If you are the owner of any cryptocurrencies, such as Bitcoin, it means that you have the access rights to the digital record on the block where your coins are written. In order to say that they are truly your cryptocurrencies, you must have a private key to prove ownership. A private key is a 64-character series of numbers and letters. Since private keys provide access to currencies with a lot of potential value, you will certainly want something that acts like a safe for your private keys like a hardware wallet. Although this is the safest method of storage, new risks are still emerging. What are they and how can you prevent them?
Whether I mention Trezor T or Ledger Nano S, I'm talking about a sophisticated hardware and software device that has been designed and is constantly being refined for the sole purposes of cryptocurrencies and to protect your private keys. You might ask - against whom and against what? The answer has two sides of the same coin. In front of you, there are those who want to steal your cryptocurrencies. While hardware wallets may resemble an ordinary flashdrive or pager, I mean it when I say that that contents underneath the plastic cover are the result of the gems and skills from professionals in the fields of high level mathemathics (cryptography), hardware, software, and social engineering, as well as many with experience in the world of hacking.
The first thing you need to realise about crytocurrencies is that you are entering a world of technically gifted and capable people. If you lack self-awareness, I recommend slowing down and realising that whatever your skills and experience are, there are likely to be people out there who are better at it than you and a lot of them belong to the "dark side". My intention, however, is not to scare you or dissuade you from the cryptosphere; on the contrary, I want to ask you to be careful, vigilant, and devote some energy to improve on this aspect. Always think about the worst possible scenario that can happen. And what if I told you that one of the most popular hardware wallets, the Ledger Nano S, was hacked by the extremely gifted, 15-year-old boy, Saleem Rashid?
Hardware wallets, by nature, should generally solve one critical issue. This is done using one-way communication with the computer you are connecting to. This means that even if you attach a hardware wallet to a computer in an Internet café, its overall production in terms of hardware, software, design, and use, should protect you from any attack with the intention of stealing your cryptocurrencies. So far, it sounds pretty safe, but surely, someone will find a way to challenge that.
Saleem, a 15-year-old independent hacker, whose hobby and profession is mainly to look for security mistakes, is unique in his way of thinking. Saleem also independently cooperates with the Czech company SatoshiLabs, who is the creator of the legendary (and I even think the best) hardware wallets, the Trezor and Trezor T. Saleem is a person that you hire when you think you're invincible, and he will show you that you are probably miserably mistaken. When you ask an average cryptocurrency user about what a hardware wallet is and where to buy one, he/she will probably have some insight and tell you that it is a completely safe way of storing your cryptocurrencies and that it can simply be purchased in an authorised store. But do you think he/she has the wallet's distribution chain in mind?
An entire half of the wallet's security rests on what happens when someone gets access to your hardware wallet. Let's say someone gets to your Ledger Nano S (via theft, loss, etc.) and wants to take your bitcoins. However, they encounter a problem because they do not know your PIN. Without a PIN, this wallet is useless and your bitcoins are still safe. You can then get another (NEW!) Ledger Nano S and using the recovery seed, which is a 12-24 character series of random English words, you can restore all the private keys you had on the wallet, which the bad guy wanted to get. If the hacker does not get to your recovery seed (which they should NEVER be able to), then your cryptocurrencies will remain safe.
Well, what if someone owned your hardware wallet before you, and then you bought it in sweet ignorance as a new one? Saleem Rashid figured out that the Ledger Nano S could be altered by a hacker to find the recovery seed himself/herself, and he/she can even set it up (by choosing the 24 "random" words) before the new owner receives it. This would result in the purchase of a "new" Ledger Nano S, but then when you purchase cryptocurrencies to put into the wallet, the hacker already has access to them. All he/she has to do is wait for you to have a good fortune on your wallet, and then one day, suck up all of your investments.
