pull down to refresh

In the Bitcoin community, there's a well-established belief that hardware wallets are the ultimate safeguard — a notion marketed aggressively by vendors. These sleek devices often come with hefty price tags, ranging from a hundred dollars to several hundred, and are described as vault-like solutions that will keep your Bitcoin and crypto assets safe from malicious attack, theft, and even malware.
These wallets, produced by companies like Ledger, Trezor, and BitBox, claim to store your private keys in a secure environment that never touches the internet. However, given the advancements in FOSS (Free and Open-Source Software) solutions, can we confidently say these expensive devices are necessary? Are there cost-efficient, equally secure alternatives available by leveraging FOSS strategies with cold storage techniques or air-gapped setups? Let's examine the technical argument.

The Hardware Wallet Narrative: What Are We Being Sold?

Manufacturers emphasize that the ability to store private keys inside a hardware wallet and keep it offline (air-gapped) from the internet minimizes some of the most prominent attack vectors. These wallets guard against phishing attempts, malware, and other forms of network-based compromise. Hardware wallets such as Ledger's Nano S Plus and Trezor Model T leverage Secure Element (SE) chips and/or custom firmware to isolate and protect private keys. For instance, Ledger uses an SE environment governed by firmware from its proprietary operating system (BOLOS), ensuring private keys never leave the device unless physically attacked or a critical vulnerability is found.
Trezor, on the other hand, relies on a more open approach, with its firmware being fully open-source. However, despite this openness, the actual chips are not as tamper-resistant as Ledger’s Secure Element. Nonetheless, both manufacturers guarantee multiple layers of PINs, passphrases, and recovery seed functionality to boost security.
Yet, these devices are not foolproof. Countless real-world vulnerabilities have emerged over time:
  • 2020 Ledger Data Breach: While the breach didn't compromise private keys directly, the personal data of thousands of users was exposed, including their complete addresses and contact information, potentially putting them at risk of phishing attacks and physical threats.
  • Hardware wallets consistently face threats, like the vulnerabilities discovered by Donjon Security Labs (2019), where both Ledger and Trezor devices were found to be susceptible to physical attacks, such as power or side-channel analysis to extract private keys.
Moreover, the firmware installed in many external hardware wallets remains proprietary or semi-proprietary, meaning end-users are unable to fully verify whether they are truly secure. This introduces a degree of trust, which arguably undercuts the philosophy of Bitcoin, centered around the elimination of "trusted third parties."

Bridging Security and Transparency

For those who are tech-savvy or prefer maximal transparency, FOSS wallets present themselves as resilient alternatives. Prominent examples include Electrum, Sparrow, Wasabi, and BlueWallet, all of which are community-driven projects. Here's why FOSS wallets carrying cold storage strategies (offline methods of private key management) can provide a comparable level of security:

1. Code Transparency: Peer Cooperation

When FOSS wallets like Electrum or Sparrow are compared to proprietary hardware wallets, a key advantage is their full transparency. The code is thoroughly open and available on repositories like GitHub, providing researchers and developers the ability to audit and scrutinize the code for potential vulnerabilities. With many eyes on the project, there is a greater chance of catching bugs, flaws, or potentially malicious lines of code.
For instance, Electrum, one of the longest-standing Bitcoin wallets, has seen numerous contributions from a globally diverse development community. Security updates are quickly released after discoveries of vulnerabilities, as highlighted in the past when a Distributed Denial of Service (DDoS) vulnerability was identified and swiftly patched in the same year (2018).
In contrast, despite promises of security audits, proprietary hardware wallet companies often control the timeline for vulnerability disclosures, issuing patches at their discretion and forcing users to blindly update firmware.

2. Air-Gapped Cold Storage: A Real-World Alternative

FOSS wallets can mimic, and in many ways improve upon, hardware wallet functionality by leveraging an air-gapped setup. You can install a wallet like Electrum or Sparrow on a computer that has never touched the internet. This setup allows for fully offline key management, which mimics the private key isolation of hardware wallets.

Practical Example:

  • Imagine setting up a laptop that you completely wipe and reinstall with a lightweight Linux distribution like Tails OS or Ubuntu. On this machine:
    • Download Electrum from a verified repository or official site.
    • Completely disconnect the computer from the internet before generating your wallet’s seed.
    • Optionally use the laptop to generate a multi-sig wallet for additional protection. For example, with Electrum, you could configure a 2-of-3 scheme, where to unlock funds, signatures from 2 out of 3 devices will be required.
Transactions crafted in this air-gapped environment can be exported via PSBT (Partially Signed Bitcoin Transactions), a Bitcoin protocol feature that enables transaction signing offline. To illustrate:
  • You prepare a transaction on your air-gapped machine.
  • Save the unsigned PSBT onto a USB stick.
  • Load the USB stick into an online machine with Electrum for broadcasting to the blockchain.
Thus, the private keys involved never interact with an internet-connected device, which fundamentally reduces security risks associated with phishing or malware attacks.

