Flying is without doubt the safest form of travel. A study by Harvard University estimated that the odds of dying in a plane crash are around 1 in 11 million, yet people still have irrational anxiety about flying because it is hard to understand what keeps a plane in the air. The same is true of crypto hardware wallets. They are without doubt the most secure way to store crypto, but if you don’t understand what crypto safety really means, you may have a nagging doubt about their safety.
What is a crypto hardware wallet designed to do?
To provide a meaningful answer as to whether crypto hardware wallets are safe, we have to establish what they are fundamentally designed to do, then judge their effectiveness in fulfilling that function.
If you aren’t at all familiar with what a hardware wallet is, it might be useful to jump to this article explaining in detail, but we can do a condensed version here.
A cryptocurrency hardware wallet is a small physical device designed to allow you to conveniently and securely control your cryptocurrency - a new form of digital money.
Though physical wallets store physical money - coins and cash - a crypto wallet isn’t designed to store any digital files, because that isn’t how crypto works.
Crypto is decentralised money, money without a central authority, a tech support team or live chat. It functions according to rules, defined in code, running on a distributed network of independent computers.
Each of those computers holds a synchronised ledger of all cryptocurrency addresses (think of them like an email address) and their spendable funds (akin to a balance). This ledger is the mysterious blockchain you’ve heard so much about.
Subscribe To The NGRAVE Academy
Knowledge for all levels. Join our newsletter to receive the latest articles.
Protecting your Seed
In order to spend the funds held by an address you need to connect to the blockchain - via the internet - and provide two pieces of information. The Public Address, which is its location on the blockchain, information anyone can see (the email address analogy) and use to send funds to it, and a Private Key, a 64 character alphanumeric string (like a password) which proves ownership, and must be provided to allow funds to be spent, so should only be known to whoever controls the address.
Wallets provide a usable interface with the blockchain to manage those two elements. Managing visible Public Addresses, which enable receipt of crypto, and protecting Private Keys, that enable crypto associated with the Public Address to be spent.
So the most important job a crypto wallet does - from a safety perspective - is to protect the Private Keys that enable crypto to be spent. Wallet design means that rather than protecting loads of individual Private Keys, the Keys are concatenated (rolled up) into one master password called a Seed. A Seed (sometimes called a Seed Phrase) is a 12-24 string of unique words.
Providing cold storage
Wallets that work in that way are called Hierarchical Deterministic wallets - or HD Wallets for short - but you don’t have to use a hardware wallet to manage your Seed. In fact you can defer control of your Seed altogether, to a third-party, with what are called custodial wallets, but given our focus is on safety, we aren’t going to muddy the waters here by discussing them.
That said, hardware wallets aren’t the only type to give you that control over your Seed/Private Keys, known collectively as non-custodial wallets. The big differentiator between types of non-custodial wallets is whether they are online or offline by default, referred to as being Hot or Cold wallets respectively.
Being online will provide more convenience, but exposes your Seed to all the dangers of being online - malware, phishing, and viruses - so cold storage provides better security of your Seed, which is the most important safety characteristic of a hardware wallet.
The only practical cold storage alternative is a Paper Wallet, literally a piece of paper with your Private Key printed in text and a QR code. If the safe-keeping of your Seed is your priority, a piece of paper isn’t the optimal solution.
So the basis of what we have established about what cryptocurrency hardware wallets are designed to do - provide the most effective means of safely storing the one piece of information that controls your funds - they are the safest available option for two key reasons:
You are in control of your Private Keys/Seed; eliminating counterparty risk
The device is offline by default, providing effective protection from online threats
But that isn’t the end of the story, as safety is a spectrum, so our job is to now dig further into each of those two fundamental safety elements, and see how different hardware wallet manufacturers approach them.
As we have a dog in this fight, we’ll be comparing standard approaches to crypto hardware wallet safety, with the approach NGRAVE takes with our flagship product, the ZERO.
How safe is your Seed?
