Hardware Wallets Explained, Reviewed and Compared
By: Ofir Beigel | Last updated: 12/21/23
The most secure way you can store your Bitcoin and other cryptocurrencies is on a hardware wallet – a small physical device that holds your private keys offline. In this post, I’ll explain exactly how these devices work and cover the best hardware wallets around.
Don’t Like to Read? Watch Our Video Guide Instead
Hardware Wallets Summary
Hardware wallets use a form of two-factor authentication (also known as 2FA). This means that in order to access your funds, you’ll need to prove your identity through something you have (the physical wallet) and something you know (the PIN code for the wallet).
That’s hardware wallets in a nutshell. For a full review of each wallet and in-depth explanations, keep on reading. Here’s what I’ll cover:
- Bitcoin Wallets in a Nutshell
- Hardware Wallets
- Ledger Hardware Wallets
- TREZOR Hardware Wallets
- KeepKey Hardware Wallets
- Additional Hardware Wallets
- Hardware Wallet Risks
- Frequently Asked Questions
The term Bitcoin wallet is a bit misleading, as a Bitcoin wallet doesn’t really hold any Bitcoin. Technically speaking, a Bitcoin wallet is a piece of software that holds passwords, sometimes referred to in cryptographic terms as keys.
These keys give your wallet access to the Bitcoins allocated to it on the Bitcoin transaction ledger called the blockchain.
So, when you use any Bitcoin wallet, you’ll encounter two important terms.
The first is a Bitcoin address, also known as a public key. This is what you share with people who want to pay you in Bitcoin, kind of like an email address.
The second is a private key. The private key allows you to access and control the Bitcoin and other cryptocurrencies you own. For my email account analogy, you might think of your private key as the password to your email account.
Aside from holding your private key, the wallet also signs Bitcoin transactions on your behalf using your private key and broadcasts them to the Bitcoin network. Let me explain:
When you want to send Bitcoin to someone else, you need to prove ownership of those coins to the whole network so it will agree to change the ledger of transactions.
To achieve this, your Bitcoin wallet takes your requested transaction, signs it on your behalf using your private key, and broadcasts this digital signature to the network.
In a nutshell, a digital signature is a way to prove you own a certain private key without needing to expose it. It’s done through the use of complex mathematical rules known as cryptography.
This whole process is kind of similar to you signing a check authorizing the transfer of money from your account.
Once a transaction is signed, the wallet then broadcasts it to the whole network, which validates its authenticity. Eventually, this transaction will be entered by Bitcoin miners onto the blockchain, and the transaction will be considered complete.
As you probably know, stealing a piece of information from a computer isn’t that hard these days. If the computer running your Bitcoin wallet is infected with malware, it may expose your private key to bad actors.
Hackers may be able to take control of your computer or see what’s displayed on your screen. Once your private key is exposed, your Bitcoin and other cryptocurrencies are no longer under your control. They could be easily transferred to anywhere the hacker chooses.
In order to avoid this situation, you have two options:
- You could make sure your computer is completely malware-free. While this may sound easy, most viruses are either disguised as legitimate software or have a way to avoid detection by antivirus software.
- Use a wallet that is “immune” to malware, so to speak, to keep your private key safe. This is exactly what hardware wallets are designed to do.
Simply put, hardware wallets are computers that have been stripped down of all logic except for a small screen, a button or two, and the simple action of storing keys and signing transactions.
Hardware wallets look like small USB devices, and they offer a minimalist approach to security. This is based on the logic that the more complex a device is, the more opportunities hackers have to infiltrate it.
In the case of hardware wallets, the device is so “dumb” that it’s practically impossible to hack or infect it with anything.
5 different hardware wallets: BitLox, KeepKey, Trezor One, Ledger Nano S, CoolWallet
Due to that simple design, hardware wallets can’t connect to the internet or run complicated apps. They are just a form of storing your private key offline.
This approach is known as cold storage, unlike devices that connect to the internet, which are called “hot wallets.”
How Do Hardware Wallets Work?
Let’s say you want to send a Bitcoin transaction using a hardware wallet.
The first thing to know is that because a hardware wallet is such a simple device that can only sign transactions, it needs to use a more sophisticated computer for all other functions, such as preparing the transaction and broadcasting it to the network.
