What are hardware wallets? Are they really the safest way to store
Bitcoins and other cryptocurrencies? Can they be hacked? And what happens
if I lose my hardware wallet? Are my coins lost? Well, stick around. Here on Bitcoin Whiteboard Tuesday,
we’ll tackle these questions and more. Hi, I’m Nate Martin from 99Bitcoins.com and welcome
to Crypto Whiteboard Tuesday where we take
complex cryptocurrency topics, break them down and translate them
into plain English. Before we begin,
don't forget to subscribe to the channel and click the bell
so you’ll immediately get notified when a new video comes out. Today’s topic is hardware wallets. But before we dive deep
into hardware wallets we need to understand
how any Bitcoin wallet works in general. The term Bitcoin wallet
is a bit misleading, as a Bitcoin wallet
doesn’t really hold any Bitcoin.
Technically speaking, a Bitcoin wallet is a software
that holds passwords, sometimes referred to
in cryptographic terms as keys. These keys give your wallet access
to the Bitcoins allocated to it on the Bitcoin transaction ledger
called the blockchain. So when you use any Bitcoin wallet, you’ll encounter two important terms. The first is a Bitcoin address, this is what you send to people
who want to pay you in Bitcoin, kind of like an email address. The second is a private key. The private key allows you to access
and control the Bitcoins you own. For our email account analogy, you might think of your private key
as the password to your email account. Aside from holding your private key, the wallet also signs Bitcoin transactions
on your behalf using your private key, and broadcasts them
to the Bitcoin network. Let me explain: When you want to send Bitcoins
to someone else, you need to prove ownership
of those Bitcoins to the whole network so it will agree to change
the ledger of transactions.
To achieve this, your Bitcoin wallet takes
your requested transaction, signs it on your behalf
using your private key and broadcasts this digital signature
to the network. In a nutshell, a digital signature is a way to prove
you own a certain private key without needing to expose it. It’s done through the use of
complex mathematical rules known as cryptography. This whole process is kind of similar
to you signing a check authorizing the transfer of money
from your account.
Once a transaction is signed, the wallet then broadcasts it
to the whole network which validates its authenticity. Eventually, this transaction will be entered
by Bitcoin miners on to the blockchain, and the transaction
will be considered complete. So, what does this all have to do
with hardware wallets? If my wallet is just a piece of software, why can’t I just have it on my computer,
like any other software I use? Well, as you probably know, stealing a piece of information
from a computer isn’t that hard these days.
And if the computer running
your Bitcoin wallet is infected with malware it may expose your private key
to bad actors. Hackers may be able to take control
over your computer or see what’s displayed on your screen. And once your private key is exposed, your Bitcoins are no longer
under your control. They could be easily transferred
to anywhere the hacker chooses. In order to avoid this situation
you have two options: First – You could make sure your computer
is completely malware free. While this may sound easy, most viruses are either disguised
as legitimate software or have a way to avoid detection
by Antivirus software.
The other option would be to use
a wallet that is “immune” to malware, so to speak,
keeping your private key safe. This is exactly what hardware wallets
are designed to do. Simply put, hardware wallets are computers that have been stripped down
of all logic except for a small screen,
a button or two and the simple action of storing keys
and signing transactions. Hardware wallets look like
small USB devices, and they offer a minimalist approach
to security. This is based on the logic that
the more complex a device is, the more opportunities hackers have
to infiltrate it. In the case of hardware wallets,
the device is so “dumb” it’s practically impossible to hack
or infect it with anything.
Due to that simple design, hardware wallets can’t connect
to the Internet or run complicated apps. They are just a form of storing
your private key offline. This approach is known as cold storage, unlike devices that connect to the Internet,
which are called ‘hot wallets’. So how do hardware wallets work exactly? Well, let’s say you want to send
a Bitcoin transaction using a hardware wallet. The first thing to know is that because a hardware wallet
is such a simple device that can only sign transactions, it needs to use
a more sophisticated computer for all other functions, such as preparing the transaction
and broadcasting it to the network. So in order to use a hardware wallet you’ll need to connect it
to your personal computer and download a program
that can communicate with it.
We’ll call this program a bridge. The bridge will allow you to prepare
your transaction for signing. The hardware wallet allows
only very specific types of data to pass through to it,
such as cryptocurrency transactions. Once it receives a transaction
from the bridge program, it signs it on the hardware wallet itself and then sends it back
to the bridge program. Your private key never leaves
the hardware wallet. The only thing that gets transferred between your computer
and the hardware wallet is the unsigned and signed transaction. Because of its minimalistic
and simple design, a hardware wallet can be used
with any computer without fear of being hacked or infected – even a public library computer
or your mom’s laptop 🙂 The only thing you’ll need to do
to make sure your Bitcoins are safe is to make sure the transaction
you’re approving on the hardware wallet’s screen matches the transaction
your bridge program is showing on your personal computer.
