When buying a hardware wallet there’s a few things that are critical to be aware of. Learning how to buy a hardware wallet isn’t some great quest, but today we’re going to go through why everyone should very much stop, think and take just a bit more care before mindlessly clicking “Buy Now”, especially from companies like Ledger. Firstly though, let’s just make sure we’re all on the same page.
Contents
What Is A Hardware Wallet?
A hardware wallet (also sometimes called a Signing Device or Cold Wallet) is separate, physical device that’s used to generate, store and manage your private keys entirely offline, adding an extra layer of security to help protect you from threats like hacking or malware. They can take many forms including looking like USB drives, small calculators, credit cards or small smartphones.
Many mistakenly believe hardware wallets “store” or hold their crypto in them, however hardware wallets only store your private keys. Cryptographic keys are what give you authority over your bitcoin which are actually stored on the Blockchain.
Most hardware wallets work with many different cryptocurrencies and their associated blockchains, but some are Bitcoin only.
What Is The Best Hardware Wallet?
Most hardware wallets cost anywhere from $60-$250 USD with some of our top recommendations being the BitBox02, Foundation Passport, COLDCARD Mk4, Blockstream Jade, Keystone 3 Pro or SeedSigner.
>> Deeper Dive: Best Hardware Wallets Of 2024
Now that you know what hardware wallets are and which ones we have tested and reviewed to be the best, let’s explain why buying them requires a bit more effort than normal.
Hardware Wallet Companies Lie
We know. A company lying? It’s hard to imagine! But seriously, the lies are just everywhere. For example, if you go to the Ledger store right now, the page title reads:
Ledger – Home of the first and only certified Hardware wallets
Page header for the Ledger Store
News flash: Ledger was not the first hardware wallet (Trezor was) and it’s certainly not the only certified one! For example, the Keystone 3 Pro, Trezor Safe 5 and many other hardware wallets are also “certified”, some at a higher level than Ledger hardware wallets.
But this is just run of the mill, marketing bs, everyone kind of expects this. However even when hardware manufacturers aren’t lying through their teeth about their “amazing” security or features, they can trick beginners into focusing on the wrong things.
It’s very common for manufacturers to propose overly complicated scenarios where you might have your bitcoin stolen and then try and sell you a fix for it. All the while ignoring that the vast majority lose their funds by much simpler methods.
As such, it’s better to chose a device that focuses on ensuring these more common loss methods are addressed. These include things like:
- Not creating a backup seed phrase
- Storing the seed phrase incorrectly (eg. in the cloud, even if it’s encrypted)
- Not fully understanding what a seed phrase is or how to secure it (eg. giving it to a scammer)
- Forgetting your hardware wallet PIN
- Forgetting your Passphrase
- Loosing the hardware wallet when you’re moving house or cleaning old junk out
Before we get to the best way you can purchase a hardware wallet let’s also look at the data you’ll be entering in when buying one, things like your name, delivery address, email etc. This is important because if this data is leaked while being tied to “crypto”, criminals can come knocking…
Ledgers Huge Data Breach
For those that aren’t aware, back in 2020 Ledger suffered an enormous data breach. This was caused by a vulnerability in one of their websites which the attacker used to access their e-commerce and marketing database. As a result:
Contact and order details were involved. This is mostly the email address of our customers, approximately 1M addresses. Further to investigating the situation we have also been able to establish that, for a subset of 9500 customers were also exposed, such as first and last name, postal address, phone number or ordered products
Ledger
While a company leaking your email address isn’t amazing or new, the impact for the 9,500 “subset” of customers was particularly bad given their data included full names and postal addresses. It got worse though. It was later revealed that Ledger was potentially lying (or unaware) about just how much data was actually leaked.
A post up on a hacker forum offered all the data for free, noting that it was in fact 272,853 customer orders that had this much more invasive information such as email, physical addresses and phone numbers leaked not 9,500.
Regardless of which number is correct, these poor people now have a massive, massive target on their back forever. Criminals know their name, address, phone number and exactly what Ledger device they purchased. They know that they likely have modest to large cryptocurrency holdings and precisely where to go to get it. Extremely frightening!
This is why we have always said to never buy a hardware wallet device using your real world identity. The risk of you entering in that private data, having it linked to the fact that you own bitcoin and then having it be hacked and leaked to criminals is just not acceptable in our eyes.
This post is for Athena Alpha Pro subscribers
...or get 10% off by subscribing with Bitcoin / Lightning here