3. Coldcard: Hybrid FOSS and Hardware Wallet

A prime example of blending FOSS principles with the convenience of a hardware device is Coldcard, a Bitcoin-only wallet. Unlike other hardware wallets, Coldcard is fully transparent in its operation and firmware. The code is available on GitHub, and its usage prominently revolves around PSBTs, allowing transactions to consistently stay air-gapped.
The Coldcard device, relatively affordable compared to its peers, retains the benefits of hardware-based protection without the restrictions of opaque proprietary firmware, appealing to users who want minimal compromise between hardware wallet security and FOSS transparency.

4. Hierarchical Deterministic (HD) Wallets: Bitcoin’s Backbone

Cold storage setups in FOSS wallets hinge upon Hierarchical Deterministic (HD) wallet schemes (BIP32, BIP44, and BIP39 standards). Tools like Sparrow wallet and BlueWallet allow users to create new wallets from a 12- or 24-word mnemonic seed, which can later be used under various address formats (e.g., Native SegWit, P2SH). Electrum takes this a step further by granting users the ability to configure their derivation paths (BIP44 for multisig, for example) during wallet creation. In fact, Electrum even supports hardware wallets as one of its configurations, allowing users to enjoy the best of both cold storage and hardware-based security.
By securely storing backup seed phrases offline, either on paper, metal (such as Billfodl or Cryptosteel), or even within password-protected encrypted files, users ensure the recoverability of their funds without exposure to online threats.

5. Pairing FOSS Wallets with Other FOSS Tools: Bitcoin Core Integration

For those serious about eliminating third-party reliance, pairing FOSS wallets with Bitcoin Core, a full-node Bitcoin client, maximizes control over privacy, security, and decentralization. Full-node wallet setups give users independent verification of transactions, removing trust dependency on third-party nodes when confirming wallet balances and transactions.
Software like Sparrow integrates seamlessly with Bitcoin Core and enables users to run their node, participate in the network honestly, and eliminate reliance on potentially untrustworthy, third-party servers.

The Cost and Flexibility Argument: Why Spend Hundreds of Dollars?

One of the most compelling reasons to favor FOSS wallet-based cold storage is cost-effectiveness. The price of setting up a secure cold storage solution vs. investing in a hardware wallet looks like this:
  • Hardware Wallet: usually $70–$200.
  • FOSS Cold Storage: If you already have an old computer or even a low-cost Raspberry Pi, setting up an air-gapped device costs virtually nothing. Alternately, a one-time investment in affordable offline hardware like a $20 USB drive can do the trick for signing transactions offline.
Furthermore, with a FOSS wallet, you're not restricted by a vendor's update model. You're free to fork and innovate or extend functionality if a particular wallet provider doesn’t offer features desired by the community.

Mitigating Concerns: Is FOSS Security Too Technical?

