How To Choose The Best Crypto Hardware Wallet?

24 Oct 2022

header_how-to-choose-a-cryptocurrency-hardware-wallet_
logo-ngrave-perfect-key-hardware-wallet-cold-security2
NGRAVE The first end-to-end security solution to manage your crypto.

How To Choose The Best Crypto Hardware Wallet?

Convenience and usability are important, but there’s nothing more inconvenient than losing your hard earned coins.

  • Article Quick Links:
  • Protection from malicious external threats
  • Guarding against physical tampering
  • Protection from yourself
  • Convenience & Usability
  • How important is price?

There are two golden rules for how to choose a cryptocurrency hardware wallet.

Rule number 1 - Security is the most important consideration.

Rule number 2 - Refer to rule number 1

Yes, convenience and usability are important, but there’s nothing more inconvenient than losing your hard-earned coins, so design considerations should make using a hardware wallet simpler, without compromising security.

If you think price should be the primary filter when comparing cryptocurrency hardware wallets, then you’re probably not ready to buy one. Price matters - and we’ll try to help understand how much - but it shouldn’t be at the top of your checklist. 

If that comes as a surprise to you, take a step back and fully understand what a cryptocurrency hardware wallet is and does. Without that core understanding, much of what follows won’t make sense, or be useful to you. 

If you’re ready to make the jump to financial sovereignty, we can establish four main criteria we can use for comparing cryptocurrency hardware wallets.

  1. How well they protect you from malicious external threats
  2. How well they protect you from yourself.
  3. How tailored they are to your specific user needs, without compromising security
  4. Do they justify their price tag?
No rendering definition for component text-content-image found.

There are a growing number of hardware wallet brands fighting it out to prove they can combine safety and usability, at an affordable price, but for full disclosure, we have a dog in this fight.

We’re NGRAVE, makers of the ZERO, the newest, and what we consider to be the most secure, cryptocurrency hardware wallet on the market. But we’ll let you be the judge of that. Let the cold war begin.

Protection from malicious external threats

It should be no surprise that security is the key consideration when choosing a cryptocurrency hardware wallet. Though illicit activities represented just 0.34%1 of all crypto transactions in 2020 according to Chainalysis, that still amounted to a massive $523million in stolen crypto.

In April 2021 one Coinbase user alone lost $11.6million in just 10 minutes to a fake notification scam.

With so many bad actors on the prowl, the first security consideration of your crypto hardware wallet is how the device protects you from malicious external threats, intent on stealing your cryptocurrency. This should focus on two areas:

  1. Reducing the attack surface
  2. Secure Key Generation

Reducing the online attack surface?
Attack surface has nothing to do with soccer tactics. It is a fancy tech security term that describes the sum of entry points where an attacker might try to gain access to systems or data.

Cryptocurrency hardware wallets have to interact with blockchains via the internet to enable you to transact. Most devices rely on a USB connection or BLE - Bluetooth Low Energy - creating a potential attack surface at the point of connection, turning the wallet from cold storage to hot.

The ideal is a hardware wallet that is 100% offline. The only way a cryptocurrency hardware wallet can be 100% offline is if the method of communication is one-way via QR Code, rather than USB or BLE, which tends to be the standard. The NGRAVE ZERO is ‘air gapped’ in this way, offering the coldest of cold storage.

The ZERO has a built-in USB-C port, but this is isolated from the rest of the device - so the device remains offline - and is used for just two things only: charging and firmware updates. 

Firmware updates - accessing newer versions of the device’s operating system - are another potential attack vector, as operating systems are regularly patched and improved. Look for the highest level of firmware/OS security known as the Evaluation Assurance Level (EAL). It runs on a scale from 1-7, with EAL7 being the highest.

The NGRAVE ZERO’s operating system is rated EAL7 - for comparison banks and governments are typically EAL5 certified - and firmware updates will be cryptographically protected and only available through the NGRAVE website. 

No rendering definition for component text-content-image found.


Guarding against physical tampering

Attack surface relates to the online threat of unauthorised remote access via the internet.  A cryptocurrency hardware wallet should also employ countermeasures against the threat of physical compromise. This should cover both the risk of someone tampering with your device before you receive it, as well as once it is in your possession. Measures should include:

  1. Anti-tampering - A comprehensive framework to ensure the device hasn’t been compromised before you receive it. Tamper evident package stickers aren’t enough.
  2. Optional Passphrase - The option of adding an additional layer of security
  3. Secure Element - A chip that is by design protected from unauthorized access and used to run a limited set of applications, as well as store cryptographic data. 