First of all, you need to know where it is safest to buy hardware wallets. First, right from the manufacturer. This way, you have the shortest distribution chain and the slightest chance that something like what I've described will happen. Secondly, ONLY with manufacturer-verified vendors. NEVER, and I REALLY MEAN NEVER, buy a hardware wallet from auction portals, bazaars, second hand sellers, and other sellers that are not mentioned by the manufacturer on their website.
My recommendations above may sound like too much, but I repeat, you are not in a fairy tale. You are in the digital Wild West, where careless people underestimate security and end up losing everything.
If you have firmware older than 1.4.1, upgrade immediately. If the device is up and running without firmware, you can be assured that no one has ever manipulated your device; at the same time, a successful upgrade protects you against a similar type of attack. Take the case again, for example, when you leave your Ledger at home, someone can rob you, but not in the traditional way. When you get home, everything is found in its place, but your hardware wallet could be tampered with by the attacker.
Before we start, make sure that you have your recovery seed, the most critical 24 words in the cryptosphere are Alpha through Omega. Here, we assume that you already have some experience with Ledger Nano S and you can use it. That's why you have an application named Ledger Manager installed in Google Chrome.
The first step can have two different steps. It depends on whether your Ledger Nano S is new and you do not have a recovery seed set up, or you have been using your Ledger for some time now.
If you do not have the recovery seed and Ledger Nano S set up, the procedure is as follows. Hold the right button (the one that is further from the USB connector) while plugging in the cable.
If you have already had your Ledger Nano S for some time and you have firmware version 1.4 that contains security flaws, the procedure is as follows. Enter your PIN code and continue to Step 2 again. Either way, the two above-mentioned firmware upgrades, whether you have a new Ledger Nano S or not, are the same.
Launch Ledger Manager in Google Chrome and wait for your hardware wallet to sync.
In the left column, click FIRMWARES.
Select and download the latest firmware version 1.4.1.
Click on the green INSTALL button to start upgrading firmware 1.4.1 for your Ledger Nano S hardware wallet, which contains a security patch that addresses the issue of any manipulation mentioned in this article.
Now you need to confirm that your Ledger Nano S hardware wallet is firmly upgraded directly to your device by pressing the right button.
During the installation of the new firmware, the Ledger Manager window will be reported, as well as the Ledger Nano S physical device itself, and the installation will progress.
If you find the following error, you need to delete some wallet-based applications via Ledger Manager to make more space on your Ledger for the files needed for updating. Do not worry, you will not lose your cryptocurrencies by deleting the application, and once you install them back, your coins will be right where you left them.
Now, just a few clicks of the button on the right-hand side separate you from the new firmware that solves the problem of distribution chain manipulation by an attacker.
You need to confirm the firmware version you are about to install again by pressing the right button. The numeric designation 1.4.1 will show on the display of your Ledger Nano S wallet.
Before the final step of the installation, you need to compare the firmware IDs you are installing. You will be shown both on the display of your Ledger Nano S hardware wallet and in the Ledger Manager application in Google Chrome.
If all eight characters match, you can start the final step of installing the new firmware by right-clicking on your Ledger Nano physical device.
Once the firmware installation is complete, the Ledger Nano S hardware device prompts you to re-enter your PIN code.
After a successful installation, the Ledger Nano S hardware wallet will display that the MCU firmware is outdated. Do not worry, it does not mean anything is wrong.
To update the MCU, you need to get into the Bootloader mode. Hold the left button (closer to the USB port) and, while keeping it pressed, plug the USB cable back in.
On your PC or laptop, where you have your Ledger Nano S wallet attached, you should see an MCU Recovery Report in the Ledger Manager of Google Chrome.
After a while, the update of the hardware wallet will appear on the display of the hardware wallet. Do not disconnect the cable. Wait for the update of the new firmware to address security flaws, which includes both a set of cryptographic enhancements and the option for multiple installed applications (wallets). This should not take more than five minutes. It was completed in less than a minute for me.
