Hardware Wallets: What You Need To Know

The benefits of hardware crypto wallets for cold storage and how to choose one

What is a Hardware Crypto Wallet?

A hardware blockchain wallet is a device for storing private keys to crypto wallets in a non-custodial way without connecting to the internet.

Sounds complex? Let’s unpack this definition, starting from the importance of self-custody.

How do Public and Private Crypto Keys Work?

There are two types of keys which control cryptocurrency transactions. Knowing the difference is important for managing the security of your holdings.

• Public keys are used for transactions with others, like an email address.
• Private keys control access to your tokens and MUST be kept secret, like a password.

To send and receive cryptocurrency, your public key is used. You can share your public key freely (within reason, of  course). Multiple public keys can even be attached to a private key, and your public key can be recovered if you lose it.

Private keys are much more serious, as they unlock the right to send and spend crypto. Your private key is used to verify transactions on the blockchain, ensuring that the actual owner of the tokens authorized them and not a malicious actor.

If someone obtains your private key, they now have complete access to and control over your funds. This is why your private keys must be kept secure.

Self-custody vs. Centralized Custody

Here at Pontem, we say this all the time: Not your keys, not your crypto.

This popular saying has only become truer these days, as prominent centralized exchanges like FTX have collapsed or been attacked, costing customers their hard-earned money in the process. It’s important to remember: if you don’t control the private keys for your cryptocurrencies, you risk losing them.

When you are the only person who has access to your private keys, it is called self-custody. The only custodian of the keys is you. Any wallet that supports self-custody is called non-custodial.

By contrast, if you hold crypto on a centralized exchange, it’s the exchange that holds the private key. You can’t even get access to it. If something happens to the exchange, be it an accident, collapse, bank run, exploitation, or anything else, you could lose access to your funds completely.

Exchanges do provide justifications for centralized custody. For example, if you forget your exchange password, you can recover access to the wallet using email and other account data. Conversely if you lose the seed phrase and private key to a non-custodial wallet, there is no way to recover the money.

Still, the security risks of centralized custodial wallets are just too great, and it’s a terrible lesson to learn the hard way. For example, many FTX traders lost millions of dollars, and their chances of getting anything back through the courts are slim.

Types of Non-Custodial Wallets

There are three main types of non-custodial wallets:

• Software (hot) wallets are web or mobile applications that allow you to hold your assets digitally without relinquishing your keys. They are connected to the Internet, which makes it far easier to send and receive money or use dApps. Software wallets are also called “hot”.

For people with extreme security concerns, though, this is a downside, as there are some hypothetical vulnerabilities to exploit. This is why it’s so important to use an audited, secure wallet, like our very own Pontem Wallet.

• Hardware (cold) wallets are dedicated physical devices that store your keys. To use your crypto, you connect the device to your computer via USB or Bluetooth. That’s the only time a hardware wallet is connected to the internet, thus protecting your assets from online exploitation.

Hardware wallets are a great compromise between security and utility. And since they are relatively inexpensive, they are an easy way to dramatically increase the safety of your crypto. Hardware wallets are sometimes called “cold storage,” since they are disconnected from a “hot” web connection.

• Paper wallets are a fairly uncommon type of non-custodial wallet, but a valid option for certain people. A QR code is printed on a piece of paper. When the owner wants to use their crypto, they scan the QR code in a software wallet or other app to initiate a transaction. This is considered the most secure solution, as your assets are disconnected from the web until the QR code is scanned. However, paper itself is a fragile material and using your computer is more cumbersome than other options.

Hardware Wallets

How Popular are Hardware Wallets?

It may seem like only whales and professional traders use hardware wallets. But in reality, the market is quite big: $245 million in 2021 to be exact, according to Straits Research. The same report also suggested that it will grow at an impressive CAGR of 24% to reach $1.725 billion by 2030. So you could say that hardware wallets are a billion-dollar opportunity. By the way, Asia Pacific (and not North America) leads the number of hardware wallets with 38% of the total.

