After having had my cryptocurrency scattered around on several exchanges and desktop wallets, I finally bought myself a Ledger Nano S Cryptocurrency Hardware Wallet.
The official website doesn't have a lot of information on how it works exactly and what you can do with it, so I started researching and experimenting with it once I got it. I'd like to share with you what I found.
The following applies to the Ledger Nano S wallet, but to some other wallets as well.
Why do you need a hardware wallet?
There are two main objectives we can achieve by using hardware wallets the proper way:
1. Not losing access to your funds
A friend of mine had the private key to 300 bitcoins on his hard disk when it crashed several years ago, back when the price of bitcoin was in the pennies. At the time he thought nothing much of it since the value of the lost bitcoins was just a couple of bucks. Today, those bitcoins would be worth over 1 million USD. In this case, you lose access to your funds and no one else has access to them either.
2. Preventing unauthorized access by third-parties
When you create or store a wallet on your computer, the private keys are potentially exposed to theft. If your computer is compromised, the attacker can gain access to your wallet and clear you out. This even happened to someone as savvy as John McAfee. Now there are ways to generate the private keys on an airgapped computer and store them on let's say an encrypted USB stick. But this is a cumbersome process and has several disadvantages: First you need access to a system that you can be absolutely sure isn't compromised and has never been connected to the internet in any way. Then, when you want to access the funds, you need to connect your wallet to the internet, potentially compromising your funds while doing it. Paper wallets suffer from the same problems.
How does a hardware wallet work?
The Ledger Nano S is what's called a deterministic wallet. This means that when you set it up initially, a secure random seed will be generated on the device that will be used to deterministically generate each and every key that you're ever gonna create on the device. Deterministic means that the same seed will always generate the same set of keys. As part of the setup process, the device will display this seed on its screen in the form of a BIP39 mnemonic code that consists of 24 words that you should write down on a piece of paper and keep at a safe place. You're gonna need this seed to recover your funds in case you ever lose your hardware wallet. If you have a second hardware wallet lying around, you can also use this seed to make a perfect clone of your device and e.g. keep it safe at a separate location. Additionally, you can also import your seed into any wallet that supports the BIP39 standard (among them: Electrum, Mycelium, MyEtherWallet). You can find an up-to-date list of all supported third-party software wallets here.
What's important to note about this process is that the BIP39 seed will only be displayed exactly once, during the setup process, and that it will only be displayed on the hardware wallet's own screen. This means that you can safely setup and use a hardware wallet even on a computer that's compromised because the seed will never be displayed on the computer's screen. The private keys will never leave the hardware wallet, even when you're accessing the funds.
Questions and Answers
Which cryptocurrencies can I store on my Ledger Nano S?
The Ledger comes with official companion apps that support:
- Bitcoin Cash
Additionally, when using MyEtherWallet that has official support for the Ledger Nano S, you can use it to store any Ethereum based ERC-20 token.
What happens if I lose my Ledger?
The ledger is protected by a 4-digit PIN. If a wrong PIN is entered 3 times in a row, the device resets itself, deleting all the content. So don't worry, it's highly unlikely that an attacker would be able to guess your 4-digit PIN in 3 tries. Just buy a new one and restore it using your 24 words mnemonic phrase. Alternatively, you can restore using any BIP39 compatible hardware or software wallet.
How can I store multiple backups at different locations?
The 24 words mnemonic passphrase is everything you need to fully restore everything. Just keep multiple handwritten copies of it at different safe locations. Never enter the phrase into a computer, copy it with a xerox machine or take pictures of it with a digital camera. All this could compromise your seed.
If you think paper is not durable enough and you want some extra durability, you can always go with a Cryptosteel. Those analog devices are made of steel and are fireproof, stainless, waterproof, and shockproof.
Why does my hardware wallet need a screen?
It is vitally important for any hardware wallet to have its own screen. This way, the mnemonic phrase will not have to be shown on the computer screen where it could be grabbed by malware. Additionally, it's the only effective way to protect yourself from receiving address phishing by verifying the receiving address on the device's screen.
Can I write my own apps for the Ledger Nano S?
Yes, you can, they have an SDK that lets you create your own apps. I haven't tried it out but you could probably use it to add support for your favorite cryptocurrency.
Which hardware wallet should you buy?
I personally, am happy with my Ledger Nano S. It has a screen and physical buttons, which makes it safe, and it supports a wide range of altcoins including ERC-20 tokens. A lot of people are equally satisfied with their Trezor which offers similar features. You can find a good list of available hardware wallets on Bitcoin.it.
If you have more questions, feel free to leave a comment. I'll try to answer them as best I can. I'd also be interested to hear your experiences with hardware wallets!