Hardware Wallet Risks: Why The Brain Of Hardware Wallets Is Actually Their Biggest Weakness (2023)

Athena Alpha

We all know that you should store your Private Keys on a dedicated Hardware Wallet. Millions of people world wide trust them to keep their bitcoin safe and for good reason, they work. No one should be storing their keys on a post it note, in their iCloud account (even if it’s encrypted) or on their horrifically malware infested computer and don’t even get us started on storing it on your phone!

However many of the top trusted Hardware Wallets such as Trezor, Ledger and COLDCARD all use the same hardware chips in them. This has caused centralisation and a significant risk as there could be back doors secretly built into those chips that could compromise millions of wallets in an instant. For those with pocket money or savings account level of funds, this isn’t a huge deal.

But for the class we call Experts, the ones that hold significant investment funds in Bitcoin, it’s important to know about these Hardware Wallet risks. So today we’re going to look into this in more detail and outline what you should be doing to protect yourself.

Anatomy Of Hardware Wallets

To begin with we need to quickly outline two key parts of most Hardware Wallets:

  • Microcontrol Unit (MCU): This acts as the “brain” of the device and is like a normal computers CPU. It connects with other parts of the device like the screen, USB, a Bluetooth radio or maybe a camera. It’s main design goal is bang for buck compute and while it may have some security features built into it… that’s not its main focus
  • Secure Element (SE): This acts like a bank vault. A special place that’s only used to store secrets like passwords or private keys. It’s specifically built to withstand sophisticated, in person physical attacks such as attackers injecting weird voltages into it or even delidding the chip with freaking lasers

While Secure Elements sound like a fantastic place to store something like a Mnemonic Sentence (your 12 or 24 words), they’re also closed source, proprietary chips that cannot be openly verified due to NDAs the manufacturers force everyone to sign. So if you want your Hardware Wallet to be entirely FOSS (Free and Open Source Software), you can’t use them. For the rest of this piece we’ll be focusing on the MCU (and no, not that MCU).

Want to get serious about safely and privately using Bitcoin? You need to subscribe now.

Benefits Include:
Learn more about Bitcoin than 99% of people in just one hour a month
Secure your Bitcoin investments and ensure they stay safe from hackers
Know what risks your investments are exposed to and how to fix them
Keep pace with Bitcoins rapid growth and what opportunities it enables
Get insights into how Bitcoin can help your business or work save thousands
Step-by-Step guides for all aspects of Bitcoin (wallets, buying and more)
How to do all of these things and maintain your privacy!