New: Wallet recovery made easy with Ledger Recover, provided by Coincover

Get started

Up your Web3 game

Ledger Academy Quests

  • Test your knowledge
  • Earn POK NFTs
Play now See all quests

The Classroom

PATHWAY G) Wallet Knowledge (Leveling Up)

chapter 2/4

What Is a Hardware Wallet?

Read 6 min
— Cryptocurrency hardware wallets are the most secure way to store your crypto private keys. 

— A crypto private key is the essential link between a crypto owner and the blockchain address where their assets are stored.

— Ledger hardware wallet is the most secure hardware wallet on the market, here we explain why

If you’ve been exploring web3 either for five minutes or five years, you’ve probably heard about hardware wallets. Like most crypto wallets, hardware wallets use a public and private key pair. These keys provide the essential link between a crypto owner and the blockchain address containing their assets.  

The public key is the address you would share, allowing others to send crypto to you. The private key, on the other hand, gives you exclusive access to the crypto or data stored at the corresponding address. While these keys sound like opposites, in fact, the public key is derived from the private key. This means the two codes are inherently linked, guaranteeing that when you send funds to a specific public address, only the person with the corresponding private key can access them. 

This is essentially true for most crypto wallets, these ones included. But hardware wallets also have a key feature: They store private keys in a specialized computer chip and sign transactions offline. While that may not sound impressive, this simple feature allowed us to create some of the most secure crypto wallets of today. 

But before we dive into the details, let’s start with the basics. In fact, what is a hardware wallet exactly?

What Is a Hardware Wallet?

A hardware wallet is a physical device that stores your private keys in an environment separated from an internet connection. Like other crypto wallets, it provides users with a way to sign transactions and interact with the blockchain.

While they are often confused with cold wallets, they are not the same thing. Cold wallets are wallets specifically for vaulting assets—they never interact with a smart contract. Hardware wallets, on the other hand, are capable of acting as cold wallets but they also have some other interesting uses. 

So what are they for exactly?

What Is A Hardware Wallet For?

Hardware wallets were one of the most important crypto innovations in previous years. To explain, the biggest risks to most owners of digital assets are online threats. And those are exactly the types of scams that hardware wallets mitigate. If you’re protecting any kind of value with your crypto wallet, you’ll want to keep your keys offline.

 Then if you want to interact with any blockchain apps or platforms, you might want to keep those interactions separated from your valuable assets. Luckily, you can do all of this and more with a single hardware wallet. So let’s explore the largest use-cases for hardware wallets:

Managing multiple accounts on multiple chains

Firstly, hardware wallets can generate private keys for multiple blockchain addresses. This means, you can manage accounts for multiple networks and different types of accounts containing different types of assets all from the same device. To keep those keys secure and easy-to-manage, your hardware wallet generates a secret recovery phrase. This serves as a master key to all of the private keys managed by that device. So, even if you have accounts on multiple networks, you can always recover your accounts with that single recovery phrase. 

Signing Transactions Offline

Their other key purpose is to sign transactions offline. To explain, this is incredibly important, as anyone with your private keys can access your crypto. Knowing that fact, bad actors will try to discover your private keys in order to steal your funds; either physically or via your internet connection. Then, once they get hold of them, they can control your whole crypto address and everything in it. 

To make sure your private keys are not revealed, hardware wallets sign your transactions offline. This means your keys are safe from any potential hackers on your internet-connected devices. And of course, it does this while allowing you to access and manage your keys–signing transactions as you see fit.

Cold Storage (Sometimes)

Some people also choose to use an account on their hardware wallet as a cold wallet. To explain, the terms “cold wallet” and “hardware wallet” are not synonymous.

So, what is a cold wallet exactly?

Put simply, a cold wallet keeps private keys offline, much like all hardware wallets – but its defining feature is that it never interacts with smart contracts, apps or unknown wallets. In other words, a cold wallet is purely for storing private keys and sending and receiving assets – not for engaging with Web3 applications. And to clarify, an account on your hardware wallet only stays cold if you do not connect it to apps and services.

While setting up this type of account is most user friendly on a hardware wallet, it’s also possible to use sound or paper wallets as your cold wallet too. That’s why these terms are not synonymous at all. However, hardware wallets are still the most popular and user-friendly way to set up and manage a cold wallet. 

How Does a Hardware Wallet Work?

