Proponents of bitcoin promise that cryptocurrencies free you from the tyranny of banks, financial institutions, governments, and other gatekeepers that keep tabs on your money and shave off hefty fees from every transaction you make. And to some extent, they’re right.
But the freedom of bitcoin doesn’t come for free. Cryptocurrencies put you in exclusive charge of the security of your money. You can lose your entire digital fortune in a flash, and once your Bitcoins are gone, recovering them is virtually impossible.
Keeping your Bitcoins secure can be a pretty daunting task, especially you want to opt for maximum security and make sure cybercriminals won’t be able to rob you blind.
There are several tools and methods to secure cryptocurrencies, and each have their own advantages and tradeoffs. Bitcoin wallets, special hardware that stores the keys that let you spend bitcoin, are one of the most secure options to protect digital currencies—with a few caveats of course.
Here’s what you need to know about hardware wallets and how they keep your cryptocurrencies safe.
How do bitcoin wallets work?
Every bitcoin address (the equivalent of a bank account or a wallet) is associated with a pair of public and private cryptographic keys, strings of bytes used to encrypt and decrypt data. Your public key, accessible and visible to everyone, enables other bitcoin holders to make payments to your address. The private key enables you to sign transactions and send money from your address to other people.
Securing your bitcoins hinges on protecting the private keys of your addresses. If a cybercriminal grabs hold of your private key, they’ll be able to spend your bitcoins or send them to their own address. If you lose your private keys, you also lose access to your funds. And since the bitcoin network has no specific owner, there’s no way to restore your bitcoins once you lose them.
Popular exchanges such as Coinbase and Kraken manage private keys on behalf of users. This provides a smoother user experience, but it also places trust in the exchange, which some hardcore crypto-believers think defies the very purpose of bitcoin. If an exchange decides to shut down your account, there’s nothing you can do to take back your coins. Also, if an exchange gets hacked—and they do get hacked—then you’ll have to pay for the sloppiness of their security practices.
Some of the alternatives to online exchanges include software that store the private keys on your computer or smartphone. But in case your computer gets hacked or infected with malware, hackers will be able to obtain your keys and steal your funds.
Hardware wallets are devices that are designed for the sole purpose of storing and securing cryptocurrency keys. Most hardware wallets have safeguards meant to protect against theft of keys or malware that change the destination address of bitcoin payments.
Hardware wallets come with the tradeoff of making bitcoin payments a bit more difficult in comparison to using online crypto-exchange websites. However, it’s a small price to pay if you’re serious about protecting the thousands (or millions?) of dollars’ worth of cryptocurrencies.
The following are a few hardware wallets you might want to consider.
The best bitcoin wallets
Trezor is one of the oldest and most renowned brands in hardware wallets. Trezor wallets come in two styles, the Trezor One and the Trezor Model T. The Trezor One wallet has a small display and two buttons and connects to your computer or mobile device through a USB cable.
Setting up the Trezor wallet is pretty easy. When plugging it to your computer for the first time, the device’s display shows the address to the website where you can install the accompanying wallet software and you can download the latest firmware on the device.
When setting up your device and wallet, you set a PIN to protect your Trezor against theft. You will use this PIN every time you want to use the Trezor One wallet. Without your PIN code, your device will be useless.
The Trezor also generates a “seed phrase,” a series of 24 words that you must write down and store away. Seed phrases are a common feature of all cryptocurrency wallets and are meant to restore your private keys in case you lose your device or forget your PIN code. You should store the seed phrase somewhere safe and offline because if someone finds it, they’ll be able to recover your private keys and access your Bitcoins without your Trezor wallet.
After you complete the Trezor setup process, your private keys are generated and stored on-device. The Trezor wallet website will enable you to see your cryptocurrency balance. To make payments, you need to connect your Trezor to your computer and sign the transaction with your private key by pressing the confirm button on the device.
The Trezor wallet application supports multiple accounts on Bitcoin, Bitcoin Cash, Ethereum, Litecoin, ZCash and a bunch of other currencies. Trezor also supports integration with other wallet applications such as MyEtherWallet, Electrum, and MyCrypto, through which you can store even more types of currencies and tokens.
The best feature of Trezor One is its history. It’s has been protecting private keys since 2013, when it first shipped. Aside from that, Trezor has a couple of subtle features that can protect you against common threats to cryptocurrencies. One of them is the changing numpad. Every time you want to enter your PIN, the Trezor generates a new numpad layout. This is meant to protect you against malware that records your keystrokes or your screen.
Another protective measure is the display of payment addresses. Every time you want to make a payment through your Trezor wallet, the device displays the destination address. You can compare it with the one shown on your computer screen to make sure that you haven’t become the victim of malware such as CryptoShuffler, which swap bitcoin addresses when you copy and paste them.
The Trezor wallet also comes with no pre-installed firmware and you must download and install its firmware directly from the company’s website when you unbox it. This to make sure that you don’t receive a device that has been pre-loaded with potentially malicious code.
Finally, the Trezor wallet has safeguards against brute-force attacks to reveal its PIN code. The device causes a delay between incorrect entries of the PIN code that doubles with every wrong entry. So, for instance, if you make several wrong guesses, the wait time increases to several days. By the time you reach your 30th guess, the delay will have increased to years.
Trezor Model T
Trezor released the Model T earlier this year. The new device is a bit bigger than the Trezor One, has a larger display and has replaced the two buttons with a touchscreen. This addition allows the Model T to perform all security functions such as PIN entry and key recovery on-device as opposed to performing it on a computer.
The Model T also has an SD card slot, which does nothing at the moment. The Daily Dot reached out to the Trezor team and they said that in the future, they will add features that will enable to encrypt and store data on SD cards.
