Page Contents 👉
Not your keys…
Your crypto portfolio is coming along nicely. That BTC you bought a couple of years ago sits slowly powering up its thrusters for another moon shot. You have a healthy amount of ETH ready for the launch of version 2.0 next month/year/lunar cycle. Maybe you have a stack of Altcoins that you plan on going all pirate-like with and burying them someplace safe for the next decade. You log into your exchange account every so often to see how it’s all doing and ponder your next move.
If you have a few hundred dollars locked up in your portfolio and it’s all kept on a reputable exchange then you don’t have too much to worry about, especially if you have all the extra two-factor authentication options enabled and have set up anti-phishing emails if your exchange offers that feature. The best exchanges have good security procedures in place and spend a lot of money every year on maintaining them. In the unlikely event that the worst does happen, it’s not as though you’ve lost the family silver, though some crypto enthusiasts might be thinking, “psssh, forget the family heirlooms, losing the family Bitcoin is worse!”
Unlikely, yes. Impossible, no. Exchange hacks have happened before, with catastrophic consequences. Many grizzled crypto veterans still shudder to remember the Mt. Gox fiasco, while the BitGrail saga still resonates throughout the space.
Not your Keys, Not your Crypto. Image via Shutterstock
In both cases hackers made off with millions of dollars in crypto and investors were left staring in dumb horror at their computer screens. These are two of the worst examples, though there have been other, more recent breaches. Lessons have been learnt and security tightened, but the threat remains.
In other cases, the exchange itself has been the villain of the piece. The QuadrigaCX scandal reads like a treatment for a Hollywood movie, but caused untold misery to those it affected.
There are plenty of exchanges out there that are either downright shady, or else don’t invest enough in their security, or are simply poorly run. But it’s worth remembering that, if you store your coins on an exchange – no matter how well-regarded and secure it may be – you do not control them. The private keys to your crypto are held by the exchange and if something goes wrong there is little or nothing you can do about it.
…Not Your Crypto
The best exchanges make security one of their top priorities. Most insist that users complete KYC (know your customer) procedures when registering. Two-factor authentication is usually required to log in and withdrawals are frequently limited to specific, whitelisted wallet addresses.
Any exchange worth considering will keep most of its funds in cold storage, without access to the internet. The drives with all the users’ private keys are then sometimes stored in secure vaults with air gaps and armed guards. The private keys containing access to the digital gold is treated as securely as though it were the real solid shiny stuff. The top exchanges also have insurance which means that if a breach does occur, any investors affected will be reimbursed.
Binance Hack of $40m. Image via Bloomberg
You can rest assured though that the hackers won’t have given up. There’s too much money to be made (or stolen) and in some cases, the hackers have some pretty powerful interests behind them. Technology is advancing all the time with the newest, shiniest padlocks ending up looking rusty.
And quite aside from the threat of theft is the question of ownership. You’ve paid for your crypto, you will decide what to do with it, so you should have the keys to it. In these matters it pays to listen to experience and those who have been knocking about the crypto ranges for a while will tell you that keeping your coins on an exchange is a bad idea.
Take Control of Your Crypto
Once you’ve decided to forgo keeping your coins on whichever exchange you might be using, you have three main options. The first is to store them on a mobile wallet – basically, an app for your smartphone, check out Guy’s top picks for mobile wallets here.
These mobile wallets give you more control over your crypto and allow you greater freedom to use it to pay for goods and services. They do of course have one major downside, which you will probably have spotted: they’re still connected to the internet and therefore still vulnerable to attack.
The second option – and the one most likely to appeal to anyone born before about 1970 – is a paper wallet. Yes, paper… I seem to remember it now. Here you print out your private keys (usually in the form of a QR code) and keep them somewhere safe. There are benefits to doing it this way, of course. If you intend to hodl your coins for years to come then putting the keys in a drawer and forgetting all about them will stop you ever spending or selling them.
1 Million Bitcoin Dollars!. Image Source
As long as the piece of paper is kept safe and not lost or stolen, or put in the recycling by a well-meaning partner who has finally lost patience with you for not clearing out the study, then all should be well.
The third option is the one which concerns us today and is by far the best for those who hold a decent amount of crypto and want to keep it safe. Whether you’re a minnow or a whale or somewhere in between (a barracuda?) then a hardware wallet is what you should be using to store those coins.
Hardware wallets are physical devices that store your private keys and keep them safe from any outside attack. They can be plugged into a computer, or connected to a mobile device to enable users to manage and spend their crypto, but all aspects of any transactions and validations are done on the device itself. Even if the device being used is infected with malware or is otherwise compromised, the hardware wallet remains secure and nobody else can get access to the private keys.
