This is an article originally written by a Guardian of TGA, Gregory Esman (Wolf Den Wolf Pup #912) on November 24th 2021. Some of his words have been edited for the purpose of this article. If you were in the Crypto space in 2022 you’d know just how true the saying of “not your keys, not your crypto” really is. Gregory does a deep dive into why hardware wallets to secure your keys so that you have custody of your own crypto. Once you have an understanding of that importance he goes into how to make the best decision regarding which hardware wallet to choose.
Let’s talk about securing your Crypto.
The Crypto world is a Wild West. There are thieves and scammers around every corner. But, you don’t have to worry about this too much considering you are set up safely, and you have some basic security habits in play so you don’t accidentally trip yourself up (right?).
If not, The Guardian Academy (TGA) has got you covered as well. You can learn the necessary security habits and best practices from the article linked here.
You Need To Give Permission
There’s a lot at play here, but to make it simple, just think about this:
For anything to happen in the Crypto world, you have to give it permission. This includes buying, selling, transferring, staking, farming, and all else the wonderful world of Crypto gives to us. We will refer to these actions as transactions.
When these transactions start, they need permission to complete.
Everyone has a permission slip that we use to say “Yes, go ahead” when anything in the Crypto world wants to be done, like those transactions I mentioned above.
When most people start in the Crypto world, their “permission slip” is tied a little too close to all these thieves and scammers.
Our goal here is to cut the yarn between the permission slip, the thieves and scammers, then put distance and a concrete barrier between the thieves and scammer, and your permission slip.
Sounds simple enough?
We will do this using a hardware wallet.
But first, let’s back up a little and translate our analogy to Crypto terms.
Our permission slip is our “seed phrase”. And the reason that it is too close to the thieves and scammers is that when you created the seed phrase (When you opened up your first wallet, and any others after that), the device you created it from was connected to the internet. If I were to guess, you created your seed phrase on the computer or smartphone you use in your everyday life.
Now imagine this: Remember when you were writing down your seed phrase? What if you had some spies (malware, viruses, keyloggers, screen recorders) running on your computer? Your seed would have been picked up – That permission slip. What does this mean? This means that not only can whoever picked up your permission slip (your seed phrase) see the contents of your wallet, but they can start any transactions they want… And give it permission to run. This in effect can let them take all your Crypto. This is what usually happens.
Generally, anything you don’t want potentially compromised, you don’t want to do on a computer or cellphone.
The Million Dollar Question
If we don’t want to create our wallet (and our seed) on a computer or smartphone… How can we do it?
A hardware wallet! Hardware wallets can create wallets for you, display that seed phrase for you to write down, and it will never be connected to the internet while you’re doing this! Furthermore, because your permission slip (your seed phrase) is now stored more securely on a device that is not connected to the internet, that device will be in charge of giving transactions the permissions to run.
Remember the concrete barrier I referred to?
The internet where all the scammers and thieves live are now disconnected from your seed phrase. Your seed phrase is now on your hardware wallet, which isn’t connected to the internet. That concrete barrier is the disconnect between the hardware wallet and the internet.
Why Is That Best Practice
Imagine someone gets into your MetaMask because you weren’t careful, picked up a virus on your computer, and the virus found the details to get into your MetaMask wallet. Imagine they start a transaction that transfers 100 ETH from your wallet to theirs. What will happen?
They’ll be stuck, of course! Why? Because that transaction, like any other, requires permission from that transaction to go through. This means, because your permission slip is now stored on a device that isn’t on the computer (the hardware wallet), the hacker would need to have YOUR hardware wallet physically with them, beside them, in their hand, to be able to give permission for that transaction to go through. Don’t get yourself confused about where MetaMask is put inside this ecosystem of hardware wallets. Just focus on the main point I’m sharing for now. I’ll explain where MetaMask plugs in further on down.
This gives you some leeway as to the risk you can take (In other words, use the same computer you use for your daily activities) to trade crypto, and no hacker would be able to do anything with your funds.
