Halborn is a blockchain cybersecurity firm offering a number of security services including advanced penetration testing, smart contract audits, security advisor as a service, DevSecOps and automation, and custom security solutions.

Client: Halborn

Website: halborn.com

Token: N/A
Link to original article online: https://halborn.com/can-hardware-wallets-be-hacked/

Sometimes links get changed, which is out of our control, so here’s a PFD download of the article, as well as a text version below.

Can Hardware Wallets Be Hacked?

In our last article, we reviewed the difference between hot and cold wallets and how cold wallets - otherwise known as hardware wallets - are generally considered to be the safest crypto wallets. However, in this article, we’ll discuss how cold storage also comes with its own set of safety risks.

But before we dive into the safety of hardware wallets, it’s important to understand that wallets themselves don’t actually “hold” any cryptocurrency. This is regardless of whether it’s a hardware or cold wallet or a hot wallet stored on your computer, mobile device or browser.

Any wallet you use, including a hardware wallet, essentially holds the password or private keys, which give your wallet access to the cryptocurrency allocated to it on the blockchain.

A cryptocurrency wallet is essentially used to:

  1. Store your private keys (again, not the actual cryptocurrency itself).
  2. Prove to the blockchain that you actually own the cryptocurrency, by cryptographically signing transactions with your private keys.
  3. Broadcast transactions on your behalf to the blockchain.

This is why having a secure cryptocurrency wallet is so critical to the safety of your digital currency assets. It all comes down to how easy it is to access and steal private key information from the place you have it stored.

Keeping in mind that it’s your private keys that give access to your crypto, it would technically be possible to access your cryptocurrency from another wallet at any time. A bad actor who accesses a user's private keys could take those keys, input them into their own wallet interface, and then move that crypto anywhere they wanted because the private keys prove ownership and give ultimate control over the assets.

And this is precisely where hardware wallets come in - so let’s have a quick look at what makes them different from other cryptocurrency wallet options and explore whether they can be hacked.

Why Hardware Wallets (or Cold Wallets) are Superior to Hot Wallets

To put it simply, once your private keys are exposed to a bad actor, your cryptocurrency is no longer under your control and can easily be transferred to any place the hacker chooses. The big problem with hot wallets that work through a mobile device, computer or browser, is that those mediums are susceptible to malware - meaning your wallets can more readily be hacked and private keys stolen.

Hardware wallets, on the other hand, are purpose-built devices that are immune to malware. They remove any unnecessary complexity outside of storing keys and signing transactions, thus removing attack vectors hackers traditionally exploit. But are they unhackable? Let’s have a deeper look into this area of hardware wallets.

Are Hardware Wallets Unhackable?

Although hardware wallets are designed store cryptocurrency keys offline while being unhackable or susceptible to malware, they still have the risk of being compromised in the following ways:

  • Phishing Scams -  There are many scammers that attempt to trick users into giving them the private keys to their wallets. Ledger, a hardware wallet manufacturer, has a section of their website where they track this kind of activity in relation to their devices.
  • The $5 Wrench Attack - This sort of threat has to do with someone using physical force to attempt to take your control of your crypto.
  • Altered Devices and Tampering - There have been reports of hardware wallets being tampered with during shipping, as well as fake wallets being sent to users to phish private key details. Always ensure your device is genuine before using it.

What Happens If You Lose a Hardware Wallet?

Losing a hardware wallet does not mean you lose your cryptocurrency, so this is not actually a risk. If you lose your hardware wallet device or it is stolen, you simply purchase another one and set your device up as normal. The important thing is that you keep your private keys safe and separate from where you store your device. There are a number of options including writing them down and keeping them in a safety deposit box, or using something like a Crypto Steel.

Taking Cold Storage Security to the Next Level

As standard, hardware wallets can be set up with a 24 word seed phrase, however you can extend this security using the following options:

Consider Multisig Cold Storage: As the name suggests, multi-signature (multisig) wallets require more than one set of private keys to sign off on a transaction. This adds another layer of security, specifically in the event that one set of private keys are compromised. Wallets like Electrum or services like Unchained are well known options for setting up a multisig solution.

Use a 25th Passphrase: This is like adding an extra word to the 24 word seed phrase, for a total of 25 words. This 25th word is not stored on the device itself and can be used to add an extra layer of security to your cold storage device.

Ultimately, there is no one wallet solution that is 100% unhackable; however, hardware wallets coupled with extra security precautions, security features and best practices offer a strong solution. And if you’d like to explore more ways to increase the security of your crypto assets, check out our article on 4 Ways to Protect Your Crypto Wallet From Hacks or reach out to our cybersecurity experts for help in securing your company’s assets.

CryptoCopywriters.com is operated by Flipmode Media Inc. 

chuk@cryptocopywriters.com for questions, comments, or to get a quote.

I started this site to showcase a sample of the writing work I’ve done in the blockchain space. For more samples, please reach out :)

The work found on this site only includes promotional and educational content for clients. No review, report or announcement found on this site is an endorsement for any particular project. Additionally, nothing found on this website is intended to be financial advice. Thanks for reading!