The world of cryptocurrency is filled with stories of hacks, phishing attacks, and people getting their cryptocurrency stolen, usually because they don’t use a hardware wallet. Most people use a browser wallet extension, which is very convenient, but little do they know about the dangers of using them.
Blockchain wallets are made of two long and complex “keys“: one”private key“and a”public key”, although the latter is usually called “address“. It’s easiest to think of the public key as an email address, and the private key as the password. While users can purchase an NFT domain to name the crypto wallet’s public key, they cannot change the private key that controls the wallet. Although both keys are directly related to each other, the private key is needed to use blockchain smart contracts or send cryptocurrencies, while the public key is used to receive cryptocurrencies and NFTs.Thanks to the magic of asymmetric cryptography, it is impossible to trace anyone’s private key just by knowing their public key. This is why crypto wallets are very secure, but it is also why cryptophishing attacks must be avoided as they are the only way to trick users into giving up crypto.
Crypto wallets have come a long way over the years, beginning as “paper wallets“where users would handwrite each character of the wallet’s public and private keys on a piece of paper, eventually becoming the current”hot wallets“and”cold wallets“. Hot wallets are wallets with an internet connection and are usually a browser extension such as the popular Metamask wallet used for Ethereum-compatible blockchains or the Phantom wallet for Solana, but hot wallets are susceptible to malware attacks and are considered insecure for storing large amounts of cryptocurrency or valuable NFTs This is where cold wallets (hardware wallets) come in. Cold wallets are devices that physically store the wallet’s private key and use it to sign transactions without the key ever leaving the device, making them immune against malware attacks The most popular hardware wallets are made by Ledger and Trezor, but there are dozens of other wallets that come in a variety of shapes and features and occupy a price range between $50 – $500. It’s also worth to mention that blockchain phones like Nothing Phone (1) often include a hardware wallet in their design, which is why d e are different from smartphones.
Are hardware wallets completely secure?
As The cable and Bitcoinist have reported in the past, there have been examples of security experts breaking a device in a lab (sometimes literally), but these vulnerabilities are quickly patched by the manufacturer when reported, and many of the techniques used are unorthodox and beyond the knowledge level of most thieves and hackers. Hardware wallets are usually locked with a PIN code, some of which have a lockout system that only allows a few attempts before the device becomes unusable, although the contents can still be recovered on a new device with the English word 12-24 “seed setting” that was generated during setup. If the PIN is compromised, so is the device.
While cold wallets are considered (theoretically) impenetrable, they do not protect funds stored in smart contracts, since these funds are not assigned to the entity’s public key. Users who deposit crypto into a smart contract trust that the developers eliminated all security risks in the contract’s code, but even they will miss many details. For example, blockchain bridges are often hacked due to their complexity and “movable parts” involved in their operations, and users can easily be tricked by malicious links designed to steal NFTs or through social engineering attacks.
Hardware wallets are actually the most efficient way to store cryptocurrency and can be used without the risk of a hacker stealing your private key. Although they have hypothetical vulnerabilities, all of which rely on being physically stolen, to date no one has reported their device being stolen and successfully jailbroken. Because of this, cold/hardware wallets are considered the highest level of security for cryptocurrency and NFTs.
Source: Ledger, Trezor, Wired, Bitcoinist
