We will skip online wallets, in which the security of your funds directly depends on the security and integrity of the service that owns the online wallet. Let’s move on to software wallets.
Software wallets include MetaMask, TrustWallet, Electrum, etc. There are some risks when using this type of wallet. In software wallets, in order to make transactions, you will need to enter your seed phrase or generate a new one. Your seed phrase will be stored on your device, the wallet will use it to make transactions.
From here, there is a risk of remote hacking of your wallet. If malware is found on the device where the software wallet is installed, then an attacker can gain access to your seed phrase. You can pick up virus software by installing pirated programs or applications from unreliable sources. There were cases when malicious code even got into applications from reliable sources (Microsoft Store, App Store, etc.).
Even if you use only licensed software and do not download anything extra to your computer, you still cannot be sure that you do not have malicious code on your device. Malicious code can be embedded even in licensed software; this can be done not even by the developers of this software. Developers’ servers can be hacked by attackers and release a program update with malicious code.
Some people don’t trust hardware wallets or refuse them because of less convenience. Now we will discuss all the risks of hardware wallets and whether it is worth using them.
Hardware wallets try to protect your digital assets from theft as much as possible. You generate a seed phrase the first time you activate a hardware wallet, then it is stored inside the device and never leaves it again, even during transactions and connections to other devices. The hardware wallet itself is usually protected by a pin code that you yourself will come up with for it.
Someone thinks that a backdoor is sewn into hardware wallets at the factory. This may be a cause for concern, but for the same reason, you can also be afraid of malicious software on your PC or smartphone, because it can also be embedded in production.
Most wallets are fully Open Source, which increases the credibility of the product. If you wish, you can assemble such a device yourself, relying on open source and instructions from the developers. This will require some special skills, but it is possible to hire a specialist to build a hardware wallet for your hardware.
Hardware wallets are constantly subjected to independent reviews and are always being hacked, and if security holes are found, wallet manufacturers fix them right away. For example, Kraken Security Labs tried to hack Ledger, but they didn’t succeed. But on older Trezor devices, they were able to pull out the seed phrase. Now Trezor is selling new devices that do not have that vulnerable hardware.