Today there are over a dozen companies
that offer hardware wallets on the market, with the three market leaders being
Ledger, TREZOR and KeepKey. Each company offers different models
with different features. If you’d like to read all about
the different models on our site, there’s a link in the description below. There are many features to compare
between the different hardware wallets. Some things to consider,
aside from company reputation, include how many different coins
the device can support, and whether you can control it
from your mobile phone as well as from your computer. Setting up a hardware wallet
is fairly easy. The main thing to do is write down
the set of words you’ll be given when initializing the device. These words, also known as a seed phrase
or mnemonic phrase are a way to restore any private key
your hardware wallet generates. This also means that whoever
might get a hold of these words would also control your Bitcoin, so it's important to keep
your seed phrase written offline and in a safe place.
Before we conclude today’s episode, I want to go over some common
hardware wallet risks you should be aware of, and how to avoid them when possible. The first risk is that someone
may tamper with your device when its onroute to your home
for the first time. To avoid this, all reputable hardware
wallet manufacturers use a special holographic sticker
to prove the wallet was never opened. If you receive a wallet
and this sticker isn’t in tact, don’t use that wallet. While some wallets also run
a self tampering test when initializing, it’s better to stay on the safe side. In order to minimize this risk even more, always buy a hardware wallet
straight from the manufacturer’s website.
If you want to buy from a reseller, make sure that he’s an authorised
trustworthy reseller by contacting the manufacturer first. Closely related to this issue
is the fact that your seed phrase should be generated at random
by your wallet upon setup and is not sent to you with the device. There’s a good reason for taking
all these safety measures seriously. For example, one unfortunate user
bought a hardware wallet from a bad actor on Amazon and received a wallet with a card
containing a preconfigured seed phrase. He was instructed to initiate the device
using this existing seed phrase. The user wasn’t very tech savvy
and did what he was instructed, only to find out that
once he deposited coins into that hardware wallet they were quickly removed by the hacker
that had knowledge of the preconfigured seed. Another risk to be aware of is that your hardware wallet device
may be stolen or physically accessed
by unwanted individuals, also known as the evil maid attack.
Most, if not all hardware wallets today,
include a PIN protection. So even if your device is stolen it may take the thief a while
before he can access your coins. Once you notice your device is stolen you should immediately use
your seed phrase to recover your Bitcoins and send them to a new wallet
with a different seed phrase. This will basically drain
your stolen wallet from all of its funds and allow you to keep safe control
over your Bitcoins.
Another very unusual but possible attack
is the “$5 wrench attack”. This refers to when someone
physically threatens to hurt you, with a $5 wrench, if you don’t hand over
your hardware wallet and unlock it with your PIN code. In order to protect
from these kinds of physical attacks certain wallets, such as TREZOR, allow you to add another layer
of protection called a passphrase.
This means you’ll be requested to add
an additional passphrase after the PIN code. However, you can set it up so that different passphrases
will show only certain accounts on your wallet. So imagine having a dummy account
on your wallet with only a small amount of coins and a real account
with the majority of your funds. When someone forces you
to unlock your wallet you can use the dummy passphrase and it will seem that the wallet
only holds a small amount of coins, not revealing your complete holdings. A very common fear
people usually express regarding hardware wallets is what happens if the wallet manufacturer
goes out of business? Well, the seed phrase technology
used in most hardware wallets today is compatible with multiple wallets: it’s not unique to any specific company.
Therefore, if a certain company
goes out of business you can recover your Bitcoins
directly to another company’s wallet using your seed phrase. As you probably understand by now, your seed phrase has a lot of power and it can be used in many cases
to recover your Bitcoins, including if your hardware wallet
breaks or gets damaged. Well, that’s it for today’s episode
of Crypto Whiteboard Tuesday. Hopefully by now you understand
what a hardware wallet is – A small device that holds
your private keys and signs transactions offline
keeping your Bitcoins safe. You may still have some questions. If so, just leave them
in the comment section below. And if you’re watching this video
on YouTube, and enjoy what you’ve seen,
don’t forget to hit the like button. Then make sure to subscribe
to the channel and click that bell so that you’ll be notified
as soon as we post new episodes.
Thanks for joining me
here at the Whiteboard. For 99bitcoins.com, I’m Nate Martin,
and I’ll see you…in a bit..