Should you use a hardware wallet?
Welcome to CryptoCodeReview! Today we will be discussing hardware wallets - what are they, why should you use one, and where to find one.
First off, I’d like to explain something to you about your computer. You may not believe this, but it’s the truth. Every single program on your computer has bugs in it. Any non-trivial piece of software has bugs in it. What is a bug? It is an error or flaw in computer software that causes it to produce an incorrect or unexpected result, or to behave in unintended ways (Wikipedia).
Again, every single software program has bugs in it. Even the most complex and advanced software, such as the Chrome Web Browser, or the Linux kernel, have hundreds if not thousands of bugs in them. Virtually all software ships with bugs, as developers have limited time and spend their resources on the most serious bugs only. Every time your phone updates an app, the update is likely fixing bugs as well as adding new features. It’s an inevitable fact of life, like the sun setting every day.
For an example of a serious bug that you may have not heard about, check out Heartbleed. It was a bug in a cryptographic library used by just about every major website. It was introduced in 2012 and was considered a “catastrophic security bug” or the worst vulnerability ever found. It was eventually patched two years later, but to this day there are devices vulnerable to it. This was a serious bug in one of the most maintained and well tested pieces of code in existence.
My point is that bugs happen regardless of the sophistication of the software. Some are publicly known, but others are not yet discovered. There are groups of people, some backed by governments, whose job it is to find and exploit vulnerabilities in popular user-facing applications. Ultimately, you can trust the software on your computer to a degree, but don’t blindly trust it. Same for your phone.
So now you are aware that every software has bugs, and you can’t put unlimited trust in your computer. Why is this important? It brings me to my next point, about crypto and private keys. If you hold crypto, it’s likely in the form of public/private keys – the private key is what you are meant to secure. The private key is basically just a really big random number – I will do a follow-up post to explain it more. But the point is, this number must be kept secure at all times. If your key gets stolen, that’s it. There’s no bank to call, no customer service, your crypto is just gone instantly. This happens every day, and billions of dollars a year are stolen from people getting hacked and losing control of their private keys. As an individual, you are going up against the most advanced government sponsored hacking groups in the world when trying to secure your private keys on your computer.
How can you possibly keep your key on your computer or phone securely in such an error-prone and risky environment? The simple answer is, you don’t. You never even put your key in a place where it can get stolen. You instead generate a key on a dedicated device, known as a hardware wallet, and keep it secure in a safe location. You use only the hardware wallet to make crypto transactions. The hardware wallet comes with software. We’ve already learned that all software has bugs in it. But since the keys themselves never leave the hardware wallet by design, it’s a much more secure setup. Even if the program on your computer is completely compromised, it’s difficult if not impossible to extract the private key from the device.
A little personal story. I have gone to a Best Buy in New York City (the one by Union Square), bought a random laptop off the shelf, and ripped out all the components including the networking card to use the computer as a safe place to store keys. That was part of my job that day at a crypto startup. Instead of that, I recommend buying a hardware wallet instead. They are not very expensive. You can even buy an extra and give one to your friends.
There are two main options for hardware wallets - Ledger and Trezor. Both are good, and I prefer the Ledger. It’s a beautifully designed piece of hardware with intuitive software included. I am not affiliated with them in any way. A minor detail: Always buy the hardware wallet from the manufacturer’s website directly. Never buy one from Amazon or another 3rd party retailer. Be careful who you trust. If the package appears torn or opened, return it immediately.
So in conclusion, I hope you learned something and enjoyed this post. There is literally zero reason to be a crypto enthusiast and not use a hardware wallet. It’s not optional, like using a condom. It’s required.
The alternative to hardware wallets, known as self custody, is to trust another party, like Coinbase, to handle your funds for you. That may be a preferable option to some users, but the true promise of crypto is to enable each person to be their own bank. I say this as a happy Coinbase user since 2014. Don’t put all your eggs in one basket as they say.
Please like this video if you enjoyed it, and don’t forget to subscribe to CryptoCodeReview for more great content. Thanks for reading!