Hardware Wallets Explained, Reviewed and Compared
By: Ofir Beigel | Last updated: 5/29/23
The most secure way you can store your Bitcoins and other cryptocurrencies is on a hardware wallet – a small physical device that holds your private keys offline. In this post, I’ll explain exactly how these devices work and cover the best hardware wallets around.
Don’t Like to Read? Watch Our Video Guide Instead
Hardware Wallets Summary
Hardware wallets use a form of 2 factor authentication (also known as 2FA). This means that in order to access your funds, you’ll need to prove your identity through something you have (the physical wallet) and something you know (the PIN code for the wallet).
That’s the best hardware wallets in a nutshell. For a full review of each wallet and in-depth explanations keep on reading, here’s what I’ll cover:
- Bitcoin Wallets in a Nutshell
- Hardware Wallets
- Ledger Hardware Wallets
- TREZOR Hardware Wallets
- KeepKey Hardware Wallets
- Additional hardware Wallets
- Hardware Wallet Risks
- Frequently Asked Questions
The term Bitcoin wallet is a bit misleading, as a Bitcoin wallet doesn’t really hold any Bitcoin. Technically speaking, a Bitcoin wallet is a piece of software that holds passwords, sometimes referred to in cryptographic terms as keys.
These keys give your wallet access to the Bitcoins allocated to it on the Bitcoin transaction ledger called the blockchain.
So when you use any Bitcoin wallet, you’ll encounter two important terms.
The first is a Bitcoin address, also known as a public key. This is what you send to people who want to pay you in Bitcoin, kind of like an email address.
The second is a private key. The private key allows you to access and control the Bitcoins you own. For my email account analogy, you might think of your private key as the password to your email account.
Aside from holding your private key, the wallet also signs Bitcoin transactions on your behalf using your private key, and broadcasts them to the Bitcoin network. Let me explain:
When you want to send Bitcoins to someone else, you need to prove ownership of those Bitcoins to the whole network so it will agree to change the ledger of transactions.
To achieve this, your Bitcoin wallet takes your requested transaction, signs it on your behalf using your private key and broadcasts this digital signature to the network.
In a nutshell, a digital signature is a way to prove you own a certain private key without needing to expose it. It’s done through the use of complex mathematical rules known as cryptography.
This whole process is kind of similar to you signing a check authorizing the transfer of money from your account.
Once a transaction is signed, the wallet then broadcasts it to the whole network which validates its authenticity. Eventually, this transaction will be entered by Bitcoin miners on to the blockchain, and the transaction will be considered complete.
As you probably know, stealing a piece of information from a computer isn’t that hard these days. If the computer running your Bitcoin wallet is infected with malware, it may expose your private key to bad actors.
Hackers may be able to take control over your computer or see what’s displayed on your screen. Once your private key is exposed, your Bitcoins are no longer under your control. They could be easily transferred to anywhere the hacker chooses.
In order to avoid this situation, you have two options:
- You could make sure your computer is completely malware-free. While this may sound easy, most viruses are either disguised as legitimate software or have a way to avoid detection by Antivirus software.
- Use a wallet that is “immune” to malware, so to speak, to keep your private key safe. This is exactly what hardware wallets are designed to do.
Simply put, hardware wallets are computers that have been stripped down of all logic except for a small screen, a button or two, and the simple action of storing keys and signing transactions.
Hardware wallets look like small USB devices, and they offer a minimalist approach to security. This is based on the logic that the more complex a device is, the more opportunities hackers have to infiltrate it.
In the case of hardware wallets, the device is so “dumb” it’s practically impossible to hack or infect it with anything.
5 different hardware wallets: BitLox, KeepKey, TREZOR One, Ledger Nano S, CoolWallet
Due to that simple design, hardware wallets can’t connect to the Internet or run complicated apps. They are just a form of storing your private key offline.
This approach is known as cold storage, unlike devices that connect to the Internet, which are called ‘hot wallets’.
How Do Hardware Wallets Work?
Let’s say you want to send a Bitcoin transaction using a hardware wallet.
