Table of contents
Bitcoin investors: If you hold a big bag of BTC you keep on exchanges or your phone or you are looking to make a long-term buy before next year’s inflation-thumping Bitcoin Halving, or you simply want to send, receive, buy, and sell Bitcoin as a store of value over a shorter time frame, you need to carefully consider every means available to secure your assets from cyber and physical theft.
The notion that Bitcoin and cryptocurrencies are completely safe on crypto exchanges and software wallets has been disproven by the continuous attacks on exchanges over the years, with a record haul lost last year despite the bear market. A report from Chainalysis showed that In 2022, over $20 billion worth of cryptocurrency was stolen from users via exchanges and software wallets over the last 15 years.
By now you should probably know what a crypto wallet is (essentially an application that safeguards your private key) and the different ways to differentiate between various types, namely hot and cold (ie online and offline) and non-custodial vs custodial (which means someone else manages it for you or you self-custody it).
It follows then that you’ll also understand that a Bitcoin hardware wallet, a dedicated physical and always offline wallet device, is the most secure way to keep your stockpile of satoshis safe over the long haul and away from the greedy claws of hackers and scammers.
Software and web-based wallets are good, but they mostly don't hold up against serious cyber attacks. But using a hardware wallet to store the private keys of these software wallets could offer a better chance of safely securing your assets.
This article covers everything you need to know about Bitcoin hardware wallets, how they work, why you need them, the best ones available, their sophisticated features, and how to protect them.
What is a Bitcoin hardware wallet?
A Bitcoin hardware wallet is an encrypted physical device that stores the private keys generated by the Bitcoin wallet application offline. This state is called cold storage and means that these devices, also referred to as cold wallets, are not connected to the Internet like most software wallets.
The most secure hardware wallets are completely airgapped, which means they are isolated and cannot establish an external connection to the Internet or any remote network at all. Other hardware wallets that connect to the Internet only do so for a short period in order to validate a transaction.
Why do you need a Bitcoin hardware wallet?
As explained, internet-connected exchange wallets and software wallets can be vulnerable to various security threats, and because of this, hardware wallets are universally considered the safest way of keeping your Bitcoin safe from hackers. While exchanges do use cold wallets to secure users' funds long-term, they need to facilitate large numbers of transactions quickly and therefore, have no choice but to use online wallets (hot wallets) for daily transactions. This creates huge opportunities for hackers to capitalize on.
The primary purpose of a hardware wallet is to securely generate and store private keys, sign transactions, and provide a secure environment for managing cryptocurrency assets. It secures the private key by hiding or locking it inside a computer chip inside the device, where hackers cannot find it.
What do hardware wallets look like?
Hard wallets vary greatly in appearance, with their exteriors ranging from glorified USB sticks to smart cards with screen to smart phone-esque devices. The best, pricier brands have a small digital display and physical buttons for user interaction. When you want to make a transaction, you connect the hardware wallet to an online device via USB, Bluetooth, or NFC, depending on the model.
How Do Bitcoin Hardware Wallets Generally Work?
You can think of a Bitcoin hardware wallet as a highly secure and special-purpose small computer that can only perform a few technically basic but highly essential functions. In most cases, they often come with one or two buttons and a display screen in some advanced ones in order to visually confirm and physically validate all transactions. This ensures that only the owner, not a hacker, can authorize a crypto transfer from their wallet.
As described earlier, the Bitcoin hardware wallet really only holds private keys and not actually any crypto assets. The private keys are like a signature to your software wallet to sign on transactions and validate them.
Let's imagine, for example, that you want to pay for goods using Bitcoin, and you need to use your Bitcoin wallet.
The first thing to note is that your hardware wallet is designed to be a very simple device with basic functions. The less functionality, the fewer possible attack vectors. You need a more sophisticated device like your computer or phone to prepare the transaction or broadcast it to the Bitcoin network.
To use your Bitcoin wallet, you need to first download its maker's software on your computer, which will serve as a bridge, and this bridge will let you create transactions for the cold storage crypto wallet to sign.
The hardware wallet only has one purpose; to receive the transaction details, sign it with your private keys on the BTC hard wallet to validate the transaction, and send it back to the bridge to be completed.
The only thing that goes through the security device is the unsigned and signed transaction.
The method of connectivity to receive these transactions varies from one wallet provider to the other and from one level of security to the other.
