You may have heard about hardware wallets but have you ever wondered how does it work? Or even how does it do it's job? If someone handed a hardware wallet to you, do you know how to operate it? Well, if you didn't, then stick around. I am going to explain all you need to know about hardware wallets in this article. I recommend watching this YouTube video by 99Bitcoins as they have clearly explained the concepts behind hardware wallets in depth.
What exactly is a wallet so to speak?
For the sake of simplicity, let's use bitcoin wallets to explain how a wallet works. The term - bitcoin wallet - is misleading because it doesn't hold any bitcoins; rather it is a computer program that simply hold passwords or in blockchain terms - keys. Whomever owns the keys can access the bitcoins allocated to that account on the transaction ledger or in other words on the blockchain.
A wallet has got two important components - a bitcoin address (aka public address) which can be given to others who can use it to send us bitcoins and a private key, which allows the user to access & control the bitcoins belonging to that account. Think of public address or public key as an email ID and the private key as it's password. A wallet has got three main capabilities - it can store keys (private and public), it can 'sign' transactions and it can broadcast 'signed' transactions to the blockchain. Let's understand this signing of transactions in details.
Signing Transactions and broadcasting it to blockchain
In order to send bitcoins to someone, a person holding the bitcoins needs to prove ownership to his or her coins to the whole bitcoin blockchain network so that they all can agree to carry out transactions involving this account. To do that, the bitcoin wallet uses the private key from the wallet, and uses it to sign the transaction on behalf of the user. Private key, when put through the ECDSA algorithm, can generate it's corresponding public key. This is a one way function, i.e., we can generate the public key from it's private key, but we cannot generate the private key from a public key. When a wallet signs a transaction, what is happening in the background is that the wallet generates a cryptographic hash by combining the transaction details (also referred to as a transaction object), i.e. the sender's public address, the receiver's public address, the amount, & some other details, and the private key of the wallet. This hash, which now can be referred to as the digital signature, can be used to figure out the bitcoin account of the user using an ECRECOVER algorithm, which is also known as signature verification.
Once the digital signature is created, the bitcoin wallet then broadcasts it to the blockchain network where it is authenticated by verifying the digital signature which proves ownership of the coins without having to share the private key. As an analogy, you can think of it as someone signing a cheque and the bank cashier verifying it against your signature stored in the bank. The authentication is done by the miners in the network who validates the digital signature, verifies whether the account has got the bitcoins it wanted to transfer and then enters this transaction in the ledger which is the blockchain itself. After this step, the transaction will be marked as complete, which means the receiver will now have received X amount of coins send to that account by the sender as mentioned in the transaction object.
Need for a hardware wallet
This seems to be good enough as it is so why do we need a hardware wallet? Well, a digital wallet is vulnerable to hacks as the computer upon which it exists in itself is vulnerable. The private keys can easily be stolen from a compromised computer. If the value of the amount in the account is next to negligible, then it doesn't matter because a hack worth just a couple of dollars doesn't make much sense. But what if you have millions of dollars of worth bitcoin? Then that poses a problem because once the private keys are exposed, there is no getting back the coins. It's lost forever as blockchain transactions are irreversible by design.
Solution - Hardware wallets, which are mini computers with bare minimum functionalities to work as a wallet. It more or less looks like a general pen drive (refer to the picture above) and usually has a small screen, a button or two, stores keys, and can sign transactions. It can be connected to a computer using a USB wire. Hardware wallets takes a minimalist approach to security, i.e., the more complex a system, the more the chances of vulnerabilities. These devices are so 'dumb' that it is practically impossible to hack or infect with any malware programs. Now this also means that they cannot be connected to the internet and they cannot run any apps on it. They are simply meant for storing keys offline and signing transactions, and nothing else. This way of taking away the keys and storing them offline is referred to as 'cold storage', unlike devices which can connect to the internet which are known as 'hot wallets'.
How does hardware wallets work?
Say you want to send bitcoins stored in your hardware wallet to your friend. Because the hardware wallet can only store keys and sign transactions, it will need an actual computer which is connected to the internet to carry out all other operations such as prepping a transaction and broadcasting the signed transaction to the blockchain network. So, you'll need to connect the hardware wallet to your personal computer and download a program (usually provided by the hardware wallet issuing company) that can communicate with the hardware wallet. This program is referred to as a 'bridge'.
The bridge will allow you to prepare the transaction for signing. The hardware wallet only allows very specific type of data to pass through it like cryptocurrency transactions. The bridge program will send the unsigned transaction to the hardware wallet where it gets signed with the private key, and then the hardware wallet sends back the signed transaction back to the bridge program. The private key never leaves the hardware wallet. Only the unsigned and then the signed transaction gets transferred between the bridge and the hardware wallet. Because of this, you can fearlessly use a hardware wallet with just about any computer where you can simply download the bridge program and carry out the signing process. Just make sure the transaction (that is being shown on the hardware wallet's screen) that you are signing is the same as that of the one that is shown on the bridge program.
