Hardware cold wallets offer a robust solution for safeguarding our digital assets, artifacts, and cryptocurrency (hereinafter “digital assets”). Grasping the essence of a hardware cold wallet is crucial: It’s a tangible storage device designed to securely house your private keys offline.
A cold wallet ensures continuous protection against potential cyber threats. However, it’s vital to recognize that a hardware wallet won’t shield you from careless or irresponsible behavior.
In this post we share tips and recommendations on how to properly protect your digital assets using digital cold wallets. Before sharing specific tips, it’s important to understand the difference between a “hot” or “cold” digital wallet.
Hot and Cold Digital Wallets
A digital wallet is a tool that allows users to interact with blockchain networks. Depending on how they operate and their connection to the internet, these wallets are categorized as either “hot” or “cold.” Here’s a breakdown of the differences:
Connection to the Internet:
Hot Wallet: This type of wallet is always connected to the internet. Examples include web wallets, desktop wallets that are online, and mobile wallets. Because of their online nature, they are suitable for regular transactions. Examples of hot wallets we use each day are Metamask and Xverse.
Cold Wallet: Cold wallets are kept entirely offline, ensuring that they are not exposed to online threats. Examples include hardware wallets and paper wallets. We use multiple Ledger wallets as our cold storage solutions.
Hot Wallet: While convenient, hot wallets are more vulnerable to online threats such as hacking, phishing, and malware because they are always connected to the internet.
Cold Wallet: Since they are offline, cold wallets are immune to online cyber-attacks. They are considered one of the most secure methods for storing cryptocurrencies, especially large amounts.
Hot Wallet: Typically more user-friendly and easily accessible for daily transactions. Funds can be quickly sent or received.
Cold Wallet: Accessing funds is a bit more cumbersome since it requires the user to connect their cold storage device or input their paper wallet details. It’s not meant for frequent transactions.
Hot Wallet: Suitable for smaller amounts of cryptocurrency that you might want to trade or spend regularly.
Cold Wallet: Ideal for holding large amounts of cryptocurrency for an extended period, often referred to as “HODLing.”
Hot Wallet: Depending on the service, if you forget your password or lose access, there might be ways to recover your account, especially with centralized platforms.
Cold Wallet: If you lose a hardware device without having a backup of the seed phrase, you will more than likely lose access to your funds. A seed phrase is a series of words that act as a master key to recover and restore a digital wallet and its associated assets. We discuss ways to protect your seed phrase below.
In summary, while hot wallets offer convenience and are suitable for frequent transactions, cold wallets provide a higher level of security, making them ideal for long-term storage of significant amounts of digital assets. It’s common for users to employ a combination of both, depending on their needs.
How to Protect Your Cold Wallet
Here are “best practices” to help keep your cold wallet secure and digital assets safe.
Purchase and Download: Only purchase and download a cold wallet app from the manufacturer or authorized reseller. Do not purchase from an online site like Amazon. Even if shrink wrapped, it could have been tampered with. Note that some hardware wallets come with seals that show if the device has been tampered with. While not foolproof, they can provide an additional layer of assurance.
Seed Phrase: Never share your seed phrase (a series of words that act as a master key to recover and restore a digital wallet and its associated assets).
Backup Your Seed Phrase: When setting up your hardware wallet, you’ll be given a seed phrase (usually 12–24 words). This is the only way to recover your funds if the device is lost or broken. Write it down and store it in a safe, offline place. Never store it digitally or online.
Use a Secure PIN and Password: Set up a strong PIN for your hardware wallet. This adds an extra layer of security in case someone gets physical access to your device. If your cold wallet allows for passwords on top of a PIN or other security measure, use a strong password combining upper and lower case, symbols and numbers.
Phishing: Pay attention to phishing attempts. Do not open unsolicited emails and DMs.
Test Send: If you’re sending crypto to a new address, always do a test transaction first ($5) before sending larger amounts. While you will incur a small fee, this is better than suffering a large loss.
Support: Only interact with wallet companies through official support channels. Confirm all relationships and links.
Airdrops: Avoid opening or interacting with free unexpected airdrops. If something is too good to be true, then it probably is. Most wallets allow you to “hide” these digital assets like NFTs and Ordinals.
Always Double-Check Addresses: Before sending any transaction, double-check the receiving address on the hardware wallet’s screen. Malware can change addresses in your clipboard or on your computer screen.
