The defining narrative of “not your keys, not your Bitcoin” prevails amongst the broader Bitcoin community as one of its core tenets. As cryptocurrency pioneer Nick Szabo articulated very clearly: “trusted third parties are security holes”.
When it comes to storing your Bitcoins in a non-custodial and secure manner, hardware storage wallets are the gold standard. These Bitcoin Wallets convey assurances against emerging online security threats and enable sovereign control of your private keys in combination with useful features.
Cold storage wallets are typically encrypted devices that store users’ Bitcoins offline, providing a layer of security against the evolving threats emerging from being connected to the Internet. Additionally, cold storage wallets use multiple layers of protection like seed phrases, passwords, PINs, and can even be joined to multi-signature key management services.
The market for hardware wallets has become saturated over the last few years with low-quality and replica devices masquerading as secure devices. With fraud and security threats endemic in the cryptocurrency sphere, evaluating what to look out for in a hardware wallet is a prudent measure for protecting your beloved Bitcoins.
Legitimate Bitcoin hardware wallets will store user funds offline — similar to a paper wallet, but more securely on an encrypted hardware storage with numerous security measures in place. Hardware wallets consist of several primary security features, including a Microcontroller chip (MCU), operating system, and anti-tampering authentication check.
Most hardware chips used by cold storage wallet providers are generic MCU chips — used in common appliances like microwaves and TV remotes. It is recommended to avoid hardware wallets with generic MCU chips as they are not tamper-resistant like secure element (SE) chips, which are used in applications for storing critical data such as your biometrics in a passport.
Leading hardware wallet providers like Ledger integrate SE chips into their devices, which are tamper-resistant to multiple attack vectors and can securely host applications along with their cryptographic data. SE chips in hardware wallets are a cardinal advantage that they retain over other non-custodial wallet services which store assets on user devices that are not designed for crypto asset security.
Checking for the certification of SE chips by security auditors is also a crucial assurance that they meet strict standards for security threats like backdoor attacks. The Ledger Nano S recently received the CSPN certification issued by France’s ANSSI cybersecurity agency — the first and only hardware wallet to become certified. Certification encompasses passing tests across numerous categories including firewall, identification, and embedded software.
Operating systems of hardware wallets are also one of their critical security features to analyze. Off-the-shelf operating systems could present security holes as they are not explicitly tailored towards protecting crypto assets. Additionally, hardware wallet services are rapidly adding support for more crypto assets, including intuitive interfaces and Bluetooth compatibility that are difficult to reconcile with conventional operating systems.
Ledger sets the standard for a customized operating system on hardware devices with its BOLOS hardware operating system — the only custom operating system in the market. Thanks to Ledger’s custom OS, third-party developers can install applications and isolate those applications from others securely.
Finally, the Root of Trust verification checks whether or not a Ledger device is genuine, an important validation process every time the ledger is turned on — even verifying the legitimacy of the firmware too. Device integrity is checked via referencing a valid signature from the provider, and in the case of devices like Ledger, is validated every time a user connects to Ledger Live.
Coverage and Features
Initial hardware device providers only supported a few cryptocurrencies like Bitcoin and Ethereum and had limited user-friendly capacities for users. That has changed significantly over the last couple of years. Providers like Ledger offer a smooth and intuitive crypto experience for managing assets and supports over 1100 different cryptocurrencies.
With a plethora of ERC-20 tokens operating on the Ethereum network, expanding the suite of supported crypto assets while maintaining the same security standards is an extra benefit to users satisfied with the underlying security of a wallet provider. Customized operating systems for guarding crypto assets also facilitates a smoother transition to supporting a broader array of cryptocurrencies.
Few hardware wallet providers also offer integration with third-party utility apps for services such as password management and compatibility with other wallet services.
When evaluating Bitcoin hardware wallets, security should always be your priority. Cold storage is the storage method of choice for custodians and exchanges, so it is the prudent move for securely storing your Bitcoins as well. As the market for hardware wallets continues to evolve, you should always emphasize security first before moving into additional features beyond that. Always remember: “not your keys, not your Bitcoin.”