Each of the wallets mentioned here today come with the vitally important feature of being able to back up your wallet so you will be able to restore your wallet, and your funds, should you lose or damage the wallet that stores your private keys so please follow good crypto security etiquette 101 and always ALWAYS be sure to back up any wallet you use, software or hardware. Keeping those recovery seed phrases stored safely will likely be the only way to recover your funds should something go astray with your crypto storage method of choice.
Top 5 Best Hardware Wallets
There are a number of hardware wallets on the market and choosing the right one can be tricky. That’s why we’ve put together a handy guide to our top five below. There are a few things to weigh up before choosing which one is right for you and we’ll consider all of these in relation to each wallet:
- Security: Although hardware wallets are the safest option out there, some are more secure than others.
- Coins supported: All hardware wallets will store BTC, ETH and most other top cryptocurrencies. However, if your portfolio includes some lesser-known altcoins, then some wallets may not be suitable.
- Price: If your portfolio is relatively small then chances are you won’t want to pay top dollar for a device to store it on. As with any product, prices for hardware wallets vary.
One final point to remember when buying a hardware wallet is to always buy it directly from the maker. There have been a few instances of unscrupulous types buying a wallet, extracting the seed words and then reselling the device. When the unsuspecting buyer then loaded their crypto onto it, the scumbags were able to remove their funds using these seed words.
Avoid buying your wallet from eBay or anywhere else where it might have been interfered with and order straight from the supplier’s website. Most of them also offer free shipping, unless you happen to live somewhere particularly exotic.
So, armed with this knowledge, let’s take a look at the best hardware wallets on the market.
1. Trezor Model T
Taking the top spot on our podium is the Trezor Model T, the flagship product on offer from the guys over at Trezor. The Trezor brand is a creation of Prague-based company Satoshi Labs (Trezor means ‘vault’ in Czech) and the first device was launched back in 2013. This top of the line hardware wallet comes in at $195 and supports over 1,000 crypto assets. Trezor has been audited by third-party security researchers and boasts a long-standing successful track record. Since the release, there have been no known instances of successful hacks resulting in loss of user funds to date. Trezor can be used with the online Trezor web wallet on desktop or mobile, or via the downloaded Trezor suite app on desktop.
Trezor can also be integrated with web 3.0 wallets such as Metamask and has also formed a unique partnership and integration with the massively popular software wallet Exodus, combining the convenient features and the user interface of the Exodus software wallet with the security of the Trezor hardware wallet. You can read more about that here.
Trezor offers two hardware wallets, the less robust and cheaper Trezor one and of course the flagship Model T. One of the most obvious benefits of the Model T over the Model One is that you have more coin support, and sensitive information such as the pin code and recovery phrases are entered directly on the Model T’s touch screen keeping all sensitive information off the computer, unlike the Trezor One. A full list of coins supported by both the Trezor one and Trezor Model T can be found here.
- Price: $195 (£130/€165)
- Coins supported: 1,000+ Full list here
Another great benefit of the Trezor Model T over the model one device is that it has that user friendly colour touch screen. I found this to be way more efficient than having to shuffle with the buttons on both the Model One device as well as the ledgers. Trezor is compatible with the major computer operating systems: Windows, Mac, Linux, and works with Android for mobile. Apple’s IOS and Windows mobile operating systems, as well as the Chrome OS are not yet supported.
Setting up the Model T is also pretty quick and very user friendly. All you will need to do is install the bridge and ensure that the firmware is up to date and that should be it. While the Model T is the premium device offered by Trezor, many users do not feel that it is worth more than double the price of the Trezor One. While both are fantastic options for crypto storage offering top-level security, if you don’t need the additional asset support and don’t mind not having a touchscreen, then picking up the Trezor one for $65 is a cheaper and sure-fire way to ensure your funds are safe.
2. Ledger Nano X
The number two spot on our podium goes to Ledger’s Nano X. For those that don’t know, Ledger is a company that is based in France and they are considered the standard in the hardware wallet market. The Ledger Nano X is the premier product in the Ledger stable and is more expensive than the entry-level Nano S. The Nano X stores over 1,800 different cryptocurrencies and comes equipped with industry-leading security, including a CC EAL5+ Certified secured chip. The ledger device can connect with a desktop computer through a USB cable, as well as desktop or mobile via a Bluetooth connection. Ledger can run on Windows, Mac, Linux, IOS and Android.