The first thing to know is that because a hardware wallet is such a simple device that can only sign transactions, it needs to use a more sophisticated computer for all other functions, such as preparing the transaction and broadcasting it to the network.
So in order to use a hardware wallet, you’ll need to connect it to your personal computer and download a program that can communicate with it. I’ll call this program a bridge, and the bridge allows you to prepare your transaction for signing.
Hardware wallets only allow very specific types of data to pass through to it, such as cryptocurrency transactions. Once a hardware wallet receives a transaction from the bridge program, it signs it on the hardware wallet itself and then sends it back to the bridge program.
Your private key never leaves the hardware wallet. The only thing that gets transferred between your computer and the hardware wallet is the unsigned and signed transaction.
Because of its minimalistic and simple design, a hardware wallet can be used with any computer without fear of being hacked or infected – even a public library computer or your mom’s laptop 🙂
The only thing you’ll need to do to make sure your Bitcoins are safe, is to make sure the transaction you’re approving on the hardware wallet’s screen matches the transaction your bridge program is showing on your personal computer.
IMPORTANT! Your Seed Phrase
Setting up a hardware wallet is fairly easy. The main thing to do is write down the set of words you’ll be given when initializing the device. These words, also known as a seed phrase or mnemonic phrase are a way to restore any private key your hardware wallet generates.
This also means that whoever might get a hold of these words would also be able to control your Bitcoins, so it’s important to keep your seed phrase written offline and in a safe place.
What is the Best Hardware Wallet?
Today there are over a dozen companies that offer hardware wallets on the market, with the three market leaders being Ledger, TREZOR and KeepKey. Each company offers different models with different features – I’ll cover the most popular ones below.
Pros: Great company reputation, over 1000 crypto assets supported, mobile compatibility (Nano X only).
Cons: Bluetooth user interface is a bit confusing (Nano X only).
The company (LedgerWallet) has been around long enough to gain a respectful reputation and in all honesty it’s hard to find anything bad to say about their products.
Accessing a Ledger wallet is done through Ledger Live – a free desktop application that allows you to control all of your ledger devices, send and receive cryptocurrencies, and check your balance whenever you want.
The Ledger Nano X is Ledger’s flagship when it comes to hardware wallets. The device has an impressive capability to manage 100 crypto assets simultaneously. It’s like using the Ledger Nano S (see below) on steroids.
The main downside from my own experience is that the Bluetooth user experience wasn’t as smooth as I expected it to be. This may be remedied by Ledger in the future through updates, but for now it’s a thorn in the Nano X’s side.
The Nano X costs $149 without VAT (free shipping included).Visit Ledger Read review
I’ve reviewed the Ledger Nano S and was absolutely impressed. The Nano S has a sleek design, intuitive user interface and a wide support of altcoins (including Ethereum, Litecoin, Dogecoin, Zcash, Dash, Ripple and most ERC-20 tokens).
The Nano S sells for $59, making it an extremely affordable hardware wallet.
Today I use the Ledger Nano S as one of my personal wallets.Visit Ledger Read review
The Ledger Nano S Plus is a new-an- improved version of the old, trustful Nano S, sporting a similar style with upgraded hardware and software features. With an elegant rounded design, larger screen and larger memory, the Nano S Plus enables users to store more asset apps than its predecessor, along with a sleeker look.
At a cost of $79, the Ledger Nano S Plus provides a top-notch experience for a very reasonable price.
Pros: Market veteran, open-source, great company reputation, over 1000 crypto assets supported.
Cons: Frequently resets when upgrading, XRP & ADA not supported (TREZOR One).
TREZOR (meaning “vault” in Czech) was the first company to come up with the idea of a hardware wallet. The main advantage TREZOR has over its competition is its company reputation. One of the company’s founders is Marek “Slush” Palatinus, who also created the first mining pool for Bitcoin (founded in 2010).
On the downside, there is one annoying thing about TREZOR wallets – When you upgrade the wallets firmware, it frequently deletes the whole wallet. If you’re just starting out with crypto this can definitely freak you out. As long as you have your backup phrase around you can easily restore the wallet, but this is definitely something to be aware of.