Take that, hackers!
The only person who would be able to cause you harm now is yourself, by accidentally leaking certain information. This is why learning basic security habits is also a must. Learn how to practice better security habits here.
Hardware Wallet Introduction
Just like in other industries, there are multiple offerings out there for hardware wallets, too.
In this article, we are going to be covering the Trezor Model T specifically, and also the Ledger Nanos (there are two) as the second choice. There are a few reasons for only covering these two:
The first is that we’ll use MetaMask to make it easy to communicate with most of the apps we’ll use. A majority of applications, including KnightSwap (the preferred DEX for TGA on BNB Chain), work really well with MetaMask. We want to get something that works well with a lot of what’s out there in the Crypto world, we want a wallet that connects to MetaMask. MetaMask natively supports three wallets. Two of which are the Trezor, and the Ledger.
The second is that the Ledger and Trezor have been around the Crypto world for a very long time. Both companies were created back in 2014 and were two of the first hardware wallets created for the Crypto world. This means that they are time-tested, and their creators have kept updating and continually protecting each device from the hacks and bypasses that others have tried against them. Both companies were able to adapt and patch or reinforce their devices against these issues.
With this criterion in mind, our personal recommendation is the Trezor Model T, and the Ledger Nano X will be there as a backup, in case you can’t swing a Trezor Model T financially.
The rest of the article will give you the information you need about both devices.
First, you will get to read about the Ledger Nanos (Model S, and Model X). Then, you will get to read about the Trezor Model T, and understand how it stands apart from the Ledger Nanos in security.
Let’s start with the Ledger Nanos. If you think of the Ledger as a “purist” crypto wallet that does everything you need, you’d be pretty spot on.
The Ledger Nanos
- It creates for you a 24-word “permission slip” (Called a Seed Phrase).
- It has only two buttons you interact with, which makes it very hard for anyone to guess what your pin code is as you enter it.
- You can create multiple accounts under whichever coins you want.
The reason that creating multiple accounts under coins is useful is that you may want to separate your assets. You may want an address for your most valuable assets, but you don’t want to share this address with other assets that aren’t as valuable.
In this situation you would create one address for those most valuable assets, and one for the other assets. If the address with the lesser valuable assets is hacked because you didn’t read the other article about good security habits, and approved a scam coin, your other account with your most valuable assets is left untouched, because they all belong to another address.
All these accounts will be displayed in your Ledger app once you unlock your device.
Now that we covered what a “purist” Crypto wallet does, let’s go over the Trezor Model T. Because we covered the Ledger Nanos first, you will be able to clearly see why we recommend the Trezor over the Ledger.
The Trezor Model T
Like Ledger, the Trezor Model T also has the purist crypto wallet functions. On top of those, though, the Trezor Model T has many more features that make it more secure.
Let’s first talk about the permission slip. The seed phrase. Conventionally, each wallet has a seed phrase. A seed phrase is created from a dictionary of words, sorted randomly, and output as your seed phrase.
Protection Against Hackers
What happens if a hacker accessed that dictionary and started entering random words in thousands of times a second until he finds a wallet with money inside? (You can open wallets with a seed phrase. That’s why you never share yours. Anyone who has your seed phrase can open your wallet).
So how can we protect against this?
With the Trezor Model T, we can create brand new wallets with our own custom passphrases. This simple addition increases the security of your wallet private seeds exponentially. This passphrase is glued onto the end of your existing seed phrase. So to open that new wallet, you would enter your seed phrase plus the password. The Trezor Model T can do this a near-infinite number of times.
Why Is This Such A Powerful Feature?
Let’s go back to the same example with the hacker and the seed phrase dictionary. With this one simple change of adding a passphrase on top of your seed phrase, your seed phrase turns from being inside of that dictionary, to not existing anywhere in that dictionary. Which in turn protects you much more effectively than absolutely everyone else holding a normal seed phrase. A hacker will never be able to enter your entire seed phrase, and as a result, will never be able to open up the wallets you created with the passphrase feature.