So, in order to use a hardware wallet, you’ll need to connect it to your personal computer and download a program that can communicate with it. I’ll call this program a “bridge,” and the bridge allows you to prepare your transaction for signing.
Hardware wallets only allow very specific types of data to pass through to them, such as cryptocurrency transactions. Once a hardware wallet receives a transaction from the bridge program, it signs it on the hardware wallet itself and then sends it back to the bridge program.
Your private key never leaves the hardware wallet. The only thing that gets transferred between your computer and the hardware wallet is the unsigned and signed transaction.
Because of its minimalistic and simple design, a hardware wallet can be used with any computer without fear of being hacked or infected – even a public library computer or your mom’s laptop 🙂
The only thing you’ll need to do to make sure your Bitcoin is safe is to make sure the transaction you’re approving on the hardware wallet’s screen matches the transaction your bridge program is showing on your personal computer.
IMPORTANT! Your Seed Phrase
Setting up a hardware wallet is fairly easy. The main thing to do is write down the set of words you’ll be given when first setting up the device. This group of words, also known as a seed phrase or mnemonic phrase, is a way to restore any private key your hardware wallet generates.
This also means that whoever might get a hold of these words would also be able to control your Bitcoin and other cryptocurrencies, so it’s important to keep your seed phrase written offline and kept in a safe place.
What is the Best Hardware Wallet?
Today, there are over a dozen companies that offer hardware wallets on the market, with the three market leaders being Ledger, TREZOR, and KeepKey. Each company offers different models with different features – I’ll cover the most popular ones below.
Pros: Great company reputation, thousands of crypto assets supported, mobile compatibility (Nano X only).
Cons: The Bluetooth user interface is a bit confusing (Nano X only).
The company (Ledger) has been around long enough to gain a respectful reputation, and in all honesty, it’s hard to find anything bad to say about its products.
Accessing a Ledger wallet is done through Ledger Live – a free desktop application that allows you to control all of your Ledger devices, send and receive cryptocurrencies, and check your balance whenever you want.
The Ledger Nano X is Ledger’s flagship when it comes to hardware wallets. The device has an impressive capability to manage 100 crypto apps simultaneously. It’s like using the Ledger Nano S Plus (see below) on steroids.
The main downside from my own experience is that the Bluetooth user experience wasn’t as smooth as I expected it to be. This may be remedied by Ledger in the future through updates, but for now, it’s a thorn in the Nano X’s side.
The Nano X costs $149 without VAT (free shipping included).Visit Ledger Read review
The Ledger Nano S Plus is the improved version of the old, trusty Nano S, sporting a similar style with upgraded hardware and software features. With an elegant, rounded design, larger screen, and larger memory, the Nano S Plus enables users to store more asset apps than its predecessor, along with a sleeker look.
At a cost of $79, the Ledger Nano S Plus provides a top-notch experience for a very reasonable price.
Pros: Market veteran, open-source, great company reputation, over 8,000 crypto assets supported.
Cons: Frequently resets when upgrading. XRP and ADA are not supported on the Trezor Model One.
TREZOR (meaning “vault” in Czech) was the first company to come up with the idea of a hardware wallet. The main advantage TREZOR has over its competition is its company reputation. One of the company’s founders is Marek “Slush” Palatinus, who also created the first mining pool for Bitcoin (founded in 2010).
On the downside, there is one annoying thing about TREZOR wallets – When you upgrade the wallet firmware, it frequently deletes the whole wallet. If you’re just starting out with crypto, this can definitely freak you out. As long as you have your backup seed phrase around, you can easily restore the wallet, but this is definitely something to be aware of.
The Trezor Safe 3 is the newest hardware wallet from TREZOR. It is based upon the design of the highly-renowned Trezor Model One but with some significant upgrades to both the hardware and software.
The Safe 3 is compact, easy to use, and supports almost any major asset or Ethereum-based token you could think of. One of the most notable upgrades is the addition of the Secure Element Certified Chip EAL6+. This is the first TREZOR device to include a Secure Element chip.
The Safe 3 also supports Shamir Backup for recovering your seed phrase. The Trezor Model T has Shamir Backup too, but the Model One does not.