The TREZOR T is basically a TREZOR One wallet that has a large touch screen. Both wallets offer the same features, but the touch screen does make a difference. I’ll explain.
When you restore your hardware wallet or even set it up for the first time, you are often requested to enter your seed phrase. If you do not have a suitable interface on your hardware wallet (i.e. a touch screen), you will need to type in your seed phrase on your computer.
If your computer is infected with malware this makes your seed phrase vulnerable to key logging or other forms of hacking. Having said that, even if someone managed to get the words to your seed phrase they still won’t know what order to put them in since that is not displayed on your computer (it’s displayed on the hardware wallet).
The Trezor Model T eliminates this threat completely since all interaction is done on the hardware wallet’s touch screen so you don’t need to be afraid of malware (these devices are malware-free by design). The TREZOR Model T also supports some coins that the TREZOR One does not (e.g. XRP, ADA and XMR).
The TREZOR Model T costs €189 ($213) when VAT is excluded. There is also a premium Titanium version manufactured by Gray called the Corazon (you can read about it in detail in the complete Model T review).
Aside from using the Ledger Nano S, I also use a TREZOR One for storing cryptocurrencies. The TREZOR One (formerly known just as “TREZOR”) is the oldest hardware wallet on the market and probably the most reputable one as well.
The Trezor One has a nice, simple design, a very easy to understand user interface and it supports a wide array of cryptocurrencies including Bitcoin, Bitcoin Cash, Bitcoin Gold, Zcash, Dash, Ethereum, Ethereum Classic, Litecoin and NEM. The only coins which are missing and have gained massive public attention are XRP & ADA.
The price on the TREZOR one is currently $70 (€59) making it affordable, but not the cheapest hardware wallet on the market. This is a great hardware wallet in my opinion that is very easy to set up and use.Visit TREZOR Read review
Pros: Beautifully designed, in-wallet exchange via Shapeshift.
Cons: Not enough coins supported.
Coming in 3rd place we have Keepkey, a Bitcoin hardware wallet with a beautiful (though somewhat large) design. Keepkey has similar features to the TREZOR one and the Ledger Nano S, however for several reasons I find it a bit less attractive than the previous two.
For starters, the wallet is too big to carry in your pocket conveniently. The size of the Keepkey wallet is almost twice that of the TREZOR one or Ledger Nano S.
Additional things that make me hesitate regarding buying the product are:
- I have written to their support several times but haven’t gotten a response yet.
- Some bad reviews on Amazon regarding the product and the company’s support.
- The wallet supports a limited number of crypto assets compared to the competition.
Finally, the company KeepKey was acquired by the exchange Shapeshift and therefore incorporates an in-wallet exchange that allows you to trade one crypto for another without using an external exchange.
Keepkey currently sells for $49.Visit KeepKey Read review
Throughout the past 3 years, I’ve also explored some additional hardware wallets that didn’t make the top of the list, so I’d like to mention them here.
Safe-T mini is a very basic version of a hardware wallet manufactured by Archos, a French multinational electronics company that was established in 1988 by Henri Crohas. The Safe-T mini’s interface is extremely limited, and in order to send or receive coins you will need to use additional software.
Bitfi is a hardware wallet that was owned by John McAfee, a controversial figure in the cryptocurrency space. The wallet originally claimed to be “unhackable”, however after it was torn apart by security researchers and several security flaws were exposed, that claim was removed.
CoolWallet is a “credit card like” hardware wallet that you can carry around in your pocket. My review of Coolwallet was positive, however the wallet hasn’t gained enough market share in order for me to consider it a stable product.
BitLox is another hardware wallet I have reviewed, however it was in the early stages and I couldn’t get it to work properly. I haven’t taken another look at the product since then (this was back in the beginning of 2016) and the product may have become more user friendly.
Ellipal is a hardware wallet that aims to be completely isolated from the outside world. It has no wired or wireless connectivity – instead, it communicates through QR codes via a camera on the rear end. It costs $139 (currently on sale from $169) and is relatively new to the market (i.e. not battle tested). You can read my full Ellipal review here.
