Crypto
4 min read

Hardware Wallet

A physical device that stores crypto private keys offline and signs transactions internally. Hardware wallets like Ledger and Trezor are the standard for securely holding meaningful amounts of crypto.

How hardware wallets work

The defining feature: private keys never leave the device. The hardware wallet stores keys in a secure element (often a chip designed specifically for cryptographic operations and hardened against tampering) and signs transactions internally.

The typical workflow:

  1. User initiates a transaction in a wallet app on their computer or phone.
  2. The transaction details are sent to the hardware wallet over USB or Bluetooth.
  3. The hardware wallet displays the transaction on its own screen.
  4. User reviews the details and physically presses a button to approve.
  5. The hardware wallet signs the transaction internally and returns the signature.
  6. The wallet app submits the signed transaction to the blockchain.

The key never touches the internet-connected computer. Even if that computer is fully compromised by malware, the attacker can't sign transactions without the physical device and its PIN.

Major brands

The dominant hardware wallets:

  • Ledger — Nano S Plus, Nano X, Stax. Most popular by units sold.
  • Trezor — Model One, Model T, Safe 3, Safe 5. Open-source firmware.
  • GridPlus Lattice1 — larger device with phone-app integration.
  • Keystone — air-gapped device using QR codes for transaction signing.
  • Coldcard — Bitcoin-only, security-focused.

Each makes different trade-offs around supported chains, user experience, security architecture, and price.

Setup

Standard setup involves:

  1. Buy directly from the manufacturer. Don't buy from Amazon or third-party resellers — supply-chain attacks have inserted malicious devices into retail channels.
  2. Initialize the device offline. Generate the seed phrase on the device itself, not on a connected computer.
  3. Write the seed phrase on paper or stamp it on metal. Don't type it into anything connected to the internet.
  4. Set a PIN. Required to unlock the device for signing.
  5. Optionally set a 25th-word passphrase. Adds an extra factor; protects against seed phrase compromise.
  6. Test recovery on a separate device before storing meaningful funds.
  7. Move funds gradually. Start with small amounts to verify the workflow.

When hardware wallets make sense

For most crypto holders:

  • Active trading capital, small amounts — fine on hot wallets or CEXes.
  • Long-term holdings, meaningful balances — should be on a hardware wallet.
  • Major holdings ($100K+) — many users move to multi-signature setups using multiple hardware wallets.

The common rule: don't keep more in hot wallets or on exchanges than you're actively using or willing to lose.

What hardware wallets don't protect against

Despite strong security, several attack vectors remain:

  • Phishing during signing. The wallet signs whatever transaction your software tells it to. If you authorize a malicious transaction in the wallet UI, the hardware wallet will sign it. Verify what you're signing on the device's screen.
  • Approval risks. Granting unlimited token spending to a contract that later turns out malicious can drain wallets even with hardware-wallet protection.
  • Lost seed phrase. Hardware wallets are devices; their security depends on the seed phrase backup. If the device is lost or destroyed and the seed phrase is also lost, funds are irrecoverable.
  • Coercion. Physical threat to extract PINs and seed phrases bypasses technical security entirely. High-net-worth holders increasingly use distributed multisig setups.
  • Supply-chain attacks. Devices tampered with before they reach the user. Buying directly from manufacturers and verifying integrity matters.

Multi-sig and threshold setups

For higher-value holdings, multisig setups distribute signing across multiple devices and locations:

  • 2-of-3 multisig — three keys, any two can sign. Loses one device, still recoverable; one device compromised, attacker can't sign alone.
  • Services like Casa or Unchained Capital package multisig setups with operational support.
  • Smart-contract wallets (Safe formerly Gnosis Safe) provide on-chain multisig that scales beyond hardware-wallet primitives.

The trade-off: more complex than single hardware wallet; better fault tolerance and security against single-device compromise.

Hardware vs. mobile

For many users, the right setup is a combination:

  • Mobile hot wallet for small daily-use amounts. Handles routine transactions, NFT interactions, etc.
  • Hardware wallet for larger holdings. Long-term storage and high-value transactions.

Modern hardware wallets often integrate with mobile apps via Bluetooth or QR codes, making the user experience much closer to a hot wallet while preserving the security advantage.

Recovery considerations

The single biggest operational risk is losing the seed phrase. Practical recommendations:

  • Multiple physical backups. Different geographic locations, ideally.
  • Metal backup for fire and water resistance. Cardstock can deteriorate.
  • Test recovery before relying on it. Configure a test wallet, store significant balance, then verify you can recover from your seed phrase backup.
  • Don't photograph the seed. A photo on a phone defeats the entire offline-storage premise.
  • Don't store digitally. Cloud storage, password managers, encrypted files — all defeat the purpose.

Honest framing

Hardware wallets are the strongest available form of self-custody for typical users. They aren't perfect — phishing during signing, lost seed phrases, and supply-chain attacks all remain real risks. But the security upgrade over hot wallets and exchanges is substantial enough that any holder of meaningful crypto should be using one.

The first hardware wallet you buy is much better than the second one you "should have" bought after a compromise. Don't overthink the choice; the major brands are all reasonable. Start with one, learn the workflow, and upgrade to multi-sig setups as holdings grow.