Ledger Nano S, Ledger Nano X, TREZOR-T Hardware Wallets

The nice thing about a hardware wallet is that, unlike a paper wallet, you can use it even though the private key is protected. It's a bit like a mixture of software wallet and paper wallet.



In a hardware wallet, the private key is stored in a special chip. Through this chip the private key is isolated from the rest of the system and can't be used directly. Once stored, it can only be used via an interface. This interface has no option to show the private key but you can sign for example transactions with it. This process is shown on the display of the hardware wallet and must be confirmed with a button on it.



You have to think of it as an armoured box with a slot at the top and bottom. At the top you throw in the desired transaction and at the bottom the signed transaction just fells out. Then it is sent to the network. This design makes the private key of a hardware wallet secure even if it is connected to a computer running some sort of malware. As long as the human being cannot be outwitted to confirm a transaction he does not want to make.



Attack Vectors

As the team of Wallet.Fail shows, hardware wallets are anything but bug-free and the attack vectors can be pretty creative. As with a paper wallet, you first need access to the device itself. It must therefore first be stolen or have already been manipulated in the supply chain / transport route to the customer.



Preconfigured Device

This brings us to the classic attack vector for hardware wallets: the wallet comes already “pre-configured”, sometimes even with a nice package insert with 24 words already occupied for recovery and a small manual. If you use such a “pre-configured” wallet, you will soon be rid of your ada. Therefore these two principles must be observed:



1. always buy directly from the manufacturer, for example via this affiliate link: www.ledger.com, if you use this link, the price is not different and we get a commission.



2. always set up a hardware wallet yourself, making a note of the seed words yourself. After setting up, you should transfer a very small number of ada and test the recovery first.



Theft

Unlike a stolen paper wallet, a hardware wallet requires you to enter a pin. If this pin is entered 3 times incorrectly, the hardware wallet will be deleted automatically. Then, it can only be restored with the seed words.



The worst case of course, if through a vulnerability in the system, the private key or the seed words can be extracted from a stolen device. Shown at TREZOR-T at the 35th Chaos Communication Congress (35C3) in December 2018.



Clipboard Hijack

Malicious programs that alter the clipboard would also be possible here. But, since the address is also shown on the display of the hardware wallet, this attack is easier to spot.



Compromised PC

One way to attack a hardware wallet is to show the user something different (a different destination address or amount) than is actually sent to the hardware wallet. So the computer has been compromised in some way. This is exactly why hardware wallets have a display and you should always match the amount and the destination address. Only confirm the transaction if everything is fine. A hardware wallet is therefore also safe, if the computer has been compromised, as long as the human can not be outwitted.



Hardware Manipulation

Manipulating the display of the hardware wallet is not impossible, but much more complex than, for example, simply changing the clipboard of the computer or the display on the computer screen with a malicious program. The wallet has to be stolen and then put back again. Examples are shown on the website of Wallet.Fail.



Ransom Attack

Another interesting possibility to attack a hardware wallet appeared in March 2019. The ransom attack is based on the fact that a modified wallet (the PC has to be compromised already) generates a receiving address which belongs to your private key, but was chosen very randomly. To understand this, one has to know that wallets normally generate addresses from the private key via an index that starts at 0 and then increases by one: 0,1,2,3... small gaps like 4,5,15,16... are also possible.



The manipulated wallet chooses a random index in the billion range. The transaction to your address is confirmed normally in the blockchain, but does not appear in your wallet. They still belong to the private key but can only be found with the correct key index because no wallet software can detect or search such a large gap in the key index.



Some manufacturers like Ledger and TREZOR-T have already announced with firmware updates that the attack is “fixed”. But you have to understand that there is no way to fix it. For example, Ledger issues a warning if the key index is outside a very high range (over 50,000). For the attack itself, however, it is sufficient if the key index only jumps by a few thousand. The difference is: if such an attack happens, you can get back to your ada faster with a lower range. (Since one would have to try all possibilities)



Conclusion

Although a long list of attack vectors is listed here, you need direct access to the wallet or to the PC itself for all of them. With other wallets you would have already lost. If you know about the attack vectors, hardware wallets are pretty secure and offer great flexibility.



What speaks against a hardware wallet is, in any case, the price. For example, if you bought ada for 200 dollars, it is not worth spending between 60 and 120 dollars on a hardware wallet.