Here in Part 3 of this series, we will explore a security measure that every Web3 enthusiast should invest in – Hardware Wallets.
Arguably, this will be the most important investment you will make. There is no substitute for the security that an offline, cold storage wallet can provide.
You can review Part 1: The Basics of Loss Prevention and Part 2: Wallet Security via the highlighted links.
What Is a Hardware Wallet and What Does It Do?
A hardware wallet (HW), or cold storage as it is sometimes referred to, acts as an extra layer of authentication to protect your web3 assets. The key feature of these is you will not be able to sign for a transaction without additionally confirming on the device itself.
With a hot wallet, you only need to sign within Metamask to perform an action. Thus, this second step the HW provides prevents hackers the ability to remotely sign on your behalf if they have access to your credentials. There is no way they can do so unless they are in physical possession of your hardware device.
The two market leaders in hardware wallets are Ledger and Trezor. It’s important to note you should only ever purchase from official sites and never from a third-party retailer – including Amazon. This is to ensure that the device is safe, sealed, and not compromised.
You can import your HW into your Metamask extension and use it alongside your hot wallets. Rest assured that having a Hardware Wallet connected to Metamask won’t leak your device’s seed phrase or hurt your security. The private keys stay on the device.
So Now I Have a Hardware Wallet, Am I Fully Protected?
Unfortunately no, not at all. Cold storage is merely an additional layer of security. Albeit a very strong layer, it will not protect you from human error. For example, I once sent 3 ETH to the wrong address whilst using a Ledger. Needless to say, the hardware wallet was not at fault for that howler.
As mentioned in the previous article on seed phrases, back up your Ledger/Trezor’s on either paper or metal only. As always, protect them and keep them safe. If you ever lose your HW, you can just buy a new one and enter the phrase into it to regain access. With that in mind, keeping the seed phrase safe is more important than keeping the device safe. Remember, there is no recovery process to recover a lost seed phrase.
Is Cold Storage Hackable?
The only way a Ledger/Trezor can be hacked is if a bad actor knows the seed phrase of the wallet. Again, as long as you keep this security information offline and secure, your assets will be safe.
Although not technically a ‘hack’, if you sign a transaction on a malicious contract, you will lose your funds regardless of whether you’re using a cold or hot wallet. You should always double-check the Metamask popup message to read carefully what transaction you are about to perform. However, the requirement to subsequently confirm the transaction on the HW device gives you a chance to review once more what you are signing.
Many people I’ve spoken to have put off getting a hardware wallet because they’re daunted by the prospect of installing it. If you take your time and follow the step-by-step guide in this tutorial for Ledger, or this tutorial for the Trezor, it’s a breeze. Pause the video and perform the action, and keep repeating that process. The peace of mind you’ll get for years to come is well worth the hour it may take.
In the next installment, we will look at the many types of hacks/scams which are prevalent in this space. Knowing about these in advance will give you a sixth sense to detect them before any damage is done.