Skip to main content

Hardware Wallet | Bitcoin Glossary | Mapping Bitcoin

Hardware Wallet

Security

Also known as: HWW, signing device

A dedicated physical device that stores Bitcoin private keys in a secure element and signs transactions offline, protecting keys from exposure to internet-connected computers. Popular hardware wallets include Trezor, Ledger, and ColdCard.

Overview

A hardware wallet is a specialized physical device designed to securely store Bitcoin private keys and sign transactions in an isolated environment. Unlike software wallets running on general-purpose computers or phones, hardware wallets keep private keys within a secure chip that never exposes them to the host machine. Even if the connected computer is compromised by malware, the private keys remain safe inside the device.

How It Works

┌─────────────────┐         ┌──────────────────────┐
│  Computer/Phone │         │   Hardware Wallet     │
│  (watch-only)   │         │   (signing device)    │
│                 │         │                       │
│ 1. Create       │  USB/   │ ┌───────────────────┐ │
│    unsigned  ───┼──BT/──►│ │  Secure Element    │ │
│    transaction  │  NFC    │ │  ┌─────────────┐  │ │
│                 │         │ │  │ Private Key │  │ │
│ 4. Broadcast ◄──┼─────── │ │  │ (NEVER      │  │ │
│    signed tx    │         │ │  │  leaves)    │  │ │
│                 │         │ │  └─────────────┘  │ │
│                 │         │ │                   │ │
│                 │         │ │ 2. Display tx     │ │
│                 │         │ │    on screen      │ │
│                 │         │ │ 3. User confirms  │ │
│                 │         │ │    → Sign tx      │ │
│                 │         │ └───────────────────┘ │
└─────────────────┘         └──────────────────────┘
  • Trezor: One of the first hardware wallets (2014), open-source firmware, supports many cryptocurrencies
  • Ledger: Uses a certified secure element chip, closed-source firmware for the secure element
  • ColdCard: Bitcoin-only device, air-gapped operation via microSD, strongly focused on security
  • BitBox02: Swiss-made, available in Bitcoin-only edition, open-source
  • Jade: By Blockstream, budget-friendly, supports air-gapped signing via camera
  • SeedSigner: DIY open-source signing device built on a Raspberry Pi Zero

Security Features

  • Secure element / secure chip: Cryptographic operations happen in tamper-resistant silicon
  • Physical confirmation: Transactions must be manually approved on the device's screen and buttons
  • Screen verification: The device displays transaction details independently, preventing address substitution attacks
  • PIN protection: Devices require a PIN to access, with brute-force protections
  • Passphrase support: An additional passphrase can create a hidden wallet for plausible deniability
  • Air-gapped operation: Some devices can sign transactions without any direct connection to a computer (via QR codes or microSD)

Best Practices

  • Purchase hardware wallets directly from the manufacturer, never from third-party resellers
  • Verify the device is sealed and untampered upon arrival
  • Write down the seed phrase on durable material (metal backup) and store it securely offline
  • Always verify the receiving address on the hardware wallet's screen before sending
  • Consider using multisig with multiple hardware wallets from different manufacturers for large holdings

Common Misconceptions

  • A hardware wallet is not a USB drive that "stores bitcoin." Bitcoin exists on the blockchain; the device stores only the private keys.
  • Hardware wallets are not immune to all attacks. Supply chain attacks, sophisticated side-channel attacks, and social engineering can potentially compromise security.
  • Losing the hardware wallet does not mean losing bitcoin, as long as the seed phrase backup exists. Funds can be recovered on any compatible wallet.

Related Terms

Cold StorageSecurity

A method of storing Bitcoin private keys on a device or medium that is not connected to the internet, providing protection against remote hacking and malware. Examples include hardware wallets, paper wallets, and air-gapped computers.

WalletGeneral

Software or hardware that manages Bitcoin private keys, generates addresses, creates and signs transactions, and tracks balances. Wallets range from simple mobile apps to complex multi-signature setups and do not actually 'store' bitcoin, which exists only on the blockchain.

Key PairCryptography

A mathematically linked pair of cryptographic keys: a private key (kept secret) used to sign transactions and a public key (shared openly) used to verify signatures and derive addresses. The private key can generate the public key but not vice versa.

Seed PhraseSecurity

A sequence of 12 or 24 words that deterministically generates all the private keys in an HD wallet. The seed phrase is the master backup for a wallet and must be stored securely offline, as anyone with access to it can control the associated funds.