The Trezor Safe 3 costs $79 directly from TREZOR, making it one of the most affordable hardware wallets on the market. It is also the same price at which its predecessor, the Trezor Model One, used to cost at retail.Visit TREZOR Read review
The Trezor Model T is basically a Trezor One wallet that has a large touch screen. Both wallets offer the same features, but the touch screen does make a difference. I’ll explain.
When you restore your hardware wallet or even set it up for the first time, you are often requested to enter your seed phrase. If you do not have a suitable interface on your hardware wallet (i.e., a touch screen), you will need to type in your seed phrase on your computer.
If your computer is infected with malware, this makes your seed phrase vulnerable to keylogging or other forms of hacking. Having said that, even if someone managed to get the words to your seed phrase, they still won’t know what order to put them in since that is not displayed on your computer (it’s displayed on the hardware wallet).
The Trezor Model T eliminates this threat completely since all interaction is done on the hardware wallet’s touch screen, so you don’t need to be afraid of malware (these devices are malware-free by design). The Trezor Model T also supports some coins that the Trezor One does not (e.g., XRP, ADA, and XMR).
Aside from using the Ledger Nano S Plus, I also use a Trezor One for storing cryptocurrencies. The Trezor One (formerly known just as “TREZOR”) is the oldest hardware wallet on the market and probably the most reputable one as well.
The Trezor One has a nice, simple design with a very easy-to-understand user interface, and it supports a wide array of cryptocurrencies, including Bitcoin, Bitcoin Cash, Tether (USDT), Ethereum, Ethereum Classic, Litecoin, Dogecoin, and Polygon. The only coins that are missing and have gained massive public attention are XRP and ADA.
The price of the Trezor One is currently $69, making it affordable and one of the cheaper hardware wallets on the market. This is a great hardware wallet, in my opinion, that is very easy to set up and use.Visit TREZOR Read review
Pros: Beautifully designed, in-wallet exchange via ShapeShift.
Cons: Limited amount of coins supported compared to other wallets.
Coming in 3rd place, we have KeepKey, a Bitcoin hardware wallet with a beautiful (though somewhat large) design. KeepKey has similar features to the Trezor Model One and the Ledger Nano S Plus. However, for several reasons, I find it a bit less attractive than the previous two.
For starters, the wallet is too big to carry in your pocket conveniently. The size of the KeepKey wallet is almost twice that of the Trezor Model One or Ledger Nano S Plus.
Finally, the company KeepKey was acquired by the exchange ShapeShift and, therefore, incorporates an in-wallet exchange that allows you to trade one crypto for another without using an external exchange.
KeepKey currently sells for $78.Visit KeepKey Read review
Throughout the years, I’ve also explored some additional hardware wallets that didn’t make the top of the list, so I’d like to mention them here.
NGRAVE is a security-focused hardware wallet that is 100% air-gapped with its very own private key creation process. The device supports thousands of different assets, including Ethereum-based tokens such as ERC-20 tokens and NFTs. The wallet has a custom operating system and biometric security and functions entirely without Wi-FI, Bluetooth, NFC, or 4G.
Bitfi is a hardware wallet that was owned by John McAfee, a controversial figure in the cryptocurrency space. The wallet originally claimed to be “unhackable.” However, after it was torn apart by security researchers and several security flaws were exposed, that claim was removed.
CoolWallet is a credit card-like hardware wallet that you can carry around in your pocket. My review of CoolWallet was positive. However, the wallet hasn’t gained enough market share in order for me to consider it a stable product.
BitLox is another hardware wallet I have reviewed. However, it was in the early stages, and I couldn’t get it to work properly. I haven’t taken another look at the product since then (this was a few years ago), and the product may have become more user-friendly.
Ellipal is a hardware wallet company that aims to be completely isolated from the outside world. It has no wired or wireless connectivity – instead, it communicates through QR codes via a camera on the rear end. Their standard Titan 2.0 Cold Wallet costs $169, while their Titan Mini Cold Wallet is $79. They have a number of other related products as well. You can read my full Ellipal review here.
BitBox02 is a hardware wallet from the Swiss company Shift Crypto. The coolest thing about the BitBox02 is its rapid backup process, which uses a MicroSD card instead of a mandatory seed phrase. It’s a handy one-piece design with a built-in USB-C connector and some of the best security features available. BitBox has a number of other cryptocurrency-related products as well. You can read my full BitBox02 review here.