So now you know what you might use a hardware wallet for, let’s look at the underlying tech behind this special device. To operate correctly, a hardware wallet must have a few different features; both digital and physical. 

A Computer Chip 

Firstly, hardware wallets need computer chips in order to store information; including your private keys and the firmware necessary for your hardware wallet to operate. The exact computer chip they might use, and the security associated with it, may differ from hardware wallet to hardware wallet. So it’s always important to check which kind of chip is in yours.

Of course, all Ledger wallets benefit from a Secure Element chip, which is one of the most secure chips in existence. This secure element chip is the same one you’ll find in your bank card or passports—and it’s specifically designed to be tamper-proof. 

An Operating System Designed For Private Keys

Then, to make sure your hardware wallet can use that chip, it also needs an operating system. To explain, the operating system of your device is the key to actually managing complex tasks. It’s responsible for running the apps on your device, while keeping them completely secure and protected from each other.

However, it’s important to note that most computer chips are not directly designed for storing private keys. Thus chips used for this purpose must have a specific operating system. This is exactly why Ledger devices use a custom operating system called BOLOS

An Interface For Interacting With the Blockchain

The interface for your hardware wallet runs on an internet-connected device such as a mobile phone or laptop. This allows you to send transactions to the blockchain including managing your cryptocurrencies and taking part in web3 communities. You might be thinking, “But I can already access the blockchain with my laptop, so what’s the point of a device that uses an interface on a separate device?”

But in fact, your hardware wallet allows you to sign transactions offline. It only uses your internet connected device to broadcast an already signed transaction. Keeping that process offline keeps your private keys protected from threats.

So how do these pieces work in practice? Let’s explore

How a Hardware Wallet Processes A Blockchain Transaction

Essentially, hardware wallets process blockchain transactions similarly to most wallets that use public and private keys. Firstly, it presents you with the intent (which is essentially the full details of a transaction in an unsigned state), then it prompts you to sign, and transmits that transaction to the blockchain. If you’re not familiar with that process, make sure you check out the full article on how a blockchain transaction works first.

But now, let’s see how each component and feature of a hardware wallet works together to illustrate this step-by-step:

  1. You connect your Hardware wallet to its interface on your phone or laptop via a cable or bluetooth
  2. You initialize a transaction using the hardware wallet’s interface
  3. Your hardware wallet presents you the “intent”, a.k.a. The details of your transaction, with the option to sign or reject its conditions.
  4. You approve the transaction by clicking “sign” in the wallet’s interface on your smartphone or laptop.
  5. Your hardware wallet will prompt you to confirm the transaction on the device itself. This is known as 2FA (two factor authentication) and ensures nobody can ever transact with your crypto private keys remotely.
  6. Your hardware wallet uses the private key in its computer chip to sign the transaction in a completely offline environment.
  7. The hardware wallet sends signed the transaction to your smartphone or laptop hosting its interface using the cable or bluetooth connection
  8.  The smartphone or laptop sends the already signed transaction to the blockchain for processing–without it ever seeing your private keys.

Of course, the process can also differ slightly from hardware wallet to hardware wallet. However, if you’re interested in Ledger devices, make sure you check out the full article on how Ledger wallets process transactions.

Hardware Wallet Risks and How to Mitigate Them

Hardware wallets keep you safe from countless crypto risks, but of course, they can’t protect you from everything. There are some inherent risks with using hardware wallets, and it’s important to understand each one to take the necessary precautions. 

The Security of your Secret Recovery Phrase and Private keys

We’ve said it before and we’ll say it again; Your private keys and secret recovery phrase are extremely important to keep secret. Anyone with access to your private keys will have access to the accounts associated with them.  But even worse, anyone with access to your secret recovery phrase will have access to every single account protected by your hardware wallet. Your hardware wallet can’t protect any of your accounts if its secret recovery phrase is compromised. Storing the backup of your secret recovery phrase is extremely important—make sure that wherever you store it, no one else knows where it is. Yes—don’t even tell your partner!

Avoiding Malicious Smart Contracts

We know that hardware wallets are perfect for protecting your assets from online threats and hacks. But unfortunately, they can’t stop you from signing malicious smart contracts.

