Everything in our world is relative. Early software crypto wallets were good for their time. The cutting situation changed when the cryptocurrency began to rise in price and hackers became interested in it. One such successful cyber-heist about 10 years ago spurred a search for more secure ways to store digital coins. As a result, hardware wallets appeared on the market.
They do not have a permanent connection to the Internet, and therefore are not very convenient for everyday cryptocurrency transactions. However, popular modern models have quite rich functionality. In addition to actually storing coins in some of them, it is possible to track the BNB to BTC exchange rate, exchange coins and buy crypto for fiat.
Since coins are stored offline most of the time, hardware storage is indeed much more reliable than software storage. However, they also have vulnerabilities.
Why hardware storage of crypto is considered safe
With all the variety of design solutions, a hardware wallet is essentially a flash drive with pre-installed special software and microcontrollers for encrypting information. In the most general terms, their algorithm of work looks like this:
- When setting up the device, the user sets a PIN.
- The device creates a seed phrase to generate private keys, generates keys and encrypts. The PIN code serves as a decryption password.
- The keys are stored in the non-volatile memory of the device.
- Reading and decryption of data occurs only after entering the code.
Devices are protected from the most popular remote attacks:
- Brute force PIN. After several unsuccessful attempts to enter the code, the device destroys all information. The number of attempts for different devices varies from 3 to 10.
- Dump. The chip protects information from being copied for decryption on a computer.
- Reflashing the controller. When you try to change the firmware of the device, all information is automatically erased.
- Side channel. The wallet software encrypts the data stream to the PC so that a hacker cannot connect to the USB cable, intercept the transmitted information and extract a private key while you perform an EGLD to ETH swap or other operations.
However, progress does not stand still, and among the attackers there are undoubted talents. Unfortunately for ordinary users, they find ways to get their hands on the private key.
Let’s take a closer look at the vulnerabilities of the flagships of the hardware storage market.
Achilles heel of Trezor controllers
SatoshiLabs has open-sourced Trezor devices to help white hat hackers find potential vulnerabilities. In 2020, Joe Grand, at the request of a user who forgot his PIN code, was able to restore access.
In 2023, Unciphered, a company that specializes in wallet recovery, also announced that the Trezor Model T had been hacked. In both cases, hardware vulnerabilities in the controller were used.
This is really bad news, but not everything is so sad. SatoshiLabs claims that this put is difficult to use. First of all, the attacker will need to get the device itself. In addition to physical access, special equipment, specific knowledge and time will be required. Joe Grand spent about three months to restore access.
What’s wrong with Ledger wallets
The devices run on the BOLOS OS, which protects information from copying even when directly connected to the chip. The manufacturer does not disclose the source code. So far, there has not been a single confirmed hacking of Ledger devices.
But the thunder came from a completely different direction. In the spring of 2023, the company suddenly announced a new service: Ledger Recover. It looks like this: the user passes KYC, and Ledger splits the seed phrase into three encrypted fragments. These fragments are sent to trusted individuals in Britain, the US and France. If the device is lost, the owner can verify their identity, retrieve the fragments, and regain access to the wallet.
The innovation produced the effect of an exploding bomb. The presence of such a function clearly indicates that it is quite possible to get a seed phrase without the knowledge of the owner of the device.
How to protect your funds
Despite the presence of vulnerabilities, hardware storage of cryptocurrency still remains the most secure solution. Still, a few precautions won’t hurt.
- Buy only new devices directly from manufacturers or authorized representatives.
- Avoid simple PIN codes.
- Set additional passwords for the seed phrase to make it more difficult to extract the key if the wallet is stolen.
- Be sure to back up your keys. In case of loss of the device, restore access and transfer the coins to another wallet.
Everything that is created by the human mind will sooner or later be hacked. Therefore, no matter how safe the chosen method of storing coins would look, it is better to distribute your money between several wallets.