Key Takeaways
- Hot Wallet vs Cold Wallet: A "Hot" wallet (Metamask, Coinbase) is connected to the internet. A "Cold" wallet (Ledger, Trezor) is offline. Hackers cannot touch offline devices.
- The Private Key: All your money is stored in a long string of numbers called a Private Key. A Hardware wallet generates this key internally and NEVER reveals it to your computer.
- Physical Confirmation: To send money, you must physically push buttons on the device. Malware cannot push plastic buttons.
If you have more than $1,000 in crypto, keeping it on an exchange is negligence. Exchanges get hacked. You are your own bank now.
How it Works
A hardware wallet is like a USB stick, but with a secure chip (Secure Element) inside.
1. You plug it into your infected computer.
2. You open the wallet app and click "Send 1 BTC."
3. The computer sends an unsigned transaction to the USB stick.
4. The USB stick displays the transaction on its screen: "Send 1 BTC to address X?"
5. You press "Confirm." The stick signs it internally and sends the signature back.
Result: Your private key never left the device.
Ledger vs Trezor
Ledger (Nano S / X)
Uses a proprietary "Secure Element" chip (like in passports). Very secure, but the firmware is not fully open source.
Trezor (One / Model T)
Fully Open Source hardware and software. No hidden black boxes. However, if someone steals the physical device, it is theoretical easier to extract the key (requires advanced lab equipment).
The Seed Phrase
When you set it up, it gives you 24 words. Write them on paper. Do not take a photo. Do not save in Google Drive. If you lose the device, the words restore your money. If a hacker finds the words, they steal your money.
Frequently Asked Questions (FAQ)
Beware of malicious USB devices.
Read BadUSB Guide