Although most of the crypto can be managed through the use of the Ledger Live software, there are many assets that have native wallets not supported with the software yet. However, given the popularity of the Ledger hardware devices, many of them have integrated with Ledger in order to allow users to securely store their keys.
While the Nano X is more expensive, it has everything that the Nano S has, while also coming with Bluetooth connectivity, a slightly larger screen and the ability to store 100 apps, as opposed to the three to six apps available on the Nano S which has been reported as a major pain point for many users as they feel there is not enough space to install enough apps to support multiple different networks leaving users unable to hold all their favourite coins. Both Ledger Nanos also support integration with web 3 wallets such as Metamask, allowing users to access various DeFi platforms.
Get your Ledger Nano X From the official Store
- Price: $119
- Coins supported: 1,800+ Full list here
For crypto users without the need for 100 apps, or the need to store multiple different Altcoins, the Ledger Nano S may be a better solution for a price that is easier on the bank account ($59/£43/€50). There’s not much separating the two Ledger devices and most people would probably be more than happy with the cheaper Nano S. However, for all-around features and the ability to store a whole host of different assets, the Nano X deservedly takes one of the top spots.
It is important to let you know that Ledger did suffer a data breach in mid-2020 resulting in 272,000 customers’ home addresses, telephone numbers, names and about one million email addresses being stolen by hackers. While the crypto-assets themselves were not at risk, this breach did lead to fake emails being sent out by hackers pretending to be Ledger staff asking for users’ private keys and recovery phrases. This data breach and lack of due diligence being done on behalf of the Ledger team has left a lot of customers to lose confidence in the security and reputation of the Ledger product and the company. If you want more information regarding the Ledger hack, Guy made a dedicated video on the hack, and more information about the breach can be found here.
Coming in third on our list is the KeepKey hardware wallet. You can’t fault KeepKey on price, as for less than $50 you’d struggle to find a better hardware wallet. It’s also beautifully designed, rugged metal case and with a bigger screen than any of its rivals. KeepKey was bought by Shapeshift back in 2017, so the wallet has full integration with the Shapeshift platform and its exchange which can be accessed directly from the KeepKey wallet. Keepkey only has the option of generating a 12-word recovery phrase, and users manage their funds via the Shapeshift Platform when the device is plugged into a computer via USB.
KeepKey’s security was compromised when rivals Ledger found a way to extract pin codes from the wallet, although this required having physical possession of it. The glitch was later fixed in an update.
- Price: $49
- Coins supported: Around 40+. Full list here
The main drawback with KeepKey is its relative paucity of coin support in relation to the other wallets on this list. The Keepkey wallet also lacks integration to many web 3 wallets such as Metamask leaving users unable to interact with many DeFi apps. Keepkey natively supports Bitcoin, Bitcoin Cash, Bitcoin Gold, Dash, Dogecoin, Ethereum, Kyber Network, Litecoin and DigiByte and can be paired with MyEtherWallet to allow support for any ERC-20 token. This is still a pretty limited list in comparison to its rivals and could well prove unsuited to anyone holding a particularly diverse portfolio.
4. Ellipal Titan
The fourth spot on our list goes to the Ellipal Titan. The Titan is an air-gapped cold storage wallet that works in complete network isolation for true offline cold storage. The Ellipal Titan comes in at a cost of $169, more than the entry-level Trezor One and Ledger Nano S, but the hefty price tag may be worth the cost for some crypto users. This hardware wallet has the most extensive coin support on this list and is sealed to ensure that it is dust and water-proof, also coming with an anti-tamper feature that will delete all of the private keys should someone try and physically break into the device to tamper with it. The device itself is secured via a passcode, so users should be sure to use a strong passcode with this device and store the Titan someplace safe as you would with any hardware wallet.
The Ellipal Titan is the only wallet on this list that is kept completely separated from network connectivity, with enhanced security in the form of only relying on QR codes to transfer data. The Ellipal cannot be connected to any connections such as USB, Wifi or Bluetooth, protecting your crypto against remote and network attacks.
Ellipal impressively supports a mind-blowing 40 different blockchains and 10,000+ crypto assets with new coins added each month, and even allows users to stake assets, earn interest and even buy or exchange crypto through the apps that can be installed on the wallet. Ellipal hardware wallet can be used in conjunction with the Ellipal mobile app which is available on both IOS and Android. A full list of supported coins can be found here.
- Price: $169
- Coins Supported: 40 Blockchains, 10,000+ coins and tokens. Full list here.