Given we are now talking about the spectrum of safety that hardware wallets provide, how safe is your seed? It is annoying to answer a question with a question, but if you want to be sure your Seed is safe - which we have now agreed essentially represents you crypto - you have to start by thinking about where that Seed comes from?
A hardware wallet is a physical device that starts life in a factory, combining microprocessors, software and the necessary components to connect those elements into a practical and usable form. So firstly, you’ll need reassurance that nothing happened, between the factory and delivery, to interfere with the intended function.
Some brands will provide tamper-proof package stickers, NGRAVE goes much further, providing a comprehensive framework to ensure the device hasn’t been compromised before you receive it.
The ZERO has a “cryptographic attestation” process where the device cryptographically signs a challenge received by NGRAVE's servers (via a one-way QR code) with a secret key to prove it was originally shipped by NGRAVE. If anything goes wrong or is “hacked” in this step, the device will show up as compromised during initialization by the user.
When setting up any wallet for the first time, the software will generate your Seed. How that happens is another component in the overall safety picture and something to consider when thinking about how secure a device is; remember, safety is a spectrum. Here are some things to consider, but you’ll need to dig into the product small print to find them out.
Weak Seed generation - Some methods for generating Seeds are completely outdated
TRNG Backdoors - Seeds should be generated randomly, but the chips used for some of the True Random Number Generators (TRNGs) in popular hard wallet manufacturers may be exposed to backdoors, allowing prior knowledge.
Take-it or leave-it Seeds - If you have no choice but to accept a Seed generated by the hard wallet you are at risk if the manufacturer keeps a record. This is considered a feature of BIP-39 where the last part of the wordlist serves as a checksum of the entropy contained in the preceding words. It may actually be more of a bug.
The NGRAVE ZERO is designed with these issues in mind, providing strong key generation and interaction and following the user’s eyes only principle.
ZERO uses the built-in "True Random Number Generation" (TRNG) patented chip, your fingerprint, and the photon measurements of the ambient light, making it the most secure Seed generation in the market. Once the device has created the Seed, the user can interact with it to make it truly theirs.
Different degrees of cold storage
So we’ve established that there is a spectrum of safe Seed generation and protection, and in a similar way there are - if you’ll pardon the pun - varying degrees of cold storage.
Cryptocurrency hardware wallets have to interact with the blockchain (as described above) via the internet, to enable you to transact, turning the wallet from cold storage to hot at the point of connection. This is usually via a USB connection or BLE - Bluetooth Low Energy - creating a potential attack surface.
The absolute zero of cold storage - minus 273 degrees/zero kelvins - is a hardware wallet that is 100% offline. The only way a cryptocurrency hardware wallet can be 100% offline is if the method of communication is one-way via QR Code, rather than USB or BLE, which tend to be the standard. The NGRAVE ZERO is ‘air gapped’ in this way, offering the coldest of cold storage.
The ZERO has a built-in USB-C port, but this is isolated from the rest of the device - so the device remains offline - and is used for just two things only: charging and firmware updates.
Firmware updates - accessing newer versions of the device’s operating system - are another potential attack vector, as operating systems are regularly patched and improved which requires an online (hot) connection.
Firmware/OS security is known as Evaluation Assurance Level (EAL). It runs on a scale from 1-7, with EAL7 the highest, so that provides an objective scale by which to measure how cold, the cold storage offered by a hardware wallet, is.
The NGRAVE ZERO is rated EAL7 - for comparison banks and governments are typically EAL5 certified - and firmware updates will be cryptographically protected and only available through the NGRAVE website.
So are crypto hardware wallets safe? Yes, they are certainly the safest method for storing your cryptocurrency, but safety isn’t black and white, but a spectrum. Just as different airlines and plane manufacturers have different safety records, so the effectiveness of these two key aspects of how a cryptocurrency hardware wallet functions, varies depending how each hardware manufacturer approaches them.
So if you’re convinced by our arguments that controlling your Seed/Private Keys, and being offline, keep your crypto safe, you should consider which cryptocurrency hardware wallet keeps your funds safest
For more information on how the NGRAVE ZERO tackles all the weak points that hardware wallets face, download the White Paper.