This article reviews safe practices when utilizing a hardware wallet. While most hardware wallets themselves are safe, the devices they connect to may not be.
There are many types of digital asset/crypto wallets on the market. I personally use the Trezor model T for my long-term holdings. This model has a color touchscreen, it is safe, but expensive. There are several other options, a second great option would be Ledger or the Trezor model one, here is a link for the Model one if you are interested [Trezor1].
Ledger tends to be more user friendly and offer some advanced features which I tend to avoid when I want straightforward cold storage. The Ledger offers Bluetooth compatibility as well as mobile connectivity. I would only recommend buying hardware wallets directly from their website, scammers have been known to open the devices and keep the secret phrase after repackaging the device. They have also been known to add malicious firmware to devices. Devices directly from the source should be unopened and have several tamper proof seals.
Hardware wallets although generally very safe are only as safe as the devices they connect to. For a quick read on some general safety tips check out our article or series [here]. Trezor provides a list of common threats in this [article]. The most common scam I see even very knowledgeable investors fall for is phishing. Phishing is when scammers create fake website links/images.
Hardware Wallet Possible Attacks
The fortress that is a hardware wallet will not keep you safe from interacting with scam websites. ALWAYS check the website address you are connecting to. I recommend saving all verified websites you interact with as favorites on an encrypted browser such as [Brave]. Another less common attack vector involves spamming for the users PIN. This tends to be less common because the more attempts, the longer the attacker needs to wait to try another PIN. The device also wipes itself after a certain number of attempts.
By utilizing a VPN, it is less likely that attackers will know you are interacting with blockchain technology with your computer. I personally use Nord VPN, but any added layer of security will do, this is a small fee for another layer of defense. VPNs work by encrypting your internet traffic and attempting to hide your IP address . Less likelihood of scammers/hackers knowing you utilize crypto through your computer is helpful.
Another way users put themselves at risk is when they attempt the recovery process on a virus infected computer. One of the beauties of hardware wallets is that you can always recover your funds with your secret phrase. If one were to lose their hardware wallet, they can purchase another of the same brand, and recover funds by connecting to their preferred device and typing in the secret phrase.
This method offers another vector of attack to hackers, if a virus is present on the computer the phrase can be compromised. Trezor has gone through great lengths to minimize these potential threats. The main reason I use the model T is that the secret phrase request is on the device itself (not the computer) which avoids keyloggers entirely. Even if a logger were to obtain a phrase it could take years to crack the correct order of the phrase words.
The remaining areas that scammers and hackers use to attack hardware wallets are the least common. Typically losing a computer would not effect users since the hacker would also need the hardware wallet, its associated PIN, and likely the secret phrase. There is a risk that the hardware wallet servers can be attacked but Trezor does offer custom backends to avoid this minimal possibility. They also focus much of their efforts on server security and managment.
Combining all of these defense mechanisms together will help maximize safety when interacting with a hardware wallet. It is important to remember that these are best used for long-term storage, and not common trading/flipping of assets. Every time the device connects to a computer there is a risk of one of these exploits. For users who wish to trade often, a second wallet is recommended. I tend to avoid interacting on my cellphone since phones tend to be far less secure than a PC with a VPN and encrypted browser. I also avoid new methods of connection such as Bluetooth or internet connectivity since these increase exploitation risk. Please remember stay safe out there, none of this is financial advice!