- Hardware wallets combine the greatest possible security with convenience when managing cryptocurrencies.
- They offer this security because the “private key” is built into the hardware and users can use them even with insecure devices (computers such as smartphones).
- Hardware wallets differ mainly in ease of use and the number of supported coins. The security concepts are similar.
- For Bitcoin, the recommended hardware wallet is Bitbox02 from Shift Crypto.
- If you want to manage additional coins (e.g. Ether, IOTA, etc.), we recommend the hardware wallet from Ledger (Nano S and Nano X).
Be your own bank with a hardware wallet
As owner of cryptocurrencies, If you want to act like your own bank and consciously decide to store the acquired coins yourself you need a wallet. There are various options to choose from. For instance, there are mobile apps for cell phones, software for laptops and browser extensions. However, hardware wallets are considered the safest place to store coins. There are several reasons for this:
- Hardware wallets are devices.
- They are not connected to the Internet (cold storage).
- The private key is stored exclusively on the device and cannot be extracted.
- Transactions are initiated online first, and signed offline.
For buyers looking for a long-term and secure storage option for their crypto assets, hardware wallets are thus the be-all and end-all. But which one is the most suitable? Which one offers owners the greatest added value?
Principles of Hardware Wallets
To choose the best hardware wallet, it is first important to understand their principles.
Hardware wallets resemble other wallets in the method of access to the coins. No wallet actually stores the coins. Instead, wallets store the private key that can be used to access the coins associated with them at any time. With hardware wallets, this key is basically only found on the device.
Desktop wallets also store private keys on the connected device only. The difference making hardware wallets so secure is that they are not connected to the internet. As separate devices, they are at no time online. Owners who want to perform transactions initiate them online. Only the offline signature with the device releases them for execution. This makes hardware wallets virtually unhackable.
A special security mechanism in place is the wallet’s screen. The display makes it possible, for instance, to check whether the recipient address displayed in the computer software matches the address of the wallet (= public key). In this way, manipulation by third parties can be ruled out.
Manual controls are fitted to all devices. This ensures that only owners become actors. Only when these buttons are pressed transactions will be released. In the event that thieves have captured the wallet a PIN protects it from unauthorized access. This makes the wallet useless in the hands of others.
Because no device is completely safe from technical failure or theft the creators introduced the so-called recovery or seed phrase. This is a compilation of 12 to 24 terms that wallet owners define during setup. If the device is broken or unavailable the connected coins can be recovered on another wallet. The recovery sheet containing the terms should be kept safe and never digitized. This approach combines the advantages of hardware and paper wallets.
How we tested
When choosing the right hardware wallet buyers should make sure it fits their needs. We examined the available hardware wallets according to the following criteria:
Hardware: build quality, buttons, cables, ports, features
Display: size of the display, touchscreen
The Bitbox02 has an appealing display with touch operation. Keepkey and Trezor’s Model T also come with touchscreens, the latter even in color. The two models from Ledger have physical buttons. A special feature of the Ledger Nano X is the option to connect the hardware wallet via Bluetooth. All others establish the connection via USB cable.
The Bitbox02 has a micro SD card as a special feature, on which users can store the backup words.
Software: desktop app and/or mobile app, clarity of the software, user guidance, functionality in the software
There are clear differences in the type of software. Overall, however, the software quality is convincing.
Interfaces: how widespread is the hardware wallet? Can wallets other than the manufacturer wallet be used?
Ledger and Trezor are ahead here due to their market maturity. They are supported by various web and mobile apps, so users do not necessarily have to use the manufacturer’s wallet.
Number of coins: which coins does the hardware wallet support?
Again, the hardware wallets from Ledger and Trezor score with the largest number of supported coins (see table below). However, critics see a danger that a large number of coins will probably increase the attack surface on the hardware wallet. Users who only want to secure Bitcoin are therefore best off with Bitbox02. It is available as a Bitcoin-only version.
Setup process: how long does the setup process take and how intuitive is it?
All major providers guide well through the initial setup. The fastest way to set up the hardware wallet, including backing up the seed words, is with Bitbox02. This is made possible by the included micro-SD card, which stores the 24 words for recovery. Finally, creating the backup is the most time-consuming process during setup. However, it is recommended to additionally store the backup in analog with the Bitbox02 as well.
There are advantages and disadvantages to the various security concepts for storing the private key on the hardware wallet. There are ledgers that have a so-called “secure element” built in. It contains the key and is therefore supposed to be particularly secure. The disadvantage is that this element is not compatible with open source software. Trezor does not have a secure element, but is 100% based on open source. Bitbox02 and Coldcard have managed to combine the best of both worlds (secure element and open source).
How long on the market? Trezor and Ledger are the cornerstones of the hardware wallet market. Shift Crypto and its Bitbox02 have only been around for a few years, but are highly regarded in the community. This is not least due to the focus on the needs of the Bitcoin core target group.
Known security holes / vulnerabilities. Trezor devices are proven to be insecure if an attacker has physical access to the device and no security password is set. Under certain circumstances hackers have already managed to compromise Ledger devices. This was also successful with physical access. The same applies to the Keepkey hardware wallet. None of these vulnerabilities are known for the Bitbox02 and the Coldcard.
Other functions. The Trezor devices include a password manager in the form of a browser extension. The Bitbox02 has the best implementation of a multisig setup, which allows you to set up multiple clients to sign transactions.
All hardware wallets can be connected to their own node so that wallet information does not have to be shared with the provider. Connection via the Tor network also works with all wallets if desired.
In violation of the baseline acceptable data protection, a catastrophic data leak occurred at Ledger in June 2020. Several million email addresses and over 200,000 physical addresses of Ledger customers were lost. This data is freely available on the Internet. A large number of customers are at risk of becoming targets of hackers and, in the worst case, criminals.
A nice privacy feature of Bitbox02 is the possibility to select which coins (UTXOs) are used in Bitcoin transactions. This “Coincontrol” makes it easier to maintain privacy, for instance after Coinjoins.
Result and recommendation
Three devices clearly stand out in the hardware wallet test: Bitbox02 and the devices from Ledger and Trezor. Crypto buyers who want to keep their coins safe are very well served with these hardware wallets. This is because the differences in features are minor.
Ledger and Trezor offer both a standard and a premium model. Newcomers have everything they need for safe and easy storage with the Ledger Nano S and the Trezor One. Those who need something a bit more comprehensive or convenient will fall back on Ledger Nano X and Trezor Model T.
The Bitbox02 is available in a Bitcoin-only version. It can be recommended without restrictions due to the features described above if you only want to manage Bitcoins.
The Coldcard is equally considered particularly secure, but is not recommended for beginners due to its user-friendliness.
Further instructions for the use of hardware wallets
Hardware wallet activation
When the device arrives buyers should first check it for possible tampering. This applies to both the hardware, which should have intact seals on the packaging, and the software. Ledger, for example, has customers check the firmware for interference. If there is malware on the device, it cannot be put into operation.
The next step is to set the recovery phrase and PIN. Caution: The recovery phrase should be kept in a safe place and never stored in the cloud! For wallets that provide their own software owners manage the device with it. Devices without their own desktop or mobile hardware wallet software can be linked with common applications or browser extensions.
Note: Hardware wallets should never be purchased used or from a third-party vendor. This ensures that no one else has access to the recovery phrase.
Protect the 24 words seed
When setting up a hardware wallet, a backup is created in the form of 24 words. It is NEVER advised to type your backup seed words into a computer. Instead, the words must be written down on a paper.
When restoring a backup, the words are entered directly into the hardware wallet.