27 July 2022 • 9 min read
The crypto industry is a lucrative space. However, users have to battle two main threats to protect their investments: volatility and security. A user can safely navigate the former (volatility) with financial acumen and sound risk management strategies. However, the latter (security) can be more difficult, especially since crypto scams are growing in number and sophistication.
Typically, hacks are due to a strategic vulnerability or backdoor attack. Since 2011, the crypto world has suffered major hacks, resulting in the loss of millions of dollars worth of crypto assets. In extreme cases such as the Mt. Gox hack, the exchange had to suspend trading; it remains the biggest Bitcoin heist in history.
In the case of crypto, a major liability is and remains how (or where) a trader stores his or her crypto. As the saying goes, not your keys, not your crypto. If you store your crypto on an exchange, then you don’t actually have control over your coins, which is why using a “cold” or “hard” wallet (the two are synonymous) is so important, whether you’re a new trader or a more seasoned veteran (in which case you should already know the importance of cold wallets).
In simple terms, a crypto wallet is a digital vault for storing any of the hundreds of popular cryptocurrencies available on the market. Technically, however, its first function isn’t to store cryptocurrencies; rather, it holds the private keys that give access to the cryptocurrencies.
Usually, wallets contain two types of keys: the private keys and the public key (also called the wallet address). The private keys allow the user to access and control their crypto assets. Losing one’s private keys means losing one’s wallet and the assets therein. The public key, on the other hand, is a string of alphanumeric characters used to send or receive funds into the wallet.
Wallets can be classified in two ways: either based on where the private keys are stored or whether they are connected to the internet.
Depending on who holds the private keys, a wallet can be custodial or non-custodial, and there are benefits and drawbacks to consider when deciding on the right one based on your individual needs.
A custodial wallet is a service often offered by centralized exchanges. The exchange (third party) holds and manages the wallet’s private keys. This means that the user has no control over the keys. By registering with and storing their funds on a custodial wallet, the user trusts the exchange to keep their assets safe.
While the user is relieved of the burden of finding a secure way to protect their private keys, they risk losing their funds to hacks, censorship, or seizure. Furthermore, the user has to rely on the exchange service to complete their crypto transactions. The exchange can, however, decide not to complete the transaction. Anti-crypto governments have exploited this loophole to seize crypto assets of individuals or groups, which is why crypto users prefer non-custodial wallets—a wallet that gives them control.
With a non-custodial wallet, a user holds the private keys and thus has full control over their assets. They have the sole duty of storing, managing, and protecting their funds. In the event that they (un)willingly give another party their private keys, they cede control to this party. Also, if the individual loses their private keys, they’ve lost their funds. Forever.
While non-custodial wallets offer users control over their assets, they share a common feature with custodial wallets: they need internet connectivity to function, which leads us to the next criteria for the classification of wallets.
Although most crypto wallets are connected to the internet, there are others that are not. Wallets connected to the internet are called “hot wallets,” while those that are not connected are “cold wallets.”
Crypto hot wallets can be web-based or mobile applications and are easy to use. A user simplz needs an internet connection, which enables them to log into the wallet at any time. However, being constantly connected to the internet exposes the wallet, even if it is non-custodial, to online attacks. Because they are internet-based, non-custodial wallets are only “hack-resistant,” but not “hack-proof.” Hackers can still devise a means to access the user’s wallet.
A cold wallet’s private keys are stored within the device. Cold wallets are not connected to the internet, although the user would require an internet connection to make transactions. Typically, crypto cold wallets are hardware devices that resemble a USB stick. To make a transaction, the user would have to plug the device into a computer to transfer the funds to a hot wallet. Less popular forms of cold wallets include paper wallets, offline computers, and physical bitcoins.
Cold wallets are impervious to online attacks. A hacker would need to steal the hardware and the associated PIN or password to access the assets, but this raises a number of important questions. Does this totally erase a user’s security concerns? Isn’t the cold wallet vulnerable to a hack since it still requires internet connectivity to carry out transactions? Isn’t an online attack possible during the process of transferring the funds?
These are all valid concerns, which is why cold wallet manufacturers have created an in-built security measure. For a recipient to claim crypto sent from a hardware wallet, the owner of the wallet must sign the transaction. And this signature is appended in the device. Even in a case where a transaction initiated in the hardware wallet is intercepted and falsely signed by malware, the transaction wouldn’t go through because the signature is wrong.
Despite its advantages, using a cold wallet is usually a trade-off between security and convenience. Cold wallets are tremendously secure, but they can be quite inconvenient to use. The user is saddled with the responsibility of powering, connecting, and correctly using the device. In addition to being less convenient than hot wallets, cold wallets are expensive (most hard wallets are free). A Ledger Nano S Plus Wallet costs €79, while a TREZOR Model T Wallet will set you back around €300.
This is an open-source wallet launched by SatoshiLabs in 2013 and can hold over 1,600 currencies.
There are two types of Trezor wallet: Trezor Model One (released in 2014) and Trezor Model T (released in 2018).
Trezor Model One: It supports over 1,000 cryptos including Bitcoin (BTC), Ethereum (ETH), Dogecoin (DOGE), Litecoin (LTC), and Tether (USDT). Aside from functioning as a wallet, Model One can also act as a Universal 2nd Factor (U2F) token. U2F is an authentication mechanism that secures an account through encryption and private keys. It usually reinforces Two-Factor Authentication (2FA), and therefore offers an extra layer of security to the wallet.
