In 2018, when the price of bitcoin dropped from an all-time high of around $20,000 to less than $6,000, a lot of people thought cryptocurrencies are dead. But today, the cryptocurrency market is on another massive bull run, with the price of bitcoin hovering above $50,000 and other cryptocurrencies standing at historic records.
Naturally, with the growing price of bitcoin comes a wave of new enthusiasts who don’t want to miss the opportunity of the next spike in the value of cryptocurrencies. Unfortunately, many of these people dive headlong into the market without knowing all the sensitivities involved in handling cryptocurrency wallets. Many of them fall victim to preying hackers or their own mistakes and lose hold of their cryptocurrency savings.
In the early days of bitcoin, there was a clear trade-off between wallet security and convenience. You had to choose between online wallets that were easy to use but not very secure and hardware wallets that were secure but not easy to use. But today, the market for bitcoin hardware wallets has matured, and you have many options that provide security, ownership, and ease of use at the same time.
If you’re new to bitcoin, here’s what you need to know about how hardware wallets work and why you should consider getting one.
How does bitcoin work?
One of the main appeals of cryptocurrencies is that they are decentralized money. You own your bitcoins, just as you own the cash in your wallet. There is no central authority like a bank or other financial institution that can control your money.
To do away with central authorities, cryptocurrencies use blockchains to record their transactions. A blockchain is a ledger that is simultaneously stored and updated on thousands of independent computers across the globe. While validation mechanisms vary between different cryptocurrencies and blockchains, they all use cryptography to make sure every transaction is legit (hence the name crypto-currency) and hasn’t been tampered with. While I will use bitcoin as an example in this post, a lot of the concepts discussed here apply to other cryptocurrencies.
When people want to send you bitcoins, they will use your bitcoin address, a unique string of alphanumeric characters. Each approved payment is added to the blockchain and contains the addresses of the sender and the receiver of the transaction.
How can you prove bitcoins stored on an address belong to you? Every bitcoin address is associated with a pair of public and private cryptographic keys. Public/private cryptography is an old encryption mechanism that is used in many applications we use every day, including HTTPS websites and PGP-secured emails. Data encrypted with a public key can only be decrypted with the private key. People usually publish their public key to allow others to encrypt and send them confidential information. They keep the private key to themselves and use it to decipher data encrypted with their public key.
The reverse is also true: Data encrypted with a private key can only be decrypted with the public key. This mechanism is used for “digital signatures.” To prove that I’m the legitimate sender of a piece of information, I add a piece of information encrypted with my private key. Since my public key is already known, anyone can validate my signature by trying to decrypt it with my public key.
Back to bitcoin transactions. Before I can send bitcoins from an address, I have to prove that I own them. To do this, I need to sign the transaction with the private key of the sender’s address. Once that is verified, the computers maintaining the bitcoin blockchain will approve and register my transaction.
What is a bitcoin wallet?
This brings us to the key point about bitcoin ownership: Whoever holds the private key of an address owns the bitcoins stored at that address. And this is what the bitcoin wallet does.
A bitcoin wallet simply stores the address and the public and private keys to one or more bitcoin addresses.
There are basically four types of wallets:
- Online wallets: An online bitcoin wallet is a website or app that stores your bitcoin keys on a server.
- Software wallets: Software wallets are applications you install on your computer or smartphone. They store your bitcoin keys on your local device or a flash drive.
- Hardware wallets: Hardware wallets store your bitcoin keys on a piece of hardware that has been specially designed for bitcoin transactions.
- Paper wallets: Paper wallets are physically printed versions of your private and public keys. Paper wallets usually also contain QR codes of the keys to make it easy to use them.
How you store your private keys will determine the security of your bitcoin funds. And each type of bitcoin wallet has its benefits and tradeoffs.
The benefits and tradeoffs of different bitcoin wallets
There’s usually a tradeoff between security and ease of use in different types of bitcoin wallets. For instance, online wallets are easier to use than other types of wallets. You can access them from a browser on any device as long as you can remember your username and password. And they have plenty of good features such as quickly buying, selling, and trading cryptocurrencies. However, they store your private keys on a central server, which makes them a bit like banks. They hold the keys to your bitcoin and, in a way, you’re giving up your privacy and the ownership of your bitcoins. Also, if you fall victim to a phishing attack, an attacker will be able to access your wallet and steal your bitcoins because your private key is stored online. Online wallet companies usually do a good job of keeping user accounts secure, but they occasionally get hit by data breaches, where hackers steal all the private keys and cryptocurrencies of their users.
Software wallets can be installed on any kind of device. You get to keep your private keys and privacy. Without having your keys stored in the cloud, hackers can’t trick you into giving away your username and password (but they can still trick you into making payments to their bitcoin address). The tradeoff is that you don’t have the flexibility of online wallets and can access your funds on the specific devices where you’ve installed your wallet application. The security of software wallets is also complicated. If your device gets hacked with file-stealing malware, an attacker might be able to steal your private key. And if your device gets destroyed or lost, you will lose your bitcoins.
Hardware wallets have an associated web, mobile, or desktop application that enables you to monitor your bitcoin addresses and spend bitcoins. Private keys are stored in the hardware wallet and never leave the device. When you want to confirm a payment, the transaction is signed inside the hardware wallet and the output is sent to the app. Hardware wallets are more secure than the other alternatives because they’re very hard to hack. But they don’t have the flexibility of online wallets because you need to have your device with you for every transaction. They also require you to make a small upfront investment to buy the device. And like software wallets, if you lose your device, forget your PIN code, or forget your recovery seed, your bitcoins are gone.
Paper wallets are completely offline, which makes them the most digitally secure type of wallet. But paper wallets are very hard to use. Before you can spend your bitcoins, you need to import your private key into a software or online wallet. And if your paper wallet gets burned or destroyed, your bitcoins are toast.
Why I prefer hardware wallets
When it comes to choosing bitcoin wallets, there’s no perfect solution, and no matter which kind of wallet you choose, if you don’t understand the basics of bitcoin security, you can still become the target of malicious actors.
I like hardware wallets because they minimize the risks that I can’t control such as major data breaches at cryptocurrency exchanges or malware that exploits zero-day vulnerabilities in mobile and desktop operating systems. To be clear, hardware wallets are not perfectly secure. For instance, in a recent security incident, hackers broke into the servers of hardware wallet manufacturer Ledger and possibly pushed out malicious firmware updates for Ledger wallets. But these types of supply chain attacks are much harder to pull than phishing scams.
Also, in the past few years, the landscape has evolved much and hardware wallets have become much easier to use, giving you a nice combination of security and convenience.
There are a few things I verify when evaluating a hardware wallet:
- Company history: I prefer to stake my bitcoins on a wallet from a company that has been in business for several years.
- Security: No company is perfect. But companies that have a history of delivering secure products, and more importantly, a robust process to respond to vulnerabilities are more reliable.
- Wallet integration and support: How many platforms support the device and how many kinds of coins does the wallet support?
- Interface and ease of use: How easy is it to use the wallet’s user interface? How easy is it to update the firmware? Is the reset and recovery process painful or easy?