How Do Hardware Wallets Keep Crypto Safe?

Interest in cold storage systems like Ledger and Trezor has skyrocketed following the bankruptcy of FTX.

AccessTimeIconNov 21, 2022 at 11:08 p.m. UTC
Updated Apr 10, 2024 at 3:14 a.m. UTC

After crypto exchange FTX’s sudden collapse in November 2022, sales for a particular piece of hardware blew up: hardware wallets that let owners hold and move crypto without being constantly connected to the internet. Sales for Ledger, one popular manufacturer of these wallets, hit an all-time high on Nov. 13, capping off the best week ever, then peaked again the next day. The rush of new activity signaled a renewed interest in the technology. But what exactly is a hardware wallet, and do you need one to protect your crypto?

What is a hardware wallet?

Taking a step back, cryptocurrency wallets are like the financial email addresses of the crypto-verse. Just as email accounts can blast out text messages to other account holders, those with the keys to a crypto wallet can send or receive cryptocurrencies from any other wallet on a blockchain. The public key is like your email address; anyone can send to it. The private key is like the password to your email, and only you should know it. To access the crypto inside a wallet, you’ll have to know this password or private key. To recover access or set up the wallet on a new device or browser, you’ll need a 12- to 24-word “seed phrase” that reinstates access to the wallet.

Most wallets live inside browser extensions or web apps. These are called “hot wallets” because they live directly on the Internet and are based on your computer or mobile phone. You don’t need to enter your private key every time you need to use one of these wallets; enter it just once and you’re good to go. They’re very convenient and almost always free. But if someone steals or hacks your computer or phone, they might be able to access your crypto.

That security risk led to the invention of the hardware wallet – a cryptocurrency wallet that is not connected to the internet at all times. Instead, keys to the crypto wallet are stored on a tiny device about the size of a USB stick. This plugs into the computer each time you need to send crypto or interact with a decentralized finance protocol.

There are two main brands, Ledger and Trezor, and both offer similar services. A Ledger Nano S Plus wallet costs about $79, while Trezor's Model One is about $50. The differences between the models sold by hardware companies cover the number of cryptocurrencies they support, the security architecture itself, and the screens, buttons or battery life of the device.

When you plug your device into your computer, you connect to the hardware wallet’s proprietary desktop application. Ledger’s is called Ledger Live and Trezor’s is called Trezor Suite. From there you can interact with a handful of decentralized finance (DeFi) protocols or send crypto. These applications do not work without the hardware wallet. When you need to interact with the blockchain, you’ll have to confirm the transaction directly from the wallet.

Hardware wallets can be a bit of a pain to use. The most popular model from Ledger, for instance, only has two buttons, and it takes a lot of tedious button-pressing to enter the four-digit numeric passcode that protects the wallet. But these wallets’ safety make them popular with HODLers who’d rather not keep the bulk of their crypto on an exchange or in a hot wallet.

Are hardware wallets safe?

These wallets are only as safe as the user. Consider them the crypto equivalent of stuffing cash under the mattress. If someone steals your Ledger and knows your passcode, they can take funds from your wallet. The most important thing is the seed phrase that the wallet generates – something these companies encourage users to store in a safe place. If that is stolen or lost, your holdings are toast.

The companies that create hardware wallets cannot reverse blockchain transactions, so there’s no margin for error. Consider the case of one Redditor, a “very technical person,” who kept their wallet in a fireproof case, then woke up one day having lost their life savings. Their mistake? “I have just realized that I did take the screenshot of 24 seeds and stored on google drive. The seeds were kind of encrypted and Words were swapped but it seems hacker managed to figure it out.”

Still, lots of traders consider it better to take the risk with a hardware wallet than to hold funds on a centralized crypto exchange or hot wallet. There’s no way of knowing, definitively, how a crypto exchange invests your funds, and it’s harder to prevent a hot wallet from being hacked. If you want to keep your funds in a hardware wallet, make sure not to let anyone know the seed phrases, and certainly don’t make digital copies; that’s a recipe for disaster.

This article was originally published on Nov 21, 2022 at 11:08 p.m. UTC


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Robert Stevens

Robert Stevens is a freelance journalist whose work has appeared in The Guardian, the Associated Press, the New York Times and Decrypt.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to to register and buy your pass now.