Are hardware wallets compromised? Finding an alternative

Hardware wallets are widely considered to be the most secure means of storing crypto assets. How much can we trust them now and what to use instead?”

Among all kinds of cryptocurrency wallets, hardware wallets have the best reputation. They are as secure as possible: they are offline most of the time, they are not easy to hack even with physical access, there are means to hide cryptocurrency from robbers. Most hardware wallets are multi-currency, supporting several popular blockchains and tokens on them. Very handy, can be plugged in anywhere and to anything. And for all that, the price of the “hardware” is usually under $100.

As a result, the number of hardware wallets sold worldwide is in the millions. Are there downsides to such ideal storage, and what alternatives exist?

The distrust bomb was exploded in May this year by Ledger, the maker of the hardware wallet of the same name. The announcement of the new Ledger Recover service and the Ledger Live 2.2.1 TheOS firmware supporting it led to such a heated reaction that the company had to urgently delay the update and apologize to users with a clarification.

The new service gives users the ability to split their seed phrase into multiple parts and send the fragments encrypted to multiple addresses. Recovery is possible using the same web service. The manufacturer has been slammed with accusations that it can, “when absolutely necessary,” recover and share wallet owners’ private keys with authorities without their knowledge.

The company immediately explained that use of the service is strictly voluntary, and then made Ledger Recover  available only with a paid subscription. The community pretended that the apology was accepted. But the doubts remain. After all, the firmware that supports the feature remains, so the vulnerability remains.

Ledger, from its perspective, is merely enforcing EU laws requiring cryptocurrency service operators to disclose user information to regulators, as well as providing the ability to seize assets from “bad guys”. But who can guarantee that you won’t be the bad guy tomorrow?

Although the feature has been made paid for, Ledger is unlikely to be able to turn away the authorities, and, one way or another, control over wallet users’ assets will advance. Worse still, confidence has been eroded in the entire class of hardware wallets. Maybe other manufacturers also introduced a convenient function of exporting private keys long ago, but thoughtfully forgot to inform about it? After all, it’s not just bailiffs who could use it.

Who benefited from the Ledger scandal? The makers of other app wallets? Or did they get their reputations tarnished as well?

Shortly after publishing the scandalous news about Ledger Unciphered reported the possibility of hacking another of the most popular wallets, the Trezor Model T. True, if you have physical access to it and a GPU farm with specialized software. The company’s experts showed how to extract the firmware from the wallet and calculate cryptographic keys.

Trezor is actually quite bad: the manufacturer has admitted that it can’t fix the vulnerability at the firmware level. And recalling all the wallets and producing a huge number of new ones is a long and costly endeavor. Therefore, the manufacturer advises customers to come up with passwords that are as complex as possible. Trezor owners will have to keep a closer eye on their wallets and do backups more often.

There is one major difference between Ledger and Trezor. Ledger does not publish the source code of its firmware, and therefore can build in any features it sees fit without notice. Trezor and some other manufacturers publish firmware codes. But who can guarantee that the finished wallet has exactly the same version, without the slightest adjustments? This is especially true for thrill-seekers who bought a wallet through an intermediary or even by hand.

Hardware wallets

With these incidents in mind, it’s time for cryptocurrency users who previously trusted the reliability of hardware wallets to start thinking: How safe are these devices, regardless of manufacturer or jurisdiction?

In simplistic terms, a hardware wallet consists of just a few components:

  1. A general-purpose microcontroller that is controlled by firmware and executes firmware code, including owner authorization, cryptographic key writing, and transaction signing.

  2. The secure module (HSM) is the actual key store designed to prevent unauthorized access.

  3. A memory module that stores rewritable firmware and user settings.

  4. External interfaces for connection to user devices with the software wallet. It’s usually USB, but there are also Bluetooth or NFC options.

Under normal circumstances, the security level of a hardware wallet is sufficient, but does not guarantee against internal vulnerabilities: software or hardware bugs made by the vendor (this gave Trezor the opportunity to be hacked), as well as deliberate lowering of security by the vendor, as Ledger did.

However, hardware wallets have gained popularity for a reason. First, let’s try to re-evaluate the pros and cons of a hardware wallet versus a software wallet. Let’s start with the merits.

  • Small size and simple interface. Most hardware wallets are no bigger than a matchbox or car keys, and there are some made in bank card format as well. Although there are larger specimens. Small size breeds a simplified interface. A hardware wallet typically cannot function fully without an external app or web interface.

  • No tethering to a single device. The hardware wallet can be connected to a PC, laptop, smartphone or even a TV anywhere, even at the train station. So when traveling, there’s no need to carry extra weight or worry about the security of cryptocurrencies by connecting to public wifi.

  • Maximum reliability. Yes, such a statement can now be taken as an anecdote, but architecturally a hardware wallet is indeed safer than a software wallet. Private keys are generated and stored on a specialized tamper-proof chip. Only the finished signature for the transaction is issued to the outside. This is something that software wallets can’t boast of.

  • Protects even after theft. To get the keys from the secure chip, in a reasonable time, are able to professionals from special services or trained experts, but ordinary burglars will not be able to do it. Even the Trezor hack mentioned above cannot be repeated without prior preparation and serious expenses. At least the owner will have time to restore keys from the backup and transfer assets to other addresses. Even if the wallet is stolen along with its owner, the hidden wallet feature allows the owner to give only a portion of their money to the robbers.

The cons of a hardware wallet stem from its own merits.

  • Thing in itself. A flash drive-formatted device with no real operating system is limited to what the manufacturer has sewn into it. The owner of the wallet can’t add or remove anything – only wait for new firmware or buy a wallet from another manufacturer.

