The problem of storing digital assets is one of the key obstacles to the mass adoption and implementation of cryptocurrencies into our everyday life with the existing financial system. The well-known phrase of the entrepreneur, Andreas Antonopoulos, who is one of the most notorious supporters of cryptocurrencies and blockchain technology, reads: “Not your keys, not your bitcoins”. It is quite difficult to disagree with him, as centralized exchanges and custodial services are the intermediaries, the mere presence of which contradicts the original ideology of the P2P economy. For several years now, various media resources have been assuring us that one of the most reliable and convenient ways to store your coins is to use hardware wallets. In this article, we will review how accurate this statement is.
What is a hardware wallet?
Hardware wallets do not actually store your assets. Accessing your cryptocurrencies without your private key is still impossible. The hardware wallet is nothing more than a physical, electronic device for secure storage of your private keys, while at the same time, it allows the user to access their coins and tokens easily. At the moment, many such devices are present on the market. However, they are all designed to perform the same functions, such as the creation of new private keys offline (inside the device itself) and the reliable storage of these keys. The most popular cryptocurrency wallets until now are Ledger and Trezor devices. And although companies do not disclose sales statistics for their products, the web analytics service SimilarWeb states that the online store page of Trezor is visited by 150–200 thousand people a month, while 400 thousand people visit Ledger website accordingly. It is also worth noting the sharp increase in attendance of the Ledger online store in May 2020, which reached 720 thousand people. That may indicate better Ledger’s preparation for exiting the quarantine period.
The security level of Ledger, Trezor, and their competitors
Many articles have been written about cryptocurrency hardware wallets, their features, advantages and about other methods of storing crypto assets. Numerous times questions were raised about the various vulnerabilities of these devices and the corresponding security risks. But we would like to focus on a different frequently asked question, bordering on conspiracy theories: how, after receiving and saving a wallet’s seed phrase (mnemonic code for generating and restoring private keys), can one be 100% sure that the private keys only belong to them? If you dig into this question, it becomes clear that there are no guarantees. What if, while connecting to the Internet or updating the firmware, the hardware device that is designed to protect our private keys, actually uploads the seed phrase to the manufacturer’s database or even provides us with a phrase from its memory prepared in advance?
Device manufacturers persistently tell us that the private key never leaves the wallet. But there is no way to verify that. After all, nearly all modern hardware wallets have elements with closed code in their software. Thereby, it is practically impossible to hack a hardware device technically, but at the same time, there are no guarantees that manufacturers are actually on our side and are not collecting confidential data.
Why does it all come down to trust?
Currently, most hardware wallet manufacturers rely on their reputation and third-party security audits to market their products, sell them successfully, and position them as safe. However, the question being asked is how reliable these security certificates are. Manufacturers point out that certification is tested only against a set of predetermined scenarios and is not a substitute for independent verification.
This is analogous with the admin keys for DeFi, and entirely becomes a matter of trust. Users must trust manufacturers’ allegations that the device is actually safe, that hackers have not figured out a way to compromise it, and that third parties, present in the chain of component supply, have not introduced any backdoors. We are led to believe that the wallet does contain declared security elements, and can provide the reliability we pay for. And there is no way we can resolve this matter of trust.
We can verify a part of the open-source code, but we will have no evidence that companies do not collect our confidential data. One can talk about conspiracy theories as much as they like, but it all comes down to whether you trust a particular company. We could also try to increase the level of trust by asking the company representatives as many questions as possible, including provocative ones, and draw conclusions based on their reaction to these questions. This problem can be partially solved with certain knowledge, so the sole way is to simply collect the maximum possible amount of additional information in order to decide whether or not to trust a particular developer. Manufacturers themselves state that it is challenging to create open-source software in terms of costs, technical aspects, patents, and time.
Consequently, it will likely take several more years for the first open-source secure elements for hardware wallets to appear. In this case, how are Ledger and Trezor more reliable than Binance and Coinbase? The largest exchanges also have their reputation, security audits, and substantial insurance funds in case of hacks and theft of funds. At the same time, BitGo custodial service customers’ deposits are protected by the insurance program, provided by Lloyd’s of London.
Shall we wait for the open-source code, and how long could it take?
Licensing the tools required to develop open-source hardware wallets for storing cryptocurrencies is a costly process and a very time-consuming objective, especially when comparing the safety of the installed secure elements. We are yet to find out which companies have potential and hold sufficient funds that are necessary for such transformation. For the time being, we can only conclude that reliability of hardware cryptocurrency wallets is highly exaggerated. It will take several more years and substantial resources so that the software of these devices becomes as open and as accessible as possible for any user to verify. And that will undoubtedly lead to a new stage of this market development.