Do You Need a Hardware Wallet?

In very broad terms, you need a cold wallet if you own more crypto than you can stand to lose without getting very upset.

Think of all your crypto holdings. If they were suddenly all gone, would it make you depressed, frustrated, or desperate? If yes, then a cold wallet is a good idea, at least for your long-term crypto stash that you’re not actively using for trading or DeFi.

Another approach is to compare the amount of crypto you own with the price of a hardware wallet. A device costs $50-150, so if your holdings are several times that (say, $500), then buying a cold wallet is justified.

Cold Wallet Brands & Models

There are numerous hardware wallet manufacturers, such as Ledger, Trezor, SafePal, CoinKite, and SatoshiLabs. Each brand has various models with different features, including:

• the types of token supported, although almost every option will support the most popular cryptocurrencies;
• support for DeFi features like staking and lending;
• support for dApp integrations;
• different connectivity options like USB, Bluetooth, and QR scanning.

Ledger is the most popular hardware wallet brand on the market with over 5 million devices sold as of December 2022. The brand offers two main models: Ledger Nano S Plus and Ledger Nano X. Ledger Blue, an older model released in 2016, isn’t sold on the official website anymore, and a new one - Ledger Stax - should be released in May 2023 and is already available for preorder.

As for Trezor (the second most popular brand), it sells two models: Model T and Model One. The table below provides a comparison of both Ledger and Trezor cold wallets.

How to Use a Ledger Hardware Wallet

Most of the functions of your Ledger are executed via the Ledger Live app. It replaces the previous suite of Ledger tools that included Chrome extensions and apps.

Ledger Live allows you to:

• Create and manage accounts;
• Download third-party apps for various blockchains;
• View assets and portfolio balance;
• Track crypto prices in 20+ fiat currencies;
• Store and manage ERC-20, ERC-721, ERC-1155, BNB Chain BEP-2 and BEP-20, Tron TRC-10 and TRC-20, and NEO NEP-5 tokens;
• View and send NFTs;
• Send and receive crypto (requires manual confirmation on the physical device);
• Swap, earn, and stake crypto (through select partners like Lido Finance);
• Interact with 15+ dApps natively supported by Ledger Live (1inch, Rarible, POAP, Paraswap, Lido, Zerion, etc.);
• Buy crypto with a card and other fiat methods, etc.

As you can see, Ledger Live is positioned as a “one-stop shop for crypto,” and for good reason. It turns Ledger from a cold storage device into a fully-functional wallet - even though  you’ll still need to connect it to a hot wallet like MetaMask or Pontem to leverage DeFi and dApps fully.

How to Connect to Different Blockchains and Wallets with Ledger

Ledger Live natively supports a number of blockchains, such as Bitcoin, Ethereum, XRP, Tron, Tezos, Bitcoin Cash, Dogecoin, Stellar, Cosmos, and Algorand. It also supports non-custodial wallets like MetaMask, MyEtherWallet, Guarda Wallet, and MyEOSWallet.

However, for other chains and wallets, including Aptos and Pontem Wallet, you need to install third-party dApps. The same goes for Avalanche, Solana, MultiversX (Elrond), Flow, etc.

You can install third-party blockchain apps from the app catalog section in Ledger Live by searching for the required blockchain (see the brief tutorial at the end of this article). Such apps are developed by various teams - for example, the one for Aptos was created by Pontem Network - and are subject to a review by the Ledger team.

Trezor has a similar app to Ledger Live called Trezor Suite, as well as a growing number of third-party apps. However, we will focus on Ledger in this article, because Trezor doesn’t have an Aptos app yet - and Pontem Network is an Aptos-centered product studio after all!

How to Use dApps with Ledger

Every blockchain app in Ledger Live’s catalog is integrated with one or more wallets on that blockchain. For example, the Aptos app natively supports Pontem Wallet. Once you connect Ledger to the wallet, you will be able to interact with any dApp normally.