Some cold wallets connect over Bluetooth, and some connect to your computer using a USB-C or USB-A cable. In the early days of crypto, USB connections were the only reliable choice, however, in 2023, the best crypto hard wallets use encrypted Bluetooth to ensure they have greater access and flexibility for their users to transact on their own terms.
The new generation of elite cold wallets like iCoin Wallet uses a built-in camera to scan and sign the transaction details onto the hardware wallet before signing it. It also comes with an optional printer to create QR code prints and easy sending of crypto.
Because of its simple yet highly secure design, you can use your hardware wallet on any computer without fearing being hacked. The only thing you always need to be sure of is that your Bitcoin transaction being approved on your hardware wallet matches that created and displayed on your software application.
What to Look For In The Right Bitcoin Hardware Wallet
The main reason you're using a Bitcoin cold wallet in the first place is the security of your private keys, but they need to be secure themselves. You need to watch out for the security measures employed that keep the wallet safe, not just from cyber attacks but physical thefts.
It would be best to look for wallets that go the extra mile to protect your private keys, like using PIN, passphrases, or biometrics to authenticate access to the wallet. Ensure the wallet is highly encrypted to prevent hackers from gaining access.
Some cold storage wallets offer multi-signature (multi-sig) support. Multi-sig hardware wallets provide another level of security because they require the user to provide multiple unique signatures to validate transactions.
The user experience of the hardware wallet is a critical consideration nowadays.If you have to spend a ton of time figuring out how to use a particular brand or always require technical support, you’re probably dealing with a legacy wallet that’s not kept up with the times.
A hardware wallet is supposed to be a very simple device as it only performs basic computer functions in a highly secure way. It should be easy to use without any problems or mistakenly approving a wrong transaction.
Make sure your chosen wallet is compatible with the devices you have at your disposal and computer and phone operating systems. Your hardware wallet should be able to interface with other wallets of your choice, such as Metamask, TrustWallet, etc.
Backup and Recovery
In case of theft or permanent damage to the device, you must ensure that your hardware wallet is recoverable. The backup and recovery feature is essential. The manufacturer usually leaves instructions to back up private keys and seed phrases and recover them when you get a new hardware wallet device.
The Top 6 Bitcoin Hardware Wallets
Based on the level of security, user-friendliness, compatibility, backup, and recovery, we've compiled a list of the top Bitcoin hardware wallets.
1. iCoin Wallet
Relative newcomer iCoin Wallet (by iCoinTechnology) has a unique approach to cold storage that has seen it gain a lot of traction in a short time, especially as one of the only cold wallet brands from the USA.
The iCoin hardware wallet has a premium smartphone design with a small capacitive touch color display, an intuitive UI for navigation, and a rear-facing 13-megapixel display camera primarily for scanning transaction QR codes.
The iCoin Wallet is heavily secured and as air-gapped as possible. It has no WiFi, cellular antenna, SD card slot, microphone, and front-facing camera and only permits Bluetooth connectivity if enabled by the user to sign transactions instead of the rear-facing scanning camera.
The iCoin cold wallet uses the rear camera to import transaction data set up by the software program. It scans the code and other data from the initiated transaction on the software wallet and imports them into the hardware wallet to sign with the private keys which never leave the hardware wallet. It never connects to a network to prevent hackers from remotely hacking the wallet.
iCoin also supports Ethereum and its different ERC tokens and allows users to manage their digital assets on the go. It also has built-in security features such as PIN protection and 2-factor authentication to ensure the safety of the user's funds and comes at a very well-priced $199 considering the premium build factor of the device and American innovation behind it.
One of the unique features of the iCoin hardware wallet is that it allows users to stake their cryptocurrencies directly from the device. Users can stake various cryptocurrencies and earn passive income without additional hardware or software.
The iCoin wallet supports Bitcoin, NFTs (ERC-721), and all ERC-20 tokens.
To get further acquainted with the iCoin wallet, see this iCoin wallet tutorial page for videos on how to set up and use the iCoin wallet.
2. Ledger Nano X
France’s Ledger Nano X uses a CC EAL5+ certified secure element chip to secure its wallet.
The CC EAL5+ secure chip is a type of chip that has undergone hardcore security and penetration testing. The chip certification ensures that the chips have been designed, tested, and implemented using strict security standards and meet the highest confidentiality, availability, and integrity level.
The live Ledger live app supports about 5,000 different cryptocurrency assets and NFTs, and the Ledger Nano X hardware wallet can store up to 100 different Cryptocurrency assets in each wallet. For a list of these cryptocurrencies, visit the Ledger-supported coins and tokens page.
