Most experienced Crypto users are well-aware of the means that must be undertaken to protect their wealth. Thus, most experienced Crypto users strictly avoid hot wallets and opt for hardware wallets, as it’s widely known that hardware wallets can enable coin transfers without the security risks associated with hot wallets.
The private keys stored in hot wallets are extremely vulnerable to cyber-attacks and this makes hot wallets insecure. Hardware wallets, on the other hand, retain a private key within a physical device and outside of the computer environment; this gives many the impression that the private key is off-limits, but there’s a limited truth to this notion.
Hardware wallets are storage devices tailored to facilitate Crypto storage and payments. Regular hardware wallets store the private key in an offline environment and therefore resist cyber theft of the private keys.
As hardware wallets provide an offline means of Crypto storage, the private keys they store may be off-limits through cyber-attacks, but that does not mean they secure private keys against all security risks.
Hardware wallets, like Trezor, store private keys. Device vulnerabilities can expose the private keys stored within.
The security problems of hardware wallets stem from the fact that they store private keys. While hot wallets are a risky means of coin storage because keys left online can face online attempts of theft with great ease, hardware wallets pose a risk as private keys held within a physical device can be seized or stolen once the physical device is in the possession of the attacker. The usage of hardware wallets is essentially no different than storing gold or silver in a safe; thus, hardware wallets turn Bitcoin into an asset that can be seized physically, much like gold or silver. This nullifies the intended superior wealth storage benefits that are associated with Crypto: the ability to store wealth in an unseizable asset.
As hardware wallets are storage devices, they can be breached just like any other storage device.
A hardware wallet utilizes internal encryption, software that ensures users can access the private key stored within, and hardware components to facilitate the functionality of the device. Do not kid yourself by thinking that storing all your private keys on a $100 hardware device offers physical protection as demonstrated in frequent hacks and government seizures. Even the manufacturers of these devices plainly state that you should make sure that no one gains physical access to your device. The functioning cogs of a hardware wallet, which is essentially just a dedicated storage for a private key, are points of attack. These layers of security, which may seem effective, have proven to be not as secure as they may seem as a storage device, like a hard drive, can be breached.
If a hardware wallet is seized, lost, or stolen, breaching the storage device exposes the key held within. This consequently gives access to all the assets the key protected.
Any storage device is hackable.
A new Crypto payment technology, Bitfi, has created a new kind of hardware wallet that does not have any private keys. It stores no data at all and instead functions as a key generator.
Bitfi allows users to create a wallet with just a salt and a passphrase. When a person wants to access to the wallet, the Bitfi device momentarily generates the private key. The device does not store any private keys; instead, algorithms function to generate the private key. The computing system takes the salt and passphrase input and plugs it into internal algorithms, and if the input matches with a wallet on the blockchain, access is granted. The salt and passphrase processed by the system’s algorithms are not stored. The private key comes into existence for a fraction of a second, just long enough to approve a transaction. The device remains completely empty and devoid of any data at all times.
In 2018, John McAfee, an ardent supporter of Bitfi, publicly declared that Bitfi is unhackable.
McAfee is not the creator of Bitfi technology; he’s simply a patron of this development.
His assertion pushed some to assume that McAfee had claimed that the Bitfi computer device is unhackable. John McAfee’s intent was to assert that assets stored via a Bitfi cannot be seized or stolen as hacking the device does not provide anything. Thus, hacking the device is similar to breaking into an empty safe. However, as McAfee’s claim was misinterpreted, media outlets poured criticism that no device is truly unhackable. The true moral of McAfee’s announcements has been missed: it is fruitless and a complete waste of resources hacking a device that does not store private keys, even though any device can be hacked. Why would you spend time breaking into a safe that you know is always empty?
The Bitfi computer device, which generates keys, is hackable as is any other computer or storage device. Like hardware wallets, the key generator possesses internal software and hardware components, each of which can be points of attack. When hardware wallets are breached, the private keys held within are exposed to theft or seizure. When a Bitfi computer device is breached, there’s nothing held within: no private key; no assets; therefore, Crypto wallets created through this new technology remain off limits even when the device is hacked and in the event of any kind of physical seizure.
John McAfee’s claim of Bitfi being unhackable is misaligned if stacked against Bitfi’s computer device, which merely generates private keys. It’s correctly aligned — and logically sound — if taken in its true intent: nothing is at risk if a device, that does not store private keys, is hacked.