Hardware wallet is the vernacular name given to some specialized devices storing keys in the Bitcoin ecosystem. The name is confusing, especially for newcomers, who must understand the distinction between wallets running on desktop and mobile, connected to the Bitcoin network, and these devices, the few electronic devices that engineers do not want to connect to a global network (unlike modern appliances).
This isolation serves as both the unifying trait and the central value proposition presented to customers. Beyond that, anything goes—as many flavors as there are opinions on key handling and each year new products are released.
There are legitimate reasons users may be put off:
- The elephant in the room: these are dedicated devices with a target on their back. They may be vulnerable to supply chain attacks.
- Personal security can actually worsen after purchase, as it may create a trail linking consumer information to cryptocurrency ownership.
- Too much trust on the manufacturer and difficulty of audit.
- Price
- Too easy to spot. Public is becoming well aware of what they are.
Some products mitigate all issues by offering a DIY approach using generic, non-cryptocurrency-related components. Hardware remains practically impossible for most of us to audit, though some initiatives are attempting to change that.1. However, achieving strong protection against key extraction attacks requires dedicated hardware. The most secure option is a secure element, a specialized tamper-resistant chip widely used in passports, credit cards, and other high-security applications. Hardware wallets vary in how they use secure elements: some only store keys on the chip while performing signatures in a less secure component, whereas others run the entire computation within the secure element itself.
Secure computation is, in our opinion, the most underestimated aspect of hardware wallets. As evidence, I point to the proliferation of blind signing devices—products that do not display transaction data and sign without truly verifying what they’re approving. The term “signing device” was even proposed as a replacement for the confusing “hardware wallet” label, which itself reflects how narrowly these tools are often conceived. The security benefit of isolation is negated if the user’s mobile or laptop is still trusted to verify transactions and addresses. By addresses, I mean not only transaction recipient addresses but receiving and change addresses. Also, proper verification means performing the entire derivation from the stored secret and displaying the result to the user. The key value of hardware wallets lies in their ability to reproduce results by performing the calculations themselves. They are not just “signing”, they are “reproducing” and let user check that result is the desired output.
At Wizardsardine, we expect our users to use hardware wallets. We do not want our softwares to manage private keys and we do not trust that users’ personal laptops and phones won’t one day be compromised. We believe most of the drawbacks of hardware wallets are resolved by using multiple keys setup like Multisig. By using multiple products from multiple providers, Users can mitigate risk and get the benefits of each device, but with the tradeoff of needing coordination.
Multisig is yet another layer of Bitcoin knowledge that newcomers must digest—often after months of figuring out keys and derivation paths. Many users see the complexity as not worth the cost, and as usual with Bitcoin’s messy ecosystem, it comes with plenty of footguns (for example, failing to back up public keys). Thanks to tireless work from wallet developers, the UX is improving every year, and at Wizardsardine we believe Miniscript now changes the equation.
Miniscript lets us express complex spending policies in a standardized, analyzable way. The resulting output descriptor encodes everything required for any compatible wallet to reconstruct the Bitcoin setup from it. It brings simpler backups, better interoperability, and richer functionality. For example, instead of lowering the multisig threshold to handle key loss, thresholds can remain unanimous with recovery keys that activate after a timelock. Since 2020, we have focused on advancing Miniscript adoption throughout the Bitcoin ecosystem, from Bitcoin Core integration to encouraging new standards like BIP 388. After working on a covenant-less vault solution, we developed a simpler Miniscript wallet called Liana to tackle the chicken-and-egg problem: hardware wallet manufacturers refused to allocate resources to Miniscript due to lack of demand, while users remained uninterested in solutions without strong security guarantees. The tide has since turned: we now proudly support five different hardware wallet brands and we’ve eased up on pestering the remaining manufacturers.