  • Illusion of security. Only external applications provide advanced capabilities, and they are vulnerable. For example, hackers can “slip” the wallet owner an application that completely imitates the original from the manufacturer. Using it, the wallet will safely and accurately sign the transaction, but it will spell out a different recipient address. A hardware wallet owner often thinks they are fully protected and can more easily fall for malicious app downloads or social engineering techniques that a hardware wallet has no protection against.

  • Does not store blockchain. A hardware wallet stores only the keys, but the actual state of the blockchain can only learn the actual state of the blockchain from third-party services, most often from the vendor. This disadvantage is removed by integration with a full software wallet, but the main advantage – compactness – is lost.

  • The chip does not guarantee. As the Ledger example showed, the chip may protect the keys from strangers, but it won’t protect them from those it “considers its own”. Which means that such defenses can be hacked or bypassed for more than just the sake of enforcing the law.

What to replace a hardware wallet with?

For people who are used to convenience and security, it’s hard to give up a familiar solution because of an unclear potential threat. Therefore, many law-abiding users will not object to government and manufacturer oversight. But those who understand how cryptocurrencies work and what they were created for will inevitably consider alternatives, even if they have to sacrifice something. What can people who decide to get off the hardware wallet switch to?

Going back to basics

According to Satoshi’s precepts, the most reliable cryptocurrency medium is the heaviest full wallet compiled from proven source code on a PC with Linux also built from source. Of course, you can use a powerful laptop with a large SSD instead of a PC. Plus – you can store completely locally all the blockchains you need.

On a PC, however, you can’t get by with a single application. We’ll have to put separate full wallets for Bitcoin, Efirium, Solana and other blockchains. But they will have different seed phrases as well. You can further increase security by placing each of your wallets in a separate virtual machine and running it only for transactions with a specific cryptocurrency. Long and complicated, but reliable.

This solution maximizes flexibility and security, but greatly reduces mobility. It’s also an order of magnitude more expensive. And anyway, what’s the point of comparing these dinosaurs to a tiny and so convenient hardware wallet?

A hardware wallet for the lazy

If you still want to carry your wallet in your pocket instead of your backpack, don’t want to spend money on an expensive laptop, and are willing to sacrifice some of your security, a not-so-old smartphone with no SIM card and wireless interfaces turned off is the way to go.

Yes, the smartphone is bigger than a hardware wallet, but retains a noticeable portion of its pluses. For an extra 200 grams of weight, you get a full-fledged operating system, an easy-to-use touchscreen, and the ability to install/uninstall software wallets and other apps on your own.

The main disadvantage is that the private keys are stored in the phone’s file system at best, or maybe they’ve already flown (in the most secure encrypted form, of course) to the developer’s server. No one can get them there. Except for North Korean hackers.

This option is limited to an assortment of mobile apps, which means it’s very difficult to install a full wallet on it. Unless you write such an app yourself and stick a fast terabyte drive on your smartphone. However, an Android smartphone is almost the same as a Linux computer, which means you can build an app from source code too.

A smartphone as a mass-market product, created by a large corporation and tested by millions of users, is most often already free of “childhood diseases” and most vulnerabilities. What remains to be feared is mostly bookmarks – both at the hardware level and in the operating system.

So how is it better than Ledger? If only because the smartphone firmware is unlikely to include cryptocurrency key extraction features. And the goons who took your phone away from you are unlikely to be looking for the latest NFT collection on it.

A hardware wallet of your own

And finally, the most complicated, but also the most flexible option. Don’t trust your smartphone and mobile apps? Then you can get a full-fledged microcomputer, as there are more than enough options on the market. It combines the compactness of a smartphone with more control over hardware and software, like a PC and laptop. On it, you can install your own Linux build and compile any software wallets from source code without being tied to a single developer. You can connect a monitor and keyboard to the microcomputer and work from the comfort of a laptop computer. This “self-assembling” wallet is capable of performing all transactions on its own, without connection to external devices.

But there are some inconveniences. Microcomputers usually do not have a built-in battery and monitor, which again limits the mobility of the user. And connecting via wireless interfaces reduces security.

Another hardware disadvantage of microcomputers is poor performance. Primary synchronization of multiple massive blockchains will have to wait for weeks. However, it is possible to load an already prepared transaction database from a PC. And for the current operation, their capacity is quite sufficient.

You can use an encrypted file system to keep your wallets safe in case your device is stolen. You’ll also have to deal with the problem of loading full blockchains, unless you’re willing to be satisfied with “lightweight” software wallets like Electrum. There are other details that make it very difficult to prepare a really convenient and secure wallet with your own hands, depending on the hardware solution chosen.

So, the main obstacle to deploying a universal wallet based on a microcomputer is a very high labor intensity, requiring appropriate qualification in aiti. The average user is unlikely to be able to do such work. However, it is possible to shorten the process by taking one of the partially ready-made solutions, so to speak semi-finished products. In the techie community they are called DIY (Do It Yourself). There are DIY solutions for hardware cryptocurrency wallets as well – both microcomputer-based, flash drives with lightweight Linux builds, and even plastic cards. But they all require specialized knowledge, each implementation carries its own limitations and inconveniences.


It is possible to give up a hardware wallet. However, this will require time, effort and cost, most often many times the cost of a hardware wallet, plus in most cases security will have to be sacrificed.

As a mass-produced, cheap and still secure product, hardware wallets from reputable manufacturers have no worthy “homemade counterparts”. So first you have to weigh whether you need the surgery, and whether the extra cost outweighs your distrust of hardware wallet manufacturers.

If your main cryptocurrency savings are already stored on a PC or in the form of hardcopy private keys, using a hardware wallet while traveling, risking a small amount of money, is much easier than reinventing your own bicycle. And Trezor, for example, stored permanently in a secure location, carries minimal risk of hacking because it requires physical access.