The Nano X hardware wallet can connect to your desktop computer via USB cable or Bluetooth and is compatible with Windows, MacOS, Android, and IOS.
It also comes with a backup and recovery feature, and in case your hardware wallet ever gets missing, you can follow the ledger support team instructions to recover your wallet.
It is also noteworthy that Ledger suffered a data breach in 2020 in which the hackers stole customers' data (names, addresses, phone numbers, and emails). Although the crypto assets remained safe as they cannot be accessed without each person's private key, the breach led to fake emails being sent to customers' emails pretending to be from Ledger and asking customers for their private keys.
Despite the attack, Ledger remains one of the best hardware wallet providers today.
Security: CCEAL 5+
Coins supported: 5000+ (See complete list)
3. Trezor Model T
The Trezor Model T is a highly secure Bitcoin hardware wallet from the Czech Republic’s Trezor, the first hard wallet maker.
The Trezor Model T also uses a PIN unlock system, which automatically locks the wallet in case of too many wrong attempts, and a Multi-factor Authentication (MFA) system.
The MFA comes as a passphrase(s) that must be entered in a particular order to access the hardware wallet.
The Trezor Model T, like other Trezor hardware models, supports various crypto assets. A complete list of the supported cryptocurrency assets can be found on the Trezor-supported coins and tokens page.
The Trezor hardware wallet is compatible with most operating systems: including Mac, Linux, and Windows, works well with Android mobile phones, and is currently available in the Trezor store for $219.
Keepkey is an older Bitcoin multicurrency hardware wallet that launched in 2015.
Keepkey offers PIN and passphrase protection and is said to be virus and malware-proof as its design does not have an operating system which is what viruses, malware, and keyloggers mostly attack.
To access the Keepkey device, a user connects using a USB cable between to connect the wallet and to their computer, but this connection is still highly secured and, as already said, is virus and malware-proof.
The design of the Keepkey hardware wallet comes with a sleek large display screen that allows you to see every transaction in and out of your hardware wallet.
In addition, KeepKey also offers a DApps store that grants its user access to thousands of Decentralized platforms, and opportunities can also be integrated with Thorchain directly from your wallet to allow effortless crypto and Bitcoin exchanges.
Keepkey currently supports coins and tokens such as; Bitcoin, Bitcoin Cash, Ethereum, Litecoin, Dogecoin, Dash, and more. A Keepkey Bitcoin hardware wallet sells for $49 on the Keepkey store.
Security: PIN, passphrase
Coins supported: 55+
5. NGRAVE Zero
The NGRAVE ZERO hardware wallet is touted as offering maximum security, with a 100% air-gapped design and CC EAL 7 certification, the highest security standard in the world, as well as ROHS and CE certification. However, some have pointed out that these certifications do not necessarily guarantee absolute security.
Although the NGRAVE ZERO hardware wallet does not use Wi-Fi, Bluetooth, N.F.C., or USB, all transactions are signed on the device's LCD touchscreen, which some experts consider less secure than other signing methods.
While users have reported that the NGRAVE ZERO offers the best user experience among hardware wallets available in the market, some have criticized its high price tag and the limited availability of the product.
6. CoolWallet Pro
Another interesting hardware wallet on this list is the premium CoolWallet Pro by CoolWallet.io. With a portable size of about 0.8mm thickness, this credit card-sized wallet comes with high-level features, a redefinition of the term, “small but mighty". The CoolWallet Pro comes with a CC EAL 6+ certified Secured Element chip. In English, the CoolWallet Pro is highly secured and can protect your private keys. The hardware wallet also has an encrypted Bluetooth configuration to prevent unauthorized access. The Cool Wallet Pro hardware wallet supports trading features and can connect to Defi and Dapps through WalletConnect. It includes 27 supported blockchains and over 12,000+ coins and tokens, which is by far the highest on our list. In addition, it doesn’t just support coins and fungible tokens alone; the CoolWallet Pro also supports NFT in-app integration with Opensea and Rarible. The current price of the CoolWallet Pro is $149, and further details on how to buy one can be found on the CoolWallet store page.
General steps to use a Bitcoin hardware wallet
● Connect your Bitcoin hardware wallet to your desktop computer via Bluetooth or USB.
● Fill in your PIN or MFA passphrase to unlock your hardware wallet.
● Open the software wallet where your coins, tokens, and NFTs are stored.
● Click the send button to draw up a transaction.
● Enter the amount you want to send and the recipient's wallet's public address.