One common concern is whether users new to cryptocurrency will find the steps required to set up a FOSS cold storage solution too challenging. It’s true that air-gapped setups, manual PSBT signing, and creating multisig wallets require some technical overhead. However:
  • Documentation and Support: FOSS wallets like Electrum have in-depth guides, community wiki pages, and vibrant user forums for support. Advanced setups like multisig (multiple devices) are possible through intuitive interfaces provided by tools like Sparrow.
  • Educational Resources: Video walkthroughs and open tutorials on channels like BTC Sessions or forums like Bitcointalk help users of any level navigate the setup.
While hardware wallets like Ledger and Trezor offer polished, user-friendly options for securing cryptocurrencies, FOSS wallets, when paired with thoughtful cold storage practices, deliver many of the same security benefits without the associated costs or proprietary limitations. For the security-conscious and technically proficient user, FOSS wallets represent a scalable way to achieve top-notch Bitcoin security without compromise. Choosing the right solution often depends on a user's needs, technical ability, and willingness to manage the additional steps involved in FOSS solutions. However, consider this: leveraging FOSS wallets not only promotes self-sovereignty but can liberate users from the limitations and costs imposed by third-party hardware wallet manufacturers.
The biggest threat I see when purchasing a bitcoin specific device is (1) that it marks you as a bitcoiner and (2) that it marks you as a bitcoiner who has enough bitcoin that you are worried about secure storage.
Sure, companies can try to prevent data leaks, but it seems like you are massively expanding your attack surface just by purchasing such a device.
This is not to say anything about your own ability to evaluate the device and company that makes it.
Then you have things like the recent Israeli operation using pagers and radios that clearly demonstrate how motivated attackers can put a man in the middle and you might not know--even if death could be a consequence.
It seems very unlikely that you could purchase a hardware wallet and feel comfortable that you are minimizing your trust in third parties.
Thanks for the great write up and going through your thought process!
reply
102 sats \ 0 replies \ @go 28 Sep
See #501150 for shipping privacy tip
reply
well said
reply
17 sats \ 1 reply \ @Tef 27 Sep
Are you suggesting not to use a hardware wallet or that there are other methods more secure?
reply
Did you not read the article? It describes how you can create your own cold storage.
HWs create dependency upon a third party gadget- that is not self sovereignty!
It is very simple to create your own secure cold storage as described in the article. For more detail see this link- https://electrum.readthedocs.io/en/latest/coldstorage.html
HWs obfuscate the real core to long term hodling security- the essential importance of storing your seed phrase - HWs do not store your seed phrase.
reply
I'm fairly sure most of the highly recommended bitcoin wallets are open source (coldcard, trezor, passport, bitbox, jade, seedsigner). I like the idea of a hardware wallet mostly because as someone who can't read code, I believe the a HWW (both on the hardware and software front) has a substantially smaller attack surface than a general purpose laptop with a general purpose OS running on top of it. The airgap of a HWW is easier for me to understand/control vs. the bluetooth/wifi capabilities of a computer.
I'm not sure how a $100-$300 investment in hardware wallet(s) for either a single sig or 2/3 multisig is ever going to be worse than trying to use a general purpose computer.
I read this several years ago and it made sense to me at the time: https://btcguide.github.io/why-multisig https://btcguide.github.io/
reply
HW touts proliferate on social media spreading their disingenuous rentseeking FUD. HWs are not good for your Biutcoin security and self sovereignty. For starters any serious bitcoin computing should be done on a linux os. Secondly HWs make users dependent upon third party gadgets which can be lost, stolen, hacked or malfunction. It is far better and easier and cheaper to learn how to create your own cold storage free of any dependence upon third party gadgets. Note- The key to secure cold storage is the storage of your seed phrase and HWs cannot do that for you. Read this. https://electrum.readthedocs.io/en/latest/coldstorage.html HWs are for lazy consumer sheeple.
reply
I don't agree with your arguments that hardware wallets undermine one's sovereignty. They are just a specialized tool to aid you sign your transactions more securely. Perhaps you could argue that ten years ago you could get locked into their system but almost all current hardware wallets use the open standards (BIP32, BIP39, output descriptors) so you can easily migrate to any other hardware or software wallet.
The most compelling argument to use them is that they are specialized computers so their attack surface is greatly reduced compared to any general purpose computer. If you're using a general purpose computer you're at greater risk to hardware and software attacks. Setting aside hardware attacks, to securely use a general purpose computer you need to verify the OS and your wallet software each time you use it. All it takes is one time you don't do it. Then you have to hope that no upstream libraries have been poisoned (e.g. XZ backdoor). There's a reason why the Dark Skippy attack was done on a SeedSigner. It's just so much easier to create a modified version and there's no secure boot protection.
Lastly, just to address your point about hardware wallet manufacturers shilling their product and creating FUD. I think a more correct assessment of the situation is that they have identified problems with using generic hardware/software and are providing a solution to remedy that. I haven't ever see them make false claims what they're doing just to sell more devices.
reply
I hear a lot of ad hominem type attacks, but I don't see any substance behind your arguments. I'm open to listening to your opinion on why you believe the things you are saying to be true.
