3.12 ″ OLED display with a resolution of 256 × 64. Internally, STM32F205RGT6 is used.
  3. This is the only hardware wallet in this review that allows you to use your own firmware.
  4. For security reasons, when using third-party firmware, the device displays a warning when turned on.
  5. FIPS PUB 140–2 and FIPS PUB 180–2 compliant.
  6. Also, like the Trezor, it comes in a special packaging that cannot be opened discreetly.

BITLOX — $98

Previous wallets were more like classic tokens or devices of the TrustScreen class, then this one mimics smart cards.

  1. Supports Bitcoin and, more recently, Ethereum.
  2. Contains a rechargeable battery inside which is charged via Micro USB. Interacts via Bluetooth LE. Only 4mm thick. Eink display — 2 “.
  3. Supports multiple PIN codes: to connect a device, to work with wallets, to conduct a transaction.
  4. The random number generator has been certified by NIST. It also has a special PIN, the input of which will lead to a complete cleaning of the device.
  5. Has services for working through TOR (BITLOX2twvzwbzpk.onion) or I2P (BITLOX.i2p).
  6. A distinctive feature of this hardware wallet is the “twisted” site.

Digitalbox — $61

Another interesting device. Although it does not have a screen for displaying transaction information, I decided to include it in my mini-review. This is a very non-standard idea.

  1. Supports Bitcoin (BTC) and Ethereum (ETH, ETC, and ERC20 tokens).The developers claim that they are working on expanding this list.
  2. Supports U2F.
  3. You can remove or make a backup copy of the microSD card at any time.
  4. Supports work with Tor and Tails OS.
  5. Private keys are stored on a secure chip that is protected from physical data retrieval.
  6. The simple design doesn’t get any extra attention.
  7. Verification of payments and two-factor authentication on a mobile application.
  8. Does not require displaying or entering words on the screen to regain access to the wallet. You just insert the microSD with the backup.
  9. All USB communication is encrypted using AES-256-CBC.
  10. One button to operate the device.

In conclusion we can say that none of the wallets will ever fully protect your crypto, but proper use of Hardware Wallets can certainly make it more safe for you.