A hardware wallet is a dedicated device that stores cryptocurrency private keys offline, signing transactions inside the device so the keys never touch the connected computer. Major options: Ledger (Nano S Plus, Nano X, Stax; closed-source firmware with a controversy around the optional Ledger Recover service), Trezor (Model One, Model T, Safe 5; open-source firmware), Coldcard (Bitcoin-only, security-focused, security-researcher favorite), GridPlus Lattice1, Keystone Pro. Replaces the keys-in-software-wallet model with keys-in-secure-hardware.
What it means in practice
The hardware wallet defeats the threat class where malware on the computer steals keys directly from a software wallet. The keys never leave the device; transactions are signed inside the secure element and the signed transaction is what crosses to the connected computer. The user verifies transaction details on the device’s screen before signing, defending against the attack class where malware on the computer presents a different transaction to the user than what gets sent. The trade-offs are operational: the hardware can be lost or damaged (the recovery seed phrase, written on paper or steel and stored offline, is the actual root of trust), the device firmware can be compromised in supply-chain attacks (rare but documented; buy direct from the manufacturer, not Amazon Marketplace), and the user-experience friction is real (every transaction requires the device, which is inconvenient for active trading).
Who uses them, and against whom
Customer base: cryptocurrency holders with meaningful balances (the standard recommendation crosses around $1,000-$5,000 in holdings), self-custody advocates who refuse exchange custody, security professionals practicing what they recommend, and increasingly mainstream users following the post-FTX flight from exchange custody. Adversaries: infostealer malware looking for software-wallet seed files (defeated by hardware wallets), supply-chain attackers who tampered with the device before delivery (mitigated by buying direct), physical attackers who seize device plus PIN (the seed phrase recovery and PIN-attempt limits matter here), and the structural threat of social-engineering against the user (no hardware wallet defends against the user typing the seed phrase into a phishing site that asks for it).
What you can change today
If you hold meaningful cryptocurrency in software wallets or on exchanges, plan a migration to hardware-wallet custody. Buy a Trezor Safe 5 or Ledger Nano X direct from the manufacturer (not from third-party retailers). On first setup, generate the seed phrase on the device, write it on paper or a steel backup (Cryptosteel, Billfodl, similar), and store the backup in a fireproof safe or off-site location distinct from the device. Set a strong PIN. Move funds from exchanges and software wallets in test transactions first (small amount, verify the workflow, then move the rest). For larger holdings: split across two hardware wallets in different physical locations, use a multisig setup with Casa or Unchained for the highest tier.