● Review the transaction details to ensure they're correct so you don't send Bitcoin to the wrong person or, worse, the wrong amount.
● Your hardware wallet will provide some prompts to follow, which will validate the transaction, sign, and issue it on the Blockchain.
● Confirming a successful transaction takes an instant to a minute or two.
● Connect your hardware wallet in the same fashion
● Enter your passphrase or PIN to unlock the wallet
● Open the software wallet on the computer and click on "receive."
● A Bitcoin address will be generated for the transaction.
● Copy and send this address to the sender.
● Wait for the transaction to be fully processed, and you will see the amount in your balance.
This is a general guideline on using your Bitcoin hardware wallet to send and receive Bitcoin. There might be slight variations in the instructions from wallet to wallet.
Benefits of using a Bitcoin hardware wallet
Since the hardware wallet stores private keys offline at all times, hackers can't attack them. Because the hardware wallets can sign transactions without leaving the device, they are safer than custodial, software, or paper wallets.
Hardware wallets let you control and manage access to your private keys, unlike custodial wallets, where your private keys and wallet services are handled by the exchange (third party), which can pose a potential risk to your assets if ever the exchange was to be hacked.
Backup and Recovery
If you lose your wallet, hardware wallets are recoverable. All you have to do is get a new wallet and use your seed phrase to regenerate your private keys and regain access to your assets. Some hardware wallet providers, like Ledger, provide backup and recovery packs to their users.
A multi-currency hardware wallet like iCoin Wallet allows users to store their private and public keys and transact with multiple cryptocurrencies. A multicurrency hardware wallet makes having a diversified portfolio convenient to keep.
It's a one-fits-all solution for large portfolio investors.
Storing multiple currencies on a single hardware wallet will let you diversify your cryptocurrency investment from high-risk to low-risk projects, generate passive income through your assets, and manage to keep your wallet highly secure and away from the reach of hackers.
Disadvantages of using a Bitcoin hardware wallet
While there are many reasons to use a hardware wallet instead of software, custodial, or paper wallet, there are also some cons associated with using a hardware wallet. However, it’s worth noting that cold wallets have made tremendous advances in recent years and are much more affordable, easier to use, and feature-rich than ever before.
Without a doubt, hardware wallets are expensive to acquire. The security measures and the benefits are great, but a large percentage of the Bitcoin and crypto population might need more time to come to terms with paying as high as $200 for a hardware wallet.
The cost of hardware wallets has scared both old and new Bitcoin and crypto users from purchasing them, and most of them have preferred to risk it all with software wallets.
Difficulty for beginners
Setting up a hardware wallet can be quite challenging for new and even old Bitcoin and crypto users, and asking for third-party support can risk exposing your private keys. Software and custodial wallets are far easier to set up than hardware wallets, which has become a big barrier in the massive adoption of hardware wallets for safe crypto storage.
Hardware wallets are best suited for long-term investors or corporate firms who only need to use their Bitcoin or crypto assets occasionally.
It can be far less convenient for day-to-day Bitcoin and crypto transactions as you need them plugged into a computer to sign transactions.
However, the new generation of Bluetooth hardware wallets such as iCoin Wallet has untethered cold storage, meaning you can take it with you wherever you please and transact on your own terms (and time).
5 do’s and don'ts to keep your Bitcoin hardware wallet safe
Hardware wallets are mostly safe from cyber attacks, but you must go the extra mile to protect them from physical theft.
Tip 1: Only buy your wallet from a trusted seller
No matter how encrypted a hardware wallet is, the real security starts from where you buy the wallet from. It is advisable not to buy a hardware wallet from any store other than the manufacturer's. Purchasing a wallet from an e-commerce platform or any physical store that isn't registered by the manufacturer can pose a great risk to your wallet due to issues such as supply-chain attacks, where your device is intercepted and tampered with before it arrives to you. When you transact, a hacker can intercept your transaction, change the destination address and steal your funds.
These hardware wallets could also have been infected with viruses or malware to spy on you and steal your private keys. So, it is advised that you always buy your hardware wallet from a trusted source or the manufacturer at best.
Tip 2: Never share your private keys or seed phrase
Sharing your seed phrase or private keys is like putting a big post sign on your head telling hackers, "Please, steal my Bitcoin."
Your seed phrase or private keys should not be shared with anyone or posted on any platform. If you ever get any message or call from anybody posing as an agent of any of the wallet manufacturers asking you to tell them your seed phrase for upgrades or recovery or any reason at all, know that it is false as these manufacturers will never ask you for your private keys or seed phrase.