In addition, unlike how Ledger displays all your coin addresses once you log in, you can choose which wallets the Trezor Model T displays. All the passphrase wallets are hidden. By default, only the wallet with no paraphrase is displayed. All your other hidden wallets are not – Until you enter their password. Even then, you can choose to eject them once you’re done. So what you can do is put $100 in the wallet with no additional passphrase, and keep the rest of your funds in your hidden wallets. This creates what’s referred to as plausible deniability.
If someone forces you to open your Trezor Model T to see your balances, you can open the standard wallet with the $100. Nothing else will be displayed. “That’s all I got Joe!”. For people who don’t know the hidden wallet functionality (the wallets secured by the passphrase on top of the seed phrase), they won’t know to ask you to open them. Even if they do ask you to open them, they don’t know how many you have. Also, any entry in the passphrase section opens a wallet. There’s no wrong answer. This is additional security against physical attacks. You can set up one “fake” hidden wallet with a few dollars, and say that’s the only one I have.
How would they know how many you actually have?
My Trezor Model T. I have 10 hidden wallets. None of them are shown here. I have a little bit of money in my Standard wallet. All else is divided between the hidden wallets
My Ledger Nano X. It does not have the functionality to create multiple wallets. All accounts are under one wallet, and all are seen.
Protection Against Physical Attacks
The potential of forceful entry can also be taken care of very simply through two features the Trezor Model T has. The first is referred to as the wipe code. Every time you plug your Trezor Model T in, you are asked to enter a pin code. A wipe code is entered into the same screen. No one can know whether the code you are entering is the code to unlock your device or the code to delete 100% of the data on the device. No one will know until it’s too late, and your device is wiped out. This is one choice you have if put into this unfortunate circumstance. Not that many of us will be, but it’s still good to know about.
The other defense against forceful entry is the microSD Card Lock. The Trezor Model T has a slot for a microSD Card. You can tell the Trezor to generate a random password to the microSD Card, which will be added onto your pin code. Now, whenever your microSD Card is inside your device, your pin code will work.
Whenever the microSD Card is not in the device, your real pin code will not work. This is another defense mechanism you have available to you. You may choose to remove the microSD Card when in areas you feel are very unsafe. You may also break the microSD Card to render your Trezor Model T unusable, then recreate your wallet at a later time with the seed phrase you engraved on metal (Because you read the article about good security habits).
Protection Against Theft And Destruction
Now let’s talk about the two biggest downfalls of a seed phrase, destruction and theft, and what functionality the Trezor Model T has to solve those.
Imagine your seed phrase is destroyed in a fire (because you didn’t engrave it to metal), and your hardware wallet was destroyed too. Usually, you’d buy a new hardware wallet, type in your seed phrase, and you’ll be able to see your entire wallet recreated in front of you with all its funds. This is how you recreate your wallet. But with the hardware wallet and seed phrase both destroyed, you have no other ways to find out your seed phrase. All your money can’t be reached any longer. You may be thinking that you could have created multiple copies of the seed phrase, and I would agree. But this is where the issue of theft comes in. Once a thief steals your seed phrase, all additional copies are rendered useless. He knows your seed phrase now. You have to change it.
With your seed phrase, the thief can recreate your wallet and steal all your funds.
This is only true if all the backups are identical.
Let’s say you have 5 seed phrases that are different, though, and your wallet requires you to input 3 of those seed phrases to recreate your wallet. How would that change the outcome of the same scenario?
Let’s explore. The thief steals your seed phrase. You have 4 others in secure locations. Now because your Trezor Model T was set up to only recreate your wallet if 3 of 5 of your seed phrases are entered… guess what! The thief can’t do anything with just one! It is entirely useless to them! Furthermore it doesn’t matter if a thief knows one of your seed phrases, because to him, it’s useless unless he has two more. None of your other seed phrases have been compromised, and you can go about business like usual.