In some cases, a bad actor may tamper with your device while it’s en route to your home for the first time. To avoid this, all reputable hardware wallet manufacturers use a special holographic sticker to prove the wallet was never opened.
A security seal should always be intact before first use
If you receive a wallet and this sticker isn’t intact, don’t use that wallet. While some wallets also run a self-tampering test when initializing, it’s better to stay on the safe side.
In order to minimize this risk even more, always buy a hardware wallet straight from the manufacturer’s website. If you want to buy from a reseller, make sure that they’re an authorized, trustworthy reseller by contacting the manufacturer first.
Preconfigured seed phrase
Your seed phrase should be generated at random by your wallet upon setup and is not sent to you with the device.
One unfortunate user bought a hardware wallet from a bad actor on Amazon and received a wallet with a card containing a preconfigured seed phrase. He was instructed to initiate the device using this existing seed phrase.
The user wasn’t very tech-savvy and did as they were instructed, only to find out that once they deposited coins into that hardware wallet, they were quickly removed by the hacker who had knowledge of the preconfigured seed.
A malicious Ledger was sent with a preconfigured seed and PIN code
Evil Maid Attack
Your hardware wallet device may be stolen or physically accessed by unwanted individuals, also known as the evil maid attack.
Most, if not all, hardware wallets today include PIN protection. So, even if your device is stolen, it may take the thief a while before they can access your coins.
Once you notice your device is stolen, you should immediately use your seed phrase to recover your Bitcoin and send it to a new wallet with a different seed phrase. This will basically drain your stolen wallet of all of its funds and allow you to keep safe control over your Bitcoin and other cryptocurrencies.
The $5 Wrench Attack
This refers to a scenario where someone physically threatens to hurt you with a $5 wrench if you don’t hand over your hardware wallet and unlock it with your PIN code.
In order to protect from these kinds of physical attacks, certain wallets, such as TREZOR, allow you to add another layer of protection called a passphrase. This means you’ll be requested to add an additional passphrase after the PIN code.
However, you can set it up so that different passphrases will show only certain accounts on your wallet. So imagine having a dummy account in your wallet with only a small amount of coins and a real account with the majority of your funds. In short, these passphrases are used to unlock “hidden wallets” of your choosing.
If someone forces you to unlock your wallet, you can use the dummy passphrase, and it will seem that the wallet only holds a small amount of coins, not revealing your complete holdings.
Both Ledger and TREZOR wallets have proved to be a safe and easy-to-use solution for storing your cryptocurrency. When Ledger started out, they didn’t seem to have a good enough product as TREZOR did. However, the line today between the companies has pretty much evaporated, and they are equally good, in my opinion.
However, to be on the safe side, I generally use more than one hardware wallet, and I try to make sure to use models from both companies.
One thing to keep in mind is that, unlike Ledger, TREZOR’s technology is completely open-source, which is considered more secure.
In order to access your TREZOR wallet, you’ll need to connect it to your computer and then download and access the Trezor Suite. This interface will allow you to access your funds once the wallet is connected to the computer.
The seed phrase technology used in most hardware wallets today is compatible with multiple wallets; it’s not unique to any specific company.
Therefore, if a certain company goes out of business, you can recover your Bitcoin and other cryptocurrencies directly to another company’s wallet using your seed phrase.
As you probably understand by now, your seed phrase has a lot of power. It can be used in many cases to recover your Bitcoin, including if your hardware wallet breaks or gets damaged.
It doesn’t get any simpler than this headline.
Yes, hardware wallets cost money, and no one likes spending money on things they can get for free. But the amount of security you get by using a hardware wallet is much more valuable than the $50 to $100 you’ll pay for purchasing the actual device.
In my opinion, any of the wallets from TREZOR or Ledger are a good choice, but my personal favorites are the Trezor One and the Ledger Nano S Plus. Also, make sure to always buy the wallet directly from the company or from an authorized reseller. There have been many cases of fraud reported by people who bought tampered hardware wallets on eBay and sometimes Amazon.
Have you used a hardware wallet? Do you have any comments or additional questions? Let me know in the comment section below.