Trezor Model One is compatible with most computer operating systems, such as Windows 10+, MacOS 10.11+, and Linux. For mobile operating systems, it is only compatible with Android, while it is incompatible with iOS and Windows.
Trezor Model T: With support for over 1,200 cryptocurrencies, Model T is a three-in-one device that acts as a wallet, authenticator, and digital identification. Coins supported on the device include Bitcoin (BTC), Ethereum (ETH), Cardano (ADA), Uniswap (UNI), and Tether (USDT). It allows the user to easily back up their wallet through industry-standard recovery phrases, meaning that the loss of the device doesn’t necessarily result in the loss of crypto assets. With the recovery phase, the user can recover their wallet on a new device.
Besides storing private keys and crypto assets, the Model T also stores individual passwords within its Password Manager (a user would have to confirm an action before the passwords are released). It is important to note that passwords are not released collectively, but individually; each password requires confirmation before release.
Model T shares the same OS compatibility features as Model One.
Trezor is a public and open-source device, thus users can independently authenticate the security and functions of the device.
Its “Trusted Display” and color touchscreen offer increased convenience and security. Trezor’s Trusted Display allows the user to see if the transaction on the device and the host computer are the same. If the host computer is compromised, the user has the ability to stop the transaction on the wallet, making it a convenient device to use since the user can easily see the ongoing transaction.
Trezor has a BIP-39 passphrase, which serves as an additional word to further encrypt the user’s seed phrase.
Trezor Model T’s on-device passphrase and PIN cannot be intercepted. They also prevent sensitive data from passing through any internet-connected device. Trezor Model One, on the other hand, has a randomized keypad that ensures that the user’s PIN is securely entered. The keypad also prevents any spyware from detecting the PIN.
A unique feature of the Trezor Model T is its Shamir Backup (SLIP-39). This is a security measure that creates a split recovery phrase, which is a seed phrase consisting of multiple lists of 20 words (known as “shares”). A combination of these shares is used to restore the wallet. The Shamir Backup differs from the backup phrases of other wallets because a user can decide the requisite number of shares that would be used to recover the wallet. For instance, the user could create 7 shares and set the threshold number of shares to 4. Thus, even if three shares are lost or stolen, the user can still restore the wallet with four.
Some of the downsides of Trezor include:
It lacks a mobile app.
It is expensive.
On Trezor’s online shop, the Model One costs around €83, while the Model T costs just under €300.
Both Trezor Model One and Trezor Model T are easy to use. Model One is a two-button device with a user-friendly interface. Model T’s color touchscreen makes it even easier to use.
Trezor’s official site lists the following features for its devices:
Secure Admin SSH Access
Two-Factor Authentication (2FA)/Universal 2nd Factor (U2F)
Trezor Connect, which allows the user to log in with one click
Users can connect Trezor to third-party wallets and other services
Ledger is a multicurrency hardware wallet created by a company of the same name in 2014. The wallet runs on a homemade operating system known as “Blockchain Open Ledger Operating System” (BOLOS) and supports more than 1,800 currencies.
As with Trezor, Ledger also offers two options: the Ledger Nano S Plus (originally launched as the Nano S in 2016) and the Ledger Nano X (launched in 2019).
Ledger Nano S Plus: It comes with the Ledger Live app, which allows the user to store and secure crypto assets offline. The wallet supports Bitcoin (BTC), Ethereum (ETH), Ripple (XRP), among 5,500 different cryptocurrencies. And users can manage their NFTs by sending and signing transactions within the Ledger Live app.
Ledger Nano X: Ledger Nano X has all the features of the Ledger Nano S Plus and it is also mobile-friendly. The Bluetooth-enabled wallet allows the user to connect the wallet to their phone. It can hold over 5,500 cryptocurrencies and tokens. Ledger is compatible with the following computer operating systems: Windows 8.1+, MacOS 10.14+, and Linux. For mobile, it is compatible with Android 7+ and iOS 13+.
It has advanced security features such as its CC EAL5+, a certified secure chip.
It is Bluetooth-enabled.
It has a mobile app, the Ledger Live app.
It is more cost-effective than its competitors.
It lacks a touchscreen.
It has a closed-source firmware, which raises questions about its transparency and security.
It once suffered a security breach that exposed the data of over 270,000 users.
According to its website, the Ledger Nano S Plus costs €79. Ledger Nano X is priced at about €149.
Ledger wallets are relatively easy to use, especially the Nano X, which allows users to connect to a smartphone or laptop via Bluetooth instead of a USB.
Ledger’s official site lists the following features:
128x64 px screen
CC EAL5+ (Certified secure chip)
Well, it’s actually a tough call. The downsides of one are compensated by the strengths of the other. On the one hand, Trezor offers more transparency and security since it is open-source and has the Shamir Backup feature. On the other hand, Ledger is more inexpensive and can easily connect to a smartphone through Bluetooth. And then there are aesthetics: if you’re interested in a stylish piece of kit, then Ledger edges out Trezor’s dated design.
Ultimately, the final call as to which is “better” will be a subjective one. For the more budget-conscious among us, the Ledger options are certainly more attractive. However, if an extra layer of security is your top priority, then you’ll likely go with one of Trezor’s offerings. Whichever you choose, both Trezor and Ledger offer excellent options.