written by @veriphibtc
Not your keys, Not your coins
You may have heard this famous motto countless times if you’re interested in Bitcoin. If it’s the first time you come across this saying, make sure to read this article as it will clarify a lot of details with regards to your Bitcoin operational security.
Even if that phrase has been repeated and hammered in people’s minds every day, a big portion of Bitcoin investors still keep ALL their coins on custodial exchanges and platforms. This is quite concerning as some of these platforms don’t offer any kind of guarantees if they get hacked or if they lose your coins. This is why, unless you are actively using your coins for a purpose (trading, financial services, etc) people are encouraged to protect their Bitcoin within their own wallet so they remain in control of their security. In fact, even if you are indeed using your coins for a service listed above, it is advisable not to put all your eggs in one basket by always allocating a portion to self custody.
One of the most basic steps to increase your security is to transfer your Bitcoin to your own hardware wallet. A hardware wallet is a dedicated device on which your private keys will be generated and used to sign transactions once you want to send Bitcoin out of your wallet. The interface accompanying your wallet will also be an intermediary to the Bitcoin network so it can detect incoming transactions and generate outgoing ones. If well designed and properly used, your hardware wallet will never communicate your private keys to an external device.
This may look simple, but can be quite challenging to understand for a majority of investors as it still requires some basic technical knowledge.
In order to help you in the journey of transferring your coins into a hardware wallet, we assembled the most important factors to take into account. We will also be comparing the most known and trusted hardware wallets on the market (The Trezor One, The Ledger Nano S and the Coldcard) as it will help you figure out which one is the best for you.
As you will see with this analysis, there is not a one-size-fits-all hardware wallet. Everything is a question of trade-offs and one must choose a hardware wallet that fits their needs and capabilities.
Being Open-Source VS Having A Secure Element
One of the most sought and respected properties of any software or hardware used within the Bitcoin ecosystem is the open-source aspect. That concept refers to the fact that all the components of the device or the software will be verifiable and reproducible independently. If you aren’t technically savvy enough to do it yourself, you can rest assured that somebody in the Bitcoin community will scrutinize everything that is proposed on the market.
The Trezor One, for example, is completely open-source. You can be relatively certain that the company developing that product hasn’t maliciously input malware or a backdoor that could lead them to exploit your Bitcoin in the future. This propriety, however, has some drawbacks as it is much easier for hackers to exploit the potential security vulnerabilities of the device, especially if they get physical access to your hardware wallet.
In opposition to hardware wallets being open-source, you have the ones using a component called a secure element. This is a special kind of microprocessor used in specific use-cases and applications that require top-tier security in regards to the nature of the data being generated and stored inside the microprocessor. You can imagine it as a vault that protects the information that is being held inside and will refuse any unauthorized access attempts in the event there is malware on other parts of the device.
In the Bitcoin world, your private keys are the fundamental piece of information that gives you access to your funds. Thus it makes sense to use a secure element to protect it. However, this means that you will have to trust the manufacturer of the secure element. They cannot make the chip open-source because it would be too easy to crack. The Ledger Nano S, for example, contains a secure element and is a completely closed source hardware wallet, but is reputed to be quite secure. The Coldcard tries to integrate both aspects by effectively open-sourcing everything in the device, even the hardware, except for the secure element it contains.
Is It Bitcoin-Only (And Why Does That Matter)?
Whether you’re only investing in Bitcoin or you’re also investing in altcoins, it’s worth considering a Bitcoin-only wallet for the Bitcoin holdings that are part of your portfolio. This is mostly a question of security. Simplicity is always the friend of security. The fewer elements there are to protect inside a hardware wallet, the fewer points of entry there will be for a hacker to compromise.
The Trezor One and Ledger Nano S offer a ton of altcoin options on their devices which means there is a non-negligible amount of potential vulnerabilities that could be exploited. By diverging their financial and human resources on integrating more altcoins to their hardware wallet, it can be argued that this may pull valuable man-hours away from making your Bitcoin more secure.
With a product like Coldcard, the team is solely concentrating on making their hardware wallet as secure as possible for Bitcoin, which can be reassuring for someone considering storing a large number of Bitcoin on a specific device.
Ease Of Use And Expanded Capabilities
This aspect is probably the most looked for by a non-technical person that chooses to store their coins on a hardware wallet. The reality is that more often than not, the biggest threat to someone’s Bitcoin is their own incompetence. Ledger Nano S and the Trezor One, with their corresponding proprietary interface Ledger Live and Trezor wallet, are really well designed for tech-shy individuals. That is a contributing factor to why they have achieved so much success. Some sales estimates peg the companies at over 1 million units sold (each). Ease of use does, however, come with some drawbacks.
Trezor and Ledger devices will by default direct new users to their their proprietary interfaces. When you’re connecting your Ledger or Trezor to their corresponding platform, you will be transmitting your XPUB, also known as the master public key, to the servers of the company. This gives a lot of information to these companies since they can now know everything about your Bitcoin and altcoin activity.
Further to the privacy argument above, using the default interfaces also only shows a total balance from which to spend, rather than enabling something called "coin control". By not using proper coin control techniques you can be leaking a lot of information about yourself to not only your wallet software provider, but also the public at large.
Though it has not yet happened, proprietary interfaces can also feasibly censor your transactions by not transmitting them to the Bitcoin network. It is of course possible to use Trezor and Ledger with alternative interfaces (Wasabi, Electrum), though this would then negate the ease of use which initially brought you to the wallets in the first place.
If you’re looking to host your own software wallet to which you can connect your hardware wallet, check out this analysis by Veriphi.
Coldcard, with its geeky look and minimalistic design, can be very intimidating even for more advanced Bitcoiners. That aspect alone may deter some users from choosing the Coldcard because view it as too hard to operate. For those who are ready to overcome that first hurdle, they will benefit from a number of key features.
The Coldcard can be used as a truly sovereign hardware wallet by offering the possibility of never directly connecting it to an internet enabled device. It also doesn’t compel users to utilize any proprietary interface that will collect and store data about their users. Furthermore, by utilizing interfaces like Electrum and Wasabi which feature coin control and full UTXO management, users get a more complete view of what's going on under the hood. This enables you to better handle your financial privacy.
Better Safe Than Sorry
All of the devices mentioned in this article are good in their own way. Choosing one may depend on your level of technical savviness, your desire to maintain privacy and of course, your budget. However, you can’t go wrong with owning your own hardware wallet for the safe-keeping of your funds. The last thing you want to happen is for them to disappear or be stolen, so best to take care of your private keys by controlling them. For a more in-depth dive into further securing your hardware wallets, check out our recent article on multisignature schemes.
If you have any feedback on this or any other topic, please feel free to reach out to us at any time at firstname.lastname@example.org or @BTSEcom on Twitter. We always love to hear from our amazing BTSE community.