Let me preface this article by pointing out that hardware wallets can be a fantastic option for many cryptocurrency holders, however they have their faults and I get the feeling not enough users understand the problems that exist.

I’ve noticed in the Bitcoin community many people make claims like, “If you don’t store your coins on a hardware wallet then they are unsafe!” This is totally untrue. There are many different security models and they are good for different use cases.

Trust in the manufacturer

When you receive a hardware wallet in the mail there are methods that can be used to ensure that the wallet is actually from the manufacturer, which accomplishes the same thing as a digital signature on software. See https://support.ledger.com/hc/en-us/articles/360002481534-Check-if-device-is-genuine

The problem is that there is still a high level of trust on the manufacturer. You can know that the hardware comes from them but can you verify that the manufacturer themselves didn’t tamper with it? Or maybe a rogue employee? Nope.

Would you ever keep your coins on an exchange or in a closed-source wallet? Here you are exposed to a similar problem, you still own your own private keys, but you can’t be 100% sure that your coins can’t be accessed by someone in league with the manufacturer.

Open Source Software

If I had any cryptocurrency, I would only store the private keys in open source software that has been digitally signed by the developers, or even better, I would compile the code myself from the source. This allows me to know that:

The code is legitimately written by the correct developers The code has nothing malicious inside because it is vetted by myself and the community whenever there are changes.

There is of course problems with storing private keys on software that runs on hardware connected to the interwebs… there is always some non-zero chance of a hack. Everything comes with its own risks! Decides what is best for you and educate yourself!

Recommendation: Q Vault

Q Vault is a new secret manager that I’ve been working on with a small team. Its fully open source and transparent. Give it a shot: https://qvault.io