Secure Key Generation

Private Keys/Seeds provide the impenetrable cryptographic wall that enables crypto to work in a trustless way. They are, ultimately, what your cryptocurrency hardware wallet should be protecting, but some devices fall short of best practices in generating them. Here are three things to look out for:

  1. Weak key generation - Some methods for generating keys are completely outdated
  2. TRNG Backdoors - Seeds should be generated randomly, but the chips used for some of the True Random Number Generators (TRNGs) in popular hard wallet manufacturers may be exposed to backdoors, allowing prior knowledge.
  3. Take-it or leave-it Seeds - If you have no choice but to accept a Seed generated by the hard wallet you are at risk if the manufacturer keeps a record. This is considered a feature of BIP-39 where the last part of the wordlist serves as a checksum of the entropy contained in the preceding words. It may actually be more of a bug.
No rendering definition for component text-content-image found.

Protection from yourself

What you may not have previously thought of as security is how a cryptocurrency hardware wallet protects you from yourself.

It’s an in-joke among tech support that the majority of the cause of a problem is found between the keyword and the computer. So when assessing security criteria for crypto hard wallets you should consider how the design and usability of a hardware wallet help you avoid making mistakes. 

This is especially relevant because hardware wallets can be described as a discontinuous technology. This means that they scare newbies because they don’t look, function or even sound like devices consumers are used to for storing money. 

They introduce completely new concepts - like Seeds & Private Keys - so usability is an especially important security consideration in stopping you from shooting yourself in the foot.

One of the common reasons crypto newbies give for being shy of cryptocurrency hardware wallets is not trusting themselves to protect their Seed. This is understandable, as with great power, comes great responsibility.

There is no getting away from the fact your Seed is the only recovery failsafe you have for funds stored in your hard wallet. Securely storing a copy is crucial; use SWOF analysis to judge:

  • Shockproof
  • Waterproof
  • Offline
  • Fireproof 

Too many crypto users think it's okay to store a photo of their Seed on Google Drive or iCloud. This poses a threat from hackers and malware and provides no redundancy if you lose access.

No rendering definition for component text-content-related-posts found.

Given how offline Seed protection is such a key point of failure, it is surprising that the default approach from major crypto hardware wallet vendors remains to provide a few flimsy paper recovery sheets that fail on three of the four SWOF criteria.

The best way to secure a Seed is to engrave the phrases onto a metal sheet, but not just any metal, one that is resistant to heat and corrosion, so stainless steel is a good standard. 

Punching your Seed into a steel sheet ticks the SWOF box and can mitigate against a lot of self-inflicted errors, but it still represents a single point of failure, lose it and you risk losing your coins forever. If you make a backup, you are doubling the risk of exposure. There is no absolute solution to this problem of infinite regression, but NGRAVE has come up with a unique approach.

When you buy the NGRAVE ZERO you also get a two-part system for Seed storage - GRAPHENE - featuring two stainless steel sheets and an automated punch pen, so you don’t need a qualification in engraving. The top sheet contains 16 columns and 64 hexadecimal values (0-9, A-F) creating 256bit security (16*64).

No rendering definition for component text-content-newsletter found.

The automated pen allows you to punch the values associated with the holes on the top sheet into the base. Together they reveal your Seed, but on their own, each part reveals nothing. 

If you lose the top sheet, there is a recovery process (via a Unique ID) but the base sheet has to be your responsibility, otherwise, NGRAVE will become a point of weakness and undermine your security.

The focus on durability should also extend to the device itself. Most cryptocurrency hardware wallets are the size of a USB memory stick you might get as a freebie at a conference, and just as flimsy, made from plastic and/or brushed stainless steel. 

The more durable the device, the less likely you are to damage or break it, which will save you the hassle and cost of a replacement.

Convenience & Usability

Once you’ve satisfied yourself that a cryptocurrency hardware wallet ticks all the security boxes you can then - and only then - move on to considering convenience and usability. 

This might hinge on the kind of crypto user you are because some crypto hardware wallets are designed for infrequent transacting, which is fine if you are a hodler, but far from ideal if you’re active in trading, Defi, NFTs or all the above.