For example, when you use the Connect Hardware Wallet in Pontem Wallet, your Ledger accounts will appear on the list. You can switch to any Ledger account and connect to Liquidswap, PancakeSwap, Topaz, Tortuga, etc.

Ledger Security

While a hardware wallet protects your private keys, it does not grant immunity from various other forms of exploitation, such as phishing. In fact, fake Ledger apps used to be such a huge problem that Ledger deactivated all its Chrome apps in April 2022, replacing them with Ledger Live. Make sure to download it directly from the official Ledger website.

Before Ledger Live, the problem of fakes was even more serious: Chrome Store was filled with scam apps that stole seed phrases. A single fake extension managed to steal up to $2.5 million in XRP!

Phishing scams use social engineering - malicious methods of getting you to compromise a seed phrase or private keys. See our article on crypto safety for additional ways to protect yourself.

What if I Lose my Cold Wallet?

This is the classic downside to a hardware wallet, as your digital assets are now on a physical device. (Remember when people had to go dumpster diving for their lost bitcoin?) Fortunately, Ledger has a solution: a 24-word seed phrase. Simply enter this phrase on a new wallet to restore your assets.

YOU MUST PROTECT YOUR SEED PHRASE for this reason. Moreover, there’s no need to worry about someone stealing your crypto by stealing your hardware wallet.

Your Ledger is secured by an 8-digit PIN. After three incorrect PIN entries, your wallet will deactivate and wipe its contents (though the crypto holdings will still be there on the blockchain, of course).

Ledger and Aptos

Pontem Network recently released the first-ever Ledger app for Aptos. It is still pending review by the Ledger team, but you can already use it to connect Ledger to Pontem Wallet and to all Aptos dApps that support it.

In particular, you can now swap and farm on the Liquidswap DEX, also built by Pontem, as well as PancakeSwap and AUX; liquid staking apps Ditto and Tortuga; marketplaces like Topaz and Souffl3; lending protocols like Aries and Abel Finance, etc. See Pontem’s guide to DeFi on Aptos for an overview of these protocols.

How to use Ledger with Pontem Wallet Liquidswap

Here we’ll provide just basic guidelines - see our Aptos Ledger tutorial for more details.

1. Install the Aptos Wallet app on your Ledger

To install the app, turn on the Developer Mode in Settings and search for Aptos in My Ledger -> App Catalog.

You’ll see a "Pending Ledger Review" message when opening the application, because Pontem’s Aptos app for Ledger is currently still in developer mode pending review.

2. Import/create an Aptos account and deposit APT

Make sure that the Ledger wallet is connected to the computer you’re using, via either USB or Bluetooth, and that Aptos is selected. Choose Connect Hardware Wallet in Pontem Wallet’s account tab.

You can create and import as many Aptos Ledger accounts as you like. Confirm on the device to import each of them. You should now be able to see them on the account list in Pontem Wallet.

3. Swap on Liquidswap

Now all you have to do is connect to Liquidswap through Pontem Wallet (making sure that a Ledger account is active). The swapping process is the same as usual, the only difference being that you’ll be prompted to confirm the transaction on the device manually.

And you’re done! You just used your hardware wallet to trade crypto on Liquidswap. You can rest easy knowing only you have access to your private keys and your assets are safe on your hardware wallet.

We are proud to be the first Aptos product studio to integrate with Ledger. But that’s just a taste of what  we have planned for 2023. Follow Pontem Network on Twitter, Discord, and Telegram for updates on our Aptos products, including Pontem Wallet,  Liquidswap, ByteBabel code translator, and our NFT collections, Space Pirates and Dark Ages.

About Pontem

Pontem Network is a product studio building for Aptos and the wider Move ecosystem. We work in close collaboration with the Aptos Foundation to deliver secure audited dApps and groundbreaking tools for coders.