Model T also adds support for more currencies such as Monero, Lisk, and Dogecoin.
Ellipal introduces itself as “Cold Wallet 2.0.”
Cold wallets are cryptocurrency wallets that are never plugged to an internet-connected device. Cold wallets provide maximum security for your digital currencies, but they come with a considerable user experience tradeoff. Spending coins stored in a cold storage is usually a complicated and time-consuming process.
Ellipal solves the user experience problem with a hardware wallet that enables easy-to-use payments without any wired or wireless connection to the internet. The Ellipal wallet is comprised of two components: A mobile app, which you install on your smartphone and use to check your account balance and make payments, and the hardware wallet, which stores your keys and signs transactions.
On the outside, the Ellipal hardware wallet looks like a small smartphone. It has a large 4-inch touchscreen display and a camera on the back. However, it’s completely offline. The device has no Wi-Fi, NFC or Bluetooth components. It does have a micro-USB port, but that is only for charging the device and gives no access to the device’s data.
Ellipal supports multiple accounts for Bitcoin, Bitcoin Cash, Ethereum, and ERC-20 tokens. When you set up a new account on your hardware wallet, you set a name and password, and the device creates and stores the private key. The wallet also generates the seed phrase for recovering your private keys (Ellipal calls it “mnemonic words”), which you must write down and store away in a safe place.
When you want to connect your account to the Ellipal mobile app, your hardware wallet generates a QR code that you scan with your phone. This obviates the need to connect the Ellipal hardware wallet to your phone through a cable or wireless connection. Once you connect your account to the Ellipal app, you can check your balance and payments history.
When you want to send money, the Ellipal app generates a QR code for the payment. You need to scan this QR code with your hardware wallet, which then signs the transaction with your private key and generates a new QR code. You must then scan the final QR code with your smartphone app to complete the payment. The Ellipal wallet also shows the textual representation of the destination address so you can make sure it hasn’t been tampered with.
Compared to hot, connected wallets, exchanging QR codes between devices is not very user-friendly. But let’s not forget that this is a cold storage wallet, which means it gives you a considerable security advantage while also giving an improvement to the user experience when compared to other cold wallets.
The best security feature of the Ellipal wallet is that it is fully isolated from the internet. But it also has several other interesting safeguards, such as strong on-device encryption of keys and pattern screen locks to prevent anyone with physical access to the device from accessing the keys. If you enter the screen lock pattern incorrectly 10 times, the device automatically wipes all its data and resets itself to factory condition. And of course, when you want to make a transaction, you also need to enter your account password.
The Ellipal app enables you to exchange coins between the different cryptocurrencies you hold in your wallet, and also features a news section, where you can get the latest updates about the crypto and blockchain industries. These are good features if you plan on doing active trading with your Ellipal wallet.
But when considering purchasing a hardware wallet, try to focus more on the security capabilities and less on the peripheral features.
CoolWallet S is a super-thin hardware wallet, almost the size or a credit card. Like many other hardware wallets, CoolWallet has two parts: a hardware unit and a mobile app.
The CoolWallet device has a button and a small display screen, and pairs with your phone through Bluetooth after you install the app.
When setting up a new account with you CoolWallet S, you create the recovery seed phrase. CoolWallet lets you set the length of the seed phrase it generates to 12, 18 or 24 words. Naturally, longer seeds are more secure and harder to guess.
Once you’ve set up your account, you can use the app to generate QR codes to receive payments and to view your history. When you want to send payments through the app, it prompts you to press the confirmation button on the CoolWallet S device, which then signs the transaction with your private key and sends it back to the app. By default, the device only displays the amount you want to send and doesn’t show the address of the receiver, which is not a good thing.
But the app has a setting that allows you to review the full receiver address on the device before confirming a payment. You should activate it to make sure your payments are going to the right address.
CoolWallet S supports Bitcoin, Bitcoin Cash, Ethereum, Litecoin, Ripple and ERC-20 tokens in a single wallet. The thinness of the CoolWallet S is perhaps its “coolest” feature. You can carry it around in your wallet, which is much more convenient than other hardware wallets. However, since you won’t be using cryptocurrencies for your day-to-day expenses, it’s more of a gimmick.
The most questionable feature of the CoolWallet is its Bluetooth connection, which is less safe than a wired connection or an offline wallet. Wireless connections are always susceptible to eavesdropping and tampering. Since CoolWallet S never transmits private keys over Bluetooth, you don’t need to worry about someone stealing your keys over-the-air. The device also uses strong encryption to store your keys and to send signed transactions to your phone.
However, the company’s website recommends to always check to make sure your smartphone and hardware wallet are correctly paired before confirming a payment. Also, double check the destination address of your payments to make sure you’re paying the right person.
A few final notes on bitcoin wallets
Hardware wallets are a good option to secure your cryptocurrencies. However, they are not perfect solutions and need certain precautions.
First, make sure your hardware wallets are in a safe place. Unless you’re sending crypto-payments frequently, don’t carrying around your hardware on your person.
Second is the password, PIN code, or pattern that protects the device. Make sure you choose a passcode that is not obvious and easily guessable, but also not so hard that you’ll forget it yourself. And don’t write down your PIN code on your fridge door and don’t Sticky-note it on your work desk.
Finally, the seed phrase is very important. You’ll need it to recover your private keys in case your device gets stolen, lost or destroyed. If you ever lose your device, the first thing you should do is to recover your private keys and transfer your funds to a new address. This is to make sure that if someone else unlocks your device, they won’t be able to access your bitcoins.
After all, if you don’t get the basics of security right, even the best wallet won’t make a difference.