The early versions of hardware wallets operated via desktop-only software, but given the ubiquitous nature of mobile usage, a Mobile App must be considered a standard, so long as this doesn’t create an attack surface (as discussed above) - so again look for a QR Code connection.

No rendering definition for component text-content-image found.

So far we’ve overlooked that we are talking about a wallet, with all the function expectation that entails. How does it handle sending, receiving, account creation, and setting fees? And what about the range of supported cryptocurrencies and the support for NFTs? 

More important still, given the growth of Defi, is compatibility with the standard in web3 browser wallets - MetaMask, but without any compromise in security. These considerations shouldn’t trump security but in a world of ever-increasing chains and coin standards, it's worth considering how future-proof a crypto hardware wallet is.

You might not have expected the cryptocurrency hardware wallet comparison to mention taxes, but like or not, the taxman is paying increasing attention to all the money being made in crypto. There are an increasing number of services that can help calculate your tax liabilities but they rely on support from popular exchanges and wallets; it’s worth checking whether the hardware wallet manufacturer has compatibility with tax services on their radar, especially if you’re likely to be making a few hundred transactions, as without an automated option, the process can be painful.

If you’ve done some research, and looked at images of some of the popular cryptocurrency hardware wallets, you might be surprised by how small they are and how small the read-out is. Again, this might be a throwback to the days before hard wallets weren’t compatible with frequent transactions, but the small screen and buttons mean they are pretty damn fiddly. 

Yes, you want things to be discrete, but equally, avoid the need for the manual dexterity of a magician, and the vision of a hawk, so pay attention to screen size and quality. How bright is the display and does it feature a touch-screen or support Biometrics? This will not only have a huge impact on how easy the device is to operate but provide another tick on the security front, as well as minimising fat-finger mistakes.

Though we are talking about a high-end piece of technology, don’t overlook the more mundane consideration of battery life. Cryptocurrency hardware wallets need a power source, and though you are unlikely to be creating significant aggregate demand, it would be reassuring to know the battery is using ultra-efficient low power.

How important is price?

And now, we can get to the price. It may be your favourite filter on Amazon, and a natural consideration in most product comparisons, but we’ll do our best to argue that you should make an exception when choosing a crypto hardware wallet because focusing on thrift is a false economy.

A focus on thrift suggests that you may not fully buy into the underlying value of decentralised money, reading this article on what a cryptocurrency hardware wallet represents might help. If convenience and price are still overriding factors, then a hot wallet might be more appropriate for you.

No rendering definition for component text-content-image found.

It might help to use a more relatable example, again focused on security, like buying a lock for a bicycle.

The replacement value of your bike isn’t the only consideration. If it is crucial for work and getting around, you will also consider the opportunity cost of not having a bike and the stress you’ll experience constantly thinking your bike is at risk.

Applying that logic, you won’t buy the cheapest lock on the market, as you’re thinking about the cost of the lock as a proportion of the overall value the bike represents to you - not just sale price. It will also govern how much care you take in looking after the lock key or code.

Now apply this concept to crypto. The cost base today of your crypto, isn’t the only consideration - given the huge upside that many cryptocurrencies can have over very short timeframes - you have to consider the potential future value. 

Not only that, it's the security risk to any other crypto you might buy and store on the device and its future value, as well as the ongoing stress of feeling your stash isn’t as secure as it could be.

Like a bike lock, a cryptocurrency hardware wallet should be considered an infrequent purchase, its value derives from longevity, unless you go cheap, in which case, a hard lesson may force you to reconsider.

If you really want to put a figure on when your portfolio value justifies buying a cryptocurrency hardware wallet, a sensible price-to-portfolio ratio is around 10% which - given the average price of a hardware wallet - generally means shopping around once your portfolio hits around $1,000 in value. 

But in all honesty, if you value security and control - the two key elements of storing money - it is never too soon to consider getting a cryptocurrency hardware wallet. At the risk of straying into broken record territory, your choice should always be guided by how well the device deals with security. Choosing the best cryptocurrency hardware wallet isn’t like buying a toaster on Amazon; your financial independence and future are at stake.

logo-ngrave-perfect-key-hardware-wallet-cold-security2
The first end-to-end security solution to manage your crypto.
NGRAVE

NGRAVE is a digital asset security company and the creator of the world’s most secure cryptocurrency wallet, NGRAVE ZERO. NGRAVE ZERO was developed in collaboration with a world-renowned team of cryptography and security experts.