Likewise, the Ledger Manager application should report the ongoing update of the new firmware. If for some reason the process gets stuck for a long time at this stage, disconnect the cable, exit the Ledger Manager application and try to repeat the process.
Upon completion of the firmware upgrade to version 1.4.1, your Ledger Nano S will prompt you to enter the PIN again. Enter the PIN, and the last step will be to check if the process has been completed correctly.
Immediately after entering your PIN, you will have to go to the Settings option. Press both buttons at the same time to proceed.
In the Device option, pressing both keys simultaneously will allow you to verify the firmware version again.
By a repeated but final pressing of the two keys, we finally get to check the version of the firmware, which is called Secure Element.
The Secure Element should now show version 1.4.1. By pressing the right button, you will get to the MCU version, which, if everything has been done correctly, shows version 1.5.
The final step is just uploading the basic wallet application named Bitcoin, which will then run several other applications in Google Chrome, such as Litecoin, Vertcoin, PIVX, and more. There are only three applications on the computer or laptop side, namely Ledger Wallet Ethereum, Ledger Wallet Bitcoin, and Ledger Wallet Ripple.
SatoshiLabs, creators of the first and safest hardware wallet in the world, leave nothing to chance and regularly issue updates for their Trezor and Trezor T. Unlike the competing Ledger Nano S, an update on the web interface of the Trezor will "pop" up. Do not wait - update immediately!
Again, keep your recovery seed, the 24 random English words from which all your private keys are generated.
Stay in the Trezor web interface, disconnect the USB cable from the hardware wallet, and simultaneously push and hold both buttons as you connect the USB cable. This will enable the Trezor function needed to update the latest firmware.
It is unlikely that your recovery seed will be needed, but keep it at hand. Confirm by checking the box that you have it by your side and then clicking on the green "Update my device" button.
Confirm your new firmware update right on the Trezor with the right button.
In the wallet's web browser, you will see the latest installation of the most recent firmware. Upon confirmation, you will see several random numbers on your screen and on the Trezor (digital fingerprint of your device). Compare them, and if you agree that they match on the Trezor and the screen in the browser, you can confirm them by pressing the right button directly on your hardware wallet. Installation will be completed within a few seconds, the Trezor will prompt you twice to disconnect and reconnect the USB cable, then enter your PIN and complete. Simple, clear, fast, and easier for me than the Ledger Nano S.
However, the biggest and most undisputed advantage of the Trezor is the Passphrase that doubly ensures your Trezor. The Passphrase creates a safe inside the Trezor based on your chosen words or phrase. In the event of an immediate attack, someone can force you to unlock your Safeguard with a PIN, but if you have a Passphrase set-up for your cryptocurrencies, the attacker will see only a small balance amount of your choice, and there is a good chance he/she will assume that it is all you have.
In the web interface on wallet.trezor.io, click on your Trezor or Trezor T hardware wallet, and under the Advanced tab, you will see the firmware version and the Passphrase option. The Passphrase is basically a unique 25th word to your 24-word series from which the seed is composed. As soon as you activate the Passphrase, the Trezor generates a new, complete set of unique private keys that can only be reached by combining the recovery seed and the Passphrase, for a total of 25 words. Check the "Ok, I understand" checkbox and click on "Turn on Encryption with Passphrase". Your hardware wallet prompts you to confirm with a button and then asks you to disconnect and connect the USB cable.
Now choose your Passphrase, which you are sure you will never forget. If you forget your 25 word (Passphrase) recovery seed, nobody and nothing in the world can help you get to the private keys that give you access to your cryptocurrencies. As soon as you enter the Passphrase, you will find yourself in the new private key set. At first, the balance will be zero at all addresses until you send something to them. If you want to send cryptocurrencies to an address (wallet), simply copy the current address, disconnect the USB cable from the Trezor, reconnect it, enter the PIN, do not type in your Passphrase, and press Enter.
