Trading Basics

Hardware Wallets for Crypto

A hardware wallet is a physical electronic device that stores cryptocurrency private keys in a secure chip isolated from the internet. All transaction signing occurs on the device, preventing malware or remote attackers from ever accessing the private key. Leading hardware wallets include the Ledger Nano series, Trezor, and Coldcard (Bitcoin-focused).

A hardware wallet is the closest thing to a vault in crypto. When FTX collapsed in November 2022 and millions of customers lost access to their funds overnight, hardware wallet owners who had withdrawn their Bitcoin and Ethereum to self-custody were unaffected. When crypto security experts discuss "best practices," the hardware wallet is the non-negotiable starting point for anyone holding meaningful value.

How Hardware Wallets Work

A hardware wallet contains a secure element chip — similar to the chip in a credit card or passport — that generates and stores private keys in complete hardware isolation. The chip is designed so that the private key never leaves the device under any circumstances. When you want to send a transaction:

  1. You initiate the transaction on your computer or phone (using companion software like Ledger Live or Trezor Suite).
  2. The transaction data is sent to the hardware wallet via USB or Bluetooth.
  3. The hardware wallet displays the transaction details on its own screen (separate from your potentially compromised computer screen).
  4. You physically confirm the transaction by pressing a button on the device.
  5. The hardware wallet signs the transaction internally and returns the signed transaction to the software — which broadcasts it to the blockchain.

At no point does the private key leave the device or touch the internet. Even if your computer is running sophisticated malware that has compromised every other security layer, the malware cannot execute a transaction without your physical confirmation on the hardware device.

Major Hardware Wallets Compared

Ledger Nano X / Nano S Plus: The most widely used hardware wallets globally. Supports 5,500+ coins and tokens. Connects via USB-C and Bluetooth (Nano X). Uses a proprietary secure element chip (CC EAL5+). Companion software: Ledger Live. In 2020, Ledger suffered a customer data breach (email/address database, not private keys). The devices themselves were not compromised, but the breach exposed hardware wallet owners to targeted phishing — a reminder that product security ≠ company security.

Trezor Model T / Model One: The original hardware wallet manufacturer. Open-source firmware, which security researchers can audit. The secure element chip is not fully proprietary, making it slightly more vulnerable to physical extraction attacks with specialist equipment (very low practical risk for most users). Companion software: Trezor Suite. No Bluetooth — USB only. Wider open-source community trust due to firmware auditability.

Coldcard Mk4 (Bitcoin-only): The highest-security option for Bitcoin-only users. Air-gap capable (no USB connection required for signing — uses microSD cards). Fully open-source. Used primarily by high-net-worth individuals and Bitcoin maximalists. Steeper learning curve than Ledger/Trezor.

Setting Up a Hardware Wallet Safely

  1. Buy only from the official manufacturer's website. Never buy a used hardware wallet or from a third-party marketplace. Supply chain attacks (pre-configured devices with compromised firmware) are a documented attack vector.
  2. Verify the device hasn't been tampered with using the manufacturer's security checks before first use.
  3. Generate your seed phrase on the device itself — never import a seed phrase generated elsewhere on first setup.
  4. Write down the seed phrase manually on the provided recovery sheet. Never photograph it, type it, or store it digitally.
  5. Store the seed phrase separately from the device — in a fireproof safe, safety deposit box, or split between two secure locations.
  6. Test recovery before loading significant funds: Use the device's recovery test feature to verify your seed phrase is correctly written down.
  7. Always verify the receiving address on the hardware wallet screen before authorising a send. Clipboard-hijacking malware replaces copied addresses — the hardware wallet screen shows the actual destination.

When to Move to a Hardware Wallet

There's no universal dollar threshold — it depends on personal risk tolerance. A practical benchmark: if your crypto holdings represent more than 1–2 weeks of income, the cost of a hardware wallet ($60–$150) represents meaningful insurance against exchange collapse, exchange hack, or hot wallet compromise. Given the documented collapses of major exchanges, erring on the side of self-custody sooner rather than later is sound risk management.

Summary

Hardware wallets store private keys on an isolated secure chip — transactions require physical device confirmation, preventing remote attacks. Ledger and Trezor are the most widely used; Coldcard is the gold standard for Bitcoin-only security. Buy only from the official manufacturer, generate seed phrases on the device, and store the seed phrase in a physically secure offline location. Move significant holdings to self-custody rather than relying on exchange security.

Related topics: cold wallet, crypto tools.

Free Tools for This Concept

Risk & Position Size Calculator
Enter your account balance, risk percentage, entry price, and stop-loss to instantly calculate position size, dollar risk, and R:R ratio.