Tip 3: Always use a strong and unique PIN or passphrase
As a general security measure, using a unique passphrase or PIN is always important for locking away sensitive information. Don't use a predictable passphrase or PIN, such as your name, date of birth, a combination of your first and last name, names of any of your family members, a pet's name, or anything closely related to you. It's often advised to use a combination of alphanumeric and special characters as passphrases.
But don't create a passphrase or PIN that you can easily forget, which leads us to the next step.
Tip 4: Write down and store your seed phrase in a secret and secure location
Digital actions always leave a digital footprint, therefore you should always write down (or use a metal steel wallet) when setting up your recovery seed. To prevent a forgotten passphrase or seed phrase scenario, write your seed phrase, passphrase, or PIN on perhaps a piece of paper or pieces and store them in very secure locations that only you know about.
Some people have been known to store valuables in bank deposit boxes, and I assure you that your seed phrase is just as valuable, so if you hold a huge bag of Bitcoin and friends, going this route is not a bad idea.
You can also buy a strong safe, store the written seed phrase there, and hide its location.
Tip 5: Regularly update your hardware wallet firmware
Like our mobile phones, hardware wallets also receive regular security patches, new features, and compatibility. It is important to always check for these updates to ensure your wallet has the security level and qualities to battle current cyber threats.
Frequently Asked Questions
What's a Bitcoin hardware wallet?
It's an encrypted physical device that stores private keys offline, providing a secure way to manage cryptocurrency assets
Why use a Bitcoin hardware wallet?
Hardware wallets are the safest way to protect Bitcoin from hackers, offering secure key generation and transaction signing.
What do Bitcoin hardware wallets look like?
They vary in appearance, looking like USB sticks, smart cards and smartphones with screens and buttons.
How do Bitcoin hardware wallets work?
They're small computers that hold private keys, used to sign and validate transactions. They often have buttons and a display screen.
What happens when I lose my hardware wallet?
You still keep access to your funds. Simply restore your funds on a new compatible wallet application with your recovery phrase seed.
What's needed to use a Bitcoin wallet?
You need to download the software to your computer, use the wallet to sign transactions, and send it back to complete the transaction.
What to look for in a Bitcoin hardware wallet?
Security measures like PINs, biometrics, and multi-signature support, compatibility, and user-friendliness.
What is crypto cold storage?
It's the process of storing private keys or other sensitive data offline in a hardware wallet.
What is hot storage?
It's the process of storing cryptocurrency assets on an internet-connected exchange or software wallet.
What is multi-signature support?
It's a feature that adds an extra layer of security, requiring multiple signatures to validate transactions.
What is the meaning of air-gapped?
It's the most secure hardware wallet, completely isolated and unable to connect to the internet or any remote network.
Are Bitcoin hardware wallets necessary?
They are not compulsory but are necessary to secure your cryptocurrencies highly.
Can hardware wallets be hacked?
Any device is vulnerable under specific conditions such as supply chain and man in the middle (MITM) attacks, but hard wallets provide the most secure form of crypto storage as it requires human verification and is never connected to the internet.
How much do Bitcoin hardware wallets cost?
Bitcoin hardware wallet prices range from around $60 to $1000, from the cheapest to the most expensive, based on the quality, features and brand name of the product.
How many wallets do I need?
You'll only require one multicurrency hardware wallet; most hardware wallets support from 100 to 5000+ different cryptocurrencies. However, it is recommended to use more than one wallet in order to diversify your portfolio.
The importance of Bitcoin hardware wallets cannot be emphasized enough. With billions of dollars worth of cryptocurrencies reported stolen from software wallets and often landing in the pockets of money launderers and terrorists like North Korea’s Lazarus hacking group, regulators are constantly circling the industry looking for ways to shut it down due to AML/CFT non-compliance.
Therefore the onus is on every crypto investor to carry out their Proof of Keys duty and self-custody of as much of their portfolio as they can. The Bitcoin revolution won’t be won in a day, and thousands of battles and skirmishes with both regulators and bad actors will whittle away your HODL portfolio until there’s nothing left if you don’t play your cards right.
A Bitcoin hardware wallet is simply the best bet against these threats to your financial freedom. Even if a hacker manages to access your app, their transactions cannot be approved without the user's physical verification via the custom wallet.
Until a more advanced solution is created, the advice to safeguard your Bitcoin and crypto assets remains to use a hardware wallet for all major holdings.