I bought a hardware wallet. How do I set it up?
This is an easy process. At first, when you boot up the hardware wallet, it will display a set of phrases know as seed phrases. Write these phrases down on a notebook which you will not lose (do not write it down on a piece of paper because if this paper is lost, your keys cannot be recovered in the event of some mishap, if that's ever needed) and keep it safe and out of reach. Make sure these seed phrases are out of reach of anybody because whomever gets a hold of these, can generate your private keys using it. So it is advised to keep it offline and in a safe place.
Once you write down the seed phrases and store it in a safe place, then connect it to your computer by using a USB wire, which is usually provided with the wallet. If not, get a compatible one and simply connect it to the computer. It will ask you to setup a PIN for accessing the wallet. Do that and then go to the hardware wallet company website to download the bridge program. For example, for the Ledger hardware wallet, the bridge program is known as Ledger Live. They offer it both as a desktop application and mobile application. Download the desktop application and install it (simply follow through the procedure by clicking 'Next' until it is installed). Then open the installed desktop application and connect the hardware wallet (there will be an option within the application for this task). Once connected, you can store your crypto assets (you will have to buy them if you don't have any) within this wallet by transferring them via the bridge program. Refer the company website for more information. You can transfer your crypto assets from various exchanges (if you have it there and if they allow it) to your hardware wallet.
Risks with hardware wallets and how to mitigate them
Be wary of the following risks a hardware wallet might face -
- Tampering: Someone with malicious intend might tamper with your wallet when it's en route to your home. To prevent this, all hardware wallet companies use a holographic sticker which covers the USB port such that if it is tampered, then this sticker has to be broken. So when you get your hardware wallet for the very first time, do check whether it's holographic sticker is damaged. If it is, do not use that wallet as it can be considered as a tampered one. Alert the company authorities and ask for a replacement.
- Not buying directly from the manufacturer: It is always safe and secure to buy directly from the hardware wallet manufacturer itself. If you have to buy from a third party dealer, check with the manufacturer first and only proceed if the seller is an authorized one. Unauthorized sellers may sell you tampered devices.
- Pre-configured Seed Phrases: The seed phrases are supposed to be configured randomly during the initial setup of the hardware wallet by itself. No legit hardware wallet comes with pre-configured seed phrases. If a wallet comes with seed phrases, do not use that to initialize your wallet because that means whomever send that hardware wallet to you has that seed phrase which can be used to recover your hardware wallet account thereby exposing your crypto assets.
- Evil Maid attack: As with any physical device, hardware wallets can be physically stolen or accessed by malicious individuals. To prevent loss of data, the hardware wallets comes with a PIN protection, which is set during the initial wallet setup. If done, then even if a third person gets hold of the device, that person will not be able to perform any action with it because in order to carry out the wallet activities, the wallet will ask for this PIN. If you lost your device, then immediately use your seed phrase, recover your account and move all your crypto assets to a different wallet as an extra safety measure.
- $5 Wrench attack: This is when someone physically threaten you with some weapon (like a $5 wrench) to hand over your hardware wallet and it's PIN to unlock it. Certain wallets, like Trezor, allows another layer of protection using a passphrase where the device asks for a PIN and passphrase combo to unlock it. You can set it up such that different passphrases show different accounts. Like you'll have two accounts, one where all of your crypto assets are stored and the other where only marginal amounts are stored. When someone threatens you to share your passwords, give them the ones which shows them the second account.
- Hardware wallet company goes out of business: The seed phrase technology is not unique to any company; it is a common paradigm. Most likely, a company going out of business shouldn't impact the users. But if they do in anyways, the users can always move their assets to a different wallet account using the seed phrase in such scenarios.
Some examples of hardware wallets
There are a lot of companies which manufactures hardware wallet, where the top three being - Ledger, Trezor and KeepKey. Each company offers different models with different features. Two things to consider while choosing a hardware wallet is the number of supported coins and ability to control the coins via a mobile or desktop application. In general, you cannot go wrong with any of these companies.
Do keep in mind that hardware wallets are expensive compared to the free digital or hot wallets. Make sure you have enough crypto assets to securely store them in these wallets. Some buy these just for the sake of it. Nevertheless, it's your money that is being used to get the wallet. Consider all the options and buy it if it is what you think is the best option for your situation.
Couple of other articles which you might be interested in:
- Is Solana (SOL) the real 'Ethereum Killer'?
- All you need to know about Security Token Offering (STO)
- All you need to know about Liquidity Pools
- All you need to know about Hyperledger
- All you need to know about Aave
- All you need to know about NFT
Check out KuCoin exchange if you haven't already for better crypto services.