To explain, a lot of web3 is about interacting with smart contracts, a sort of blockchain-based computer program that allows for decentralized blockchain apps and platforms. More often than not, this doesn’t pose a risk. However, not all smart contracts are friendly or kind. Malicious smart contracts might try to steal your assets. Then, not all wallets display the full details of the transactions you are signing. This makes it impossible to know for sure what you’re agreeing to, until the transaction executes. This type of signing is called blind signing, and it can pose a significant risk to your assets. 

Within the Ledger ecosystem, you can mitigate this risk by accessing blockchain apps and smart contracts using Ledger Live. Ledger Live offers clear signing, meaning you can always transact in safety. However, when using other hardware wallets, or when you might want to connect your Ledger to a platform or app outside the ledger ecosystem, you may have to blind sign a transaction now and again. 

So, how do you protect your hardware wallet from malicious smart contracts when blind signing?

Simply, by segregating your assets into multiple accounts controlled by a single hardware wallet. To explain, since you can create multiple accounts protected by a single device, and these accounts are independent from each other, you can mitigate the risk of malicious smart contracts by segregating your assets. All you have to do is set up multiple accounts and designate each for separate tasks.

To learn more about how to do this correctly, make sure you check out the full article on how to segregate your crypto assets. But essentially, splitting up your valuable assets into multiple wallets mitigates your risk because even if you sign a bad transaction with one account, your others will stay safe. That means you can transact wherever you like from the same Ledger device that’s protecting your most valuable assets. Each account operates separately.

How To Choose A Hardware Wallet

Now that you know hardware wallets are the best option for protecting and managing crypto, you might be wondering how to get your hands on your own device and which one to choose. For the full details, check out the article on how to choose a hardware wallet. But put simply, you should focus on a few key things including; its purpose, its flexibility, its accessibility and its security. 

Ledger has a hardware wallet for every use. So, if you like NFTs and customization, you might want to check out the Ledger Stax. If you prefer simplicity, you may prefer the Ledger Nano. You can rest assured that Ledger devices all benefit from the same top-notch security model no matter which one you choose. In fact, no Ledger device has ever been hacked! If you still can’t decide, make sure you check out the tool to compare crypto wallets.

How To Use a Hardware Wallet

If you’re ready to use your hardware wallet, you might want to know where to start. So, here are some of the ways you can get going with yours.

For the first time

Using a hardware wallet for the first time means connecting the device to your computer or smartphone and installing the relevant interface software. When you initialize this connection, the wallet will  automatically generate a secret recovery phrase (or seed phrase). This code is like the master key to all of the accounts the hardware wallet protects. Thus, it’s also important to keep this code hidden. From there, you can generate multiple crypto accounts and manage them on that device. Yes, that means you can store all of their private keys with that single device—protected by a single recovery phrase. 

Migrating your existing crypto to your new hardware wallet

If you already have some crypto, you can also secure your existing cryptocurrency in a hardware wallet. To do so, just open up a new account for each ecosystem’s asset on your device. For example, if you already own some ETH and some ADA, you will have to install two new accounts on your Ledger device: one for Ether and one for Cardano. From there, you can send your cryptocurrencies to those respective accounts and rest assured your crypto is secure.

If you’re moving assets from a software wallet to your hardware wallet, you may be tempted to “import” your keys over to your new hardware wallet using your software wallet’s secret recovery phrase. However, this is not particularly secure. To explain, even a hardware wallet can’t protect private keys that were already exposed online. If you were using a software wallet, you have no guarantee that your keys were never exposed—and that defeats a hardware wallet’s main purpose! As a result, it’s imperative to generate brand-new private keys for each asset.          

In the same vein, you should never import your hardware wallet secret recovery phrase into a software wallet. This would store a copy of your keys on your internet connected device, which wouldn’t be very safe. 

Ledger Crypto Security Solutions

So, now you know: Hardware wallets combine multiple security components and features to give you full control over your private keys. 

Navigating Web3 securely means staying equipped with the right tools, as well as understanding the risks you face in this new environment. Ledger’s mission is to provide you with both, so that you can explore with confidence.

Knowledge is Power.

Stay in touch

Announcements can be found in our blog. Press contact:
[email protected]

Subscribe to our

New coins supported, blog updates and exclusive offers directly in your inbox

Your email address will only be used to send you our newsletter, as well as updates and offers. You can unsubscribe at any time using the link included in the newsletter.

Learn more about how we manage your data and your rights.