There are many ways to handle and store cryptocurrency wallets via software or hardware solutions. Software solutions are rightly considered less secure than hardware ones, so let’s focus on two leading crypto hardware wallets: Ledger Nano X and the Trezor Model T.
SEE: Cryptocurrency glossary: From Bitcoin and Dogecoin to hot wallets and whales (TechRepublic Premium)
What is Ledger Nano X?
Ledger Nano X is a cryptocurrency hardware wallet built on a custom operating system dubbed BOLOS (Blockchain Open Ledger Operating System) and developed by Ledger. It supports over 1,100 cryptocurrencies with the Ledger Live app.
What is Trezor Model T?
Trezor Model T is a crypto hardware wallet from SatoshiLabs, whose firmware and software are available as open source. TrezorSuite makes it easy to handle cryptocurrencies using the Trezor Model T, as it supports more than 1,200 cryptocurrencies.
Ledger vs. Trezor: Security features
Security is the main argument for buying a crypto hardware wallet because these devices offer cold storage: The cryptographic secrets and seeds are never online – they stay in the device and do not leave it. The delivery of the devices is secured.
Trezor packages use tamper-evident holograms that makes it quite difficult to remove the device, tamper with it, and put it back without damaging or breaking the holographic seal. In addition, the device firmware and bootloader are signed by SatoshiLabs, and warnings would be raised if a signature check failed at boot time, guaranteeing that the code has not been altered.
As for Ledger, there is no seal. The company explains that such seals are too easy to counterfeit and that the Secure Element chip on its device provides stronger security. That type of chip is similar to chips used in passports or credit cards. Also, all Ledger devices pass a genuine test during the onboarding process and each time they connect to Manager in Ledger Live.
Both Trezor and Ledger wallets allow users to have a main account and a few hidden accounts using the same 24-word recovery seed. In case an attacker is physically threatening a user and requesting their password, the user can provide the one that leads to a hidden account with fewer cryptocurrency assets.
If any of the devices are stolen, all content is wiped after three unsuccessful attempts at guessing the PIN, and the device is rendered useless.
Ledger vs. Trezor: Design
While the design of the hardware does not really have any functional importance, the screen does. The Trezor Model T embeds a 240×240 color touchscreen, while the Ledger Nano X has a 128×64 monochrome screen.
Material also may matter to users. The Ledger device is made of steel, which probably resists shocks more than the Trezor Model T, made of plastic.
Finally, the Ledger device is smaller than the Trezor device, making it easier to carry or hide.
Ledger Nano X’s unique features
The Ledger Nano X contains a unique component known as Secure Element, which is a type of chip commonly used in payment systems and passports. It embeds intrinsic countermeasures against many known attacks, making it “tamper-proof and resistant to hacks,” according to Ledger.
Secure Element protects the device against electromagnetic radiation and power usage spying, in case attackers try to use it as an attack vector. This crypto hardware wallet feature also protects from attackers trying to perturbate a circuit while it is running, a ploy known as a fault attack. And it reduces the surface for software attacks as well, thanks to a simple system that uses few interfaces.
The Ledger device incorporates Bluetooth connectivity, which allows it to be used cableless with Android or iOS devices. As adding Bluetooth connectivity raises some concerns about security, Ledger addressed those concerns. For starters, only the public data is transported via Bluetooth. Critical data (private keys, seed) never leave the physical device. Moreover, should the Bluetooth connection be owned by an attacker, the Secure Element ensures that the user will be asked for their consent for any action. The Bluetooth connection can be disabled for users who do not feel comfortable with it.
Trezor Model T’s unique features
The Trezor Model T has a slot for a microSD card, which allows it to have onboard encrypted storage in the future. Currently, the microSD card can be used to encrypt the PIN and further protect the device against malicious attacks. The device can be bound to the microSD card and can’t be unlocked without it until the user intentionally disables the feature or factory-resets the Trezor Model T. People concerned with physical attacks will enjoy the option of storing the microSD card in a physical location other than the Trezor device when it is not in use. That way, should an attacker steal one or the other, it would be worthless. The microSD card secret is an entirely random value that carries no information about the seed or passphrase of the device.
Also, the Trezor Model T offers the option of using a password manager, which works in a similar way to other password managers like KeePass or LastPass, except that there is no master password to handle all the passwords for the different websites. Only a click on the physical device is required to unlock the password manager. Each password is encrypted separately with a unique key, the signature being derived from a unique private key on the device. In addition, Trezor says it can’t access the data stored within the Trezor Password Manager.
Choosing Ledger vs. Trezor
Both crypto hardware wallets are highly secure, and the final choice will depend on the user’s preferences. The Ledger device has its own closed operating system and Secure Element chip type, while the Trezor Model T is open source. That difference has raised debates for many years, and both architectures have their pros and cons.
The Trezor Model T device comes up more appealing, with its large color screen, but it is also a bit bigger to carry. In addition, it offers a useful password manager, which by itself isn’t related to cryptocurrency but is a nice add-on for more cybersecurity. And the Ledger Nano X provides Bluetooth connectivity, which a lot of users enjoy.
While hardware wallets are very robust in terms of security compared to software wallets, users still need to be aware that some advanced social engineering might still hit them. Users should never provide their 24-word seed anywhere and should keep it well guarded.
Disclosure: I work for Trend Micro, but the views expressed in this article are mine.
Subscribe to the Cybersecurity Insider Newsletter
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays