Hot Wallets, Cold Wallets & Hardware Wallets

There is no doubt that a hardware wallet is the best way to secure your cryptocurrencies. Why? Because they do not let your keys out! And now looking at the hardware wallet market, there are two major players: Ledger & TREZOR.

While the TREZOR is completely open source, the Ledger runs their own proprietary firmware beneath open source apps. Apart from that, both the hardware wallets seem to offer similar features and security. So the question is, which one is the best hardware wallet?

Now to answer this question, we need to dig into the basics of these wallets.

Cryptocurrency wallets usually fall in two wide categories: Hot & Cold

Hot Wallets

Hot wallets (Jaxx, Exodus) are easy to operate and manage but on the other hand, they are prone to frequent attacks as they are a piece of software running on top of multiprocess operating system.

To make this easy to understand, consider this: Your private keys (keys to your cryptoassets) live on your computer's hard disk in an encrypted format with your other million documents, and that encryption is done in RAM shared by many other processes. Hence, if you think that your computer is/was infected, has/had virus/malware/break-in, using hot wallet on such systems is as good as leaving your assets open for the attacker.

Cold Wallets

Cold wallets (Ledger Nano S, TREZOR, paper wallet) stays offline, isolated from internet, and are ideal for storing crypto assets securely over the long term.

Except paper wallets, cold wallets are operated over USB (Ledger Nano S, TREZOR) and/or bluetooth (Ledger Blue, Coolwallet S), and they keep your private keys inside them (more details below) and do not let them out. This feature is by design, and hence, neither you nor any virus in your system can retrieve them.

Ledger Nano S, Ledger Blue, TREZOR, Coolwallet S are hardware wallets and the next section is all about them.

Hardware Wallets

Hardware wallets offer best-of-both-worlds. They are easy to operate, manage and they safe guarding your private keys, too. As opposed to the hot wallets, hardware wallets generate and store private keys in a micro-controller inside them and never reveal them to any external component/system.

So if you want to complete a transaction, you send a raw transaction to the wallet and it sends signed transaction back to you, which is then broadcasted over network. In this whole process, device neither connects to the internet nor reveals your private key.

In order to access a hardware wallet, the user needs to enter a 4 to 8 digit PIN. If an incorrect PIN is entered for a specific number of times (in case of Ledger Nano S, three), the wallet automatically resets itself, erasing all the data in it. This mechanism protects the device from brute force attack, should it fall into the wrong hands at any point of time.

The key to recovering or restoring the wallet back to its previous state is to provide the wallet seed phrase - a 12 or 24 word sequence - which is presented to the user only once during the creation of a new wallet. The user is expected to securely store this seed phrase (Cryptosteel).