And so this is an additional feature the Trezor Model T has for you when you are first setting up your wallet. Instead of a normal seed phrase, you can choose to do what’s called a Shamir Backup, and create this additional security feature for your seed phrase. You can also choose how many seed phrases you want to have input before your wallet gets recreated. You can choose any number from only 1, to all 5.
The Trezor Model T also doesn’t have bluetooth, nor an internal battery. It shuts off after you unplug it, rendering it entirely useless until plugged back in.
As you can see, the Trezor Model T has multiple security advances over what the Ledger Nanos offers. Your seed phrases are more future-proofed and protected from hacking, theft, and destruction. You have multiple ways to render your Trezor useless under physical attack scenarios. Lastly, you can create an exceptional set up that has great plausible deniability. You can choose to have all the wallets you use created with the passphrase, and as such be entirely invisible to both the computer program the Trezor Model T uses and displays your accounts, and to other people who are trying to force you to log into them.
All these security features together increase the protection of your crypto multiple times over.
Of course, none of these protections can protect your crypto against yourself. This is why it is crucial for you to also learn a few basic security habits. Combining these security habits with the security features mentioned above you’ll be set up exceptionally well.
Which Hardware Wallet Should You Buy
Here is how I would suggest thinking through which hardware wallet you will buy:
- If you have the $220-Trezor Model T would be the recommendation. Not the Trezor One.
- If you don’t, that’s entirely fine. There are two more options for you:
- Ledger Nano S- If you aren’t using more than 3 different coins in the Crypto world, it’s $60, and will be perfect for you.
- Ledger Nano X- If you are using more than 3 coins, or are more active in the Crypto world and hence will likely start using additional coins, get this. It’s $120.
Your first priority is to secure your crypto with a hardware wallet, no matter what it is. Make a step forward, get whatever you can afford, then save up for a Trezor Model T.
Upgrade when you can.
Simple enough? There are a few more features the X has over the S, but you can research those yourself. They’re pretty minor in my eyes. Get the S if you use 3 coins or less. Get the X if you use more. Get the Trezor Model T when it’s within your budget.
I also want to add that the Ledger Nanos have a feature that I wish the Trezor Model T had. Owners of the Ledger Nanos: The ease with which you can create multiple Binance Smart Chain accounts will make the Trezor Model T owners jealous 🙂
Where Does MetaMask Fit
Now that we have set up the concrete barrier between the thieves and scammers and your permission slip. We need something to use to be able to talk to different websites and see all of our coins.
The Ledger and the Trezor Model T both have a program that displays your coins. Let’s think of them as visual displays for your coins. But these default programs aren’t too flexible. Just like we can plug our video game consoles into different TV screens, we can “plug” our hardware wallets into different “visual displays”, too.
Remember how I mentioned MetaMask earlier in the article?
We will be using MetaMask as a visual display for our hardware wallets.
MetaMask will have zero permissions. All it will be able to do is display all of your coins (even brand new ones) and it will let you interact and connect your wallet to different websites.
Whenever the time comes for a transaction, though, you will have to manually approve it using the buttons on your hardware wallet. All MetaMask will do is throw the transaction over to your hardware wallet, and say “Hey. Here’s the plan. I need permission to do it though. Can I?”.
Congrats! Now you know more than 99% of beginners and intermediate users do in the Crypto space, and all it took was under 25 minutes of reading.
Remember, Crypto has so much upside the way that a person loses is to blow themselves up and leave the game. The fastest way of blowing yourself up? Losing all of your assets to a scam. Now, go on and secure your crypto!
You can order your Trezor only from their official website here.
(Do not buy from anywhere else especially if it’s sold for cheaper).
And read the security habits article.
Follow Greg On His Social
Twitter– https://twitter.com/gregoryesman