Keep Firmware Updated: Manufacturers regularly release firmware updates to patch vulnerabilities. Always ensure your hardware wallet’s firmware is up-to-date, and only update through official channels.
Verify Web3 Connections: When connecting your hardware wallet to a Web3 application, ensure you’re on the correct website (check the URL) and that the connection request on your hardware wallet matches the application you’re trying to use. Consider using a service like Wallet Guard. These solutions add a security layer to your web3 interactions. They offer top-notch security insights using proactive phishing protection and transaction analysis.
Physically Secure Your Wallet: While hardware wallets are designed to be secure even if someone gets physical access, it’s still a good idea to keep them in a safe place, like a safe or a lockbox.
Beware of Phishing: Be cautious of emails, messages, or websites claiming to be from your hardware wallet manufacturer or related services. Always go directly to the official website rather than clicking on links.
Public Wi-Fi: Avoid using public Wi-Fi networks when accessing your Web3 wallet accounts, as these networks are often unsecured and can be easily hacked. If you must use public Wi-Fi, use a VPN (see below).
Use a VPN: Use a Virtual Private Network (VPN) to encrypt your internet connection and protect your privacy. We use NordVPN.
Isolate Your Environment: When performing critical operations, use a dedicated, clean computer or even a bootable USB operating system to ensure a malware-free environment.
Multi-Signature: Some wallets support multi-signature setups, where multiple private keys are required to authorize a transaction. This can add an extra layer of security.
Regularly Check the Manufacturer’s Website: Stay updated with any security advisories or updates from the official website of your hardware wallet manufacturer.
Beware of Fake Apps: Only download wallet interfaces or companion apps from trusted sources. Fake apps can attempt to steal your data.
Regularly Test Recovery Process: Periodically test the recovery process with a small amount of funds to ensure you understand it and that your backup is valid.
Encrypt Backup Data: If you must store backup data digitally (not recommended), ensure it’s encrypted.
Stay Informed on Social Media: Follow official accounts of your hardware wallet manufacturer on platforms for real-time updates and alerts.
Limit Exposure: Only keep funds you actively use on your hot wallet. Consider using cold storage for larger amounts you don’t need regular access to. Also store valuable digital assets on your cold wallet.
Avoid Showing Off: Don’t advertise that you own digital assets, especially in public forums or social media. This can make you a target.
Beware of “Too Good to Be True” Offers: Scammers often lure victims with promises of high returns.
Use Hardware Wallet for DApps: When interacting with decentralized applications (DApps), use your hardware wallet instead of hot wallets for better security.
Double-Check Domain Names: Phishers often use domains that look similar to legitimate sites. Always double-check the URL before entering any sensitive information.
Consider Using a Faraday Bag: A Faraday bag, also known as a signal-blocking bag or RFID-blocking bag, is a type of pouch or container designed to block electromagnetic signals. These bags are often used to shield electronic devices from radio frequency (RF) interference, electromagnetic radiation, and prevent communication between the device inside and external networks or devices.
Use a Self-Custodial Cold Wallets: Custodial wallets like centralized exchanges and CeFi platforms (Coinbase and Binance) are more susceptible to login attacks, data leaks and social engineering attacks. While these platforms require the least technical effort, you do not control your private keys and must entirely entrust that entity with your crypto. Furthermore, assets held in a custodial wallet can be locked if the company becomes insolvent or bankrupt, leading to a complete loss of your assets. Hence the mantra, “Not your keys, not your coins.”
For these reasons, a majority of crypto holders use self-custodial wallets in order to have 100% control of their assets. With Ledger and Xverse, you are essentially your own bank, meaning no confirmation is needed from a third party for transactions and withdrawals.Your private keys are encrypted by default, never leave your device and are never shared with anyone, including the Ledger and Xverse teams.
Consider a Hot-Cold Wallet Hybrid Approach: Use a combination of one or more of these wallets for fast, easy and quick access depending on your needs. Keep a small amount of everyday funds in your hot wallet and your more valuable digital assets in an unrelated cold wallet.
Educate Yourself: The crypto space is rapidly evolving, and new threats can emerge. Stay informed about the latest security practices and potential vulnerabilities.
By following these tips and maintaining a proactive approach to security, you can significantly reduce the risks associated with managing and storing your digital assets. The key to security in the crypto space is a combination of using the right tools and following best practices to minimize risks.
Remember: Don’t trust — verify. It doesn’t matter what a website displays, the only thing that really matters is the message you’re signing on your hard wallet itself.