BitBox02 is a hardware wallet from Swiss company Shift Crypto. The coolest thing about the BitBox02 is its rapid backup process, which uses a MicroSD card instead of a mandatory seed phrase. It’s a handy one-piece design, with a built-in USB-C connector and some of the best security features available. You can read my full BitBox02 review here.
In some cases, a bad actor may tamper with your device while it’s on-route to your home for the first time. To avoid this, all reputable hardware wallet manufacturers use a special holographic sticker to prove the wallet was never opened.
A security seal should always be intact before first use
If you receive a wallet and this sticker isn’t intact, don’t use that wallet. While some wallets also run a self tampering test when initializing, it’s better to stay on the safe side.
In order to minimize this risk even more, always buy a hardware wallet straight from the manufacturer’s website. If you want to buy from a reseller, make sure that they’re an authorized, trustworthy reseller by contacting the manufacturer first.
Preconfigured seed phrase
Your seed phrase should be generated at random by your wallet upon setup and is not sent to you with the device.
One unfortunate user bought a hardware wallet from a bad actor on Amazon and received a wallet with a card containing a preconfigured seed phrase. He was instructed to initiate the device using this existing seed phrase.
The user wasn’t very tech-savvy and did as they were instructed, only to find out that once they deposited coins into that hardware wallet they were quickly removed by the hacker that had knowledge of the preconfigured seed.
A malicious Ledger was sent with a preconfigured seed and PIN code
Evil Maid Attack
Your hardware wallet device may be stolen or physically accessed by unwanted individuals, also known as the evil maid attack.
Most, if not all hardware wallets today, include a PIN protection. So even if your device is stolen, it may take the thief a while before they can access your coins.
Once you notice your device is stolen, you should immediately use your seed phrase to recover your Bitcoins and send them to a new wallet with a different seed phrase. This will basically drain your stolen wallet of all of its funds and allow you to keep safe control over your Bitcoins.
The $5 Wrench Attack
This refers to a scenario where someone physically threatens to hurt you with a $5 wrench, if you don’t hand over your hardware wallet and unlock it with your PIN code.
In order to protect from these kinds of physical attacks, certain wallets, such as TREZOR, allow you to add another layer of protection called a passphrase. This means you’ll be requested to add an additional passphrase after the PIN code.
However, you can set it up so that different passphrases will show only certain accounts on your wallet. So imagine having a dummy account on your wallet with only a small amount of coins and a real account with the majority of your funds.
If someone forces you to unlock your wallet, you can use the dummy passphrase and it will seem that the wallet only holds a small amount of coins, not revealing your complete holdings.
Both Ledger and TREZOR wallets have proved to be a safe and easy-to-use solution for storing your Bitcoins. When Ledger started out, they didn’t seem to have a good enough product as TREZOR did. However, today the line between the companies has pretty much evaporated and they are equally good, in my opinion.
However, to be on the safe side I generally use more than one hardware wallet and I try to make sure to use models from both companies.
One thing to keep in mind is that unlike Ledger, TREZOR’s technology is completely open-source, which is considered more secure.
In order to access your TREZOR wallet, you’ll need to connect it to your computer and go to http://wallet.trezor.io. This web interface will allow you to access your funds once the wallet is connected to the computer.
The seed phrase technology used in most hardware wallets today is compatible with multiple wallets: it’s not unique to any specific company.
Therefore, if a certain company goes out of business you can recover your Bitcoins directly to another company’s wallet using your seed phrase.
As you probably understand by now, your seed phrase has a lot of power. It can be used in many cases to recover your Bitcoins, including if your hardware wallet breaks or gets damaged.
It doesn’t get any simpler than this headline.
Yes, hardware wallets cost money and no one likes spending money on things they can get for free. But the amount of security you get by using a hardware wallet is much more valuable than the $50-$100 you’ll pay for purchasing the actual device.
In my opinion any of the top 4 wallets are a good choice, but my personal favorites are the TREZOR One and the Ledger Nano S. Also, make sure to always buy the wallet directly from the company or from an authorized reseller. There have been many cases of fraud reported by people who bought hardware wallets on eBay and sometimes Amazon.
Have you used a hardware wallet? Do you have any comments or additional questions? Let me know in the comment section below.