Hardware Wallets: What They Actually Protect Against — and What They Don't

Your computer is infected with malware. A keylogger captures every keystroke. A memory-scraping trojan scans RAM every few seconds looking for anything that resembles a private key. If your wallet is a software app on that machine, the attacker already has what they need. This is the threat a hardware wallet was built to defeat — and it defeats it well. But only that threat.

Understanding exactly where the protection ends is what separates informed self-custody from a false sense of security.

What the Secure Element Actually Does

At the heart of every serious hardware wallet is a secure element — a tamper-resistant chip purpose-built to generate and store private keys in hardware-isolated memory that the host CPU cannot read directly. This is not a regular microcontroller with a password on it. It is a separate, hardened chip that keeps its contents away from everything else on the device.

The chip resists side-channel attacks (attempts to infer key material by measuring electromagnetic emissions or power consumption) by actively masking those signals. It also includes fault injection defences: light detectors, temperature sensors, and voltage-glitch detectors that detect and respond to physical attempts to perturb the chip into leaking data.

The level of independent security testing is quantified by Common Criteria (CC) EAL ratings. EAL5+ is banking-grade. EAL6+, which adds formal verification of the chip's security properties, is used in the Ledger Nano S Plus, Ledger Stax, Ledger Flex, Trezor Safe 3, and Trezor Safe 5. The Ledger Nano X uses EAL5+.

EAL certification covers the chip only — not the firmware, the companion MCU, the screen, the buttons, or the desktop software. This distinction matters enormously.

The secure element is a hardened vault. The rest of the device is the building around it.

How This Attack Works: Malware and Remote Key Extraction

On a software wallet, private keys reside in OS-accessible memory. A keylogger captures the moment you type your password. A memory scraper finds the decrypted key material directly. Both attacks are silent, fast, and require no physical access to the machine.

With a hardware wallet, the key never leaves the secure element. When you initiate a transaction, the unsigned transaction data is sent to the device over USB or Bluetooth. The secure element signs it internally and returns only the signed output. Even a fully compromised computer cannot extract the key — the host machine sees only the interface protocol, never the key material itself.

This is the core value proposition: hardware wallets are designed to function securely even when the connected computer is hostile.

One weakness persists on the software side: blind signing. If a user approves a transaction without reading the details on the device's own screen, malware on the computer can substitute a malicious payload — swapping the recipient address or the amount — before it reaches the secure element. The hardware wallet then faithfully signs what it was given. The device screen exists precisely to catch this; ignoring it defeats the protection.

How to Protect Yourself: The Supply-Chain Threat

A tampered device from an unofficial reseller may have modified firmware or additional hardware installed during transit that clones the seed phrase on first setup. The secure element in such a device may be entirely genuine — and entirely irrelevant, because the seed was already captured before the user touched it.

In 2025, Ledger's Donjon security team disclosed a voltage-glitching attack on the Trezor Safe 3 that downgrades the STM32 microcontroller's RDP (Read-Out Protection) level from 2 to 1, bypassing anti-tamper countermeasures. The Trezor Safe 5 is not affected by this specific attack. Separately, reports in 2024–2025 described actors mailing unsolicited "replacement" Ledger devices pre-programmed to capture seed phrases on first use.

No EAL rating helps if the device shipped to you is not the device the manufacturer certified.

The mitigation is straightforward:

1. Buy only from the manufacturer's official store or a verified authorised reseller.
2. Never accept a device from an unsolicited mailing.
3. Run the cryptographic attestation flow on first boot — both Ledger and Trezor provide this — which verifies that the firmware is genuine and unmodified.

Firmware, the MCU, and Dark Skippy

The secure element's certification covers the chip. The MCU (companion microcontroller that runs the device's operating system and manages the user interface) is a separate component — and it is not covered by the EAL rating.

In 2024, security researchers published Dark Skippy, a hostile firmware attack that manipulates the ECDSA (Elliptic Curve Digital Signature Algorithm) signing nonce — the random number used during each signature operation. By biasing the nonce in a specific way, an attacker who controls the firmware can encode the full seed into as few as two ordinary on-chain transactions, which are publicly visible on the blockchain.

Firmware signature verification, which both Ledger and Trezor implement by refusing unsigned firmware updates, mitigates this by preventing an attacker from flashing unauthorized firmware over a normal update channel. It cannot protect against a vulnerability in the vendor's own signing pipeline, or against a user who deliberately flashes an unverified build.

Open-source firmware (as on Trezor devices) allows community audit and independent verification, but it also creates a path for users to flash unverified builds. The tradeoff is real.

Physical Coercion: The $5-Wrench Problem

The cryptographer Bruce Schneier observed that at some point it becomes cheaper to threaten physical harm than to break the underlying cryptography. This is colloquially called the $5-wrench attack.

A hardware wallet's PIN locks the device and wipes the secure element after a set number of incorrect guesses. This is irrelevant if an attacker simply coerces the PIN out of the owner.

The most practical defence at the device level is a BIP-39 passphrase — sometimes called the 25th word. A passphrase creates a fully separate hidden wallet on top of the base seed. The base seed alone opens a decoy wallet with a small balance; the real holdings sit behind the passphrase. An attacker who obtains the seed phrase and the PIN but not the passphrase sees only the decoy.

Geographic and operational security are the real mitigations for coercion risk. The primary threat is people who know you hold significant crypto. Keeping that information private, and not advertising holdings, reduces the target surface more than any on-device feature.

Multisig setups — where a transaction requires signatures from multiple independent keys — add friction to coercion but do not eliminate it if an attacker can access multiple keyholders simultaneously.

When a Hardware Wallet Is Worth It

A hardware wallet is the right tool when:

• You hold more than a small amount long-term and your main computer is used for general browsing (elevated malware exposure).
• You transact infrequently enough that the UX friction of approving each transaction on a physical device is acceptable.
• You want a clear boundary between your long-term holdings and your daily spending wallet.

It is not the full answer when:

• You reuse the same seed phrase on both a hot wallet and the hardware wallet — defeating the isolation entirely.
• You approve transactions without reading the device screen — enabling blind-signing substitution attacks.
• You store the seed phrase digitally — at which point the seed's security is now bounded by the security of wherever you stored it, not the hardware device.

The hardware wallet only protects what it controls: coins derived from its seed on-chain. Assets held on exchanges, inside dApps, or in other wallets sit entirely outside its attack surface.

The purchase source matters more than the brand. A genuine device bought directly from the manufacturer is vastly safer than a second-hand unit or one purchased from an unofficial channel.

Pairing a hardware wallet with a strong, offline seed-phrase backup — and a passphrase for high-value holdings — is the compound protection that actually addresses the full threat model.

Key Takeaways

• A secure element excels at one thing: preventing remote key extraction even when the connected computer is compromised. That protection is real and significant.
• EAL6+ certification covers the chip only, not the firmware, MCU, screen, or software. The secure element is a vault; the rest of the device is everything around it.
• Supply-chain tampering and hostile firmware (including Dark Skippy-style nonce attacks) sit outside the secure element's protection. Buy only from official sources and verify attestation on first boot.
• Physical coercion bypasses all on-device security. A BIP-39 passphrase creates a plausible-deniability decoy wallet, but operational security — keeping holdings private — is the primary defence.
• A hardware wallet does not protect assets held elsewhere: exchanges, dApps, or wallets derived from a different seed are outside its scope entirely.