How Do Hardware Wallets Keep Crypto Safe?

After crypto exchange FTX’s sudden collapse in November 2022, sales for a particular piece of hardware blew up: hardware wallets that let owners hold and move crypto without being constantly connected to the internet. Sales for Ledger, one popular manufacturer of these wallets, hit an all-time high on Nov. 13, capping off the best week ever, then peaked again the next day. The rush of new activity signaled a renewed interest in the technology. But what exactly is a hardware wallet, and do you need one to protect your crypto?

Taking a step back, cryptocurrency wallets are like the financial email addresses of the crypto-verse. Just as email accounts can blast out text messages to other account holders, those with the keys to a crypto wallet can send or receive cryptocurrencies from any other wallet on a blockchain. The public key is like your email address; anyone can send to it. The private key is like the password to your email, and only you should know it. To access the crypto inside a wallet, you’ll have to know this password or private key. To recover access or set up the wallet on a new device or browser, you’ll need a 12- to 24-word “seed phrase” that reinstates access to the wallet.

Read More: Private vs Public Keys in Crypto

Most wallets live inside browser extensions or web apps. These are called “hot wallets” because they live directly on the Internet and are based on your computer or mobile phone. You don’t need to enter your private key every time you need to use one of these wallets; enter it just once and you’re good to go. They’re very convenient and almost always free. But if someone steals or hacks your computer or phone, they might be able to access your crypto.

That security risk led to the invention of the hardware wallet – a cryptocurrency wallet that is not connected to the internet at all times. Instead, keys to the crypto wallet are stored on a tiny device about the size of a USB stick. This plugs into the computer each time you need to send crypto or interact with a decentralized finance protocol.

Learn More: Custodial vs. Non-Custodial Wallets

There are two main brands, Ledger and Trezor, and both offer similar services. A Ledger Nano S Plus wallet costs about $79, while Trezor's Model One is about $50. The differences between the models sold by hardware companies cover the number of cryptocurrencies they support, the security architecture itself, and the screens, buttons or battery life of the device.

When you plug your device into your computer, you connect to the hardware wallet’s proprietary desktop application. Ledger’s is called Ledger Live and Trezor’s is called Trezor Suite. From there you can interact with a handful of decentralized finance (DeFi) protocols or send crypto. These applications do not work without the hardware wallet. When you need to interact with the blockchain, you’ll have to confirm the transaction directly from the wallet.

Hardware wallets can be a bit of a pain to use. The most popular model from Ledger, for instance, only has two buttons, and it takes a lot of tedious button-pressing to enter the four-digit numeric passcode that protects the wallet. But these wallets’ safety make them popular with HODLers who’d rather not keep the bulk of their crypto on an exchange or in a hot wallet.

These wallets are only as safe as the user. Consider them the crypto equivalent of stuffing cash under the mattress. If someone steals your Ledger and knows your passcode, they can take funds from your wallet. The most important thing is the seed phrase that the wallet generates – something these companies encourage users to store in a safe place. If that is stolen or lost, your holdings are toast.

The companies that create hardware wallets cannot reverse blockchain transactions, so there’s no margin for error. Consider the case of one Redditor, a “very technical person,” who kept their wallet in a fireproof case, then woke up one day having lost their life savings. Their mistake? “I have just realized that I did take the screenshot of 24 seeds and stored on google drive. The seeds were kind of encrypted and Words were swapped but it seems hacker managed to figure it out.”

Still, lots of traders consider it better to take the risk with a hardware wallet than to hold funds on a centralized crypto exchange or hot wallet. There’s no way of knowing, definitively, how a crypto exchange invests your funds, and it’s harder to prevent a hot wallet from being hacked. If you want to keep your funds in a hardware wallet, make sure not to let anyone know the seed phrases, and certainly don’t make digital copies; that’s a recipe for disaster.

Read more: 4 Ways to Stay Safe in Crypto