Some of the cons with the wallet are that the default Bitcoin address generates the BIP 44 Bitcoin address that begins with the number 3 instead of the new and widely accepted BIP 84 Bitcoin addresses that begins with bc, which could lead to more expensive Bitcoin transactions for users. Another deal-breaker for many users is that the Ellipal wallet does not give users access to their own Xpub keys which leaves this wallet not operable with many apps and does not give users the option to import “view only” wallets. Various crypto payment gateways for eCommerce use Xpubs to generate new payment addresses for various checkouts, so this limitation of the wallet should be considered.
Security minded users may be turned off by the Ellipal’s ability to only generate a 12-word seed phrase instead of a more secure 24- word phrase, and the wallet has no support for test net coins for any blockchain network. The lack of ability to add a custom RPC could be a deal-breaker for users who are interested in running test nets or testing coins to learn how certain networks function.
5. SecuX V20
Coming in last on our list is the SecuX V20 which looks like something futuristic out of a sci-fi film. Though its size is considered a bit robust for many crypto enthusiasts on the go, the SecuX V20 contains a complete suite of security features in place from protected production chain, to tamper-resistant packaging, right down to its military-grade Infineon SLE Solid Flash CC EAL5+ certified secure element to keep your assets safe. The SecuX V20 is made with a strong aluminium case ensuring longevity and protection against bumps and drops.
This hardware wallet connects via USB C or Bluetooth and is compatible with windows, IOS, Android, Google Chrome, Mac and Linux. Connection to both desktop and mobile devices is done through the dedicated SecuX app. The SecuX V20 supports over 1000 coins and tokens, a full list can be found here.
- Price: $139
- Coins Supported: 1,000+ Cryptocurrencies. Full list here.
The SecuX wallet does have an internal battery so the device can be charged with the USB C cord that comes with it allowing for use of the device on the go. The wallet is easy to interact with as it has a 2.8-inch colour touch screen, making this device more like a mini-portable crypto computer than simply just a wallet. The SecuX has compatible recovery with BIP 32, 39, and 44 standards and uses 2-factor authentication during Bluetooth connection for additional security.
The SecuX V20 is backed up using a more secure 24-word recovery phrase instead of the standard 12 word, and the wallet itself is accessed with a pin code set by the user. The wallet also has a “hidden wallet” feature which allows users to hide a separate portfolio hidden within the wallet with it’s own pin as an added layer of security.
A major downside with this wallet, as with any hardware wallet aside from Trezor and Ledger is the lack of integration to web wallets such as Metamask and lack of mainstream support, leaving users unable to access many DeFi applications until these wallets become more widely adopted. Users of this wallet are also unable to view their Xpub keys leaving users unable to pull in view only wallets like those used by some third party apps, and limits various crypto payment gateways for eCommerce. There is also no support for testnet coins nor the ability to add custom tokens.
Keep it Secret, Keep it Safe
It is worth mentioning that Trezor and Ledger have both been industry leaders for many years, being tried and tested, passing multiple security audits and have set the bar for cold wallet security. That does not necessarily mean that their security is superior, or even that the products are better, after all, we see old tech get surpassed by new and better tech all the time, think no further than the iPod replacing the Discman cd player, but many users find the successful long-standing track record and the strong reputation of these wallets comforting. The other mentions on this list do not yet stand up to the reputation of these two industry leaders, and have not been around as long, so be sure that you are confident in the security of the wallet that you choose and do your own thorough research before deciding to trust your funds to any crypto wallet.
Whichever wallet you choose, you still need to mitigate against the risk of it falling into the wrong hands. All wallets have pin codes, as well as seed words and phrases used for access and recovery. It goes without saying that these should be known only to you.
Write them down and keep them somewhere safe, away from prying eyes. Some people with large portfolios take their security extremely seriously. Guy, for example, keeps his wallet in one safe deposit box and his seed words in another, both in separate locations.
Technology can keep us safe only up to a point. If someone manages to get hold of both you and your hardware wallet, then there’s not much that can be done to then stop them forcing you to hand over your pin code or seed words with the aid of a weapon and some threatening gestures (a $5 wrench attack if you want the technical term).
There are two steps you can take to reduce this risk though. One is a hidden wallet feature that enables you to set up extra wallets on your device which only you know about. Both Ledger, Trezor and SecuX offer this, though it’s a bit on the fiddly side.
And the other? This step is the simplest of them all: keep your crypto on the QT and don’t go flashing your shiny new wallet about. After all, do you really want anyone knowing how much XRP you loaded up on back in the day?