The one point I agree with you on is that the key to cold storage is the storage of your seed phrase. Yes, the HWW cannot do this for you and neither can your air gapped linux machine. You must do this on your own.
The HWW can help you in generating the seed offline on a device that never touches the internet. Also important, it can help you sign transactions in an airgapped fashion, if you actually want to use your bitcoin.
Anyway, to each his own, you seem to have very strong opinions based on your attack so I'm not trying to change your mind. Just providing another perspective from someone who will make exactly $0.00 if someone chooses to buy a HWW or not.
reply
Do you believe HW vendors don't promote their products via social media? Seriously? If they do will they admit it? No. So your claim there is no gain for in promoting HWs carries zero credibility. There is simply too much incentive for HW manufacturers to seriously believe they would not promote on social media.
Anyway of you are genuine and want to achieve the ability to create a cold wallet and make transfers without ever needing any third party HW gadget-
Learn how to create a Linux OS on a usb stick.
This is all you need to have an always offline cold wallet which can also sign transactions should you ever wish to transfer funds out.
If you are regularly transferring out you really should learn how to sign transactions remotely. No serious trader would rely upon a HW.
Also only use Linux for any serious Bitcoin computing.
Not interested and wasting time explaining further - if you don't get it yet you're not ready to understand what Bitcoin is about.
reply
What makes you think Ubuntu on a USB stick is always offline? Does the computer have Intel Management Engine physically disabled or not? What about the AMD Platform Security Processor? Is there bios level malware running in the computer?
The linux kernel has a long list of known unpatched vulnerabilities (don't believe me, go listen to why the folks at GrapheneOS recommend not using non-hardened linux, particularly for highly sensitive work):
Perhaps you should do some studying about the insecurity of general purpose computers before spouting off like you're some genius sent down to enlighten us all:
reply
Do you believe HW vendors don't promote their products via social media?
reply
Now you are just raising extreme nonsense FUD. Clearly you are highly motivated to create pro HW FUD and have scoured all the FUD you now spout. You have not responded to any of the facts and issues I have raised and instead you respond with diversionary scaremongering FUD. Im calling you out as paid a HW tout. As already stated- not interested if you don't get it and you are clearly determined not to because your agenda is to spruik HWs.
reply
Lol, you can believe whatever you want. My exact issue was that you didn't raise "facts and issues" but just spouted off attacks.
Just because you say something doesn't make it true. Sorry, but that's your life lesson for today troll.
reply
Do you believe HW vendors don't promote their products via social media?
I raise multiple facts and issues- you have repeatedly failed to respond to most of them let alone convincingly dismiss or retort them...instead you deny they exist- something anyone following this thread can see is pure evasion.
an always offline phone with blue wallet holding the keys can be used as an airgapped wallet. it would work fine for most, and is not a giveaway when you buy the phone or have it on you that you have btc to steal. if you use graphene OS on a supported pixel device for it, seems pretty fking secure to me 🤷‍♂️
reply
137 sats \ 5 replies \ @cascdr 27 Sep
how do you keep the phone always offline?
what about a slip up when any of the umpteen networking technologies built into it somehow accidentally activate?
Seems like an OK idea just think it'd have to be fleshed out. Curious if you've ever tried it.
reply
You can install linux into a usb data stick.
reply
Tip-Use a good quality USD stick!
reply
Yeah, I've had a copy of the block chain on USB before, run bitcoin core on it, but the usbs aren't super reliable. That much read/write seems to be hard on them.
reply
When used to hold an OS and occasionally operate it they last very well esp if you use a good quality one. An OS on a memory stick is essentially what HWs are anyway. My cold wallet lives on a USB memory stick that has never been online and I checked it yesterday- its fine...but yes always keep a secure copy or two of the seed phase too.
reply
Graphene is pretty good at giving you control to set it up to not turn on wifi automatically. blue wallet also has an 'offline' mode radio button in the app which can serve as a redundant backup in case. If both those failed, ya you could have it go online temporarily.
Yes i have tried it and set it up. BTCSessions has a video in detail on how to do it that is better than me explaining.
reply
More AI garbage.
Anything this long is just copy pasted nonsense from chatgpt.
Do better DrStacker
reply
I have always been interested in this issue of security and the management of hot and cold wallets. Personally, I see the use of HWW as an ease of security, which does not mean infallibility. But I have always been very interested in how with a hot wallet like Gorrión on a PC and with the Blue Wallet on the mobile, the first one completely offline and the second one with the public key of the first one in watch-only mode, I generate the transaction in the Gorrión and sign and transmit it with the Blue Wallet. For me, I see it as a viable, safe and inexpensive option. But as I always say, Bitcoin teaches us freedom, responsibility and respect for other people's thoughts.
Thanks for this post
reply
Appreciate the well thought article!
I've used a coldcard, seed signer, jade, ledger. They all have their pros and cons. Have yet to try plain USB but this might be the push I need to venture into new territory.
Personally I like the cold card experience but it's the priciest of them all. Seed signer is awesome but the fact its stateless and doesn't store the seed could put some people off.
reply
It’s obviously AI generated. We shouldn’t reward trying to pass this off as original content.
reply
That's it.
For me, Coldcard (first) or seedsigner (second) are the only reliable options.
reply