Can a hardware cryptocurrency wallet be hacked?
When you start getting interested in cryptocurrencies, you will eventually come across something called a wallet. There are two types of wallets, hot and cold ones. They’re also known as online cryptocurrency wallets and hardware wallets respectively. While they have the same purpose, the way they go about it is different.
A hot wallet (or online wallet) is a wallet that’s accessible online. It’s essentially a program connected to the Internet. While a cold (hardware) wallet is completely offline. Hardware wallets are usually small devices that look like USB sticks that can be connected to a device like a computer. When the private keys are stored in hardware wallets, they are kept offline, which means they are not susceptible to online malware attacks. But accessing the private key is not as simple as plugging in the hardware wallet. The wallets are protected by PINs and passphrases. So when the hardware wallet is plugged into a device, you would need to put in the correct PIN and/or passphrase to access the private key stored in it. Without the correct PIN and a passphrase, a hardware wallet is essentially useless.
Why hardware wallets are considered a safer option
The way it works is that your cryptocurrency is safe as long as your private key remains private. The moment malicious actors get access to it, they can steal all your cryptocurrencies. Hot wallets are particularly susceptible to various attacks that could expose the private key because they work through mobile devices/computers. If a device is, for example, infected with malware, the private key(s) may become exposed to malicious actors.
But cold (hardware) wallets, on the other hand, keep the private keys offline, which means they are not vulnerable to online attacks. Even if you plug in the wallet on a device that’s infected with malware, the keys will be protected because they don’t actually leave the device. The hardware wallets are also locked with special PINs and passphrases, so even if someone was able to steal your hardware wallet physically, they would be unable to access the private keys unless you keep your passphrase and PIN in plain view or easily accessible.
How hardware cryptocurrency wallets can get hacked
We’ve established that hardware wallets are much safer options, particularly for those who deal with large amounts of cryptocurrencies. However, as is the case with many things, hardware wallets are not immune to being hacked, under certain circumstances that is.
- A tampered-with hardware wallet
Hardware wallets are sold on many different websites/stores, not all of which are legitimate and safe to order from. Keep in mind that it’s not particularly difficult to physically tamper with hardware wallets, for example, before sending them to customers. Buying a hardware wallet that’s been tampered with could result in malicious actors getting access to the private keys necessary to access cryptocurrencies. And considering that interest in cryptocurrencies is growing, malicious sites offering hardware wallets that have been modified in some way are also becoming more common.
- Vulnerability exploits
Generally, all reported hardware wallet hacks are done by researchers looking for vulnerabilities to report. Or they’re performed in a controlled environment for education purposes.
Hardware wallets can come with certain vulnerabilities that could be exploited if discovered. If the wrong person discovered a vulnerability and had physical access to a hardware wallet, they may be able to hack it. But keep in mind that in order for someone to be able to exploit hardware wallet vulnerabilities, access to the physical device would be necessary. This greatly lowers the risk of someone hacking your hardware wallet unless it was stolen. It’s worth mentioning that there is very little information about malicious actors being able to steal cryptocurrencies by hacking hardware wallets.
There is one noteworthy case where an electrical engineer and hardware hacker Joe Grand was able to get into a hardware wallet after the owners lost their PIN and were unable to get the private key stored in it. Grand was able to hack the hardware wallet, allowing the owners to get their $2 million in cryptocurrencies, as demonstrated in his video about the hack. It took over three months for Grand to be able to hack the hardware wallet. It’s worth mentioning that the particular exploit used by Grand has been patched once it was reported quite a while ago so it’s no longer a threat to users. However, this just goes to show that it is indeed possible to hack hardware wallets under the right circumstances, though so far it does not appear that any malicious actors have been successful.
How to use hardware wallets safely
While using a hardware wallet is already much safer, there are certain things you can do to further protect your cryptocurrencies from malicious actors.
- Buy hardware wallets from trusted vendors
When looking to purchase a hardware wallet, it’s important that you only do so from safe vendors. Do extensive research to make sure you’re not buying anything that could be tampered with. It’s best to stick to known vendors, especially ones that are recommended by specialists. Be cautious of vendors selling hardware wallets for a suspiciously low price. In many cases, if a deal sounds too good to be true, that’s because it is.
- Carefully inspect the device for any signs of tampering
It’s not impossible that hardware wallets can be tampered with during shipping or if you purchase them from unreliable sources. Therefore, it’s a good idea to carefully inspect the device when you receive it. You can even open the hardware wallet to check for anything that shouldn’t be there.
- Keep the wallet out of sight
The most important thing to keep in mind is that your hardware wallet should not be easily accessible to anyone but you. Do not keep it in plain sight or anywhere it could be accessed by visitors to your home. If you have a large amount of valuable cryptocurrency, consider keeping your hardware wallet in a safety deposit box or a safe. You should also not keep your PINs and passphrases anywhere visible. If you write them down somewhere, at least use your own encryption system to make reading the passphrases difficult.
You should also take measures to not lose your hardware wallet or the information (PINs and passphrases) necessary to operate it. It is estimated that around $66.5 billion worth of Bitcoin is currently lost to investors because they cannot remember their login credentials or have thrown away/lost their hardware wallets.
- Protect all devices you use for cryptocurrency with anti-malware software
Any device you use for cryptocurrencies should be protected with a reliable anti-malware program, whether you use hardware or online wallets. Make sure to choose a trustworthy anti-malware that has the necessary features.