Video:
I just recently made a video on the possible ways in which a hardware wallet can be attacked/hacked. Don’t get me wrong, hardware wallets are certainly a secure way to store your crypto – beaten only slightly by true cold storage created via paper and/or a truly cold device, but their security and ease of use make them a great option. That said, however, nothing is truly secure and I’ll summarize the bullet points of my video below:
First off, since most hardware wallets receive updates over the internet it is possible to attempt to provide a malicious update to the device. This usually comes in three forms:
- An attacker could try to spoof the cryptographic signatures on the update than push the update to the device through an infected PC or man in the middle attack.
- An attacker could gain control of the hardware wallet update infrastructure (like a solar wind style hack) and push out malicious updates.
- A malicious actor who has legitimate access to the update infrastructure (say a disgruntled employee) could use the legitimate access to push out a malicious update.
Next, there is always the chance of bugs within the system. Bugs can occur in both the hardware or the software and remain hidden just waiting for somebody (who’s intentions could be anything) to discover them.
Additionally, beyond unintentional bugs, since the hardware wallet manufacturer likely does not manufacture hardware from scratch ‘in house’, there is the risk that the hardware manufacturer intentionally leaves a back door in the hardware.
Finally, there is always the risk of physical vulnerabilities. From stolen unencrypted seed phrases, surveillance, to the dreaded five dollar wrench attack, even if the tech was secure there’s always additional risks to go on.
Now, this list isn’t exhaustive, but each of these vulnerabilities do exist and have been used countless times before (with some known cases on hardware wallets). Again though, not that I intend to argue that hardware wallets are bad, in fact they’re one of the best ways to store your crypto, but knowledge is power so I hope this was informative and interesting.