Press Enter to get the wallet's private keys that are not hidden behind any Passphrase. From there, you can send cryptocurrencies to hidden addresses. Once you have done so, you can disconnect the Trezor from the USB cable, reconnect it, enter the PIN, enter your Passphrase again, and if the transaction occurred through the blockchain, you will see it on your wallet. If this seems complicated, just imagine that you have moved your coins from one cup to another, except no one knows that the second cup exists, and no one ever gets to unless they know the secret code (the Passphrase). In my opinion, this puts the Trezor and Trezor T over all other security solutions that you can encounter in the world.
It is essentially a solution to Plausible deniability, which is a condition where in the case of insufficient evidence and in our case, insufficient suspicion, we can be "guilty of acquittal" and basically suspicion alone that we have a larger amount of cryptocurrency. In other words, because of the Passphrase feature, you can not unambiguously prove or even suspect that a Passphrase exists. Of course, it's always a good idea to have one fake Passphrase with a smaller balance, as the Passphrase is publicly known and you can assume that a potential attacker will not only be content with a PIN code and an unprotected wallet. It is therefore not a matter of just having a Passphrase, but also a wallet with a sufficient balance that will satisfy a burglar's desire, but deter them from your real holdings.
Thankfully, the creators of the Ledger Nano S hardware wallet also thought of offering a Passphrase, so your Ledger can be a little safer than before. The difference between Passphrase for the Trezor and the Ledger, however, is that with your SatoshiLabs Safari hardware or a newer Trezor T, you can actually use Passphrase and you can make it anything you want. With the Ledger, you can only have a second PIN. The first PIN is without a Passphrase, and the second PIN code leads to the wallet that is hidden behind "Passphrase".
This solution honestly doesn't make much sense for re-use, as there are only two situations where you really work with a Passphrase. And when you set the second PIN, then you will be restoring your wallet using the provided recovery seed. Unfortunately, you can not set up a third PIN, and thereby, it defeats the whole purpose of the Passphrase as it works with the Trezor.
One of the most common questions I get is how to choose a hardware wallet. This can not be clearly answered because both Ledger Nano S, Trezor, and Trezor T currently offer slightly different functions. The Trezor offers fewer altcoin wallets than the Ledger, but with the Trezor T, there is hope for adding more cryptocurrencies in the future, which is just a matter of time. For example, Vertcoin and ZenCash developers, which we have written articles about, are working to add more cryptocurrencies to both hardware wallets. There is also a great anticipation of Monero's integration into Ledger, while SatoshiLabs (creators of the Trezor) has announced a bold reward for anyone who manages to integrate Monero with the Trezor. The aforementioned Saleem Rashid did a great job when he got into the Trezor NEM.
Personally, I prefer the Trezor hardware wallets. They work better for me, their user-friendly environment is more enjoyable, and the Password Manager is a great feature, which will help you move your overall level of security in the digital world to a different and improved level. But if you are more interested in cryptocurrencies and your invested capital is larger than the purchase price of these two wallets, I advise you to get both. In addition, Trezors come with a security hologram, so you can see if someone has tampered with the equipment and/or the packaging. The Ledger Nano S has nothing like this, and Ledger's creators claim there's no need for it.
The mystery of cryptocurrency is, among other things, that they are tamper-proof and indestructible. However, you may not be here tomorrow. While you have hardware wallets, dozens of passwords for the stock exchange, your recovery seed, hidden backup, and you use several Passphrases, those who stay here may sooner or later learn that have been pumping money into some stupid bitcoin. Remember when you controlled the price of Litecoin on your mobile phone, but when you shared the next coin you were interested in with others, all they heard from you was strange gibberish? In short and simple words, if you're involved in cryptocurrencies, you have to leave behind instructions on how to do it and how to get to them for your heir.
The safety of cryptocurrencies should not be underestimated. A little bit of inattention and you can lose it all. The basis is to buy hardware wallets only from trusted sources. Just remember, however, that you are not immortal. So leave behind instructions on how to get access to your crypto treasure.